- Substitution box
In

cryptography , a**substitution box**(or**S-box**) is a basic component ofsymmetric key algorithm s. Inblock cipher s, they are typically used to obscure the relationship between theplaintext and theciphertext — Shannon's property of confusion. In many cases, the S-boxes are carefully chosen to resistcryptanalysis .In general, an S-box takes some number of input

bit s, "m", and transforms them into some number of output bits, "n": an "m"×"n" S-box can be implemented as alookup table with 2^{"m"}words of "n" bits each. Fixed tables are normally used, as in theData Encryption Standard (DES), but in somecipher s the tables are generated dynamically from the key; e.g. the Blowfish and theTwofish encryption algorithms.Bruce Schneier describes IDEA's modular multiplication step as a key-dependent S-box.One good example is this 6×4-bit S-box from DES (S

_{5}):Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits, and the column using the inner four bits. For example, an input "

**0**1101**1**" has outer bits "**01**" and inner bits "1101"; the corresponding output would be "1001".The 8 S-boxes of DES were the subject of intense study for many years out of a concern that a "backdoor" — a vulnerability known only to its designers — might have been planted in the cipher. The S-box design criteria were eventually published (

Don Coppersmith , 1994) after the public rediscovery ofdifferential cryptanalysis , showing that they had been carefully tuned to increase resistance against this specific attack. Other research had already indicated that even small modifications to an S-box could significantly weaken DES.There has been a great deal of research into the design of good S-boxes, and much more is understood about their use in block ciphers than when DES was released.

**ee also***

Boolean function

*Nothing up my sleeve number

*Substitution cipher

*Rijndael S-box **References*** cite conference

author =Kaisa Nyberg

title = Perfect nonlinear S-boxes

booktitle = Advances in Cryptology -EUROCRYPT '91

pages = 378–386

date = 1991

location =Brighton

url = http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/E91/378.PDF

format =PDF

accessdate = 2007-02-20

* cite journal

author =Don Coppersmith

title = The Data Encryption Standard (DES) and its strength against attacks

journal = IBM Journal of Research and Development

volume = 38

issue = 3

pages = 243–250

date = 1994

url = http://www.research.ibm.com/journal/rd/383/coppersmith.pdf

format = PDF

accessdate = 2007-02-20

* cite conference

author = S. Mister and C. Adams

title = Practical S-Box Design

booktitle = Workshop onSelected Areas in Cryptography (SAC '96) Workshop Record

pages = pp. 61–76

date = 1996

location =Queens University

url = http://adonis.ee.queensu.ca/sac/sac96/papers/paper7.ps

format =PostScript

accessdate = 2007-02-20

* cite book

last = Schneier

first = Bruce

authorlink = Bruce Schneier

title = Applied Cryptography, Second Edition

publisher =John Wiley & Sons

date = 1996

pages = 296-298, 349

id = ISBN 0-471-11709-9**External links*** [

*http://www.ciphersbyritter.com/RES/SBOXDESN.HTM A literature survey on S-box design*]

* [*http://www.quadibloc.com/crypto/co4513.htm John Savard's "Questions of S-Box Design"*]

* [*http://www.securitydocs.com/library/1319 Gargiulo's "S-Box Modifications and Their Effect in DES-like Encryption Systems"*]

*Wikimedia Foundation.
2010.*