XU Yan-hua,BAI Xue-fei,GUO Li

2009-01-01

Journal of University of Science and Technology of China

Abstract:In order to solve the problem of the implementation algorithm of S-box based on the inversion transformation over Galois field,methods such as composite field computation,altering calculation order and sharing factors have been used to optimize operations.A low hardware overhead implementation algorithm of S-box based on the inversion transformation approach from GF(28) to GF(22) was presented.Compared with the implementations based on look-up table method,this algorithm can reduce circuit area by 34%~68% using 0.18 μm and 0.35 μm CMOS technology.This design method can make SMS4 algorithm more suitable for area-critical devices.

Rithambara Shivraj Singh Rajput,Sujata Nandeshwar Patil

DOI: https://doi.org/10.4018/ijec.296684

2022-01-01

Abstract:The Substitution-BOX is the most difficult architecture and is at the heart of any Advanced Encryption Standard algorithm implementation. It is the most complicated non-linear architecture using multiplicative inverse. It consumes maximum amount of the energy and power budget of the algorithm. This paper introduces a full-custom CMOS implementation of Multiplicative Inverse module for Substitution/ Inverse Substitution transformation in composite field arithmetic using Galois field GF (28). The multiplicative inversion module utilizes large number of XOR gates in its implementation. This paper introduces implementation of a novel XOR gate using six transistors. Using this six transistor XOR gate, the multiplicative inverse module is implemented in 90 nm CMOS technology. Simulation of the proposed design is achieved using Tanner EDA v.16 software. The area of the multiplicative inverse circuit is 39.92 μm2 requiring 776 transistors. With 0.6 Volts supply voltage, the design shows a power dissipation of 2.386 μWatts making it ideal for applications such as smart cards and RFID tags.

Zhao-Huei Wang,Xiao Zhang,Sitao Wang,Zhisong Hao,Zhiming Zheng

2014-01-01

Abstract:The hardware implementation of the Substitution-Box (S-box) of the Advanced Encryption Standard (AES) always employs composite field GF ((2)) to obtain better efficiency. In this paper, an improved class of S-boxes by direct inversion in composite field is presented, and the choice of the subfield leading to the most efficient implementation is discussed. Eliminating the field isomorphic transformations, such a composite field is easier to fix and the resulting hardware implementation is more efficient than that of AES S-box. Some common cryptographic characteristics for the composite field based S-boxes are examined, and it turns out that direct inversion in composite field does not weaken the cryptographic characteristics. In addition, a demonstration for the immunity against the potential algebraic attack on AES with the replacement of our S-box is given, and it is proven that the revised AES is even more secure than the original AES against the algebraic attack. As a result of this work, it could be predicted that the isomorphism implies equal immunity from certain cryptanalysis. Our S-box is suitable for the area-limited hardware production. Keywords–AES; Composite field; S-box; Hardware implementation.

Wei Wei,Cui Xiaoxin,Wu Di,Li Rui,Ma Kaisheng,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6466685

2012-01-01

Abstract:A masking scheme of AES algorithm is analyzed, and the optimal masked S-box is implemented in this paper. By using the "tower field" representation, all nonlinear process of unmasked S-box is mapped to multiplication in GF(2), which is a single AND gate in circuits, and power consumption is hidden by using additive masked. In order to further reduce the hardware cost, a simplified masked AND gate is adopted and masks are reused safely. Both gate-level simulation and FPGA testing result have proved that our implementation provides good resistance against DPA attack.

Xiao-cao QIN,Shu-guo LI

2014-01-01

Abstract:S-Box substitution and inverse S-Box substitution are the major bottleneck for AES algorithm ,which directly affect the speed of AES chip .On the basis of optimizing Q-M simplifying method ,this paper proposes an expression method to implement the S-Box substitution and inverse S-Box substitution in AES algorithm .Compared with the widespread use of the look-up-table method ,the expression method can reduce the delay ,area and power of circuit by 8 .5% ,27 .4% and 17% respectively .

Mohammad Mazyad Hazzazi,Amer Aljaedi,Zaid Bassfar,Misbah Rani,Tariq Shah

DOI: https://doi.org/10.3934/math.2024537

2024-01-01

AIMS Mathematics

Abstract:This research paper is supplemented with a unique formation to design state-of-the-art S-boxes. The invented approach is simple but has the capability of creating confusion in our newly proposed algorithm. Our core planned work refined the method of already designed S-boxes to accomplish more compact ones. Various structures were merged here, namely affine transformation, fractional linear transformation, structure of Klein four-group, and the algebraic structures of the Galois fields, $ GF\left({2}^{4}\right) $ and $ GF\left({2}^{8}\right). $ These structures were utilized to synthesize newly $ 1600 $ robust S-boxes. Besides, we discussed encryption steps of AES with these newly generated S-boxes. We highlighted some specific characteristics, performance of parameter's improvement, and their utilization. Nonlinear properties were mainly set to inspect the behavior of I/O bits and could apply image encryption. Then, the performance of proposed S-boxes and newly structured AES was tested in comparison with other prevailing S-boxes.

mathematics, applied

P. Rajasekar,H. Mangalam,C. S. Subash Kumar

DOI: https://doi.org/10.1007/s11227-022-04779-8

IF: 3.3

2022-08-29

The Journal of Supercomputing

Abstract:With the growing technological trends in VLSI domain, quantum dot cellular automata (QCA) technology is slowly replacing CMOS technology due to its smaller feature size, high operating frequency and reduced power consumption. In the initial research phase, QCA has been used to implement various combinatorial and sequential circuits models, which are the fundamental blocks in various applications. Nowadays, researchers focus on the implementation of application-based designs using QCA. This motivated to implement the Galois field (GF) functions for SBox module in the most secure cryptography encryption standard AES with QCA. In AES, SBOX is the predominant power consumption modules. Hence, a research has been carried out to implement a compact QCA-based AES-SBOX with GF. This paper describes the implementation of our proposed QCA-based AES-SBOX with Galois field and analysis of various GF functional modules in terms of area, performance, energy and QCA cells used. The functional verification is performed using the simulated waveforms.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Juhua Liu,Wei Lie,Guoqiang Bai

DOI: https://doi.org/10.1109/cstic.2018.8369335

2018-01-01

Abstract:Recently, the need for designing block ciphers targeting on resource constrained device has been repeatedly expressed by professionals. Currently, Roadrunner is one of the most software efficient lightweight ciphers. Its security is provable against linear and differential attacks. In this paper, we design a novel S-Box layer, in order to improve the performance for hardware implementation. Furthermore, the new S-Box layer has eight different 4-bit S-Boxes, which are decomposable. We decompose each 4-bit S-Box by exploiting affine transformations and a single shared quadratic permutation. After being decomposed, these eight 4-bit S-boxes can be merged into one component, sharing the same quadratic permutation. In this way, we can save the area consumption by 51%, compared to the traditional implementation of old S-box layer by using look up tables (LUTs).

Xincheng Hu,Xiao Zeng,Zhaoqiang Liu,Guowu Yang

2024-11-19

Abstract:We investigate the affine equivalence (AE) problem of S-boxes. Given two S-boxes denoted as $S_1$ and $S_2$, we aim to seek two invertible AE transformations $A,B$ such that $S_1\circ A = B\circ S_2$ holds. Due to important applications in the analysis and design of block ciphers, the investigation of AE algorithms has performed growing significance. In this paper, we propose zeroization on S-box firstly, and the AE problem can be transformed into $2^n$ linear equivalence problems by this zeroization operation. Secondly, we propose standard orthogonal spatial matrix (SOSM), and the rank of the SOSM is invariant under AE transformations. Finally, based on the zeroization operation and the SOSM method, we propose a depth first search (DFS) method for determining AE of S-boxes, named the AE\_SOSM\_DFS algorithm. Using this matrix invariant, we optimize the temporal complexity of the algorithm to approximately $\frac{1}{2^n}$ of the complexity without SOSM. Specifically, the complexity of our algorithm is $O(2^{3n})$. In addition, we also conducted experiments with non-invertible S-boxes, and the performance is similar to that of invertible S-boxes. Moreover, our proposed algorithm can effectively handle S-boxes with low algebraic degree or certain popular S-boxes such as namely AES and ARIA\_s2, which are difficult to be handled by the algorithm proposed by Dinur (2018). Using our algorithm, it only takes 5.5 seconds to find out that the seven popular S-boxes namely AES, ARIA\_s2, Camellia, Chiasmus, DBlock, SEED\_S0, and SMS4 are affine equivalent and the AE transformations of these S-boxes are provided.

Cryptography and Security,Data Structures and Algorithms

Xiaoqiang Zhang,Lan Tang,Xinggan Zhang,Xinxing Zheng,Mingyu Xu,Fan Yang

DOI: https://doi.org/10.1587/elex.19.20220154

2022-01-01

IEICE Electronics Express

Abstract:In this paper, a low delay circuit structure is proposed for composite field S-box circuit. In the low delay structure, the multiplications over GF((2(2))(2)) are constructed by XOR-AND-XOR-networks, and the multiplicative inverse over GF((2(2))(2)) are constructed by AND-XOR-networks. As XOR-networks are linear operations, they can be further expressed as constant matrix multiplications. In this paper, the adjacent matrix multiplications in S-box are merged to reduce the delay. Compared with previous works, our S-box implementations have lower delay.

Hao Liang,Liji Wu,Xiangmin Zhang,Jiabin Wang

DOI: https://doi.org/10.1109/cis.2014.59

2014-01-01

Abstract:This paper propose a new masking scheme for SM4 s-box based on composite field. Through isomorphism bit matrices, we simplify the calculation by changing finite field inversion from GF(28) toGF(((22)2)2) to reduce the computational difficulty. We carefully modify the inversion to ensure every intermediate value is masked during the process. The theoretical analysis and simulated CPA proves the effectiveness of this method. Thus our method can eliminate the need to pre-compute the s-box every time when the mask is updated, as a result, saves a lot of time and storage room. This method is suitable for implementations with limited resources such as smart cards.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1109/ITNEC.2016.7560361

2016-01-01

Abstract:This paper presents an iterative encryption architecture of SM4 arithmetic in combinational logic. Previous works using Lookup Tables to implement the Sbox function have relied on circuits with a large area. Using the Normal Basis in the Composite Field, the proposed design reduces the circuits' area. We test all feasible sets of Normal Basis and finally find 8 sets for correct encryption of SM4. Through the simulation in Modelsim, the proposed architecture achieves the right result within 32 rounds. Compared with the other designs, our design uses less hardware and has a big advantage in resource constrained applications.

Jiang Jiuxing,Zhao Yuying,Huang Hai,Xie Guanghui,Hou Jiao,Feng Xinxin

DOI: https://doi.org/10.11999/jeit190257

2020-01-01

Abstract:Based on the in-depth research on the S-box constitution arithmetic of composite, an area optimized generic low-entropy higher-order masking scheme is proposed in this paper. The low entropy masking method is introduced on GF(2(4)), and the partial module reusing design is adopted, which reduces effectively the number of multiplications based on the S-box inversion operation of the composite. The algorithm can be applied to any order masking scheme of arbitrary S-box composed of inversion operation. This scheme is applied to AES, gives detailed simulation results and optimizes the layout area, compared with the traditional masking scheme, reduces effectively the use of logical resources. In addition, the security is theoretically proved.

Yuying Man,Sihem Mesnager,Nian Li,Xiangyong Zeng,Xiaohu Tang

2023-09-05

Abstract:Substitution boxes (S-boxes) play a significant role in ensuring the resistance of block ciphers against various attacks. The Difference Distribution Table (DDT), the Feistel Boomerang Connectivity Table (FBCT), the Feistel Boomerang Difference Table (FBDT) and the Feistel Boomerang Extended Table (FBET) of a given S-box are crucial tools to analyze its security concerning specific attacks. However, the results on them are rare. In this paper, we investigate the properties of the power function $F(x):=x^{2^{m+1}-1}$ over the finite field $\gf_{2^n}$ of order $2^n$ where $n=2m$ or $n=2m+1$ ($m$ stands for a positive integer). As a consequence, by carrying out certain finer manipulations of solving specific equations over $\gf_{2^n}$, we give explicit values of all entries of the DDT, the FBCT, the FBDT and the FBET of the investigated power functions. From the theoretical point of view, our study pushes further former investigations on differential and Feistel boomerang differential uniformities for a novel power function $F$. From a cryptographic point of view, when considering Feistel block cipher involving $F$, our in-depth analysis helps select $F$ resistant to differential attacks, Feistel differential attacks and Feistel boomerang attacks, respectively.

Information Theory

LIANG Hao,WU Li-ji,ZHANG Xiang-min

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2015.05.004

2015-01-01

Abstract:In this paper, a new method based on composite field is proposed. Through isomorphism bit matrices, the calculation by changing finite field inversion from GF(28) to GF(((22)2)2) is simplified to reduce the computational difficulty and a more compact S-box is realized. The area decreases by 27% than Look-up Table. On the basis of that, the SM4 algorithm is implemented. The area of this IP core is only 7 612 gates synthesized under the smic0.13 μmCMOS process. Therefore this improved design is very helpful for area-limited condition such as IC cards.

Chaoqun Yang,Xiangyu Li,Shujuan Yin

DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00217

2018-01-01

Abstract:Power-Aware Hiding (PAH) has been proposed as a kind of energy-efficient Side Channel Attacks (SCA) countermeasure for S-boxes. However, it has large area overhead. In this paper, an improved SCA-resistant AES S-box implementation, which is based on PAH technique but has smaller area, is proposed. It implements the S-Box in the masked composited field approach but applies the PAH method to the inversion in GF(2^4). Evaluation result shows that its area is shrunken to 47.7% of the full PAH S-box, and that its power-delay product is about 81% lower than that of the traditional masking implementation. Simulation shows that the PAH inverteru0027s power difference is smaller than the other candidates, including the PAH S-box. It is secure under moment-correlating power analysis with 70,000 noiseless power traces at least.

Xiaoqiang Zhang,Xinggan Zhang,Lan Tang,Xinxing Zheng,Tianming Ni,Ning Wu

DOI: https://doi.org/10.1587/elex.17.20200035

2020-01-01

IEICE Electronics Express

Abstract:In this paper, a low critical path delay (CPD) circuit structure is proposed for composite field S-box circuit. In the low CPD structure, multiplicative inverse over GF(2(4)) and multiplicative over GF(2(4)) are constructed by AND-XOR-networks. The XOR-networks in the last two multiplications over GF(2(4)) are further merged with the following constant matrix multiplication operation to shorten the CPD. Finally, hardware complexities of our designs are compared with previous works. The comparisons indicate that our proposed method is effective. Our design of S-box/InvS-box based on the proposed method has lower CPD.

Xiangyu Li,Pengyuan Jiao,Chaoqun Yang

DOI: https://doi.org/10.1088/1674-4926/42/3/032402

2021-01-01

Abstract:A side-channel attack (SCA)-resistant AES S-box implementation is proposed, which is an improvement from the power-aware hiding (PAH) S-box but with higher security and a smaller area. We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts. In addition, a delay-matched enable control technique is used to suppress glitches in the masked parts. The evaluation results show that its area is contracted to 63.3% of the full PAH S-box, and its power-delay product is much lower than that of the masking implementation. The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665 000 noiseless traces.

Yue WANG,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2014.07.003

2014-01-01

Abstract:SBOX is the most time consuming part in block cipher SM4 algorithm ,so it′s of great importance to construct a sbox of high performance .In order to reduce latency of encryption algorithms in SM4 ,We introduce the N-dimensional hypercube method to construct SBOX ,the delay reduced six percent and the area reduced seventeen percent Compared with the traditional Sbox using look-up table method .what′s more ,this method is portable that it can apply to SBOX transformations of other algorithms .