Merging the Camellia, SMS4 and AES S-Boxes in a Single S-Box with Composite Bases

  • Alberto F. Martínez-HerreraEmail author
  • Carlos Mex-Perera
  • Juan Nolazco-Flores
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


For some block ciphers such as AES, substitution box (S-box) based on multiplicative inversion is the most complex operation. Efficient constructions should be found for optimizing features like the area, the amount of memory, etc. Composite representations in finite fields are the prominent ways to represent the multiplicative inverse operation in a compact way. In this manuscript, different constructions based on composite fields are shown to represent the AES, Camellia and SMS4 S-boxes. Mainly, this manuscript describes representations in \(GF((2^4)^2)\). From these representations, an evaluation is performed to choose those feasible solutions that help to merge the AES, Camellia and SMS4 S-boxes into a single one. For instance, by using merged matrices and the same composite polynomial basis, it is possible to reduce from 172 XOR gates (independent matrices) to 146 XOR gates (merged matrices).


Block ciphers S-boxes Composite fields Multiplicative inverse Merging 



Alberto F. Martinez is very grateful with CONACyT and “Biometrics and Secure Protocols Chair” for supporting his PhD studies at Tecnológico de Monterrey.


  1. 1.
    Abbasi, I., Afzal, M.: A compact S-Box design for SMS4 block cipher. In: Park, J.J., Arabnia, H., Chang, H.-B., Shon, T. (eds.) IT Convergence and Services. Lecture Notes in Electrical Engineering, pp. 641–658. Springer, Netherlands (2011)CrossRefGoogle Scholar
  2. 2.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specifications of Camellia, a 128 bits block cipher. Technical report 1, Mitsubishi and NTT DoCoMo, Tokio, Japan, August (2001)Google Scholar
  3. 3.
    Beuchat, J.-L., Okamoto, E., Yamazaki, T.: A low-area unified hardware architecture for the AES and the cryptographic hash function ECHO. J. Crypt. Eng. 1(2), 101–121 (2011)CrossRefGoogle Scholar
  4. 4.
    Canright, D.: A very compact Rijndael S-box. Technical report, Naval Postgraduate School, Monterey, CA, USA (2005)Google Scholar
  5. 5.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES-the advanced encryption standard. Information Security and Cryptography. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Erickson, J., Ding, J., Christensen, C.: Algebraic cryptanalysis of SMS4: Gröbner basis attack and SAT attack compared. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 73–86. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  7. 7.
    IEEE: IEEE Std 1363–2000 IEEE Standard Specifications for Public-Key Cryptography (2000)Google Scholar
  8. 8.
    IEEE: IEEE Standard Specifications for Public-Key Cryptography- Amendment 1: Additional Techniques. IEEE Std 1363a–2004 (Amendment to IEEE Std 1363–2000), pp. 1–159 (2004)Google Scholar
  9. 9.
    Deschamps, J.-P., Luis, I.J., Gustavo, D.S.: Hardware Implementation of Finite-Field Arithmetic, vol. 2009. McGraw Hill, New York (2009) Google Scholar
  10. 10.
    Boyar, J., Peralta, R.: A depth-16 circuit for the AES S-box. Cryptology ePrint Archive, Report 2011/332 (2011).
  11. 11.
    Liu, F., Ji, W., Hu, L., Ding, J., Lv, S., Pyshkin, A., Weinmann, R.-P.: Analysis of the SMS4 block cipher. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 158–170. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  12. 12.
    Martínez-Herrera, A.F., Mex-Perera, J.C., Nolazco-Flores, J.A.: Some representations of the S-Box of Camellia in GF(((2\(^\text{2 }\))\(^\text{2 }\))\(^\text{2 }\)). In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 296–309. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: A systematic evaluation of compact hardware implementations for the Rijndael S-Box. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 323–333. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  14. 14.
    Nikova, S., Rijmen, V., Schläffer, M.: Using normal bases for compact hardware implementations of the AES S-Box. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 236–245. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  15. 15.
    Paar, C.: Efficient VLSI architectures for bit-parallel computation in Galois fields. Dissertation, Institute for Experimental Mathematics, Universitt Essen, Essen (1994)Google Scholar
  16. 16.
    Rogawski, M., Gaj, K.: A high-speed unified hardware architecture for AES and the SHA-3 candidate Grøstl. In: 2012 15th Euromicro Conference on Digital System Design (DSD), pp. 568–575 (2012)Google Scholar
  17. 17.
    Satoh, A., Morioka, S.: Hardware-focused performance comparison for the standard block ciphers AES, Camellia, and triple-DES. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 252–266. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  18. 18.
    Satoh, A., Morioka, S.: Unified hardware architecture for 128-bit block ciphers AES and Camellia. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 304–318. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  19. 19.
    Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF(\(2^{m}\)) using normal bases. Inf. Comput. 78(3), 171–177 (1988)zbMATHMathSciNetCrossRefGoogle Scholar
  20. 20.
    Diffie, W., Ledin, G. (translators): SMS4 encryption algorithm for wireless networks. Cryptology ePrint Archive, Report 2008/329, Translation version of the original document in Chinese (2008).
  21. 21.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES SBoxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, p. 67. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  22. 22.
    Xu, Y., Bai, X., Guo, L.: An efficient implementation of SMS4 cipher with multiplicative masking resistant to differential power analysis attack. In: WRI International Conference on Communications and Mobile Computing, CMC 2009, vol. 3, pp. 364–369 (2009)Google Scholar
  23. 23.
    Yasuyuki, N., Kenta, N., Tetsumi, T., Naoto, H., Yoshitaka, M.: Mixed bases for efficient inversion in F\(((2^{2})^{2})^{2}\) and conversion matrices of subbytes of AES. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 94(6), 1318–1327 (2011)Google Scholar
  24. 24.
    Zhang, X., Parhi, K.: High-speed VLSI architectures for the AES algorithm. IEEE Trans. Very Large Scale Integr. VLSI Syst. 12(9), 957–967 (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Alberto F. Martínez-Herrera
    • 1
    Email author
  • Carlos Mex-Perera
    • 1
  • Juan Nolazco-Flores
    • 1
  1. 1.Tecnológico de MonterreyMonterreyMexico

Personalised recommendations