An S-box is a non-linear transformation that takes n bits as input and returns m bits. This transformation is most easily represented as a nm lookup table. Most often, only balanced S-boxes are used in cryptography. This means that the number of input bits is equal to the number of output bits. The S-box is an important part of most symmetric ciphers. The selection of the correct substitution makes the link between the key and the ciphertext more complex (non-linear), which makes it much more difficult to hack. This paper deals with a hardware implementation of S-boxes. This implementation can be realized by using logical conjunction, disjunction, negation and delay blocks. The main indicator of productivity of such implementations is a circuit depth, namely the maximum length of a simple way of the circuit and a circuit complexity, namely the quantity of logic elements (negation elements are not taken into account). The article considers the standard synthesis methods (based on DNF, Shannon, Lupanov), proposes a new algorithm to minimize the complexity of an arbitrary Boolean functions system and a way to reduce the complexity of the circuit obtained after simplification by the ESPRESSO algorithm of DNF of the function related to the output of the S-box. To compare the efficiency of the methods, the C++ program was created that generates a circuit in the Verilog language. The estimates of depth and complexity are obtained for the schemes produced as a result of the programs operation. The article ends with a comparison of the efficiency of S-box schemes of known cryptographic standards obtained as the output of the program (with each other and with the result of the Logic Friday program).
Tradeoff Attacks on Symmetric Ciphers
