Skip to main content
SpringerLink
Log in

Multiplicative complexity of bijective 4×4 S-boxes

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Multiplicative complexity of S-box is the minimum number of 2-input AND-gates required to implement the S-box in AND, XOR, NOT logic. We show that under an affine equivalence there is only a single class of bijective n×n S-boxes with multiplicative complexity 1. Furthermore, we show that each bijective 4×4 S-box has multiplicative complexity at most 5. Finally, we refine the bounds on the multiplicative complexity of each affine class of bijective 4×4 S-boxes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Λ n is a proper representative of its class, if x 1/f 1 denotes the least significant bit of the corresponding encoding of inputs/outputs.

  2. All possible constants can be moved to the linear part of the circuit.

  3. Each node had a different fixed value c n+1, but each node produced the same set, so there are still potential reductions of the search space.

  4. We remark that this set also contains all 3374 classes of constant-free S-boxes under linear equivalence.

References

  1. Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all 3×3 and 4×4 S-boxes. In: Prouff, E., Schaumont, P. (eds.) CHES, Lecture Notes in Computer Science, vol. 7428, pp. 76–91. Springer (2012)

  2. Biryukov, A., Cannière, C.D., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: Linear and affine equivalence algorithms. In: Biham, E. (ed.) Advances in Cryptology – EUROCRYPT 2003, Lecture Notes in Computer Science, vol. 2656, pp. 33–50. Springer-Verlag. doi: 10.1007/3-540-39200-9_3 (2003)

  3. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES, Lecture Notes in Computer Science, vol. 4727, pp. 450–466. Springer (2007)

  4. Boyar, J., Peralta, R.: Tight bounds for the multiplicative complexity of symmetric functions. Theor. Comput. Sci. 396(1–3), 223–246 (2008). doi: 10.1016/j.tcs.2008.01.030

    Article  MATH  MathSciNet  Google Scholar 

  5. Boyar, J., Peralta, R.: A new combinational logic minimization technique with applications to cryptology. SEA, 178–189 (2010)

  6. Cannière, C.D.: Analysis and design of symmetric encryption algorithms. Ph.D. thesis, Katholieke Universiteit Leuven (2007)

  7. Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-order masking schemes for s-boxes. In: Fast Software Encryption, pp. 366–384. Springer (2012)

  8. Cenk, M., Özbudak, F.: On multiplication in finite fields. J. Complex. 26(2), 172–186 (2010). doi: 10.1016/j.jco.2009.11.002, http://www.sciencedirect.com/science/article/pii/S0885064X09001095

    Article  MATH  Google Scholar 

  9. Courtois, N., Hulme, D., Mourouzis, T.: Solving circuit optimisation problems in cryptography and cryptanalysis. Cryptology ePrint Archive. Report 2011/475 (2011)

  10. Eisenbarth, T., Kumar, S.: A survey of lightweight-cryptography implementations, Vol. 24, pp 522–533 (2007)

  11. Fischer, M., Peralta, R.: Counting predicates of conjunctive complexity one. Tech. Rep. YALEU/DCS/TR1222, Yale University (2001)

  12. Leander, G., Poschmann, A.: On the classification of 4 bit S-boxes. In: Carlet, C., Sunar, B. (eds.) Arithmetic of Finite Fields, Lecture Notes in Computer Science, vol. 4547, pp. 159–176. Springer Berlin / Heidelberg (2007), doi: 10.1007/978-3-540-73074-3_13

  13. Lidl, R., Niederreiter, H.: Finite Fields, Encyclopedia of Mathematics and its Applications, Vol. 20. Addison-Wesley, Reading, Massachussetts (1983)

    Google Scholar 

  14. Mirwald, R., Schnorr, C.: The multiplicative complexity of quadratic boolean forms. Theor. Comput. Sci. 102(2), 307–328 (1992). doi: 10.1016/0304-3975(92)90235-8, http://www.sciencedirect.com/science/article/pii/0304397592902358

    Article  MATH  MathSciNet  Google Scholar 

  15. Roy, A., Vivek, S.: Analysis and improvement of the generic higher-order masking scheme of fse 2012. Cryptology ePrint Archive, Report 2013/345. http://eprint.iacr.org/(2013)

  16. Saarinen, M.J.O.: Cryptographic analysis of all 4×4 - bit S-boxes. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 7118, pp. 118–133. Springer (2011)

  17. Schnorr, C.: The multiplicative complexity of boolean functions. In: Mora, T. (ed.) Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, Lecture Notes in Computer Science, vol. 357, pp. 45–58. Springer Berlin / Heidelberg. 10.1007/3-540-51083-4_47 (1989)

  18. Ullrich, M., Cannière, C.D., Indesteege, S., Küçük, O., Mouha, N., Preneel, B.: Finding optimal bitsliced implementations of 4 x 4-bit S-boxes. In: Symmetric Key Encryption Workshop. 20 (2011)

  19. Zajac, P.: A new method to solve mrhs equation systems and its connection to group factorization. J. Math. Cryptol. 7(4), 279–381 (2013). doi: 10.1515/jmc-2013-5012

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science and Mathematics, FEI STU, Ilkovičova 3, 812-19, Bratislava, Slovakia

    Pavol Zajac & Matúš Jókay

Authors
  1. Pavol Zajac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matúš Jókay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pavol Zajac.

Additional information

This research was supported by grants APVV-0513-10 and APVV-0586-11.

Appendix

Appendix

1.1 List of S-boxes

For each class of S-box we list its number according to [1] (we only list class number), its representative in hexadecimal notation (first normalized S-box in lexicographic order, prefix 01234 was removed to compress space), (upper bound on) multiplicative complexity, and the constructive proof of MC. The proof is either by composition of two S-boxes with lower MC, or by writing down coefficients of expansion-compression construction for an S-box in the given class (we do not provide a proof of affine equivalence with the representative). The expansion-compression proof was required for 2 S-boxes with M C(S)=2, 5 S-boxes with M C(S)=3, and 25 S-boxes with M C(S)=4.

The format of expansion-compression proof:

  1. 1.

    Four (single-digit) hex numbers encode vectors c n+1c n+4,

  2. 2.

    Eight (two-digit) hex numbers encode vectors b 1,b 2 for E 4,E 5,E 6,E 7.

Table 3
Full size table

The format of composition proof S 2AS 1:

  1. 1.

    S 1 is representative of the first listed class;

  2. 2.

    A is always linear transformation, encoded by 4 hexadecimal numbers, the images of 1,2,4,8 in this order (1 encodes e (1)).

  3. 3.

    S 2 is representative of the second listed class;

Table 4
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zajac, P., Jókay, M. Multiplicative complexity of bijective 4×4 S-boxes. Cryptogr. Commun. 6, 255–277 (2014). https://doi.org/10.1007/s12095-014-0100-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-014-0100-y

Keywords

Mathematics Subject Classifications (2010)

Search

Navigation