Abstract
Cryptographically strong functions used as S-boxes in block cyphers are fundamental for the cypher’s security. Their representation as lookup tables is possible for functions of small dimension. For larger dimensions, this is infeasible, especially if resources are limited. An alternative is representing the function as a polynomial over a finite field, and constructing a circuit evaluating this polynomial. We study how the choice of primitive polynomial affects the efficiency of hardware implementations. We take Dillon’s permutation on 6 bits (the only known permutation in even dimension from the cryptographically optimal Almost Perfect Nonlinear functions) as a relevant example, and present hardware architectures, polynomial representations and hardware theoretical complexities for all primitive polynomials of degree six. To compare the efficiency, we report on results obtained from FPGA (Field Programmable Gate Array) implementations. To the best of our knowledge, no similar study has been given in the literature. We observe that using the primitive trinomial y6+y+1 reduces the number of 2-input XOR gates up to 11.7% and the number of XOR gates × Delay metrics up to 13.2% with respect to the worst-case implementation. Therefore, the choice of primitive polynomial can profoundly impact the efficiency of such an implementation, and should be carefully considered.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
