Abstract
The area is one of the most important criteria for an S-box in hardware implementation when designing lightweight cryptography primitives. The area can be well estimated by the number of gate equivalent (GE). However, to our best knowledge, there is no efficient method to search for an S-box implementation with the least GE. Previous approaches can be classified into two categories, one is a heuristic that aims at finding an implementation with a satisfying but not necessarily the smallest GE number; the other one is SAT-based focusing on only the smallest number of gates while it ignored that the areas of different gates vary. Implementation with the least gates would usually not lead to the smallest number of GE.
In this paper, we propose an improved SAT-based tool targeting optimizing the number of GE of an S-box implementation. Given an S-box, our tool can return the implementation of this S-box with the smallest number of GE. We speed up the search process of the tool by bit-sliced technique. Additionally, our tool supports 2-, 3-, and 4-input gates, while the previous tools cover only 2-input gates. To highlight the strength of our tool, we apply it to some 4-bit and 5-bit S-boxes of famous ciphers. We obtain a better implementation of RECTANGLE’s S-box with the area of 18.00GE. What’s more, we prove that the implementations of S-boxes of PICCOLO, SKINNY, and LBLOCK in the current literature have been optimal. When using the DC synthesizer on the circuits produced by our tool, the area are much better than the circuits converted by DC synthesizers from the lookup tables (LUT). At last, we use our tool to find implementations of 5-bit S-boxes, such as those used in KECCAK and ASCON.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Banik, S., Funabiki, Y., Isobe, T.: More results on shortest linear programs. Cryptology ePrint Archive, Report 2019/856 (2019). https://ia.cr/2019/856
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_19
Courtois, N., Mourouzis, T., Hulme, D.: Exact logic minimization and multiplicative complexity of concrete algebraic and cryptographic circuits. Int. J. Adv. Intell. Syst. 6(3), 165–176 (2013)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1. 2. Submission to the CAESAR Competition (2016)
Goudarzi, D., et al.: Pyjamask: Block cipher and authenticated encryption with highly efficient masked implementation. IACR Trans. Symmetric Cryptol. 2020(S1), 31–59 (2020). https://doi.org/10.13154/tosc.v2020.iS1.31-59
Hlavicka, J., Fiser, P.: Boom-a heuristic Boolean minimizer. In: IEEE/ACM International Conference on Computer Aided Design. ICCAD 2001. IEEE/ACM Digest of Technical Papers (Cat. No.01CH37281), pp. 439–442 (2001). https://doi.org/10.1109/ICCAD.2001.968667
Virtual Silicon Inc.: 0.18\(\mu \)m VIP standard cell library tape out ready, part number: UMCL18G212T3, process: UMC logic 0.18 \(\mu \)m generic ii technology: 0.18\(\mu \)m, July 2004
Jean, J., Peyrin, T., Sim, S.M., Tourteaux, J.: Optimizing implementations of lightweight building blocks. IACR Trans. Symmetric Cryptol. 2017(4), 130–168 (2017). https://doi.org/10.13154/tosc.v2017.i4.130-168
Kwon, H., Koleva, B., Schnädelbach, H., Benford, S.: “it’s not yet A gift”: understanding digital gifting. In: Lee, C.P., Poltrock, S.E., Barkhuus, L., Borges, M., Kellogg, W.A. (eds.) Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing, CSCW 2017, Portland, OR, USA, 25 February–1 March 2017, pp. 2372–2384. ACM (2017). https://doi.org/10.1145/2998181.2998225
Mourouzis, T.: Optimizations in algebraic and differential cryptanalysis. Ph.D. thesis, UCL (University College London) (2015)
NIST.: Submission requirements and evaluation criteria for the lightweight cryptography standardization process (2018). https://csrc.nist.gov/projects/lightweight-cryptography
Rudell, R.L.: Multiple-valued logic minimization for PLA synthesis. Technical report. UCB/ERL M86/65, EECS Department, University of California, Berkeley, June 1986. http://www2.eecs.berkeley.edu/Pubs/TechRpts/1986/734.html
Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_23
Stoffelen, K.: Optimizing S-box implementations for several criteria using SAT solvers. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 140–160. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_8
Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21554-4_19
Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms. Sci. China Inf. Sci. 58(12), 1–15 (2015)
Acknowledgement
We thank the anonymous reviewers for their valuable comments and suggestions to improve the quality of the paper. This work is supported by the National Natural Science Foundation of China (Grant No. 62032014), the National Key Research and Development Program of China (Grant No. 2018YFA0704702), the Major Scientific and Technological Innovation Project of Shandong Province, China (Grant No. 2019JZZY010133), the Major Basic Research Project of Natural Science Foundation of Shandong Province, China (Grant No. ZR202010220025), the Program of Qilu Young Scholars (Grant No. 61580082063088) of Shandong University, and National Natural Science Foundation of China (Grant No. 62002204).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A Implementation of Some S-boxes
Appendix A Implementation of Some S-boxes
In this section, we give the implementations of several Sboxes mapped on the UMC 180nm standard cell libraries used in this paper (Tables 13, 14, 15 and 16).
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Lu, Z., Wang, W., Hu, K., Fan, Y., Wu, L., Wang, M. (2021). Pushing the Limits: Searching for Implementations with the Smallest Area for Lightweight S-Boxes. In: Adhikari, A., Küsters, R., Preneel, B. (eds) Progress in Cryptology – INDOCRYPT 2021. INDOCRYPT 2021. Lecture Notes in Computer Science(), vol 13143. Springer, Cham. https://doi.org/10.1007/978-3-030-92518-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-92518-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92517-8
Online ISBN: 978-3-030-92518-5
eBook Packages: Computer ScienceComputer Science (R0)