Score:2

How do we find differentials in differential cryptanalysis when we don't the details about the S-boxes

cn flag

I m new to cryptanalysis and trying to understand differential cryptanalysis. I have read the paper by Howard M. Heys. I understood the concept of differentials but I m not able to understand how to calculate the probability of a differential to occur when we don't know any information regarding the S-boxes.

It is given that, we give 2 inputs with a difference of say, x to an S-box and get outputs of difference y and in this way, we calculate the probabilities of all the differentials possible.

  • But in general, the details of the S-boxes of a cipher are not disclosed (as far as I know, pls correct me if I m wrong), so how do we calculate these probabilities for each S-box?

  • Can we somehow use differential cryptanalysis even if we don't know the details of S-boxes used in the cipher?

Praneeth Chandra avatar
cn flag
@kelalaka thanks for responding. I have a follow-up question. Can we somehow use differential cryptanalysis even if we don't know the details of S-boxes used in the cipher?
Praneeth Chandra avatar
cn flag
@kelalaka thanks. I will definitely read them.
Score:2
in flag

In Cryptography we play with the Kerckhoffs's principles, in short, we can say that everything is known but not the secret key.

$$\text{There is no security with obscurity!}$$

Therefore;

The details of the S-boxes of a cipher are not disclosed

This is completely false. The designers don't need to give the full details of their s-boxes, however, usually, they provide, as we see in the AES case;

It is the attacker side to analyze even more than the designer to see a weakness in their design, or one may see errors on the calculations and provide the correct one, as in OCB2, the history full of examples.

Can we somehow use differential cryptanalysis even if we don't know the details of S-boxes used in the cipher?

Yes, that is possible, however, that will be impractical and will not provide a better attack than the bruteforce ( since it is a blackbox).

For the beginners of Differential and Linear attack a tutorial and a book is a must;

The Sbox package of the SageMath is the helper to analyze the S-Boxes.

And, if you want to study this field, always read the original paper, too;

Score:1
ru flag

There's an interesting case study here with the AES finalist Twofish. Twofish uses key dependent S-boxes and so we do not know the S-boxes, only their means of construction. Nevertheless several papers have proposed differential attacks on the design (Murphy and Robshaw, Shiho Moriai and Yiun Lisa Yin, Ferguson).

kelalaka avatar
in flag
Technically we know all of the design ( opposing to the OP's; we don't know the details ) that still doesn't make it a block-box design, right?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.