I’m working on a computer science multi-part question and need an explanation and answer to help me learn.

Figure 1 shows a simple 3-round substitution (SPN) cipher that operates on 8-bit blocks. The 8-bit plaintext block P is XOR-ed bitwise with the 8-bit K1 before entering the first two S-boxes.

Figure 2 shows the S-box that is used and it is only used in the first two rounds, the third round doesn’t use any permutation but is instead XOR’ed bitwise with K4 to create ciphertext C.

The permutation part of the first two rounds is as shown in Figure 1. The final (third) round does not implement any permutation; the outputs from the final round S-boxes are simply XOR-ed bitwise with the key K4 to produce ciphertext C .

1) Use Differential Cryptanalysis to recover the final round key K4. You should:

i. develop one or more suitable 2-round differential approximations involving bits of the plaintexts P and bits of intermediate ciphertexts U3 (as shown in Figure 1).

ii. indicate any active S-boxes in your approximations and their biases. Indicate any tables (or other sources) you have used to calculate the biases

iii. give the absolute value of the bias of any 2-round approximation derived above and show how all such biases were calculated.

iv. Explain your specific choice of approximations.

The above allows for using two approximations: one that targets the first four bits of K4 and one that targets the second four bits of K4. It also allows for the use of a single approximation that targets all 8 bits of the key K4.

The 256 plaintext-ciphertext PC pair was generated using the 3-round cipher and 4 secret keys (k1,k2,k3,k4) and are given in the PtoC.txt. The plaintext and ciphertext are given as integers and have normal binary interpretation. For example the integer 4 would equal the 8-bit block 00000010.