Heuristic Method of Finding Bitsliced-description of Derivative Cryptographic S-box

Abstract

Bitsliced-approach to the implementation of block ciphers combines such advantages as potentially high performance, security, and undemanding computing resources. The main problem in the transition to the bitsliced-description of the cipher is the representation of the S-Box with the minimum number of logical operations. The well-known methods of minimizing the logical description of S-Box have several limitations, for example, they only work with small S-Boxes, slow or ineffective, which generally restrains the use of the bitsliced approach. The paper proposes a new heuristic method of bitsliced-description of arbitrary cryptographic S-Boxes and a comparison of its effectiveness with existing methods using the example of the S-Box of the DES cipher. The proposed method is focused on software implementation on the logical basis AND, OR, XOR, NOT, which allows implementation using standard logical instructions on any 8/16/32/64-bit processors. The method uses several heuristic techniques, such as fast algorithms for exhaustive search to a shallow depth, flexible planning of the search process, depth-first search, etc., which together provide high efficiency and speed. This allows us to adapt it to minimize the 8 × 8 S-Box, which is very important today for many block ciphers, in particular the domestic cipher “Kalyna”. The proposed approach to the bitsliced-description of arbitrary S-Boxes eliminates the limitations of the known methods of such a representation, which hindered the use of the bitcliced-approach when improving software implementations of block ciphers for a wide range of processor architectures.