Abstract
Canright S-box has been known as the most compact S-box design since its introduction back in CHES’05. Boyar-Peralta proposed logic-minimization heuristics that could reduce the gate count of Canright S-box from 120 gates to 113 gates, however synthesis results did not reflect much improvement. In CHES’15, Ueno et al. proposed an S-box that has a slightly higher area, but significantly faster than the previous designs, hence it was the most efficient (measured by area×delay) S-box implementation to date. In this paper, we propose two new designs for the AES S-box. One design has a smaller implementation area than both Canright and the 113-gate S-boxes. Hence, our first design is the smallest AES S-box to date, breaking the 13 years implementation record of Canright. The second design is faster and smaller than the Ueno S-box. Hence, our second design is both the fastest and the most efficient S-box design to date. While doing so, we also propose new logicminimization heuristics that outperform the previous algorithms of Boyar-Peralta. Finally, we conduct an exhaustive evaluation of each and every block in the S-box circuit, using both structural and behavioral HDL modeling, to reach the optimum synergy between theoretical algorithms and technology-supported optimization tools. We show that involving the technology-supported CAD tools in the analysis results in several counter-intuitive results.
Highlights
The Advanced Encryption Standard (AES) [FIP01] is a block cipher algorithm that was adopted by the National Institute of Standards and Technology (NIST) as a replacement of the Data Encryption Standard (DES) algorithm back in 2001
The combined core is preferred if the underlying technology library supports the XOR3 and OAI32 used in its design
We have proposed two new designs for the AES S-box that break all the current implementation records in the two design criteria of lightweight and fast, to the best of our knowledge
Summary
The Advanced Encryption Standard (AES) [FIP01] is a block cipher algorithm that was adopted by the National Institute of Standards and Technology (NIST) as a replacement of the Data Encryption Standard (DES) algorithm back in 2001. AES is essentially a subset of the Rijndael [DR02] algorithm which was the winner of a five-year competition among fifteen block cipher algorithms. The S-box depends on performing an inversion over the GF (28) field of AES, as defined over the irreducible polynomial (x8 + x4 + x3 + x + 1), followed by an affine transformation and addition with a constant. The S-box circuit can be implemented using look-up tables, or using field arithmetic. The focus of this paper is to implement the AES S-box circuit using field arithmetic
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IACR Transactions on Cryptographic Hardware and Embedded Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
