Research Of S-Box Based On APN Functions

Analysis and design of cryptology are two research directions which are not only confrontation but also interdependent. Such relation of both contradiction and unity has promoted the rapid development of block cipher. Being the only nonlinear components of block cipher, S-boxes provide the most important effect of confusion, and directly influence the security of whole cipher algorithms. Therefore, one of the core tasks in block cipher design is the design of the S-Box. Because of its low differential characteristics, Almost Prefect Nonlinear (APN) functions have the best resistance to differential cryptanalysis and linear cryptanalysis. So, it is the best choice for constructing S-box in cryptological applications.In the developmental process of APN funcitons, it has always been a public problem in mathmatic theory of whether existing APN permutation on the finite field or not when n is even. This result to the bottleneck of using APN functions to construct the block cipher S-box. So, such an application in cryptology is limited.With the study deepening and many methods of constructing APN polynomial functions were proposed, Dillon found one APN permutation polynomial function on the finite field GF(26) at last. And in theory, he has also proved that his method cannot apply in other finite field when n is even.The design principle of AES S-box is resistance to the current mainstream analysis technology, such as differential cryptanalysis and linear cryptanalysis. Its design method of the first inverse then affine transformation is worthy of other cipher designers reference. Combination of the advantages of APN functions and AES S-box design principles, APN functions are applied to construct S-boxes in block ciphers designation in this paper. In the particular finite field, the thinking of using APN function to replace inversing before affine transforming was used. This paper computed the APN S-box on finite field GF(2"), using APN power function when n is 3 and 5 respectively, and using APN polynomial funciton when nis 6.At present, the 8x8 S-boxes were widely used in the block cipher. But on the finite field GF(28), there is no APN permutation directly used to construct the APN S-box. The original design thought of dynamic S-box is to improve the security strength. In the cryptosystem, it chooses many S-boxes, which have the same probability to be selected, the close of security strength and are no relation each other. The selection of different S-boxes depends on the sub-key of round function. The design principle of dynamic S-box provides a basis for using low input APN S-box to design mainstream 8x8 S-boxes. Splitting the 8-bit input into two parts, one as input of the APN S-box, the other as input of "S-box selector", Output of which is the basis of selecting different APN S-boxes, and the part of 8-bit output. Based on these, this paper presents two split and combine methods: 3+5 and 2+6. The corresponding S-boxes, which are 3+5_S-box and 2+6_S-box, were constructed. In the construction of 3+5_S-box, we took the APN S-box on the finite field GF(23) as the "S-box selector". There is no APN S-box on the finite field GF(22). So, we chose the inverse function like those in AES S-box to achieve the "S-box selector".