# Substitution box

(Redirected from S-box)

In cryptography, a substitution box (or S-box) is a basic component of symmetric key algorithms. In block ciphers, they are typically used to obscure the relationship between the plaintext and the ciphertextShannon's property of confusion. In many cases, the S-boxes are carefully chosen to resist cryptanalysis.

In general, an S-box takes some number of input bits, m, and transforms them into some number of output bits, n: an m×n S-box, implemented as a lookup table. Fixed tables are normally used, as in the Data Encryption Standard (DES), but in some ciphers the tables are generated dynamically from the key; e.g. the Blowfish and the Twofish encryption algorithms.

As a concrete illustration, consider this 6×4-bit S-box from DES (S5):

S5Middle 4 bits of input
0000000100100011010001010110011110001001110010111100110111101111
Outer bits000010110001000001011111001011011010000101001111111101000011101001
011110101100101100010001111101000101010000111111000011100110000110
100100001000011011110011010111100011111001110001010110001100001110
111011100011000111000111100010110101101111000010011100010001010011

Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits, and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output would be "1001".

The S-boxes of DES were the subject of intense study for many years out of a concern that a backdoor — a vulnerability known only to its designers — might have been planted in the cipher. The S-box design criteria were eventually published (Don Coppersmith, 1994) after the public rediscovery of differential cryptanalysis, showing that they had been carefully tuned to increase resistance against this specific attack. Other research had already indicated that even small modifications to an S-box could significantly weaken DES.

There has been a great deal of research into the design of good S-boxes, and much more is understood about their use in block ciphers than when DES was released.

## References

• Coppersmith, Don. (1994). The data encryption standard (DES) and its strength against attacks. The IBM Journal of Research and Development, 38(3), pp243–250.
• S. Mister and C. Adams, "Practical S-Box Design," Workshop on Selected Areas in Cryptography (SAC '96) Workshop Record, Queens University, 1996, pp. 61–76

 Block ciphers edit  (https://academickids.com:443/encyclopedia/index.php?title=Template:Block_ciphers&action=edit) Algorithms: 3-Way | AES | Akelarre | Blowfish | Camellia | CAST-128 | CAST-256 | CMEA | DEAL | DES | DES-X | FEAL | FOX | FROG | G-DES | GOST | ICE | IDEA | Iraqi | KASUMI | KHAZAD | Khufu and Khafre | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | MISTY1 | MMB | NewDES | RC2 | RC5 | RC6 | REDOC | Red Pike | S-1 | SAFER | SEED | Serpent | SHACAL | SHARK | Skipjack | Square | TEA | Triple DES | Twofish | XTEA Design: Feistel network | Key schedule | Product cipher | S-box | SPN   Attacks: Brute force | Linear / Differential cryptanalysis | Mod n | XSL   Standardisation: AES process | CRYPTREC | NESSIE   Misc: Avalanche effect | Block size | IV | Key size | Modes of operation | Piling-up lemma | Weak key
de:S-Box

• Art and Cultures
• Countries of the World (http://www.academickids.com/encyclopedia/index.php/Countries)
• Space and Astronomy