From msuinfo!agate!spool.mu.edu!umn.edu!csus.edu!netcom.com!grady Sat Jul 31 14:03:18 1993 Newsgroups: sci.crypt,alt.security.pgp Path: msuinfo!agate!spool.mu.edu!umn.edu!csus.edu!netcom.com!grady From: grady@netcom.com (Grady Ward) ObCrypt: Here is a good set of S-box criteria references kindly sent by Dr. mike: Here are the references I used to understand S-box theory. "On the Design of S-boxes", A. F. Webster, S. E. Tavares, Crypto '85 Springer LNCS #218 (LNCS=Lecture Notes in Computer Science) "The Strict Avalanche Criterion: Spectral Properties of Boolean Functions and an Extended Definition", Rejane Forre, Crypto '88 Springer LNCS #403 "Nonlinearity Criteria for Cryptographic Functions", W. Meier, O. Staffelbach, Eurocrypt '89 Springer LNCS #434 "Good S-boxes are Easy to Find", C. Adams, S. Tavares, Crypto '89 Springer LNCS #435 "The Structured Design of Cryptographically Good S-boxes", C. Adams, S. Tavares, Journ. Cryptology (1990) V.3 p27-41 "Differential Cryptanalysis of DES-like Cryptosystems", E. Biham, A. Shamir, Crypto '90 Springer LNCS #537 "An Expanded Set of S-box Design Criteria Based on Information Theory and its Relation to Differential-like Attacks", M. H. Dawson, S. E. Tavares, Eurocrypt '91 Springer LNCS #547 "Perfect nonlinear S-boxes", K. Nyberg, Eurocrypt '91 Springer LNCS #547 "On immunity against Biham and Shamir's "differential cryptanalysis", C. M. Adams, Information Processing Letters 41 (1992) p. 77-80 I've put these in historical order. The Biham and Shamir paper is famous, but it does not really help design S-boxes; it tells you how to attack them. I'm sure there are more recent papers, but my library doesn't have the '92 Crypto or Eurocrypt papers yet. If you find something interesting please let me know. Patience, persistence, truth, reality: dvader@hemp-imi.hep.anl.gov Dr. mike home: mrosing@igc.org IMI, P.O. BOX 2242, Darien IL 60559 phone: 708-859-0499 -- grady@netcom.com Moby lexicons voice/fax (707) 826-7715