XS-circuits in block ciphers
XS-circuits describe block ciphers that utilize 2 operations:
X) bitwise modulo 2 addition of binary words and
S) substitution of words using key-dependent S-boxes
with possibly complicated internal structure.
In the paper [XS-circuits in block ciphers],
we propose a model of XS-circuits which, despite the simplicity, covers
rather wide range of block ciphers. In this model, several instances of a
simple round circuit, which contains only one S operation, are linked
together and form a compound circuit called a cascade. S-operations of a
cascade are interpreted as independent round oracles. A round circuit is
described by a binary matrix, called an extended matrix of the circuit.
This repo supports the mentioned paper.
First, we provide a database of well-known circuits (see data).
In the database, circuits are represented by their extended matrices.
Second, we provide the Python script xs.py which calculates
various characteristics of a given round XS-circuit specified by its extended matrix.
Third, the script gna.py implements an algorithm for computing
the guaranteed number of activations (GNA) in a given cascade. This number
relates to security against differential and linear attacks. Details are
provided in [GNA]. We implement both
the reference GNA algorithm and its optimized edition proposed in
[GNA-branch-and-bound].