Join Log in
Score:2
phantomcraft avatar Crypto

How to calculate/generate the inverse S-box of Kuznyechik block cipher?

pf flag
phantomcraft

Let's suppose I want to modify Kuznyechik block cipher by choosing a random S-box (taken from /dev/random for example).

How can I calculate/generate the inverse S-box?

Does anyone know the formula or algorithm used to do this?

157
0 + 0
Score:2
kelalaka avatar Crypto
in flag
kelalaka

Sagemath SBox Package is a friend of SBox learners/designers.

For an invertible SBox;

#         0  1  2  3  4  5  6  7       #index
S = SBox([0, 1, 3, 6, 7, 4, 5, 2])     #output
Sinv = S.inverse()
print(Sinv)

outputs

(0, 1, 7, 2, 5, 6, 3, 4)

Actually, the implementation of the inverse is not hard; just reverse the index-output relation. Remember, invertible SBox is just a permutation.

Note that the source code of SageMath SBox is here and as a good library it first controls the SBox is a permutation or not and returns an SBox oject;

        if not self.is_permutation():
            raise TypeError("S-Box must be a permutation")

        cdef Py_ssize_t i
        cdef list L = [self._S_list[i] for i in range(1 << self.m)]

        return SBox([L.index(i) for i in range(1 << self.m)],
                    big_endian=self._big_endian)
0 + 0
phantomcraft avatar
pf flag
phantomcraft
Thanks for the reply. Do you know some similar package/program in C/C++ that does the same of Sagemath SBox package?
0
Reply
kelalaka avatar
in flag
kelalaka
@phantomcraft I'm not aware of it, however, you can use it in [Python](https://stackoverflow.com/q/61408795/1820553)
0
Reply
phantomcraft avatar
pf flag
phantomcraft
I got, thank you.
0
Reply
phantomcraft avatar
pf flag
phantomcraft
Sorry, I selected the other question as "useful" because I was interested in a C implementation.
0
Reply
kelalaka avatar
in flag
kelalaka
@phantomcraft then you are asking on the wrong [so] site. This is not a programming site and you asked `Does anyone know the formula or algorithm used to do this?` so I've given you the easiest way, and the simple algorithm `reverse the index-output relation.`. Without my answer, this question is more to be off-topic side. Have fun.
0
Reply
kelalaka avatar
in flag
kelalaka
As you can see from the SageMath source code, directly finding inverse is not the correct way to go. Don't blindly trust the SBox that is download from the internet is invertible...
0
Reply
Score:2
avatar Crypto
cn flag
LightBit

Assuming S-boxes are a permutation.

Here is example in Python:

S = (2, 0, 1)
inverse = [0] * len(S)

for i in range(len(S)):
    inverse[S[i]] = i

print(inverse)

Here is example in C:

unsigned int S[256] = {...};
unsigned int inverse[256];

for (int i = 0; i < 256; i++)
{
    inverse[S[i]] = i;
}
0 + 0
phantomcraft avatar
pf flag
phantomcraft
Quite simple, I didn't realize that it would be that easy. Thanks!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.