CryptoDB
Smashing the Implementation Records of AES S-box
| Authors: |
|
|---|---|
| Download: | |
| Abstract: | Canright S-box has been known as the most compact S-box design since its introduction back in CHES’05. Boyar-Peralta proposed logic-minimization heuristics that could reduce the gate count of Canright S-box from 120 gates to 113 gates, however synthesis results did not reflect much improvement. In CHES’15, Ueno et al. proposed an S-box that has a slightly higher area, but significantly faster than the previous designs, hence it was the most efficient (measured by area×delay) S-box implementation to date. In this paper, we propose two new designs for the AES S-box. One design has a smaller implementation area than both Canright and the 113-gate S-boxes. Hence, our first design is the smallest AES S-box to date, breaking the 13 years implementation record of Canright. The second design is faster and smaller than the Ueno S-box. Hence, our second design is both the fastest and the most efficient S-box design to date. While doing so, we also propose new logicminimization heuristics that outperform the previous algorithms of Boyar-Peralta. Finally, we conduct an exhaustive evaluation of each and every block in the S-box circuit, using both structural and behavioral HDL modeling, to reach the optimum synergy between theoretical algorithms and technology-supported optimization tools. We show that involving the technology-supported CAD tools in the analysis results in several counter-intuitive results. |
Video from TCHES 2018
BibTeX
@article{tches-2018-28960,
title={Smashing the Implementation Records of AES S-box},
journal={Transactions on Cryptographic Hardware and Embedded Systems},
publisher={Ruhr-Universität Bochum},
volume={2018, Issue 2},
pages={298-336},
url={https://tches.iacr.org/index.php/TCHES/article/view/884},
doi={10.13154/tches.v2018.i2.298-336},
author={Arash Reyhani-Masoleh and Mostafa M. I. Taha and Doaa Ashmawy},
year=2018
}