A very compact Rijndael S-box

Canright, David R.

dc.contributor.author	Canright, David R.
dc.date.accessioned	2013-01-18T19:11:46Z
dc.date.available	2013-01-18T19:11:46Z
dc.date.issued	2005-05-17
dc.identifier.uri	https://hdl.handle.net/10945/25529
dc.description.abstract	One key step in the Advanced Encryption Standard (AES), or Rijndael, algorithm is called the "S-box", the only nonlinear step in each round of encryption/decryption. A wide variety of implementations of AES have been proposed, for various desiderata, that effect the S-box in various ways. In particular, the most compact implementation to date of Satoh et al. performs the 8-bit Galois field inversion of the S-box using subfields of 4 bits and of 2 bits. This work describes a refinement of this approach that minimizes the circuitry, and hence the chip area, required for the S-box. While Satoh used polynomial bases at each level, we consider also normal bases, with arithmetic optimizations; altogether, 432 different cases were considered. The isomorphism bit matrices are fully optimized, improving on the "greedy algorithm." The best case reduces the number of gates in the S-box by 20%. This decrease in chip area could be important for area-limited hardware implementations, e.g., smart cards. And for applications using larger chips, this approach could allow more copies of the S-box, for parallelism and/or pipelining in non-feedback modes of AES.	en_US
dc.rights	This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.	en_US
dc.title	A very compact Rijndael S-box	en_US
dc.type	Technical Report	en_US
dc.contributor.department	Applied Mathematics