5th International Workshop on Lightweight Cryptography for Security and Privacy (LightSec), Cappadocia, Türkiye, 20 - 21 Eylül 2016, cilt.10098, ss.18-32
Differential distribution and linear approximation tables are the main security criteria for S-box designers. However, there are other S-box properties that, if overlooked by cryptanalysts, can result in erroneous results in theoretical attacks. In this paper we focus on two such properties, namely undisturbed bits and differential factors. We go on to identify several inconsistencies in published attacks against the lightweight block ciphers PRESENT, PRIDE, and RECTANGLE and present our corrections.