A Quantitative Security Analysis of S-boxes in the NIST Lightweight Cryptography Finalists

Lightweight cryptography was primarily inspired by the design criteria of symmetric cryptography. It plays a vital role in ensuring the security, privacy, and reliability of microelectronic devices without compromising the overall functionality and efficiency. However, the increasingly platform specific design requirements prompted the development of a standard lightweight algorithm. In 2017, NIST put forward security requirements for a standard lightweight scheme - security strength of at least 112 bits against known cryptanalysis attacks, mitigation against side channel and fault injection attacks, and implementation efficiency. After three rounds of review, ASCON was crowned as the winner of the competition. Evaluating the individual components used in any cryptographic algorithm is an important step in the verification of security claims. A fundamental component used to ensure Shannon's property of confusion in cryptographic primitives is an S-box. Hence, the quality of an S-box is a significant contributing factor in the security strength of a cipher. In this paper, we evaluate the S-boxes of 6 NIST LWC competition finalists based on well-known cryptographic properties, and comment on how the results reflect upon NIST security requirements. Our findings have revealed that these S-boxes do not comply with the basic notions of avalanche, making it vulnerable to high-order sophisticated cryptanalysis.