Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation
A recent trend has shown constructions of 6-bit S-boxes that are mostly focused on their cryptographic elegance, while their lightweight aspects have not really been addressed well. This paper attempts to plug-in this existing research gap where we show how the composite structure of the extension...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2024-11-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://ojs.ub.ruhr-uni-bochum.de/index.php/TCHES/article/view/11902 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846159947020107776 |
|---|---|
| author | Dilip Sau Sumanta Sarkar Dhiman Saha Kalikinkar Mandal |
| author_facet | Dilip Sau Sumanta Sarkar Dhiman Saha Kalikinkar Mandal |
| author_sort | Dilip Sau |
| collection | DOAJ |
| description |
A recent trend has shown constructions of 6-bit S-boxes that are mostly focused on their cryptographic elegance, while their lightweight aspects have not really been addressed well. This paper attempts to plug-in this existing research gap where we show how the composite structure of the extension field F26 could be leveraged. An earlier well-known example is an efficient implementation of AES S-box using the tower field extension of F28 . The case of F2ab is completely different from any tower field as the implementation varies as per the choice of extension – for instance, F(2a)b or F(2b)a , where a and b are prime. Thus, it makes the implementation of S-boxes over F26 = F2(2×3) very interesting. In this work, we systematically study the composite field structure of F26 from a hardware standpoint for a class of S-boxes that are power mapping or their affine equivalents. We analyze the hardware efficiency with respect to different representations of the field extension, i.e., F(22)3 or F(23)2 . Furthermore, for each extension, we investigate the impact of various choices of bases – for instance, we present the evidence of the effect that normal or polynomial bases have on the implementation. This gives us further insight on the choice of basis with respect to the field extension. In the process, we present a special normal basis, when used in conjunction with F(23)2 results in the least (or very close to least) area in terms of GE for the 18 (6 quadratic and 12 cubic) S-boxes studied in this work. The special normal basis reported here has some algebraic properties which make it inherently hardware friendly and allow us to predict the area reduction, without running a tool. Overall, this work constitutes an extensive hardware characterization of a class of cryptographically significant 6-bit S-boxes giving us interesting insights into the systematic lightweight implementation of S-boxes without relying on an automated tool.
|
| format | Article |
| id | doaj-art-78e6dc02df9a4ff0aa1a0089dba3edbd |
| institution | Kabale University |
| issn | 2569-2925 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj-art-78e6dc02df9a4ff0aa1a0089dba3edbd2024-11-22T16:47:57ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252024-11-012024410.46586/tches.v2024.i4.763-794Know-Thy-Basis: Decomposing F26 for Lightweight S-box ImplementationDilip Sau0Sumanta Sarkar1Dhiman Saha2Kalikinkar Mandal3Center for Computational & Data Sciences, Indian Institute of Technology Kharagpur, IndiaUniversity of Warwick, Coventry, United Kingdomde.ci.phe.red Lab, Department of Computer Science and Engineering, Indian Institute of Technology Bhilai, IndiaUniversity of New Brunswick, Fredericton, NB, Canada A recent trend has shown constructions of 6-bit S-boxes that are mostly focused on their cryptographic elegance, while their lightweight aspects have not really been addressed well. This paper attempts to plug-in this existing research gap where we show how the composite structure of the extension field F26 could be leveraged. An earlier well-known example is an efficient implementation of AES S-box using the tower field extension of F28 . The case of F2ab is completely different from any tower field as the implementation varies as per the choice of extension – for instance, F(2a)b or F(2b)a , where a and b are prime. Thus, it makes the implementation of S-boxes over F26 = F2(2×3) very interesting. In this work, we systematically study the composite field structure of F26 from a hardware standpoint for a class of S-boxes that are power mapping or their affine equivalents. We analyze the hardware efficiency with respect to different representations of the field extension, i.e., F(22)3 or F(23)2 . Furthermore, for each extension, we investigate the impact of various choices of bases – for instance, we present the evidence of the effect that normal or polynomial bases have on the implementation. This gives us further insight on the choice of basis with respect to the field extension. In the process, we present a special normal basis, when used in conjunction with F(23)2 results in the least (or very close to least) area in terms of GE for the 18 (6 quadratic and 12 cubic) S-boxes studied in this work. The special normal basis reported here has some algebraic properties which make it inherently hardware friendly and allow us to predict the area reduction, without running a tool. Overall, this work constitutes an extensive hardware characterization of a class of cryptographically significant 6-bit S-boxes giving us interesting insights into the systematic lightweight implementation of S-boxes without relying on an automated tool. https://ojs.ub.ruhr-uni-bochum.de/index.php/TCHES/article/view/11902LightweightS-boxComposite FieldHardware Implementation |
| spellingShingle | Dilip Sau Sumanta Sarkar Dhiman Saha Kalikinkar Mandal Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation Transactions on Cryptographic Hardware and Embedded Systems Lightweight S-box Composite Field Hardware Implementation |
| title | Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation |
| title_full | Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation |
| title_fullStr | Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation |
| title_full_unstemmed | Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation |
| title_short | Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation |
| title_sort | know thy basis decomposing f26 for lightweight s box implementation |
| topic | Lightweight S-box Composite Field Hardware Implementation |
| url | https://ojs.ub.ruhr-uni-bochum.de/index.php/TCHES/article/view/11902 |
| work_keys_str_mv | AT dilipsau knowthybasisdecomposingf26forlightweightsboximplementation AT sumantasarkar knowthybasisdecomposingf26forlightweightsboximplementation AT dhimansaha knowthybasisdecomposingf26forlightweightsboximplementation AT kalikinkarmandal knowthybasisdecomposingf26forlightweightsboximplementation |