EIGHTEENTH NATIONAL RADIO SCkENCE CONFERENCE

March 27-29 2001,Mansoum Univ., Egypt

Dynamic Generaliori of S-Boxes In Block Cipher Systems

ProfDr. S.H. EL-Raruly*, Dr. Talaat EL-GarP*, & Msc. Eng. A. H. Soliman**
Faculty of Engineering, Ain Shams University

Abstract

Block cipher systems are widely used in cryptographic applications. The main problcm in
implementing any block cipher system is the fixed structure of S-Boxes elements. In this paper
we present a new method to build up dynamic Look-up-tabies (S-Boxes) changing with every
change of the secret key in addition to an evaluation criterion of block ciphers. This new apprciach
will lead to build up more secure block cipher systems and consequently solve the problem of the
fixed structure block ciphers.

1. Introduction
A cipher system is defined by Shannon [l] as a set T of reversible transformations from the
set M of possible plain messages into the set C of possible cryptograms. Each transformation T is
completely determined by a secret key and the enciphering algorithm. In block cipher system, the
plaintext message is broken into blocks, the ciphcnng process is carried out for the whole block at
the same time, so, using block cipher is somewhat faster than stream cipher. Classical block cipher
systems depend mainly on the S-boxes, which are fixed all the time, and their contents have no
relation with the secret key content. The role of the secret key is to chaise only t:ie adGress of
such S-boxes. So, the structure of the key generator is mainly fixed containing the S-boxes and the
only changeable parameter is the secrct key. The main parameters affecting tlie security.of block
cipher systems will be clarified. A proposed method to build dynamic change S-Boxes as a
function of the secret key will be presented. A complete package of the software programs to
simulate the proposed design and its effectiveness will be developed.
2. B.lsic Building Blocks of Block Cipher System

In the block cipher system, the enciphering algorithm will generally incorporate
substitution fbnctions and / or transposition (permutation) fbnctions.

2.1 Permutcrs
In permutation (transposition), tlie positions of the plaintext letters in the message are
simply rearranged. Perkuters are responsible for diflusion of security parameters [2].

2.2 Substitution S-Eoxes

S-Boxes are responsible for confbsion in ,the encipherment process [3]. S-Boxes
substitution is the critical step in any block cipher system. Boolean fiinctioas used in creating S-
Boxes should be nonlinear. The main problem in all applied block ciphers now is the fixed
structure of such S-Boxes. As an example of permuters / substitution S-Boxes is the Data
Encryption Standard [4] as illustrated in Fig.2.1.
-- ----*
* Fac. of Engineering, Ain Shams University.
** Cipher Department Signal Corps.
. ..
3u9

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGRTEENTH NATIONAL RADIO SCIENCE CONFERENCE
March 27-29 2001,iVIansoura Uiiiv., Egypt

3. Security Level o f Block Cipher Systems

To assess the security level of a block cipher system, two classes of factors are
considered:-
* Factors related to the construction of the block cipher systems and its: kcy stream sequence,
which include elements consisting the algorithm such as Substitution tables (S-boxes),
Permuters, Computational Complexity, Correlation immunity and the I<andomnessproperties
of the key stream sequence.
0 Factors related to the control of the block cipher system which include Key length, Key
levels, Key diversity and Key managemcnt.

3.1 Key Lengtli

Key length is preferrcd to be long to avoid the exhaustive search attack, which depends on
the length of the secret key. A key length of 128 bits is considered enough for modern block
cipher systems.

3.2 Correlatioii Ininiunity

Ideally there should be no correlation between the output of the cipher system and any or
some of the input elements of the system. S-Boxes generated in a random way is considered good
memories to provc the correlation immunity in block cipher systems [ 5 ] .
3.3 Computational Coniplexity
Computational complexity is considered as a measure of the time required to cryptanalyze
the cipher system in the face of different cryptanalytic attacks [6].

3.4 Key Management

Key management is considered the most important parameter for operational security. It
includes [7]:-
Key generation.
Key distribution.
Key loading.
Key selection.
Key destruction (Key Erase)

3.5 Local Randoniness Tests

In practice, the sequence used in cipher systems have large period!.Golomb Randomness
tells us a little about assessment the randomness of small sections of the sequence. A complete set
of local randomness tests is developed [8]. Each test has Test statistic, Null hypotllesis,
Distribution and Decision. Local Randomness tests include:
Frequency test.
Serial test.
Poker test.
Run test.
Autocorrelation test.
Hamming test.
Orthognality test.

390

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGHTEENTH NATIONAL RADIO SCIENCE CONFERENCE
March 27-292001,3Iansoura Univ., Egypt

4. A New approach to build lip Dyiiamic Change S-Bora

The new proposed approach depends mainly on .a chosen Latin square S-bos called
reference S-box which satisfies the randomness properties. Tlie secret key of the length 128 bits is
used to generate new Latin square S-box or S-boxes derived from the reference one with every
change of the secret key content. This approach is deeper and stronger than the one time pad
approach, which has new key for each new message, as it creates a new algorithm structure for a
new secret key. This new approach will solve the problem of the fixed structure S-Boxes and
consequently will increase the security level of the corresponding block cipher system.

4.1 Nibble Perriiiitations

The suggested scheme for nibble perniutations is presented in Fig. 4.1, such scheme will
be used to generate permuted nibbles, which arc hnction of the secret key. Each nibble
permutation is a perinutation of all 4-bit values and key dcpendent. In the complete initialization
process a total of sixteen nibble perilititations will bc gcnerated. They are denoted as x i j(s)
where:-

i € { A I ) , 1 I J S 4 , 0 S x 5 15

A nibble permutation is generated by loading the decimal digits i=O through 15 sequentially into a
4-bit register. After each digit is loaded, the permutation generator is iterated fivc times to produce
an element of thc permutation. For each iteration, the three most significant bits of the 4-bit
register arc added to an offset and to an iteration dependent digit, j, to perform the selection of a
single bit from Linear Shift Registcr (LSR). The iteration dependent digits are O,S,16,24 and 32
respectively for each of the five iterations. The offsct is equal to 1 ~ 0 . 5 9and SS for x i, 1. A i..~.K i ,;.
n i ,d, respectively. Table 4. ldefines, which bits froin LSR that, are used to generate the nibble
permutation. The least significant bit of the 4-bit register is XORed with the selected bit from
LSR. The resulting bit is then sliified into tlie register and thc iicxt iteration is started. Another
way to view tlie nibble permutation generation is by considering thc 40-bits from LSR used in the
generation as five consecutive bytes. The offset scpecifies wliicii 40-bit group of bits from LSR
will be uscd. The iteration dependent variable, j, selects which of the five bytes is to bc used and
the 3 most significant bits from thc registcr select the bit withiri tlie byte. It should be observed
that a bit from LSR is selected for each iteration and there are. 16 elements in the permutation. This
requires a selection of 5 x 16=80 bits per permutation. Therefore, each of the 40-bits used in the
permutation generation will be u x d exactly twice. ARcr fivc iterations, the four-bit content of the
register becomes the first element of the first permutation. The four-bit register is then loaded with
the ncxt decimal digit i and the five iterations arc repeated to produce the next element. This is
repeated for all sixtcen decimal digit inputs. After x Al.1, is generated, the offsct is changed to 30
and the entire process is repeated to generate n A1.2, . Finally, 'IL AI,J and a A1.4, are senerated with
offset of 59 and 58 respcctiveIy. Once the first set of four nibbic permutations have been created
and the corresponding table creatcd, the LSR register is stepped 125 steps and tlie nibble
Senerating process is repcated to produce four new nibble permutations. These nibbles will be
used as the basic elements to construct the dynamic S-Boxes. All the previous proccsses are key
dependent and change with each new key.

391

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGHTEENTH NATIONAL RADIO SCIENCE CONFERENCE
March 27-29 2001,iVI1ansoura Univ., Egypt

4.2 Generation of a new S-box

The generation of a new S-box will depend on the reference S-box shown in table 4. 2 and
the previously generated 4-nibble permutations n A ~ , x~ A1.2,
, i~~ 1 . 3 ,and n A1.4. The reference table
is a Latin square table i.e. no repetition of any element in the row orcolumn toachieve the
randomness properties. The scheme shown in Fig.4.2 is used togenerate the new S-box (Al)
shown in table 4,3. The software simulation programs showed that the generated S-boxes are also
Latin square S-boxes and for any bit-change in the secret key content conipletely different S-box
are derived from the reference one [SI. The main advantage of such new approach is that a huge
number of algorithms structures can be generated by changing the secret key content. For example
for the key length 128-bits it is possible to generate 212*different algorithms which will solve tlie
problem of applying classical block cipher systems of the fisc:d structure S-Boses.
Mathematically, the number of generated different algorithms will be: -

N,,, = 2" (4- 1 )

Where
X the length of the secret key
Nmax max. number of different Look Up Tables

5.Conclusion
. The new proposed approach is to build up dynamic Look up Tables (S-Boxes) changing
for every change of the secret key. The effectiveness of this new method is verified by changing
one bit only of the secret key to have new S-Boxes. This means that it is evident that for any
change of the secret key the structure of the block cipher system will be changed. This new
approach will lead to build up more secure block ciphers, solve the problem of the fixed structure
S-Boxes and consequently will increase the security level of the corresponding Block Cipher
System.
6. References

[ 11 C.E. Shannon, '' Communication Theory of Secrecy Systems ",Bell Sysit. Tech 5.28,
PP.656-715,1949.

[2] B.SMar, " Digital Communications-Fundamentals And Applications " Prentice- Hall, New
Jersey, 1988.

133 B.Schneier, " Applied Cryptography: Protocols, Algorithms, And Source: Code Inc " New
York, 1996.

[4] H.Beker, and F.Piper, " Cipher Systems: The Protection of Communicat.ions", Printed
and bound in Great Britain by Clark Constable, 1982.

[5] T. Siegenthaler, " Correlation-Immunity of Nonlinear Combinins Functions for

Cryptographic Applications ",IEEE Trans. Information Theory, Vol. IT-30, No.5,
September 1984, PP.280-293.
392

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGHTEENTH NATIONAL RADIO SCIENCE CONFERENCE
March 27-292001,Mansoura Univ., Egypt

[6]X. Lai., “ On the Design and Security of Block Ciphers ” ,ETH series in Information
Processing, Konstanz, Hartung-Goree Verlag, Vol. 1, 1992, PP.320-365

[7] Arnold M. Mccaimont, ‘‘ Key Management ” ,(T.C.C)

Tech. Comm. Corp. M A , USA,
June 1977,PP.122-135.

[SI A. H. Soliman, “ Data Communication Ciphering Systems, Analysis of Block Cipher

Systems ” MSC Thesis, Faculty of Engineering, Ain Shams University, 2000.

393

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGHTEENTH NATIONAL RADIO SCIENCE CONFERENCE
March 27-29 2001,Mansoura Univ., Egypt

Initial permutation
Permuted

r
input + i f
1 Lo Ro
f

Ll=RO
I K:

(334........................... ..... ye...

,....; ..___........................................
f ..-d

i .Ir

R I ~ I@SF(RIs.KI~)
I
Permuted
OUtPllt
Iiiverse Initial Perniuhtion
I

OUTPUT

Fig. 2.1 DES Enciplicring Comput;I t'1011

394

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGIITEENTH NATIONAL RADIO SCIENCE CONFERENCE
March 27-29 2001,iInnsoura Univ., Egypt

Pig. 4.1 Key-Dependcnt Nibble Permutations

Tablc 4.1 Distributed Bit Allocatiori in Nibblc Pcnnutatioiis

Yerniutatiou Bit Accessed

88-127

395

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGHTEENTH NATIONAL RADIO SCIENCE COWERENCE
March 27-29 2001,Mansoura Univ., Egypt

Table 4.2 P-Table

. , ,"
I
396

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.
 EIGHTEENTH NATIONAL RADIO SCIEXCE CONFERENCE
ItIarch 27-29 2001,Mansoura Univ., Egypt

8-bit counter
X Y

I Table -P Fixed structure

4 Table A1 (Dynamic structure)

~~~ ~ ~~

Fig 4.2 Key- Dependent Table Generation

397

Authorized licensed use limited to: Government of Egypt - SPCESR - (EKB). Downloaded on December 07,2022 at 22:54:23 UTC from IEEE Xplore. Restrictions apply.