LAUSR

The substitution box (S-box) is one of the major components of cryptographic algorithms. An important issue for cryptographic algorithm designers in ensuring sufficient security from linear cryptanalysis, one of the most powerful attacks, is finding an S-box with a sufficiently low linear spectrum. However, to the best of our knowledge, most of the published S-box analysis tools cannot generate linear approximation tables for large S-boxes, such as 16-bit S-boxes. Even tools that support the generation of 16-bit linear approximation tables using parallel processing, such as Eval16BitSbox, require a long time. We used bitslice, which can efficiently process bitwise operations in parallel by taking advantage of independent operations, for generating a linear approximation table. In this study, the linear approximation table generation method implemented using the element unit operation of the existing S-box was upgraded to a $vector$ unit operation in a bitslice manner. This improved method enabled the immediate creation of tables, even for 16-bit S-boxes. This approach allows cryptographic algorithm designers to consider a wider variety of S-boxes.