Constructing large S-boxes with area minimized implementations

Block ciphers are essential cryptographic primitives used for encryption in resource constrained hardware systems. Many modern block ciphers are based on the substitution permutation network (SPN) design. The substitution step is commonly the only non-linear transformation in the cipher, and is usually comprised of a permutation which applies an S-box substitution to each element of the cipher state. In hardware, the S-box implementation has a significant impact on the area consumed by the cipher. Consequently, there have been considerable research and engineering efforts to obtain compact circuit implementations of S-boxes for hardware systems. Building on past work, we present a comprehensive methodology for (1) constructing cryptographically strong affine-power S-boxes over Galois fields and (2) minimizing the VLSI technology-independent combinational logic requirements for their circuit implementations. Motivated by the potential need for larger S-boxes with improved cryptographic properties, we use this methodology to construct area minimized circuits for novel 16-bit S-boxes.