SboxU: S-box Analysis Utils

Table of Contents

Work in progress

sboxU is a library containing various routines that are intended to be helpful when looking at S-boxes and other vectorial Boolean functions.

Unlike the builtin utilities in SAGE, sboxU has the advantage of implementing some of the latest discoveries in the area of Boolean functions. The reason is simple: it is the area I work in, and I have to implement those in order to move forward with my own research. Instead of reimplementing it each time, I try and write a proper implementation of each algorithm once and for all so that I don't need to worry about it again. sboxU started as a collection of such algorithms.

Another aspect of sboxU is a focus on performance: I write sub-routines in C++ if it gives a performance advantage (if it is not too cumbersome), and use multi-threading if relevant.

Overall, sboxU tends to use simpler types internally (for easier interface with C++ when relevant and to remove some performance overheads). For instance, the output of the ddt function is not a SAGE-style Matrix but simply of Python list where each entry is itself a list. Thus, if d is an output of this function then you have that d[a][b] is the DDT entry corresponding to input difference a and output difference b. Similarly, functions are represented as lists corresponding to their lookup tables.

1 Installation

1.1 Dependencies

The SboxU library was only tested on Linux (Ubuntu 16.04). To install it, you need the following packages.


1.2 Download

To retrieve this library, use the following command:

git clone https://github.com/lpp-crypto/sboxU/

Then, move to the `sbox-utils/sboxU` directory and run:

cmake .

This compiles the C++ part of sboxU and allows it to be called from a SAGE script. To use it in your project, simply move the sboxU folder to your project's directory. You can then import sboxU like any other python module. As an example of the functions provided by sboxU, the SAGE script example.py stored alongside the folder sboxU generates random permutations and tests their affine equivalence.

1.3 Usage

The simplest is to create a symbolic from the sboxU folder (the one full of .cpp, .hpp and .py files) to the folder where you put your scripts. Alternatively, you can start SAGE from the directory containing said sboxU folder.

Then, either in your script or in the SAGE prompt, use

from sboxU import *

to be able to use all the functions from sboxU.

2 Functions Provided

You can use the functions that are already included in SAGE for finite field arithmetic. sboxU provides the following additional functions.

2.0.1 Basic Cryptographic Properties

ddt(s) returns the DDT of the function whose LUT is the list s. Assumes that the function maps n bits to n, where n is the base-2 logarithm of the length of s.
differential_spectrum(s) is a dictionnary containing the differential spectrum of the function whose LUT is the list s (where the first row of the DDT is omitted). For instance, differential_spectrum(range(0, 4)) is {0: 9, 4: 3}.
lat(s) returns the LAT of the function whose LUT is the list s. Assumes that the function maps n bits to n, where n is the base-2 logarithm of the length of s.
differential_spectrum(s) is a dictionnary containing the Walsh spectrum of the function whose LUT is the list s (where the first column of the LAT is omitted). For instance, walsh_spectrum(range(0, 4)) is {0: 9, 4: 3}.

Recall that the Walsh coefficients are signed.

returns a list containing the ANF of each coordinate of s. The ANFs are SAGE-style boolean_function instances, meaning that are internally viewed as polynomials rather than LUTs.

2.0.2 Display Related Functions

returns a string where each number in the list input to the function is represented in hexadecimal.
use it to generate nice string representations of differential or Walsh spectra. Use the optionnal argument absolute=True to sum the entries c: k and -c:l into c:k+l (i.e. in practice if you want the extended Walsh spectrum instead of the plain one).
saves the Pollock representation of a list of list into a file.

3 References

  1. Xavier Bonnetain, Léo Perrin, and Shizhu Tian. Anomalies and Vector Space Search: Tools for S-Box Analysis. In Steven Galbraith and Shiho Moriai, editors, Advances in Cryptology – ASIACRYPT 2019, Part I, volume 11921 of Lecture Notes in Computer Science, pages 196–223. Springer, Heidelberg, December 2019. link to eprint.iacr.org.

Author: Leo Perrin

Created: 2020-09-11 ven. 15:36

Emacs 24.5.1 (Org mode 8.2.5a)