An Optimized Design for Compact Masked AES S-Box Based on Composite Field and Common Subexpression Elimination Algorithm

As the only nonlinear operation, masked S-box is the core to resist differential power attack (DPA) for advanced encryption standard (AES) cipher chips. In order to suit for the resource-constrained applications, a compact masked S-box based on composite field is proposed in this paper. Firstly, the architecture of masked S-box is designed with composite field masking method. Secondly, four masked S-boxes based on GF ((2[Formula: see text], which are based on four basis methods with the optimal coefficient and the corresponding optimal root, are implemented and optimized by the delay-aware common subexpression elimination (DACSE) algorithm. Finally, experimental results show that, while maintaining the DPA-resistance performance, our best masked S-box achieves better area performance with the fastest speed compared with the existing works. Therefore, our masked S-box is suitable for resource-constrained applications with fast speed requirements.

Developing a combinatorial model for the multiple constant multiplication

A combinatoric model for the multiple constant multiplication (MCM) operation is developed. The model is found by decomposing each coefficient using the A−operation into two subexpressions. The constituted subexpressions are, in turn, decomposed using the A−operation. Connecting all of the decompositions results the decomposition graph which represents the solution space. The decomposition graph itself is not feasible for routing to find the minimum solutions. Therefore, a transformation on the A−operation is proposed to make the decomposition graph routable. In this case, the A−operation is transformed into a subexpression operation by replacing the shift information attached to the arcs by the other subexpression information which is called the demand. A demand that attached to an arc will represent its cost. The resulting transformed graph is called the demand graph. The demand graph is augmented with deadheading arcs to make it routable. Deadheading arcs are with zero demand. Similarly, traversing an arc with synthesized demand is of zero cost. Enumerating all of the routes that start from the signal vertex and visit all the coefficients gives all the solutions of the MCM problem. The routing technique requires redirecting the route when encountering an unsynthesized demand. The route in this case backtrack to the first encountered synthesized ancestors for this demand. This routing style analogous to the dynamic capacitated arc routing. To prevent exhaust routing, ant colony optimization (ACO) meta-heuristics is proposed to traverse the augmented demand graph. The solution space contains all the possible solutions that can be obtained from using both of the common subexpression elimination (CSE) and graph dependent heuristics that traditionally used to solve the MCM operation.