Ultra-Small Designs for Inversion-Based S-Boxes

With RFID-tags becoming a part of our everyday lives, the need for (ultra-)lightweight implementations of cryptographic algorithms are a major challenge for researchers and engineers alike. While purpose-built algorithms offer low hardware-footprint, their usage is often impeded by the need to comply with standards, most notably the Advanced Encryption Standard (AES). We take on this challenge by devising a new way to design inversion based S-Boxes, such as the Rijndael S-Box. The design is based on the observation that inversion in Galois-fields can be simulated using Linear Feedback Shift Registers (LFSRs), a fact that has been neglected until recently. Our contribution is threefold: First, we develop a general framework to describe inversion in arbitrary extension fields as linear-feedback structures. Second, we give alternative constructions for inversion circuits based on linear-feedback structures. Third we leverage our framework to find linear-feedback structures of minimal size for inversion in the Rijndael-field used in AES S-Boxes. Using our framework we are able to fully explore the design space and give the first description of an (unprotected) AES S-Box with an area requirement of less than 180 gate equivalents.

[1]  Peter Schneider-Kamp,et al.  Optimizing the AES S-Box using SAT , 2010, IWIL@LPAR.

[2]  Sourav Das Ultra-lightweight 8-bit Multiplicative Inverse Based S-box Using LFSR , 2014, IACR Cryptol. ePrint Arch..

[3]  Joan Boyar,et al.  A depth-16 circuit for the AES S-box , 2011, IACR Cryptol. ePrint Arch..

[4]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[5]  Dongdai Lin,et al.  RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms , 2014, IACR Cryptol. ePrint Arch..

[6]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[7]  David R. Canright,et al.  A very compact Rijndael S-box , 2005 .

[8]  Dag Arne Osvik,et al.  A More Compact AES , 2009, Selected Areas in Cryptography.

[9]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[10]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[11]  Sourav Das,et al.  Halka: A Lightweight, Software Friendly Block Cipher Using Ultra-lightweight 8-bit S-box , 2014, IACR Cryptol. ePrint Arch..

[12]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[13]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[14]  Christoph Dobraunig,et al.  Compact Hardware Implementations of the Block Ciphers mCrypton, NOEKEON, and SEA , 2012, INDOCRYPT.

[15]  R. A. Rueppel Analysis and Design of Stream Ciphers , 2012 .

[16]  Olivier Billet , .

[17]  Joan Boyar,et al.  A New Combinational Logic Minimization Technique with Applications to Cryptology , 2010, SEA.

[18]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[19]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[20]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[22]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[23]  Thomas C. Bartee,et al.  Computation with Finite Fields , 1963, Inf. Control..

[24]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.