Detection of weak s-boxes in block-ciphers by means of statistical testing

Employment of non-linear permutations (s-Boxes) is central to the security of block ciphers. On the other hand, statistical testing (for randomness) is an essential tool for the evaluation of ciphers, included in all recognized batteries-of-tests. Statistical tests however examine ciphers as a “whole”; consequently, the contributions of individual building blocks of the cipher in the overall performance are difficult to trace back to their “origins”. In particular, it is an open question, whether the existence of redundant s-Boxes i.e. the ones with negligible contribution to the performance of the cipher, can be detected by means of statistical testing all alone. The aim of our work is to estimate the confidence that redundant s-Boxes will be detected, when exclusive use of statistical tests is made. More specifically, we applied the so-called “Crypt-X´98” suite on a suitably modified version of the “Serpent” cipher (finalist, AES). Our modifications on “Serpent” were limited to the choice of s-Boxes and the count of encryption-rounds. We took into consideration the four most important randomness-criteria and three encryption-modes. We prove that the security of a cipher cannot be fully characterized by means of randomness-testing.