Bitsliced Implementation of Non-Algebraic 8×8 Cryptographic S-Boxes Using ×86-64 Processor SIMD Instructions

Abstract

The article is devoted to software bitsliced implementation of randomly generated <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$8\times 8$ </tex-math></inline-formula> S-Box block ciphers, focused on the use of logical SIMD instructions from the SSE, AVX and AVX-512 extensions in ×86-64 processors. A heuristic algorithm for minimizing non-algebraic S-Boxes in three logical bases is proposed: universal—based on logical instructions AND, OR, XOR, NOT, which allows implementation on any 8/16/32/ 64-bit processors; extended—based on the instructions AND, OR, XOR, NOT, AND-NOT, which allows implementation on ×86-64 processors; ternary—based on ternary logic instructions, for implementation on ×86-64 processors with AVX-512 support. On average, bitsliced representations of non-algebraic S-Boxes in these logical bases require 400/380/200 logical instructions, respectively. The performance of bitsliced implementations of the S-Box cipher “Kalyna” using logical instructions SSE/AVX/ AVX-512 for the Intel Xeon Skylake-SP processor was measured. A fast alternative—non-bitsliced approach to the bytesliced SubBytes operation based on the AVX-512VBMI extension, resistant to timing and cache attacks—is proposed.