An S-box does a substitution for one value to another using a lookup table. We can then have a reverse S-box which will map the substitution back to the original value.
Inverse S-boxes with Sage |
Theory
An S-box does a substitution for one value to another using a lookup table. We can then have a reverse S-box which will map the substitution back to the original value:
Let's say we have an eight element S-box:
S-Box= [0, 1, 3, 6, 7, 4, 5, 2]
The inverse of this gives:
Inverse S-Box= (0, 1, 7, 2, 5, 6, 3, 4)
If we try, a data value of \(d=2\):
2 | 0 1 3 6 7 4 5 2
Thus for an input of 2, we get an output of 3. We now need to reverse this, so the value of 3 goes in:
3 | 0 1 7 2 5 6 3 4
And so we get an output value of 2, and thus have reversed the operation. If we try and input of 5, we get:
5 | 0 1 3 6 7 4 5 2
The output value is 4. Now we need to reverse back and use the inverse S-box:
4 | 0 1 7 2 5 6 3 4
And do we get a value of 5 back again.
Coding
The code used is:
import sys from sage.crypto.sbox import SBox str=sys.argv[1] a=eval(str.split(";")[2]) try: S = SBox(a) Sinv = S.inverse() print ("S-Box=",a) print ("\n\nReverse S-Box") print ("Inverse S-Box=",Sinv) except TypeError as error: print("Error: ",error)
And a sample run:
S-Box= [0, 1, 3, 6, 7, 4, 5, 2] Reverse S-Box Inverse S-Box= (0, 1, 7, 2, 5, 6, 3, 4)
and:
... S-Box= [0, 1, 3, 6, 7, 4, 5, 1] Error: S-Box must be a permutation
and:
S-Box= [0, 1, 3, 6, 7, 4, 5, 2, 3] Error: Lookup table length is not a power of 2