Compact and Secure Design of Masked AES S-Box (original) (raw)
Related papers
Application of the Composite Field in the Design of an Improved AES S-box Based on Inversion
2014
The hardware implementation of the Substitution-Box (S-box) of the Advanced Encryption Standard (AES) always employs composite field GF ((2)) to obtain better efficiency. In this paper, an improved class of S-boxes by direct inversion in composite field is presented, and the choice of the subfield leading to the most efficient implementation is discussed. Eliminating the field isomorphic transformations, such a composite field is easier to fix and the resulting hardware implementation is more efficient than that of AES S-box. Some common cryptographic characteristics for the composite field based S-boxes are examined, and it turns out that direct inversion in composite field does not weaken the cryptographic characteristics. In addition, a demonstration for the immunity against the potential algebraic attack on AES with the replacement of our S-box is given, and it is proven that the revised AES is even more secure than the original AES against the algebraic attack. As a result of t...
IJERT-Design of S-box and IN V S -box using Composite Field Arithmetic for AES Algorithm
International Journal of Engineering Research and Technology (IJERT), 2018
https://www.ijert.org/design-of-s-box-and-inv-s-box-using-composite-field-arithmetic-for-aes-algorithm https://www.ijert.org/research/design-of-s-box-and-inv-s-box-using-composite-field-arithmetic-for-aes-algorithm-IJERTCONV6IS13129.pdf The efficient implementation of combined ByteSub and InvByteSub transformation for encryption and decryption in advanced encryption standard (AES) architecture using the composite field arithmetic in finite fields GF (256) or GF (2 8) hence this approach is more advantages than the conventional LUT method that incurs unbreakable delay, large amount of memory and area. The proposed architecture which is combined implementing of S-box and InvS-box makes use of an enable pin to perform encryption and decryption in AES. The architecture uses combinational logic, as both S-box and InvS-box are implemented on same hardware reduces the area and gate count by large amount. The power consumption is reduced by resource sharing of multiplicative inverse module of proposed system. The proposed architecture is implemented on Spatan6 FPGA board using Verilog HDL in Xilinx ISE 14.6.
2011
In this study, the authors categorise all of the feasible constructions for the composite Galois field GF(((2 2) 2) 2) Advanced Encryption Standard (AES) S-box into four main architectures by their field representations and their algebraic properties. For each of the categories, a new optimisation scheme which exploits algebraic normal form representation followed by a sub-structure sharing optimisation is presented. This is performed by converting the subfield GF((2 2) 2) inversion into several logical expressions, which will be in turn reduced using a common sub-expression elimination algorithm. The authors show that this technique can effectively reduce the total area gate count as well as the critical path gate count in composite field AES S-boxes. The resulting architecture that achieves maximum reduction in both total area coverage and critical path gate count is found and reported. The hardware implementations of the authors proposed AES S-boxes, along with their performance and cost are presented and discussed.
Using Normal Bases for Compact Hardware Implementations of the AES S-Box
Lecture Notes in Computer Science, 2008
The substitution box (S-box) of the Advanced Encryption Standard (AES) is based on the multiplicative inversion s(x) = x −1 in GF(256) and followed by an affine transformation in GF(2). The S-box is the most expansive building block of any hardware implementation of the AES, and the multiplicative inversion is the most costly step of the S-box transformation. There exist many publications about hardware implementations of the S-box and the smallest known implementations are based on normal bases. In this paper, we introduce a new method to implement the multiplicative inversion over GF(256) based on normal bases that have not been considered before in the context of AES implementations.
A new approach for designing key-dependent S-box defined over GF (2 4) in AES
In this paper a new approach for designing S-box in Advanced Encryption Standard (AES) is proposed. The proposed S-box is constructed from small S-boxes defined over GF (2 4 ) instead of GF (2 8 ) as in traditional AES. Rijndael Algorithm (RA), as one of AES standards, is modified by applying the new approach. The Modified Rijndael Algorithm (MRA) is constructed by replacing the S-box of RA by small S-boxes, and the key expansion procedure of RA is modified consequently. Each one of the small S-boxes has different equation and each equation is extracted using one of the three irreducible polynomials existing in GF (2 4 ). So, detecting different equations by cryptanalysts is very difficult compared to the S-box of RA which uses one equation and one irreducible polynomial.
Construction of Optimum Composite Field Architecture for Compact High-Throughput AES S-Boxes
IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2000
In this work, we derived three novel composite field arithmetic (CFA) AES S-box of the field GF (((2 2 ) 2 ) 2 ). The best construction is selected after a sequential of algorithmic and architectural optimization processes. Furthermore, for each composite field constructions, there exists eight possible isomorphic mappings. Hence, after the exploitation of a new common subexpression elimination (CSE) algorithm, the isomorphic mapping that results in the minimal implementation area cost is chosen. Novel high throughput hardware implementations of our proposed CFA AES S-boxes are reported towards the end of this paper. Through the exploitation of both Algebraic Normal Form (ANF) and seven stages fine-grained pipelining, our best case AES S-box manages to achieve a throughput 3.49 Gbps on a Cyclone II EP2C5T144C6 FPGA.
An Improved AES S-box Based on Fibonacci Numbers and Prime Factor
Int. J. Netw. Secur., 2018
This paper emphasises the study on ways of constructing the substitution boxes (S-boxes). To improve the strength of block cipher, a new proposed substitution box for symmetric key cryptography was designed based on Fibonacci numbers and prime factor. This new security approach was designed for better security of block ciphers. The level of security S-box was evaluated based on the cryptographic properties such as balance criteria, nonlinearity, correlation immunity, algebraic degree, transparency order, propagation, number of fixed points and opposite fixed points, algebraic immunity, robustness to differential cryptanalysis, signal to noise ratio (SNR) Differential Power Analysis (DPA) as well as confusion coefficient. The AES S-box and the new proposed S-box were analysed to verify the cryptographical security of the S-box. Result showed that the new proposed S-box using the Fibonacci numbers and prime factor possessed good cryptographic properties compared to the AES S-box.
Aes S-Box Using Fermat’s Little Theorem for the Highly Constrained Embedded Devices
2012
The recent increase of resource-constrained embedded devices have led to the need of lightweight cryptography. Therefore, the design of secure communication algorithms that fit in this highly constrained environments has become a fundamental issue in cryptographic circuit design. In this paper, we propose an optimization methodology that would efficiently reduces the code size of the S-box, the most expensive operation of the Advanced Encryption Standard (AES). Here, we perform a study on composite field AES S-box constructed using an inversion algorithm based on Fermat's Little Theorem (FLT). Consequently, we derive two AES Sbox constructions over the fields GF ((2 4) 2) and GF ((2 2) 4) respectively. Our methodology results in smaller computational cost compared to the conventional Look-up Table (LUT) method, which is commonly deployed on microcontrollers.
A Side-Channel Analysis Resistant Description of the AES S-Box
Lecture Notes in Computer Science, 2005
So far, efficient algorithmic countermeasures to secure the AES algorithm against (first-order) differential side-channel attacks have been very expensive to implement. In this article, we introduce a new masking countermeasure which is not only secure against first-order sidechannel attacks, but which also leads to relatively small implementations compared to other masking schemes implemented in dedicated hardware. Our approach is based on shifting the computation of the finite field inversion in the AES S-box down to GF (4). In this field, the inversion is a linear operation and therefore it is easy to mask. Summarizing, the new masking scheme combines the concepts of multiplicative and additive masking in such a way that security against firstorder side-channel attacks is maintained, and that small implementations in dedicated hardware can be achieved.
Construction of a Low Multiplicative Complexity GF (24) Inversion Circuit for Compact AES S-Box
2018
In this work, we construct a compact composite AES S-Box by deriving a new low multiplicative complexity GF (24) inversion circuit. A deterministic tree search algorithm is applied to search for constructions that are optimum in terms of multiplicative complexity. From the results, the circuit with the smallest gate count is selected for GF (24) inversion. To the best of our knowledge, the proposed AES S-Box requires the smallest gate count to date with the size of 112 gates and depth of 25 gates.