View More View Less
  • 1 FEI STU, Ilkovičova 3, 812-19 Bratislava, Slovakia
Restricted access

Purchase article

USD  $25.00

1 year subscription (Individual Only)

USD  $800.00

Multiplicative complexity is the minimum number of AND-gates required to implement a given Boolean function in (AND, XOR) algebra. It is a good measure of a hardware complexity of an S-box, but an S-box cannot have too low multiplicative complexity due to security constraints. In this article we focus on generic constructions that can be used to find good n×n S-boxes with low multiplicative complexity. We tested these constructions in the specific case when n = 8. We were able to find 8 × 8 S-boxes with multiplicative complexity at most 16 (which is half of the known bound on multiplicative complexity of the AES S-box), while providing a reasonable resistance against linear and differential cryptanalysis.

  • [1]

    Ballet, S. and Pieltant, J., On the tensor rank of multiplication in any extension of f2, Journal of Complexity, 27(2) (2011), 230245. DOI 0885064X11000094 http://dx.doi.org/10.1016/j.jco.2011.01.008.URL http://www.sciencedirect.com/science/article/pii/S0885064X11000094

    • Search Google Scholar
    • Export Citation
  • [2]

    Bertoni, G., Daemen, J., Peeters, M. and Van Assche, G., Keccak sponge function family main document, Submission to NIST (Round 2), 3 (2009).

    • Search Google Scholar
    • Export Citation
  • [3]

    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V. and Stütz, G., Threshold implementations of all 3 ×3 and 4 × 4 S-boxes, in: E. Prouff, P. Schaumont (eds.) CHES, Lecture Notes in Computer Science, vol. 7428, Springer (2012), pp. 7691.

    • Search Google Scholar
    • Export Citation
  • [4]

    Biryukov, A., Cannière, C. D., Braeken, A. and Preneel, B., A toolbox for cryptanalysis: Linear and affine equivalence algorithms, in: E. Biham (ed.) Advances in Cryptology – EUROCRYPT 2003, Lecture Notesin Computer Science, vol. 2656, Springer-Verlag (2003), pp. 3350. URL http://dx.doi.org/10.1007/3-540-39200-9_3

    • Search Google Scholar
    • Export Citation
  • [5]

    Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y. and Vikkelsoe, C., PRESENT: An ultra-lightweight block cipher, in: P. Paillier, I. Verbauwhede (eds.) CHES, LectureNotes in Computer Science, vol. 4727, Springer (2007), pp. 450466.

    • Search Google Scholar
    • Export Citation
  • [6]

    Boyar, J. and Peralta, R., Tight bounds for the multiplicative complexity of symmetric functions, Theor. Comput. Sci., 396(13) (2008), 223246. DOI 10.1016/j.tcs.2008.01.030. URL http://dx.doi.org/10.1016/j.tcs.2008.01.030

    • Search Google Scholar
    • Export Citation
  • [7]

    Boyar, J. and Peralta, R., A new combinational logic minimization technique with applications to cryptology, SEA (2010), pp. 178189

  • [8]

    Boyar, J., Peralta, R. and Pochuev, D., On the multiplicative complexity of boolean functions over the basis (∧,⊕, 1), Theoretical Computer Science, 235(1) (2000), 4357.

    • Search Google Scholar
    • Export Citation
  • [9]

    Bulygin, S., More on linear hulls of present-like ciphers and a cryptanalysis of fullround epcbc-96, Cryptology ePrint Archive, Report 2013/028 (2013). URL http://eprint.iacr.org/

    • Search Google Scholar
    • Export Citation
  • [10]

    Carlet, C., Goubin, L., Prouff, E., Quisquater, M. and Rivain, M., Higherorder masking schemes for S-boxes, in: Fast Software Encryption, Springer (2012), pp. 366384.

    • Search Google Scholar
    • Export Citation
  • [11]

    Courtois, N., Hulme, D. and Mourouzis, T., Solving circuit optimisation problems in cryptography and cryptanalysis, Cryptology ePrint Archive, Report 2011/475 (2011).

    • Search Google Scholar
    • Export Citation
  • [12]

    Daemen, J. and Rijmen, V., The Design of Rijndael. Springer (2002)

    • Export Citation
  • [13]

    Grosek, O., Magliveras, S., Tapuska, J. and Wei, W., Is Rijndael really independent of the field polynomial? Tatra Mountains Mathematical Publications, 33(1) (2006), 5169.

    • Search Google Scholar
    • Export Citation
  • [14]

    Kocher, P. C., Jaffe, J. and Jun, B., Differential power analysis, in: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ′99, Springer-Verlag, London, UK, UK (1999). pp. 388397. URL http://dl.acm.org/citation.cfm?id=646764.703989

    • Search Google Scholar
    • Export Citation
  • [15]

    Mirwald, R. and Schnorr, C., The multiplicative complexity of quadratic boolean forms, Theoretical Computer Science, 102(2) (1992), 307328. DOI 10.1016/0304-3975(92)90235-8. URL http://www.sciencedirect.com/science/article/pii/0304397592902358

    • Search Google Scholar
    • Export Citation
  • [16]

    Nyberg, K., Differentially uniform mappings for cryptography, in: T. Helleseth (ed.) Advances in Cryptology – EUROCRYPT ′93, Lecture Notes in ComputerScience, vol. 765 Springer, Berlin, Heidelberg (1994), pp. 5564. DOI 10.1007/3-540-48285-7_6. URL http://dx.doi.org/10.1007/3-540-48285-7_6

    • Search Google Scholar
    • Export Citation
  • [17]

    Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C. and Ferguson, N., Twofish: A 128-bit block cipher, NIST AES Proposal, 15 (1998).

    • Search Google Scholar
    • Export Citation
  • [18]

    Wu, H., The hash function jh, submission to NIST (updated) (2009).

  • [19]

    Yarkin Doröz Aria Shahverdi, T. E. and Sunar, B., Toward practical homomorphic evaluation of block ciphers using Prince, Cryptology ePrint Archive, Report 2014/233 (2014). URL http://eprint.iacr.org/

    • Search Google Scholar
    • Export Citation
  • [20]

    Zajac, P., A new method to solve MRHS equation systems and its connection to group factorization, Journal of Mathematical Cryptology, 7(4) (2013), 279381. DOI 10.1515/jmc-2013-5012

    • Search Google Scholar
    • Export Citation
  • [21]

    Zajac, P. and Jókay, M., Multiplicative complexity of bijective 4 × 4 s-boxes, Cryptography and Communications, 6(3) (2014), 255277. DOI 10.1007/s12095-014-0100-y. URL http://dx.doi.org/10.1007/s12095-014-0100-y

    • Search Google Scholar
    • Export Citation