Skip to main content
SpringerLink
Log in

Highly efficient \(\textit{GF}(2^8)\) inversion circuit based on hybrid GF representations

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

This paper proposes a compact and highly efficient \(\textit{GF}(2^8)\) inversion circuit design based on a combination of non-redundant and redundant Galois field (GF) (or finite field) arithmetic. The proposed design utilizes an optimal normal basis and redundant GF representations, called polynomial ring representation and redundantly represented basis, to implement \(\textit{GF}(2^8)\) inversion using a tower field \(\textit{GF}((2^4)^2)\). The flexibility of the redundant representations provides efficient mappings from/to the \(\textit{GF}(2^8)\). This paper evaluates the efficacy of the proposed circuit by gate counts and logic synthesis with a 65-nm CMOS standard cell library in comparison with conventional circuits. Consequently, we show that the proposed circuit achieves approximately 25% higher area–time efficiency than the conventional best inversion circuit in our environment. We also demonstrate that AES S-Box with the proposed circuit achieves the best area–time efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. While PRR and RRB can use the same defining polynomial, the major difference between PRR and RRB is the uniqueness of representation for each element. For example, \(\textit{GF}(2^2)\) can be represented redundantly with a modular polynomial \(x^3+1\). Here, a PRR-based \(\textit{GF}(2^2)\) consists of four elements: \(0, x+1, x^2+1\), and \(x^2+x\) (which is equivalent to a cyclic code with a generator polynomial \(x+1\)) while an RRB-based \(\textit{GF}(2^2)\) consists of eight elements: \(0, 1, \gamma , \gamma +1, \gamma ^2, \gamma ^2+1, \gamma ^2+\gamma \), and \(\gamma ^2+\gamma +1\) where \(\gamma \) denotes a root of \(x^2+x+1\).

  2. More precisely, we can construct five different bases using \(\beta \), that is, four PBs \(\{\beta ^3, \beta ^2, \beta ^1, \beta ^0\}\), \(\{\beta ^4, \beta ^2, \beta ^1, \beta ^0\}\), \(\{\beta ^4, \beta ^3, \beta ^1, \beta ^0\}\), and \(\{\beta ^4, \beta ^3, \beta ^2, \beta ^0\}\) in addition to an ONB \(\{\beta ^4, \beta ^3, \beta ^2, \beta ^1\}\). We use the ONB for h and l for efficient computation of Stage 1, while the previous work [16] used one of them for each h and l in order to construct efficient conversion matrices for the change-of-basis, MixColumns, and affine transformation.

  3. The linear recurrence relation is used for error detection in CRC. A polynomial is a codeword of a CRC iff the relation is satisfied.

  4. While we calculated GE values from synthesis results with an inverter cell information in the preliminary version [17], in this paper, we derived these values directly from a NAND cell in order to accommodate them to a result in [6]. Note that the GE values in this paper are consistent with those in the previous version [17].

  5. According to [26, 27], a logic minimization method can further reduce the total gates or critical delay of [11, 12]. However, the same minimization can also be applied to other circuits including ours. Therefore, we did not apply the minimization in this paper. Note that, in our environment, the critical delay and area–time product of our S-Boxes without the minimization technique are smaller than those in [26, 27].

References

  1. Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Berlin (1993)

    Book  MATH  Google Scholar 

  2. Matsui, M.: The first experimental cryptoanalysis of the data encryption standard. In: Advances in Cryptology—CRYPTO 1994. Volume 839 of Lecture Notes in Computer Science, pp. 1–11. Springer (1994)

  3. Nyberg, K.: Differentially uniform mappings for cryptography. In: Advances in Cryptology—EUROCRYPT 1993. Volume 765 of Lecture Notes in Computer Science, pp. 55–64. Springer (1993)

  4. National Institute of Standards and Technology (NIST): Advanced encryption standard (AES), vol. 197. FIPS Publication. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (November 2001)

  5. Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camallia: A 128-bit block cipher suitable for multiple platforms—design and analysis. In: Selected Areas in Cryptography. Volume 2012 of Lecture Notes in Computer Science, pp. 39–56. Springer (2001)

  6. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Advances in Cryptology—EUROCRYPT 2011. Volume 6632 of Lecture Notes in Computer Science, pp. 59–88. Springer (2011)

  7. Sasao, T.: And-Exor expressions and their optimization. In: Sasao, T. (ed.) Logic Synthesis and Optimization. Volume 212 of The Kluwer International Series in Engineering and Computer Science, pp. 287–312. Kluwer Academic Publishers, Dordrecht (1993)

    Google Scholar 

  8. Morioka, S., Satoh, A.: An optimized S-Box circuit architecture for low power AES design. In: Cryptographic Hardware and Embedded Systems (CHES). Volume 2523 of Lecture Notes in Computer Science, pp. 172–186. Springer (2002)

  9. Morioka, S., Satoh, A.: A 10 Gbps full-AES crypto design with a twisted-BDD S-box architecture. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 12, 686–691 (2004)

    Article  Google Scholar 

  10. Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A compact Rijndael hardware architecture with S-box optimization. In: Advances in Cryptology—ASIACRYPT 2001. Volume 2248 of Lecture Notes in Computer Science, pp. 239–254. Springer (2001)

  11. Canright, D.: A very compact S-box for AES. In: Cryptographic Hardware and Embedded Systems (CHES). Volume 3659 of Lecture Notes in Computer Science, pp. 441–455. Springer (2005)

  12. Nogami, Y., Nekado, K., Toyota, T., Hongo, N., Morikawa, Y.: Mixed bases for efficient inversion in \(\mathbb{F}_{((2^2)^2)^2}\) and conversion matrices of SubBytes of AES. In: Cryptographic Hardware and Embedded Systems (CHES). Volume 6225 of Lecture Notes in Computer Science, pp. 234–247. Springer (2010)

  13. Jeon, Y., Kim, Y., Lee, D.: A compact memory-free architecture for the AES algorithm using resource sharing methods. J. Circuits Syst. Comput. 19(5), 1109–1130 (2010)

    Article  Google Scholar 

  14. Drolet, G.: A new representation of elements of finite fields \(GF(2^m)\) yielding small complexity arithmetic circuits. IEEE Trans. Comput. 47(9), 938–946 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  15. Wu, H., Hasan, A., Blake, I.F.: Highly regular architectures for finite field computation using redundant basis. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES). Volume 1717 of Lecture Notes in Computer Science, pp. 269–279. Springer (1999)

  16. Nekado, K., Nogami, Y., Iokibe, K.: Very short critical path implementation of AES with direct logic gates. In: Advances in Information and Computer Security. Volume 7631 of Lecture Notes in Computer Science, pp. 51–68. Springer (2012)

  17. Ueno, R., Homma, N., Sugawara, Y., Nogami, Y., Aoki, T.: Highly efficient \(GF(2^8)\) inversion circuit based on redundant GF arithmetic and its application to AES design. In: International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Volume 9293 of Lecture Notes in Computer Science, pp. 63–80. Springer (2015)

  18. Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \(GF(2^m)\) using normal bases. Inf. Comput. 78, 171–177 (1988)

    Article  MATH  Google Scholar 

  19. Wu, H.: Low complexity bit-parallel finite field arithmetic using polynomial basis. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES). Volume 1717 of Lecture Notes in Computer Science, pp. 280–291. Springer (1999)

  20. Hirotomo, M., Mouri, K., Morii, M.: Generalized polynomial ring representation over \(GF(2^m)\) and its application. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. J89–A(10), 790–800 (2006). (Japanese Edition)

    Google Scholar 

  21. Nogami, Y., Saito, A., Morikawa, Y.: Finite extension field with modulus of all-one polynomial field and representation of its elements of for fast arithmetnic operations. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E86–A(9), 2376–2387 (2003)

    Google Scholar 

  22. Tohoku University: Cryptographic hardware project. http://www.aoki.ecei.tohoku.ac.jp/crypto/ May 2015

  23. Canright, D.: http://faculty.nps.edu/drcanrig/ May (2015)

  24. Mathew, S.K., Sheikh, F., Kounavis, M.E., Gueron, S., Agarwal, A., Hsu, S.K., Himanshu, K., Anders, M.A., Krishnamurthy, R.K.: 53 Gbps native \(GF(2^4)^2\) composite-field AES-encrypt/decrypt accelerator for content-protection in 45 nm high-performance microprocessors. IEEE J. Solid State Circuits 46, 767–776 (2011)

    Article  Google Scholar 

  25. Mathew, S., Satpathy, S., Suresh, V., Anders, M., Himanshu, K., Amit, A., Hsu, S., Chen, G., Krishnamurthy, R.K.: 340 mV-1.1V, 289 Gbps/W, 2090-gate nanoAES hardware accelerator with area-optimized encrypt/decrypt \(GF(2^4)^2\) polynomials in 22 nm tri-gate CMOS. IEEE J. Solid State Circuits 50, 1048–1058 (2015)

    Article  Google Scholar 

  26. Boyer, J., Matthews, P., Peralta, P.: Logic minimization techniques with applications to cryptology. J. Cryptol. 47, 280–312 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  27. Boyer, J., Peralta, R.: A small depth-16 circuit for the AES S-box. In: Information Security and Privacy Research. Volume 376 of IFIP Advances in Information and Communication Technology, pp. 287–298. Springer (2012)

  28. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24, 292–321 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  29. Bilgin, B., Gierlichs, B., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Advances in Cryptology—ASIACRYPT 2014. Volume 8874 of Lecture Notes in Computer Science, pp. 326–343. Springer (2014)

  30. Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Advances in Cryptology—CRYPTO 2015. Volume 9215 of Lecture Notes in Computer Science, pp. 764–783. Springer (2015)

  31. Cnudde, T.D., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with \(d+1\) shares in hardware. In: International Conference on Cryptographic Hardware and Embedded Systems (CHES). Volume 9813 of Lecture Notes in Computer Science, pp. 194–212. Springer (2016)

  32. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), vol. 1, pp. 246–251. (2004)

Download references

Acknowledgements

We are deeply grateful to Dr. Amir Moradi and Mr. Yukihiro Sugawara for their insightful and valuable advices. This work has been supported by JSPS KAKENHI Grant Nos. 16K12436, 17H00729, and 16J05711.

Author information

Authors and Affiliations

  1. Tohoku University, 6-6-05, Aramaki Aza Aoba, Aoba-ku, Sendai-shi, 980-8579, Japan

    Rei Ueno, Naofumi Homma & Takafumi Aoki

  2. Okayama University, Tsushima-naka, Kita-ward, Okayama-shi, 700-8530, Japan

    Yasuyuki Nogami

Authors
  1. Rei Ueno
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naofumi Homma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yasuyuki Nogami
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takafumi Aoki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rei Ueno.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ueno, R., Homma, N., Nogami, Y. et al. Highly efficient \(\textit{GF}(2^8)\) inversion circuit based on hybrid GF representations. J Cryptogr Eng 9, 101–113 (2019). https://doi.org/10.1007/s13389-018-0187-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-018-0187-8

Keywords

Search

Navigation