Compact and Secure Design of Masked AES S-Box

2014

The hardware implementation of the Substitution-Box (S-box) of the Advanced Encryption Standard (AES) always employs composite field GF ((2)) to obtain better efficiency. In this paper, an improved class of S-boxes by direct inversion in composite field is presented, and the choice of the subfield leading to the most efficient implementation is discussed. Eliminating the field isomorphic transformations, such a composite field is easier to fix and the resulting hardware implementation is more efficient than that of AES S-box. Some common cryptographic characteristics for the composite field based S-boxes are examined, and it turns out that direct inversion in composite field does not weaken the cryptographic characteristics. In addition, a demonstration for the immunity against the potential algebraic attack on AES with the replacement of our S-box is given, and it is proven that the revised AES is even more secure than the original AES against the algebraic attack. As a result of t...

2011

In this study, the authors categorise all of the feasible constructions for the composite Galois field GF(((2 2) 2) 2) Advanced Encryption Standard (AES) S-box into four main architectures by their field representations and their algebraic properties. For each of the categories, a new optimisation scheme which exploits algebraic normal form representation followed by a sub-structure sharing optimisation is presented. This is performed by converting the subfield GF((2 2) 2) inversion into several logical expressions, which will be in turn reduced using a common sub-expression elimination algorithm. The authors show that this technique can effectively reduce the total area gate count as well as the critical path gate count in composite field AES S-boxes. The resulting architecture that achieves maximum reduction in both total area coverage and critical path gate count is found and reported. The hardware implementations of the authors proposed AES S-boxes, along with their performance and cost are presented and discussed.

Lecture Notes in Computer Science, 2008

The substitution box (S-box) of the Advanced Encryption Standard (AES) is based on the multiplicative inversion s(x) = x −1 in GF(256) and followed by an affine transformation in GF(2). The S-box is the most expansive building block of any hardware implementation of the AES, and the multiplicative inversion is the most costly step of the S-box transformation. There exist many publications about hardware implementations of the S-box and the smallest known implementations are based on normal bases. In this paper, we introduce a new method to implement the multiplicative inversion over GF(256) based on normal bases that have not been considered before in the context of AES implementations.

In this paper a new approach for designing S-box in Advanced Encryption Standard (AES) is proposed. The proposed S-box is constructed from small S-boxes defined over GF (2 4 ) instead of GF (2 8 ) as in traditional AES. Rijndael Algorithm (RA), as one of AES standards, is modified by applying the new approach. The Modified Rijndael Algorithm (MRA) is constructed by replacing the S-box of RA by small S-boxes, and the key expansion procedure of RA is modified consequently. Each one of the small S-boxes has different equation and each equation is extracted using one of the three irreducible polynomials existing in GF (2 4 ). So, detecting different equations by cryptanalysts is very difficult compared to the S-box of RA which uses one equation and one irreducible polynomial.

IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2000

In this work, we derived three novel composite field arithmetic (CFA) AES S-box of the field GF (((2 2 ) 2 ) 2 ). The best construction is selected after a sequential of algorithmic and architectural optimization processes. Furthermore, for each composite field constructions, there exists eight possible isomorphic mappings. Hence, after the exploitation of a new common subexpression elimination (CSE) algorithm, the isomorphic mapping that results in the minimal implementation area cost is chosen. Novel high throughput hardware implementations of our proposed CFA AES S-boxes are reported towards the end of this paper. Through the exploitation of both Algebraic Normal Form (ANF) and seven stages fine-grained pipelining, our best case AES S-box manages to achieve a throughput 3.49 Gbps on a Cyclone II EP2C5T144C6 FPGA.

Int. J. Netw. Secur., 2018

This paper emphasises the study on ways of constructing the substitution boxes (S-boxes). To improve the strength of block cipher, a new proposed substitution box for symmetric key cryptography was designed based on Fibonacci numbers and prime factor. This new security approach was designed for better security of block ciphers. The level of security S-box was evaluated based on the cryptographic properties such as balance criteria, nonlinearity, correlation immunity, algebraic degree, transparency order, propagation, number of fixed points and opposite fixed points, algebraic immunity, robustness to differential cryptanalysis, signal to noise ratio (SNR) Differential Power Analysis (DPA) as well as confusion coefficient. The AES S-box and the new proposed S-box were analysed to verify the cryptographical security of the S-box. Result showed that the new proposed S-box using the Fibonacci numbers and prime factor possessed good cryptographic properties compared to the AES S-box.

2012

The recent increase of resource-constrained embedded devices have led to the need of lightweight cryptography. Therefore, the design of secure communication algorithms that fit in this highly constrained environments has become a fundamental issue in cryptographic circuit design. In this paper, we propose an optimization methodology that would efficiently reduces the code size of the S-box, the most expensive operation of the Advanced Encryption Standard (AES). Here, we perform a study on composite field AES S-box constructed using an inversion algorithm based on Fermat's Little Theorem (FLT). Consequently, we derive two AES Sbox constructions over the fields GF ((2 4) 2) and GF ((2 2) 4) respectively. Our methodology results in smaller computational cost compared to the conventional Look-up Table (LUT) method, which is commonly deployed on microcontrollers.

Lecture Notes in Computer Science, 2005

So far, efficient algorithmic countermeasures to secure the AES algorithm against (first-order) differential side-channel attacks have been very expensive to implement. In this article, we introduce a new masking countermeasure which is not only secure against first-order sidechannel attacks, but which also leads to relatively small implementations compared to other masking schemes implemented in dedicated hardware. Our approach is based on shifting the computation of the finite field inversion in the AES S-box down to GF (4). In this field, the inversion is a linear operation and therefore it is easy to mask. Summarizing, the new masking scheme combines the concepts of multiplicative and additive masking in such a way that security against firstorder side-channel attacks is maintained, and that small implementations in dedicated hardware can be achieved.

2018

In this work, we construct a compact composite AES S-Box by deriving a new low multiplicative complexity GF (24) inversion circuit. A deterministic tree search algorithm is applied to search for constructions that are optimum in terms of multiplicative complexity. From the results, the circuit with the smallest gate count is selected for GF (24) inversion. To the best of our knowledge, the proposed AES S-Box requires the smallest gate count to date with the size of 112 gates and depth of 25 gates.

2008

The substitution box (S-box) component is the heart of the Advanced Encryption Standard (AES) algorithm. The S-box values are generated from the multiplicative inverse of Galois finite field GF(2 8) with an affine transform. There are many techniques of gaining the multiplicative inverse values were proposed. Most of the hardware implementations of S-box were using look-up tables (LUTs) (memory-based) to store the values which employ the largest area in design. In this paper, a software method of producing the multiplicative inverse values, which is the generator of S-box values and the possibilities of implementing the methods in hardware applications will be discussed. The method is using the log and antilog values. The method is modified to create a memory-less value generator in AES hardware-based implementation. The implementation is proposed to embed on limited memory, small-sized FPGA.