Pitfalls in Designing Substitution Boxes

Two signi cant recent advances in cryptanalysis namely the di erential attack put for ward by Biham and Shamir and the linear attack by Matsui have had devastating impact on data encryption algorithms An eminent problem that researchers are facing is to design S boxes or substitution boxes so that an encryption algorithm that employs the S boxes is immune to the attacks In this paper we present evidence indicating that there are many pitfalls on the road to achieve the goal In particular we show that certain types of S boxes which are seemly very appealing do not exist We also show that contrary to previous per ception techniques such as chopping or repeating permutations do not yield cryptographically strong S boxes In addition we reveal an important combinatorial structure associated with certain quadratic permutations namely the di erence distribution table of each di erentially uniform quadratic permutation embodies a Hadamard matrix As an application of this result we show that chopping a di erentially uniform quadratic permutation results in an S box that is very prone to the di erential cryptanalytic attack