Score:2

How to calculate/generate the inverse S-box of Kuznyechik block cipher?

pf flag

Let's suppose I want to modify Kuznyechik block cipher by choosing a random S-box (taken from /dev/random for example).

How can I calculate/generate the inverse S-box?

Does anyone know the formula or algorithm used to do this?

Score:2
in flag

Sagemath SBox Package is a friend of SBox learners/designers.

For an invertible SBox;

#         0  1  2  3  4  5  6  7       #index
S = SBox([0, 1, 3, 6, 7, 4, 5, 2])     #output
Sinv = S.inverse()
print(Sinv)

outputs

(0, 1, 7, 2, 5, 6, 3, 4)

Actually, the implementation of the inverse is not hard; just reverse the index-output relation. Remember, invertible SBox is just a permutation.


Note that the source code of SageMath SBox is here and as a good library it first controls the SBox is a permutation or not and returns an SBox oject;

        if not self.is_permutation():
            raise TypeError("S-Box must be a permutation")

        cdef Py_ssize_t i
        cdef list L = [self._S_list[i] for i in range(1 << self.m)]

        return SBox([L.index(i) for i in range(1 << self.m)],
                    big_endian=self._big_endian)
phantomcraft avatar
pf flag
Thanks for the reply. Do you know some similar package/program in C/C++ that does the same of Sagemath SBox package?
kelalaka avatar
in flag
@phantomcraft I'm not aware of it, however, you can use it in [Python](https://stackoverflow.com/q/61408795/1820553)
phantomcraft avatar
pf flag
I got, thank you.
phantomcraft avatar
pf flag
Sorry, I selected the other question as "useful" because I was interested in a C implementation.
kelalaka avatar
in flag
@phantomcraft then you are asking on the wrong [so] site. This is not a programming site and you asked `Does anyone know the formula or algorithm used to do this?` so I've given you the easiest way, and the simple algorithm `reverse the index-output relation.`. Without my answer, this question is more to be off-topic side. Have fun.
kelalaka avatar
in flag
As you can see from the SageMath source code, directly finding inverse is not the correct way to go. Don't blindly trust the SBox that is download from the internet is invertible...
Score:2
cn flag

Assuming S-boxes are a permutation.

Here is example in Python:

S = (2, 0, 1)
inverse = [0] * len(S)

for i in range(len(S)):
    inverse[S[i]] = i

print(inverse)

Here is example in C:

unsigned int S[256] = {...};
unsigned int inverse[256];

for (int i = 0; i < 256; i++)
{
    inverse[S[i]] = i;
}
phantomcraft avatar
pf flag
Quite simple, I didn't realize that it would be that easy. Thanks!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.