Searching the space of tower field implementations of the 𝔽<SUB align="right">2<SUP align="right">8</SUP> inverter - with applications to AES, Camellia and SM4

No AccessSearching the space of tower field implementations of the 𝔽28 inverter - with applications to AES, Camellia and SM4Zihao Wei, Siwei Sun, Lei Hu, Man Wei and René PeraltaZihao WeiState Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China, Siwei SunState Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China, Lei HuState Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China, Man WeiState Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China and René PeraltaComputer Security Division, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, USAPublished Online:December 21, 2022pp 1-26https://doi.org/10.1504/IJICS.2023.127999PDF ToolsAdd to FavouritesDownload CitationsTrack Citations Share this article on social mediaShareShare onFacebookTwitterLinkedInReddit AboutAbstractThe tower field implementation of the 𝔽28 inverter is not only the key technique for compact implementations of the S-boxes of several internationally standardised block ciphers such as AES, Camellia, and SM4, but also the underlying structure many side-channel attack resistant AES implementations rely on. In this work, we conduct an exhaustive study of the tower field representations of the 𝔽28 inverter with normal bases by applying several state-of-the-art combinatorial logic minimisation techniques. As a result, we achieve improved implementations of the AES, Camellia and SM4 S-boxes in terms of area footprint. Surprisingly, we are still able to improve the currently known most compact implementation of the AES S-box from CHES 2018 by 5.5 GE, beating the record again. For Camellia and SM4, the improvements are even more significant. The Verilog codes of our implementations of the AES, Camellia and SM4 S-boxes are openly available.Keywordstower field, inverter, S-box, AES, Camellia, SM4 Next article FiguresReferencesRelatedDetails Volume 20Issue 1-22023 ISSN: 1744-1765eISSN: 1744-1773 HistoryPublished onlineDecember 21, 2022 Copyright © 2023 Inderscience Enterprises Ltd.Keywordstower fieldinverterS-boxAESCamelliaSM4Authors and AffiliationsZihao Wei1 Siwei Sun2 Lei Hu3 Man Wei4 René Peralta5 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China3. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China4. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China5. Computer Security Division, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, USAPDF download