A Petite and Power Saving Design for the AES S-Box

The S-Box operation in the Advanced Encryption Standard has a long history of research in tailored and optimised hardware designs. While Canright´s design based on tower-field decomposition has long been a benchmark design for low area, designs based on linear-feedback structures achieve lower area and power consumption at the price of additional clock cycles. We combine both approaches to get a design with ~80% lower switching power than Canright using 4% less gates. While our design needs 7 additional clock cycles, it runs at up to 4.8 times higher clock speeds. Our design adds an additional attractive choice along the line of power-speed-tradeoffs while keeping area minimal, offering designers more choices for implementing the AES S-Box.