[Cryptography] Stupid question on S-boxes
Henry Baker
hbaker1 at pipeline.com
Tue Jan 22 18:55:51 EST 2019
For quite a while, S-boxes have been designed to
resist linear and differential cryptography.
The problem with small S-boxes is that you need
a lot of diffusion to spread the confusion around,
and you need a number of "rounds" to achieve this.
But now that we know a lot more about how to design
S-boxes, how come we don't skip the Feistel stuff
and round iterations entirely, and simply use larger
S-boxes? I.e., if there are constructions which
build large S-boxes from smaller ones, why don't we
just do that?
More information about the cryptography
mailing list