Using Normal Bases for Compact Hardware Implementations of the AES S-Box

  • Svetla Nikova
  • Vincent Rijmen
  • Martin Schläffer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


The substitution box (S-box) of the Advanced Encryption Standard (AES) is based on the multiplicative inversion s(x) = x − 1 in GF(256) and followed by an affine transformation in GF(2). The S-box is the most expansive building block of any hardware implementation of the AES, and the multiplicative inversion is the most costly step of the S-box transformation. There exist many publications about hardware implementations of the S-box and the smallest known implementations are based on normal bases. In this paper, we introduce a new method to implement the multiplicative inversion over GF(256) based on normal bases that have not been considered before in the context of AES implementations.


AES S-box hardware implementation normal basis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Austria Microsystems. Standard Cell Library 0.35μm CMOS (C35),
  2. 2.
    Canright, D.: A very compact Rijndael S-box (May 2005),
  3. 3.
    Canright, D.: A Very Compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Certicom. \(F_{2^4}\) with Optimal Normal Basis Representation,,math9_1
  5. 5.
    Lidl, R., Niederreiter, H.: Introduction to Finite Fields and their Applications. Cambridge University Press, New York (1986)zbMATHGoogle Scholar
  6. 6.
    Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 323–333. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Mullin, R.C., Onyszchuk, I.M., Vanstone, S.A., Wilson, R.M.: Optimal Normal Bases in GF(p n). Discrete Appl. Math. 22, 149–161 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Paar, C.: Efficient VLSI Architectures for Bit-Parallel Computation in Galois Fields. PhD thesis, Institute for Experimental Mathematics, University of Essen (1994)Google Scholar
  9. 9.
    Rijmen, V.: Efficient Implementation of the Rijndael S-box (2000),
  10. 10.
    Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Tillich, S., Feldhofer, M., Großschädl, J., Popp, T.: Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box. Journal of Signal Processing Systems 50(2), 251–261 (2008)CrossRefGoogle Scholar
  13. 13.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC Implementation of the AES SBoxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Svetla Nikova
    • 1
  • Vincent Rijmen
    • 1
    • 2
  • Martin Schläffer
    • 2
  1. 1.Dept. ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium
  2. 2.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations