Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation

Authors

  • Dilip Sau Center for Computational & Data Sciences, Indian Institute of Technology Kharagpur, India
  • Sumanta Sarkar University of Warwick, Coventry, United Kingdom
  • Dhiman Saha de.ci.phe.red Lab, Department of Computer Science and Engineering, Indian Institute of Technology Bhilai, India
  • Kalikinkar Mandal University of New Brunswick, Fredericton, NB, Canada

DOI:

https://doi.org/10.46586/tches.v2024.i4.763-794

Keywords:

Lightweight, S-box, Composite Field, Hardware Implementation

Abstract

A recent trend has shown constructions of 6-bit S-boxes that are mostly focused on their cryptographic elegance, while their lightweight aspects have not really been addressed well. This paper attempts to plug-in this existing research gap where we show how the composite structure of the extension field F26 could be leveraged. An earlier well-known example is an efficient implementation of AES S-box using the tower field extension of F28 . The case of F2ab is completely different from any tower field as the implementation varies as per the choice of extension – for instance, F(2a)b or F(2b)a , where a and b are prime. Thus, it makes the implementation of S-boxes over F26 = F2(2×3) very interesting. In this work, we systematically study the composite field structure of F26 from a hardware standpoint for a class of S-boxes that are power mapping or their affine equivalents. We analyze the hardware efficiency with respect to different representations of the field extension, i.e., F(22)3 or F(23)2 . Furthermore, for each extension, we investigate the impact of various choices of bases – for instance, we present the evidence of the effect that normal or polynomial bases have on the implementation. This gives us further insight on the choice of basis with respect to the field extension. In the process, we present a special normal basis, when used in conjunction with F(23)2 results in the least (or very close to least) area in terms of GE for the 18 (6 quadratic and 12 cubic) S-boxes studied in this work. The special normal basis reported here has some algebraic properties which make it inherently hardware friendly and allow us to predict the area reduction, without running a tool. Overall, this work constitutes an extensive hardware characterization of a class of cryptographically significant 6-bit S-boxes giving us interesting insights into the systematic lightweight implementation of S-boxes without relying on an automated tool.

Downloads

Published

2024-11-22

Issue

Vol. 2024 No. 4

Section

Articles

License

Copyright (c) 2024 Dilip Sau, Sumanta Sarkar, Dhiman Saha, Kalikinkar Mandal

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Know-Thy-Basis: Decomposing F26 for Lightweight S-box Implementation. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(4), 763-794. https://doi.org/10.46586/tches.v2024.i4.763-794