Conference Paper

A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box.

DOI: 10.1007/978-3-540-30574-3_22 Conference: Topics in Cryptology - CT-RSA 2005, The Cryptographers' Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18, 2005, Proceedings
Source: DBLP

ABSTRACT This work proposes a compact implementation of the AES S-box using composite field arithmetic in GF(((22) 2 ) 2 ). It describes a sys- tematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transfor- mation matrices that map one field representation to another. We show that the area of Satoh's S-box, which is the most compact to our knowl- edge, is at least 5% away from an optimal solution. We implemented this optimal solution and Satoh's design using a 0.18 µm standard cell library.

Download full-text


Available from: Lejla Batina, Jul 02, 2015
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes a compact design of SMS4 S-box using combinational logic which is suitable for the implementation in area constraint environments like smart cards. The inversion algorithm of the proposed S-box is based on composite field GF(((22)2)2) using normal basis at all levels. In our approach, we examined all possible normal basis combinations having trace equal to one at each subfield level. There are 16 such possible combinations with normal basis and we have compared the S-box designs based on each case in terms of logic gates it uses for implementation. The isomorphism mapping and inverse mapping bit matrices are fully optimized using greedy algorithm. We prove that our best case reduces the complexity upon the SMS4 S-box design with existing inversion algorithm based on polynomial basis by 15% XOR and 42% AND gates.
  • Source
    Conference Paper: Encrypting the Internet
    [Show abstract] [Hide abstract]
    ABSTRACT: End-to-end communication encryption is considered necessary for protecting the privacy of user data in the Internet. Only a small fraction of all Internet traffic, however, is protected today. The primary reason for this neglect is economic, mainly security protocol speed and cost. In this paper we argue that recent advances in the implementation of cryptographic algorithms can make general purpose processors capable of encrypting packets at line rates. This implies that the Internet can be gradually transformed to an information delivery infrastructure where all traffic is encrypted and authenticated. We justify our claim by presenting technologies that accelerate end-to-end encryption and authentication by a factor of 6 and a high performance TLS 1.2 protocol implementation that takes advantage of these innovations. Our implementation is available in the public domain for experimentation.
    Proceedings of the ACM SIGCOMM 2010 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, New Delhi, India, August 30 -September 3, 2010; 08/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In the recent years, the power consumption of the AES (advanced encryption standard) S-box has been a target for intensive optimization as the power budget of security enhanced RFID (radio frequency identification devices) tags is limited to a few muW. In this paper, 0.13 mum and 65 nm CMOS technology nodes are thoroughly investigated in order to select the most appropriate one in terms of power consumption and computation delay. Schematic simulation results of full custom S-boxes show that the optimum choice in our context is the LP (low power) flavor of the 65 nm node with standard V<sub>t</sub> (SVT) devices. This leads to a power consumption below 100 nW at 100 kHz using nominal 1.2 V supply voltage, which is an order of magnitude lower than what was previously published in the open literature. The reported delay is 2.35 ns. Our study then extends the reduction of the power consumption further by reducing the supply voltage. The power consumption at 100 kHz decreases by 60 % as the supply voltage is reduced to 0.8 V.
    International Symposium on Circuits and Systems (ISCAS 2009), 24-17 May 2009, Taipei, Taiwan; 01/2009