Show simple item record

dc.contributor.authorCanright, David R.
dc.date.accessioned2013-01-18T19:11:46Z
dc.date.available2013-01-18T19:11:46Z
dc.date.issued2005-05-17
dc.identifier.urihttp://hdl.handle.net/10945/25529
dc.description.abstractOne key step in the Advanced Encryption Standard (AES), or Rijndael, algorithm is called the "S-box", the only nonlinear step in each round of encryption/decryption. A wide variety of implementations of AES have been proposed, for various desiderata, that effect the S-box in various ways. In particular, the most compact implementation to date of Satoh et al. performs the 8-bit Galois field inversion of the S-box using subfields of 4 bits and of 2 bits. This work describes a refinement of this approach that minimizes the circuitry, and hence the chip area, required for the S-box. While Satoh used polynomial bases at each level, we consider also normal bases, with arithmetic optimizations; altogether, 432 different cases were considered. The isomorphism bit matrices are fully optimized, improving on the "greedy algorithm." The best case reduces the number of gates in the S-box by 20%. This decrease in chip area could be important for area-limited hardware implementations, e.g., smart cards. And for applications using larger chips, this approach could allow more copies of the S-box, for parallelism and/or pipelining in non-feedback modes of AES.en_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleA very compact Rijndael S-boxen_US
dc.typeTechnical Reporten_US
dc.contributor.departmentApplied Mathematics


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record