A Framework for Generating S-Box Circuits with Boyer-Peralta Algorithm-Based Heuristics, and Its Applications to AES, SNOW3G, and Saturnin

Yongjin Jeon; Seungjun Baek; Giyoon Kim; Jongsung Kim

Paper 2024/1996

A Framework for Generating S-Box Circuits with Boyer-Peralta Algorithm-Based Heuristics, and Its Applications to AES, SNOW3G, and Saturnin

Yongjin Jeon

, Kookmin University

Seungjun Baek

, Kookmin University

Giyoon Kim

, Kookmin University

Jongsung Kim

, Kookmin University

Abstract

In many lightweight cryptography applications, low area and latency are required for efficient implementation. The gate count in the cipher and the circuit depth must be low to minimize these two metrics. Many optimization strategies have been developed for the linear layer, led by the Boyer-Peralta (BP) algorithm. The Advanced Encryption Standard (AES) has been a focus of extensive research in this area. However, while the linear layer uses only XOR gates, the S-box, which is an essential nonlinear component in symmetric cryptography, uses various gate types, making optimization challenging, particularly as the bit size increases. In this paper, we propose a new framework for a heuristic search to optimize the circuit depth or XOR gate count of S-box circuits. Existing S-box circuit optimization studies have divided the nonlinear and linear layers of the S-box, optimizing each separately, but limitations still exist in optimizing large S-box circuits. To extend the optimization target from individual internal components to the entire S-box circuit, we extract the XOR information of each node in the target circuit and reconstruct the nodes based on nonlinear gates. Next, we extend the BP algorithm-based heuristics to address nonlinear gates and incorporate this into the framework. It is noteworthy that the effects of our framework occur while maintaining the AND gate count and AND depth without any increase. To demonstrate the effectiveness of the proposed framework, we apply it to the AES, SNOW3G, and Saturnin S-box circuits. Our results include depth improvements by about 40% and 11% compared to the existing AES S-box [BP10] and Saturnin super S-box [CDL+20] circuits, respectively. We implement a new circuit for the SNOW3G S-box, which has not previously been developed, and apply our framework to reduce its depth. We expect the proposed framework to contribute to the design and implementation of various symmetric-key cryptography solutions.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published by the IACR in TCHES 2025
DOI: 10.46586/tches.v2025.i1.586-631
Keywords: Lightweight cryptography S-box Low-latency implementation Circuit depth Gate count AES SNOW3 SaturninG
Contact author(s): idealtop18 @ kookmin ac kr
hellosj3 @ kookmin ac kr
gi0412 @ kookmin ac kr
jskim @ kookmin ac kr
History: 2024-12-13: revised; 2024-12-11: received; See all versions
Short URL: https://ia.cr/2024/1996
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1996,
      author = {Yongjin Jeon and Seungjun Baek and Giyoon Kim and Jongsung Kim},
      title = {A Framework for Generating S-Box Circuits with Boyer-Peralta Algorithm-Based Heuristics, and Its Applications to {AES}, {SNOW3G}, and Saturnin},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1996},
      year = {2024},
      doi = {10.46586/tches.v2025.i1.586-631},
      url = {https://eprint.iacr.org/2024/1996}
}