Low AND Depth and Efficient Inverses: a Guide on S-boxes for Low-latency Masking
In this work, we perform an extensive investigation and construct a portfolio of S-boxes suitable for secure lightweight implementations, which aligns well with the ongoing NIST Lightweight Cryptography competition. In particular, we target good functional properties on the one hand and efficient im...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology Vol. 2020; no. 1 |
|---|---|
| Main Authors | , , , , |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr-Universität Bochum
01.01.2020
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2519-173X |
| DOI | 10.13154/tosc.v2020.i1.144-184 |
Cover
Loading…
| Abstract | In this work, we perform an extensive investigation and construct a portfolio of S-boxes suitable for secure lightweight implementations, which aligns well with the ongoing NIST Lightweight Cryptography competition. In particular, we target good functional properties on the one hand and efficient implementations in terms of AND depth and AND gate complexity on the other. Moreover, we also consider the implementation of the inverse S-box and the possibility for it to share resources with the forward S-box. We take our exploration beyond the conventional small (and even) S-box sizes. Our investigation is twofold: (1) we note that implementations of existing S-boxes are not optimized for the criteria which define masking complexity (AND depth and AND gate complexity) and improve a tool published at FSE 2016 by Stoffelen in order to fill this gap. (2) We search for new S-box designs which take these implementation properties into account from the start. We perform a systematic search based on the properties of not only the S-box but also its inverse as well as an exploration of larger S-box sizes using length-doubling structures. The result of our investigation is not only a wide selection of very good S-boxes, but we also provide complete descriptions of their circuits, enabling their integration into future work. |
|---|---|
| AbstractList | In this work, we perform an extensive investigation and construct a portfolio of S-boxes suitable for secure lightweight implementations, which aligns well with the ongoing NIST Lightweight Cryptography competition. In particular, we target good functional properties on the one hand and efficient implementations in terms of AND depth and AND gate complexity on the other. Moreover, we also consider the implementation of the inverse S-box and the possibility for it to share resources with the forward S-box. We take our exploration beyond the conventional small (and even) S-box sizes. Our investigation is twofold: (1) we note that implementations of existing S-boxes are not optimized for the criteria which define masking complexity (AND depth and AND gate complexity) and improve a tool published at FSE 2016 by Stoffelen in order to fill this gap. (2) We search for new S-box designs which take these implementation properties into account from the start. We perform a systematic search based on the properties of not only the S-box but also its inverse as well as an exploration of larger S-box sizes using length-doubling structures. The result of our investigation is not only a wide selection of very good S-boxes, but we also provide complete descriptions of their circuits, enabling their integration into future work. |
| Author | Begül Bilgin Lauren De Meyer François-Xavier Standaert Itamar Levi Sébastien Duval |
| Author_xml | – sequence: 1 fullname: Begül Bilgin organization: Rambus, Cryptography Research, Rotterdam, Netherlands – sequence: 2 fullname: Lauren De Meyer organization: Computer Security and Industrial Cryptography (COSIC), KU Leuven, Leuven, Belgium – sequence: 3 fullname: Sébastien Duval organization: UCLouvain, Louvain-la-Neuve, Belgium – sequence: 4 fullname: Itamar Levi organization: UCLouvain, Louvain-la-Neuve, Belgium; Bar-Ilan University (BIU), Ramat Gan, Israel – sequence: 5 fullname: François-Xavier Standaert organization: UCLouvain, Louvain-la-Neuve, Belgium |
| BookMark | eNotjNtKAzEUAIMoWGt_QfIDW3PfxLfSai3UC6jg23KySWpqTcpmrfbvLerTwMDMGTpOOXmELigZU06luOxzacc7RhgZRzqmQlRUiyM0YJKaitb89RSNSlkTQpg2XAkzQI_L_IUn9zM889v-DUNy-DqE2EaferxIO98VX64w4PlndB7nhJ8qm799wSF3-BBXG-h9avf4Dsp7TKtzdBJgU_zon0P0cnP9PL2tlg_zxXSyrBxjtK-M5Y6roI1URgYilJZUMOK587WnmivQLDjjNNdKa2t0sBYUMAKWHhLNh2jx93UZ1s22ix_Q7ZsMsfkVuVs10PWx3fhGMCeFEiCZBqEZt0pYVzvmPIBUoeY_gFVemQ |
| ContentType | Journal Article |
| DBID | DOA |
| DOI | 10.13154/tosc.v2020.i1.144-184 |
| DatabaseName | DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2519-173X |
| ExternalDocumentID | oai_doaj_org_article_42d5464a528a4823b64bd7d2deaa56f7 |
| GroupedDBID | ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV GROUPED_DOAJ |
| ID | FETCH-LOGICAL-d221t-9b3d36f895695f046851420e3de7e1836a82fd9d838688b98fbba6a20ab156983 |
| IEDL.DBID | DOA |
| IngestDate | Wed Aug 27 01:13:38 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 1 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d221t-9b3d36f895695f046851420e3de7e1836a82fd9d838688b98fbba6a20ab156983 |
| OpenAccessLink | https://doaj.org/article/42d5464a528a4823b64bd7d2deaa56f7 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_42d5464a528a4823b64bd7d2deaa56f7 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-01-01 |
| PublicationDateYYYYMMDD | 2020-01-01 |
| PublicationDate_xml | – month: 01 year: 2020 text: 2020-01-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2020 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.2519758 |
| Snippet | In this work, we perform an extensive investigation and construct a portfolio of S-boxes suitable for secure lightweight implementations, which aligns well... |
| SourceID | doaj |
| SourceType | Open Website |
| SubjectTerms | AND depth lightweight cryptography masking multiplicative complexity S-box |
| Title | Low AND Depth and Efficient Inverses: a Guide on S-boxes for Low-latency Masking |
| URI | https://doaj.org/article/42d5464a528a4823b64bd7d2deaa56f7 |
| Volume | 2020 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV3NS8MwHA2ykxdRVPwmB6_Z2iTNh7fpNoe4Iehgt5I0CU5kHa7z47_3l7agNy9eCylJHuG9l-T3gtClCF7G2C7CpQSDwlJBbPCGSJOkPkgJJBvrnSdTMZ7xu3k2__XUV7wT1sQDNxPX49RlXHCTUWW4oswKbp101HljMhHqOnLgvF9m6qU5PmOC67YkmIFO6FXluui-g9dPuos0nmmStI40_UnqrylltIt2Wi2I-00f9tCWX-6jh_vyA_enAzzwq-oZg9HHwzrmAdgBx1SMeOniCht8u1k4j8slfiS2_PRrDPITQ2PyaqIO_sITs4774AdoNho-3YxJ--wBcZSmFdGWOSaCAueiswD-FUQRp4lnzksPK1AYRYPTTjEllLJaBWuNMDQxFsyYVuwQdZbl0h8hzGhacAUNE5dwXy9Opq3TTJlCelYco-s4_HzVJFvkMWu6_gAI5C0C-V8InPzHT07RdoSm2dw4Q53qbePPge4re1Ej-w2flKYE |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Low+AND+Depth+and+Efficient+Inverses%3A+a+Guide+on+S-boxes+for+Low-latency+Masking&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Beg%C3%BCl+Bilgin&rft.au=Lauren+De+Meyer&rft.au=S%C3%A9bastien+Duval&rft.au=Itamar+Levi&rft.date=2020-01-01&rft.pub=Ruhr-Universit%C3%A4t+Bochum&rft.eissn=2519-173X&rft.volume=2020&rft.issue=1&rft_id=info:doi/10.13154%2Ftosc.v2020.i1.144-184&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_42d5464a528a4823b64bd7d2deaa56f7 |