Extended Analysis of DES S-boxes

Lauren De Meyer, Begül Bilgin, Bart Preneel

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    255 Downloads (Pure)


    For more than three decades, the Data Encryption Standard (DES) was one the most widely used cryptographic algorithms. It is still the dominating block cipher for banking applications. The DES was designed by IBM, verified by NSA and published by the National Bureau of Standards as a US Federal Information Processing Standard (FIPS) in 1977. The algorithm itself was fully public but the complete design criteria were only revealed by Coppersmith in 1994. He states that the IBM team was aware of differential cryptanalysis; the DES S-boxes are chosen to satisfy eight design criteria in order to resist this powerful attack. In their 1982 book, Meyer and Matyas state that the DES S-boxes were chosen so that they can be implemented with a minimum number of logic circuits. They mention that for an early design, in which not all of the design criteria are satisfied, the number of minterms varies between 40 and 48. However, for the final design the number of minterms is either 52 or 53, which is the smallest possible number that satisfies all the design criteria. Our research attempts to validate the IBM claims by generating a large number of candidate DES S-boxes satisfying specific criteria and by evaluating their number of minterms.
    Original languageEnglish
    Title of host publication34th WIC Symposium on Information Theory in the Benelux and the 3rd Joint WIC/IEEE Symposium on Information Theory and Signal Processing in the Benelux 2013
    Subtitle of host publicationLeuven, Belgium, May 30–31, 2013
    EditorsSofie Pollin, Liesbet Van der Perre, Annemie Stas
    PublisherWerkgemeenschap voor Informatie- en Communicatietheorie (WIC)
    Number of pages7
    ISBN (Print)978-90-365-0000-5, 9781627487375
    Publication statusPublished - 2013
    Event34th WIC Symposium on Information Theory in the Benelux 2013 - Leuven, Belgium
    Duration: 30 May 201331 May 2013
    Conference number: 34


    Conference34th WIC Symposium on Information Theory in the Benelux 2013


    • EWI-24464
    • METIS-302704
    • IR-89340
    • DES
    • S-box
    • Minterm
    • Differential cryptanalysis


    Dive into the research topics of 'Extended Analysis of DES S-boxes'. Together they form a unique fingerprint.

    Cite this