# Securing IoT Devices against Differential-Linear (DL) Attack Used on Serpent Algorithm

^{*}

## Abstract

**:**

## 1. Introduction

#### 1.1. Serpent Algorithm

- 1.
- Initial Permutation denoted by $IP$. The function of $IP$ is to rearrange an original order of the plaintext before the encryption process using Equation (1) where $OriginalPlaintext$ is the input of $IP$. A symbol of $"*"$ is a multiplication operator. $OutputIP$ is an output of $IP$, and $mod\left(127\right)$ is a mathematical modulus of 127. Refer to Equation (1).$$\begin{array}{c}\hfill OutputIP=(OriginalPlaintext\ast 32)mod\left(127\right)\end{array}$$
- 2.
- Serpent has a 32-round function composed of subkeys (key mixing), eight S-Boxes, and a linear transformation. The 32-round function is mathematically explained by a mathematical expression provided in Figure 2.
- 3.
- Serpent has final permutation $I{P}^{-1}$ function, which is an inverse of initial permutation $IP$.

#### 1.2. Differential-Linear Attack

#### 1.3. The Magic Number

#### 1.4. Objective of the Study

#### 1.5. The Numerous DL Attacks on Serpent Algorithm

## 2. Problem Statement

## 3. Literature Review

## 4. Research Methodology

- 1.
- Serpent was collected from IoT devices (such as smart cards, sensors, and 8-bit processors).
- 2.
- The correctness of Serpent was checked and tested by using test vectors given by Serpent developers’ reports.
- 3.
- All the implemented procedures on Serpent during the process of DL attacks were tested and analyzed using C++.
- 4.
- All the original 4-bit output S-Boxes of Serpent were replaced by the newly generated 32-bit output S-Boxes.
- 5.
- Three magic numbers were used to generate a new function called Blocker inserted in Serpent infrastructure using C++ implementation. Refer to Figure 1.
- 6.
- All functions retrieving S-Boxes of 4-bits output from original Serpent were changed to retrieve a Blocker Function with 32-bit output S-Boxes. Let us examine the following example.$$Output={S}_{i}\left(x\right)$$
- 7.
- The possibility for DL attacks was verified with respect to whether it was still successful after new S-Boxes and Blocker had been applied or inserted. If it was still possible, steps three and four are repeated.
- 8.
- If a DL attack was blocked on steps three, four, and five, then a new algorithm inserted with new 32-bit output S-Boxes and Blocker was accepted as a Magic Serpent (Mag_Serpent). As a result, Mag_Serpent was found to be resistant to DL attacks.

#### 4.1. A Blocker Function

- 1.
- The output of a Blocker Function is not fixed unlike in S-Boxes where a look-up table is implemented with defined inputs and outputs.
- 2.
- The output of a Blocker Function is secreted and calculated unlike in the Serpent S-Boxes where the output is remarkable on a look-up table.
- 3.
- A Blocker Function is inevitable. If one recognizes an output of a Blocker Function that does not signify an input, it can be reversely estimated and retrieved. The intention is that a Blocker Function is composed of several quantities of random numbers and XOR operators.
- 4.
- Chosen magic numbers (such as P, Q, and M) used in a Blocker Function are unfactorizable. Refer to Figure 1.
- 5.
- All functions appropriated to comprise a Blocker Function are non-linear.
- 6.
- The input of a Blocker Function is 32-bit long, and the intruder cannot easily create the DLCT of ${2}^{32}$ using a computer or any processor since a lot of memory is required.
- 7.
- A Blocker Function acquires the output of 32-bit S-Boxes and manipulates them as its input. Then, an outstanding output value is produced in order to be utilized in the Magic Serpent algorithm. A new distinct output value is unpredictable; hence, it confuses the intruders.
- 8.
- The output of 32-bit S-Boxes is determined as $state32hold$. A Blocker Function receives this output as its input and returns an unpredictable variable called $statehold$. Refer to Figure 1.
- 9.
- After executing a Blocker Function, all functions in the Serpent algorithm recalling S-Boxes have to identify or employ a Blocker Function because S-Boxes are mathematically preserved and unalterable in a Blocker Function.
- 10.
- A Blocker Function provides tamper-proof 32-bit output S-Boxes. Let us suppose that the positions of 32-bit output S-Boxes are altered or the 32-bit S-Boxes are displaced. In that case, Mag_Serpent will not produce the anticipated results.

#### 4.2. Experimental Confirmation of DL Attack on Serpent

- 1.
- Dunkelman et al. [19] selected $N={2}^{123.5}$ plaintexts that consisted of ${2}^{11.5}$ structures, and each was selected by choosing the following: (a) an abitaray plaintext ${P}_{0}$; (b) the plaintexts ${P}_{1}$, …, P${}_{{2}^{112}-1}$, which differed from ${P}_{0}$ by all the ${2}^{112}-1$ possibilities of non-empty subsets of the bits which were used as inputs of all S-Boxes except 2, 3, 19, and 23 in round zero [19].
- 2.
- Dunkelman et al. [19] requested the cipher texts of the encrypted plaintext structures by using the private unknown key K. 3. For every input 112-bit of ${K}_{0}$ value using those 28 S-Boxes, partly encrypted all the plaintexts in the first round and utilize the original 11-round DL attack on Serpent [19].
- 3.
- Each experimental key revealed and provided Dunkelman et al. [19] 112 + 20 + 28 = 160-bit subkeys: 112-bit of round 0; 20-bit of round 1; and 28-bit of round 11, simultaneously with an accuracy test [19]. The accurate estimation of the 160-bit was anticipated to be the typical and frequently expected value with the appearance of more than $84\%$ completion rate [19].
- 4.
- The remainder of the key bits were retrieved by supplemental techniques [19].

#### 4.3. Experimental Contribution of DL Attack on a Newly Generated Mag_Serpent

## 5. Results and Analysis

## 6. Conclusions and Future Work

## Funding

## Data Availability Statement

## Conflicts of Interest

## Appendix A

## References

- Wiemer, F. Security Arguments and Tool-Based Design of Block Ciphers; Faculty of Mathematics at Ruhr-Universität Bochum, ICAR: New Delhi, India, 2019; pp. 1–188. Available online: https://hss-opus.ub.rub.de/opus4/frontdoor/index/index/docId/7044 (accessed on 23 November 2021).
- Martin, C.R. Smells and Heuristics–G25 Replace Magic Numbers with Named Constants; Prentice Hall: Boston, MA, USA, 2020; p. 300. [Google Scholar]
- Blog, IoT, Technology. Why Is the Internet of Things Important to Our Everyday Lives? 2019, pp. 1–8. Available online: https://mojix.com/internet-of-things-everyday-lives/ (accessed on 23 November 2021).
- Ziegeldorf, J.H.; Morchon, O.G.; Wehrle, K. Privacy in the Internet of Things: Threats and Challenges. Commun. Distrib. Syst.
**2021**, 7, 1–14. [Google Scholar] [CrossRef] - OECD Digital Economy Policy Papers. The Internet of Things Seizing the Brnefits and Addressing the Challanges; OECD: Paris, France, 2016; pp. 1–57. [Google Scholar]
- Bar-On, A.; Dunkelman, O.; Keller, N.; Weizman, A. DLCT: A New Tool for Differential-Linear Cryptanalysis. Lect. Notes Comput. Sci.
**2019**, 11476, 313–342. [Google Scholar] - Canteaut, A.; Kölsch, L.; Wiemer, F. Observations on the DLCT and Absolute Indicators. In Proceedings of the ICAR, Belo Horizonte, Brazil, 2–6 December 2019; pp. 1–18. [Google Scholar]
- Hosseinkhani, R.; Javadi, H.H.S. Using Cipher Key to Generate Dynamic S-Box in AES Cipher System. Int. J. Comput. Sci. Secur.
**2012**, 6, 19–28. [Google Scholar] - Anderson, R.; Biham, E.; Knudsen, L. The Case for Serpent. Case Study. 2012, pp. 1–5. Available online: https://sid.ethz.ch/debian/rja14-papers/serpentcase.pdf (accessed on 23 November 2021).
- Najafi, B.; Sadeghian, B.; Zamani, M.S.; Valizadeh, A. High Speed Implementation of Serpent Algorithm. In Proceedings of the 16th International Conference on Microelectronics, Tunis, Tunisia, 6–8 December 2004; pp. 718–721. [Google Scholar]
- Maguire, J. Bjarne Stroustrup on Educating Software Developers. Datamation. 2018. Available online: https://www.datamation.com/trends/bjarne-stroustrup-on-educating-software-developers/ (accessed on 23 November 2021).
- Anderson, R.; Biham, E.; Knudsen, L. Serpent and Smartcards; Cambridge University: Cambridge, UK, 2021; pp. 1–8. [Google Scholar]
- Compton, K.J.; Timm, B.; Laven, J.V. A Simple Power Analysis Attack on the Serpent Key Schedule. IACR Cryptol. ePrint Arch.
**2009**, 2009, 473. [Google Scholar] - Biham, E.; Anderson, R.; Knudsen, L. Serpent: A New Block Cipher Proposal. In Fast Software Encryption; Springer: Berlin/Heidelberg, Germany, 1998; pp. 222–238. [Google Scholar]
- Rajesh, S.; Paul, V.; Menon, V.G.; Khosravi, M.R. A Secure and Efficient Lightweight Symmetric Encryption Scheme for Transfer of Text Files between Embedded IoT Devices. Symmetry
**2019**, 11, 293. [Google Scholar] [CrossRef] [Green Version] - Muthavhine, K.D.; Sumbwanyambe, M. An Analysis and a Comparative Study of Cryptographic Algorithms Used on the Internet of Things (IoT) Based on Avalanche Effect; University of South Africa: Pretoria, South Africa, 2018; pp. 1–184. [Google Scholar]
- Sehrawat, D.; Gill, N.S. Lightweight Block Ciphers for IoT based applications: A Review. Int. J. Appl. Eng. Res.
**2018**, 13, 2258–2270. [Google Scholar] - Tezcan, C.; Ozbudak, F. Differential Factors: Improved Attacks on Serpent. In International Workshop on Lightweight Cryptography for Security and Privacy; Springer: Cham, Switzerland, 2021; pp. 1–18. [Google Scholar]
- Dunkelman, O.; Indesteege, S.; Keller, N. A Differential-Linear Attack on 12-Round Serpent. In Proceedings of the International Conference on Cryptology in India, Kharagpur, India, 14–17 December 2008; pp. 308–321. [Google Scholar]
- Biham, E.; Dunkelman, O.; Keller, N. Linear Cryptanalysis of Reduced Round Serpent. In Fast Software Encryption; Springer: Berlin/Heidelberg, Germany, 2001; pp. 1–12. [Google Scholar]
- Subandi, A.; Lydia, M.S.; Sembiring, R.W. Analysis of RC6-Lite Implementation for Data Encryption. Scitepress. 2021, pp. 42–47. Available online: https://www.scitepress.org/Papers/2018/100375/100375.pdf (accessed on 23 November 2021).
- Sanap, S.D.; More, V. Performance Analysis of Encryption Techniques Based on Avalanche effect and Strict Avalanche Criterion. In Proceedings of the 2021 3rd International Conference on Signal Processing and Communication (ICPSC), Kumamoto, Japan, 22–24 July 2021; pp. 676–679. [Google Scholar]

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathit{0}}\left(\mathit{X}\right)$ | 3 | 8 | F | 1 | A | 6 | 5 | B | E | D | 4 | 2 | 7 | 0 | 9 | C |

${\mathit{InvS}}_{\mathbf{0}}\left(\mathit{X}\right)$ | D | 3 | B | 0 | A | 6 | 5 | C | 1 | 4 | 4 | 7 | F | 9 | 8 | 2 |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{1}}\left(\mathit{X}\right)$ | F | C | 2 | 7 | 9 | 0 | 5 | A | 1 | B | E | 8 | 6 | D | 3 | 4 |

${\mathit{InvS}}_{\mathbf{1}}\left(\mathit{X}\right)$ | 5 | 8 | 2 | E | F | 6 | C | 3 | B | 4 | 7 | 9 | 1 | D | A | 0 |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{2}}\left(\mathit{X}\right)$ | 8 | 6 | 7 | 9 | 3 | C | A | E | C | 1 | E | 4 | 0 | B | 5 | 2 |

${\mathit{InvS}}_{\mathbf{2}}\left(\mathit{X}\right)$ | C | 9 | F | 4 | B | C | 1 | 2 | 0 | 3 | 6 | D | 5 | 8 | A | 7 |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{3}}\left(\mathit{X}\right)$ | 0 | F | B | 8 | C | 9 | 6 | 3 | D | 1 | 2 | 4 | A | 7 | 5 | E |

${\mathit{InvS}}_{\mathbf{3}}\left(\mathit{X}\right)$ | 0 | 9 | A | 7 | B | E | 6 | D | 3 | 5 | B | 2 | 4 | 8 | F | 1 |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{4}}\left(\mathit{X}\right)$ | 1 | F | 8 | 3 | C | 0 | B | 6 | 2 | 5 | 4 | A | 9 | E | 7 | D |

${\mathit{InvS}}_{\mathbf{4}}\left(\mathit{X}\right)$ | 5 | 0 | 8 | 3 | A | 9 | 7 | E | 2 | C | B | 6 | 4 | F | D | 1 |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{5}}\left(\mathit{X}\right)$ | F | 5 | 2 | B | 4 | A | 9 | C | 0 | 3 | E | 8 | D | 6 | 7 | 1 |

${\mathit{InvS}}_{\mathbf{5}}\left(\mathit{X}\right)$ | 8 | F | 2 | 9 | 4 | 1 | D | E | B | 6 | 5 | 3 | 7 | C | B | 0 |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{6}}\left(\mathit{X}\right)$ | 7 | 2 | C | 5 | 8 | 4 | 6 | B | E | 9 | 1 | F | D | 3 | A | 0 |

${\mathit{InvS}}_{\mathbf{6}}\left(\mathit{X}\right)$ | F | A | 1 | D | 5 | 3 | 6 | 0 | 4 | 9 | E | 7 | 2 | C | 8 | B |

X | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

${\mathit{S}}_{\mathbf{7}}\left(\mathit{X}\right)$ | 1 | C | F | 0 | E | 8 | 2 | B | 7 | 4 | C | A | 9 | 3 | 5 | 6 |

${\mathit{InvS}}_{\mathbf{7}}\left(\mathit{X}\right)$ | 3 | 0 | 6 | D | 9 | E | F | 8 | 5 | C | B | 7 | A | 1 | 4 | 2 |

$\mathit{\Delta}$∖$\mathit{\lambda}$ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

0 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 | 8 |

1 | 8 | 0 | $-4$ | 0 | $-4$ | $-4$ | 0 | 4 | 0 | $-4$ | 0 | 0 | 0 | 4 | 0 | 0 |

2 | 8 | 0 | 0 | 0 | $-4$ | 0 | 0 | $-4$ | $-8$ | 0 | 0 | 0 | 4 | 0 | 0 | 4 |

3 | 8 | $-4$ | 0 | 0 | 4 | $-4$ | 0 | $-4$ | 0 | 0 | $-4$ | 0 | 0 | 4 | 0 | 0 |

4 | 8 | 0 | 0 | $-8$ | 0 | 0 | 0 | 0 | $-8$ | 0 | 0 | 8 | 0 | 0 | 0 | 0 |

5 | 8 | 4 | 0 | 0 | 0 | 0 | $-4$ | 0 | 0 | 0 | 4 | 0 | $-4$ | 0 | $-4$ | $-4$ |

6 | 8 | $-4$ | $-4$ | 0 | 0 | 0 | 0 | 0 | 8 | $-4$ | $-4$ | 0 | 0 | 0 | 0 | 0 |

7 | 8 | 0 | 4 | 0 | 0 | 0 | $-4$ | 0 | 0 | 4 | 0 | 0 | $-4$ | 0 | $-4$ | $-4$ |

8 | 8 | $-4$ | 0 | 0 | $-4$ | 0 | $-4$ | 4 | 0 | 0 | $-4$ | 0 | 0 | 0 | 4 | 0 |

9 | 8 | 0 | 0 | $-8$ | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |

A | 8 | 0 | $-4$ | 0 | 4 | 0 | $-4$ | $-4$ | 0 | $-4$ | 0 | 0 | 0 | 0 | 4 | 0 |

B | 8 | 0 | 0 | 0 | $-4$ | 0 | 0 | $-4$ | 0 | 0 | 0 | $-8$ | 4 | 0 | 0 | 4 |

C | 8 | 0 | 4 | 0 | 0 | $-4$ | 0 | 0 | 0 | 4 | 0 | 0 | $-4$ | $-4$ | 0 | $-4$ |

D | 8 | $-4$ | $-4$ | 8 | 0 | 4 | 4 | 0 | 0 | $-4$ | $-4$ | 0 | 0 | $-4$ | $-4$ | 0 |

E | 8 | 4 | 0 | 0 | 0 | $-4$ | 0 | 0 | 0 | 0 | 4 | 0 | $-4$ | $-4$ | 0 | $-4$ |

F | 8 | 0 | 0 | 0 | 0 | 4 | 4 | 0 | 0 | 0 | 0 | $-8$ | 0 | $-4$ | $-4$ | 0 |

**Table 10.**New generated 32-bit output S-Box to replace Table 1.

X | ${\mathit{S}}_{0}\left(\mathit{X}\right)$ | ${\mathrm{InvS}}_{0}\left(X\right)$ |
---|---|---|

0 | 411264f80 | 411264f80 |

1 | 91377da1f | 10fc22f87 |

2 | 1016b6cf64 | 7128a6f79 |

3 | 21038e4da | e15c964be |

4 | b146544c5 | a13ee8f72 |

5 | 7128a6f79 | f16401a11 |

6 | 61213ba26 | 1016b6cf64 |

7 | c14dbfa18 | 91377da1f |

8 | f16401a11 | 61213ba26 |

9 | e15c964be | d1552af6b |

A | 5119d04d3 | c14dbfa18 |

B | 310af9a2d | 8130124cc |

C | 8130124cc | b146544c5 |

D | 10fc22f87 | 21038e4da |

E | a13ee8f72 | 5119d04d3 |

F | d1552af6b | 310af9a2d |

**Table 11.**New generated 32-bit output S-Box to replace Table 2.

X | ${\mathit{S}}_{1}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{1}\left(\mathit{X}\right)$ |
---|---|---|

0 | 1016b6cf64 | 1016b6cf64 |

1 | d1552af6b | b146544c5 |

2 | 310af9a2d | 21038e4da |

3 | 8130124cc | e15c964be |

4 | a13ee8f72 | 61213ba26 |

5 | 10fc22f87 | 411264f80 |

6 | 61213ba26 | 7128a6f79 |

7 | b146544c5 | 10fc22f87 |

8 | 21038e4da | 5119d04d3 |

9 | c14dbfa18 | a13ee8f72 |

A | f16401a11 | f16401a11 |

B | 91377da1f | 8130124cc |

C | 7128a6f79 | 310af9a2d |

D | e15c964be | d1552af6b |

E | 411264f80 | 91377da1f |

F | 5119d04d3 | c14dbfa18 |

**Table 12.**New generated 32-bit output S-Box to replace Table 3.

X | ${\mathit{S}}_{2}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{2}\left(\mathit{X}\right)$ |
---|---|---|

0 | 91377da1f | 91377da1f |

1 | 7128a6f79 | 1016b6cf64 |

2 | 8130124cc | 310af9a2d |

3 | a13ee8f72 | a13ee8f72 |

4 | 411264f80 | 5119d04d3 |

5 | d1552af6b | 21038e4da |

6 | b146544c5 | e15c964be |

7 | 1016b6cf64 | f16401a11 |

8 | e15c964be | c14dbfa18 |

9 | 21038e4da | 7128a6f79 |

A | f16401a11 | 61213ba26 |

B | 5119d04d3 | 411264f80 |

C | 10fc22f87 | 8130124cc |

D | c14dbfa18 | d1552af6b |

E | 61213ba26 | b146544c5 |

F | 310af9a2d | 10fc22f87 |

**Table 13.**New generated 32-bit output S-Box to replace Table 4.

X | ${\mathit{S}}_{3}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{3}\left(\mathit{X}\right)$ |
---|---|---|

0 | 10fc22f87 | 61213ba26 |

1 | 1016b6cf64 | 10fc22f87 |

2 | c14dbfa18 | 91377da1f |

3 | 91377da1f | 411264f80 |

4 | d1552af6b | b146544c5 |

5 | a13ee8f72 | a13ee8f72 |

6 | 7128a6f79 | 8130124cc |

7 | 411264f80 | f16401a11 |

8 | e15c964be | 310af9a2d |

9 | 21038e4da | d1552af6b |

A | 310af9a2d | c14dbfa18 |

B | 5119d04d3 | 7128a6f79 |

C | b146544c5 | 5119d04d3 |

D | 8130124cc | 1016b6cf64 |

E | 61213ba26 | e15c964be |

F | f16401a11 | 21038e4da |

**Table 14.**New generated 32-bit output S-Box to replace Table 5.

X | ${\mathit{S}}_{4}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{4}\left(\mathit{X}\right)$ |
---|---|---|

0 | 21038e4da | 10fc22f87 |

1 | 1016b6cf64 | a13ee8f72 |

2 | 91377da1f | b146544c5 |

3 | 411264f80 | 8130124cc |

4 | d1552af6b | c14dbfa18 |

5 | 10fc22f87 | f16401a11 |

6 | c14dbfa18 | 7128a6f79 |

7 | 7128a6f79 | e15c964be |

8 | 310af9a2d | 411264f80 |

9 | 61213ba26 | 61213ba26 |

A | 5119d04d3 | d1552af6b |

B | b146544c5 | 310af9a2d |

C | a13ee8f72 | 5119d04d3 |

D | f16401a11 | 91377da1f |

E | 8130124cc | 1016b6cf64 |

F | e15c964be | 21038e4da |

**Table 15.**New generated 32-bit output S-Box to replace Table 6.

X | ${\mathit{S}}_{5}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{5}\left(\mathit{X}\right)$ |
---|---|---|

0 | 1016b6cf64 | 1552af6b |

1 | 61213ba26 | a13ee8f72 |

2 | 310af9a2d | 1016b6cf64 |

3 | c14dbfa18 | 5119d04d3 |

4 | 5119d04d3 | c14dbfa18 |

5 | b146544c5 | f16401a11 |

6 | a13ee8f72 | 21038e4da |

7 | d1552af6b | 310af9a2d |

8 | 10fc22f87 | 10fc22f87 |

9 | 411264f80 | 411264f80 |

A | f16401a11 | 7128a6f79 |

B | 91377da1f | e15c964be |

C | e15c964be | 61213ba26 |

D | 7128a6f79 | 91377da1f |

E | 8130124cc | b146544c5 |

F | 21038e4da | 8130124cc |

**Table 16.**New generated 32-bit output S-Box to replace Table 7.

X | ${\mathit{S}}_{6}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{6}\left(\mathit{X}\right)$ |
---|---|---|

0 | 8130124cc | 61213ba26 |

1 | 310af9a2d | 91377da1f |

2 | d1552af6b | 310af9a2d |

3 | 61213ba26 | f16401a11 |

4 | 91377da1f | 1016b6cf64 |

5 | 5119d04d3 | 7128a6f79 |

6 | 7128a6f79 | d1552af6b |

7 | c14dbfa18 | 411264f80 |

8 | f16401a11 | c14dbfa18 |

9 | a13ee8f72 | 5119d04d3 |

A | 21038e4da | 8130124cc |

B | 1016b6cf64 | a13ee8f72 |

C | e15c964be | 21038e4da |

D | 411264f80 | e15c964be |

E | b146544c5 | b146544c5 |

F | 10fc22f87 | 10fc22f87 |

**Table 17.**New Generated 32-bit output S-Box to replace Table 8.

X | ${\mathit{S}}_{7}\left(\mathit{X}\right)$ | ${\mathit{InvS}}_{7}\left(\mathit{X}\right)$ |
---|---|---|

0 | 21038e4da | e15c964be |

1 | e15c964be | 411264f80 |

2 | 1016b6cf64 | c14dbfa18 |

3 | 10fc22f87 | 10fc22f87 |

4 | f16401a11 | b146544c5 |

5 | 91377da1f | 7128a6f79 |

6 | 310af9a2d | 61213ba26 |

7 | c14dbfa18 | d1552af6b |

8 | 8130124cc | 21038e4da |

9 | 5119d04d3 | f16401a11 |

A | d1552af6b | 5119d04d3 |

B | b146544c5 | 8130124cc |

C | a13ee8f72 | 1016b6cf64 |

D | 411264f80 | a13ee8f72 |

E | 61213ba26 | 91377da1f |

F | 7128a6f79 | 310af9a2d |

Name of Algorithm | Time Complexity | Data Complexity | Rounds Attacked |
---|---|---|---|

Serpent | ${2}^{115.5}$ | ${2}^{101.2}$ | 10 |

Serpent | ${2}^{231.7}$ | ${2}^{249.4}$ | 11 |

Mag_Serpent | ∞ | ∞ | 0 |

**Table 19.**Results of feasibility of constructing DLCT before and after 32-bit output S-Boxes and Blocker were applied.

Name of Algorithms | Before 32-Bit Output S-Boxes and Blocker Were Applied | After 32-Bit Output S-Boxes and Blocker Were Applied |
---|---|---|

Serpent | Construction of DLCT was feasible | Construction of DLCT was infeasible due to the requirement of memory |

Name of Algorithms | Before 32-Bit Output S-Boxes and Blocker Were Applied | After 32-Bit Output S-Boxes and Blocker Were Applied |
---|---|---|

Serpent | The key was revealed in all rounds | No discovery of a key was found since no DLCT, no DL attack |

Name of Algorithm | Key Avalanche Effect in Percentage | Plaintext Avalanche Effect in Percentage |
---|---|---|

Serpent | 49.8657 | 50.3842 |

Mag_Serpent | 50.5340 | 49.7985 |

Name of Algorithm | Memory Required in Bytes |
---|---|

Serpent | 11,181 |

Mag_Serpent | 13,206 |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Muthavhine, K.; Sumbwanyambe, M.
Securing IoT Devices against Differential-Linear (DL) Attack Used on Serpent Algorithm. *Future Internet* **2022**, *14*, 55.
https://doi.org/10.3390/fi14020055

**AMA Style**

Muthavhine K, Sumbwanyambe M.
Securing IoT Devices against Differential-Linear (DL) Attack Used on Serpent Algorithm. *Future Internet*. 2022; 14(2):55.
https://doi.org/10.3390/fi14020055

**Chicago/Turabian Style**

Muthavhine, Khumbelo, and Mbuyu Sumbwanyambe.
2022. "Securing IoT Devices against Differential-Linear (DL) Attack Used on Serpent Algorithm" *Future Internet* 14, no. 2: 55.
https://doi.org/10.3390/fi14020055