Toward Finding S-Box Circuits With Optimal Multiplicative Complexity

In this paper, we present a new method to find S-box circuits with optimal multiplicative complexity (MC), i.e., MC-optimal S-box circuits. We provide new observations for efficiently constructing circuits and computing MC, combined with a popular pathfinding algorithm named A*. In our search, the A...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers Vol. 73; no. 8; pp. 2036 - 2050
Main Authors: Jeon, Yongjin, Baek, Seungjun, Kim, Jongsung
Format: Journal Article
Language:English
Published: New York IEEE 01.08.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
A algorithm
Algorithms
Boolean functions
Boxes
Ciphers
Circuits
Complexity
Complexity theory
Computation
Cryptography
implementation
Internet of Things
Internet of Things (IoT)
lightweight cryptography
Logic gates
Lower bounds
MC-optimal
multiplicative complexity
Permutations
S-box
ISSN:0018-9340, 1557-9956
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we present a new method to find S-box circuits with optimal multiplicative complexity (MC), i.e., MC-optimal S-box circuits. We provide new observations for efficiently constructing circuits and computing MC, combined with a popular pathfinding algorithm named A*. In our search, the A* algorithm outputs a path of length MC, corresponding to an MC-optimal circuit. Based on an in-depth analysis of the process of computing MC, we enable the A* algorithm to function within our graph to investigate a wider range of S-boxes than existing methods such as the SAT-solver-based tool <xref ref-type="bibr" rid="ref1">[1] and LIGHTER <xref ref-type="bibr" rid="ref2">[2] . We provide implementable MC-optimal circuits for all the quadratic 5-bit bijective S-boxes and existing 5-bit almost-perfect nonlinear (APN) S-boxes. Furthermore, we present MC-optimal circuits for 6-bit S-boxes such as Sarkar Gold, Sarkar Quadratic, and some quadratic permutations. Finally, we theoretically demonstrate new lower bounds for the MCs of S-boxes, providing tighter bounds for the MCs of AES and MISTY S-boxes than previously known. This study complements previous results on MC-optimal S-box circuits and is intended to provide further insight into this field.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2024.3398507