Research Information System
JOURNAL OF COMPUTATIONAL AND APPLIED MATHEMATICS, vol.259, pp.503-511, 2014 (SCI-Expanded)
In this study, we introduce a new criteria for evaluating S-boxes and attack PRESENT by exploiting its S-box. Depending on the design of an S-box, when a specific difference is given as the input (resp. output) of the S-box, the difference of at least one of the output (resp. input) bits of the S-box may be guessed with probability 1. We call such bits undisturbed and they are helpful for constructing longer or better truncated, impossible or improbable differentials. Without using undisturbed bits, the longest improbable differential attack we could find for PRESENT had a length of 7-rounds. However, we show that PRESENT'S S-box has 6 undisturbed bits and by using them, we can construct 10-round improbable differentials and attack PRESENT reduced to 13 rounds. Hence, undisturbed bits should be avoided by S-box designers. (C) 2013 Elsevier B.V. All rights reserved.