A Faster Hardware Implementation of the AES S-box

Abstract

In this paper, we propose a very fast, yet compact, AES S-box, by applying two techniques to a composite field $GF((2^{4})^{2})$ fast AES S-box. The composite field fast S-box has three main components, namely the input transformation matrix, the inversion circuit, and the output transformation matrix. The core inversion circuit computes the multiplicative inverse over the composite field $GF((2^{4})^{2})$ and consists of three arithmetic blocks over subfield $GF(2^{{4}})$ , namely exponentiation, subfield inverter, and output multipliers. For the first technique, we consider multiplication of the input of the composite field fast S-box by 255 nonzero 8-bit binary field elements. The multiplication constant increases the variety of the input and output transformation matrices of the S-box by a factor of 255, hence increasing the search space of the logic minimization algorithm correspondingly. For the second technique, we reduce the delay of the composite field fast S-box, by combining the output multipliers and the output transformation matrix. Moreover, we modify the architecture of the input transformation matrix and re-design the exponentiation block and the subfield inverter for lower delay and area. We find that 8 unique binary transformation matrices could be used to change from the binary field $GF(2^{8})$ to the composite field $GF(({2}^{{4}})^{2})$ at the input of the composite field S-box. We use Matla $\mathbf{b}$ ® to derive all $(255\times 8=2040)$ new input transformation matrices. We search the matrices for the fastest and lowest complexity implementation and the minimal one is selected for the proposed fast S-box. The proposed fast S-box is 24% faster (with 5% increase in area) than the composite field fast design and 10% faster (with about 1% increase in area) than the fastest S-box available in the literature, to the best of our knowledge.