The s-boxes in ZUC doesn't seems to be optimal,why?
Page 1 of 1
The s-boxes in ZUC doesn't seems to be optimal,why?
In ZUC, it's observed that two s-boxes doesn't seems to be optimal, and their algebraic immunity are 2. In addition, as for the s-box S0, its nonlinearity and differiential unformity are moderate. Why? One "good" s-box will help to enhance the security of the alogrithm, won't it?
ralfe- Guest
Re: The s-boxes in ZUC doesn't seems to be optimal,why?
Sure, an good sbox can help to resist against some common cryptanalysis. In the design of ZUC, the choice of sboxes doesn't only rely on security but also hardware implementation costs. In order to meet the requirement of LTE algorithm "implement one instance of the algorithm using
less than 10,000 gates" (see 3GPP TS33.105), we have to choose some cheap sboxes. The sbox S0 is the product of security and cost.
less than 10,000 gates" (see 3GPP TS33.105), we have to choose some cheap sboxes. The sbox S0 is the product of security and cost.
Xiutao Feng- Posts : 13
Join date : 2010-08-20
Re: The s-boxes in ZUC doesn't seems to be optimal,why?
on bit variables? Since the size of the sboxes is not big, it is easy to get these equations on input and output bit variables of the sboxes by means of computer program.
X. FENG- Guest
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|