Abstract. A key step in the Advanced Encryption Standard (AES) algorithm is the "S-box." Many implementations of AES have been proposed, for various goals, that effect the S-box in various ways. In particular, the most compact implementations to date of Satoh et al. [14] and Mentens et al.[6] perform the 8-bit Galois field inversion of the S-box using subfields of 4 bits and of 2 bits. Our work refines this approach to achieve a more compact S-box. We examined many choices of basis for each subfield, not only polynomial bases as in previous work, but also normal bases, giving 432 cases. The isomorphism bit matrices are fully optimized, improving on the "greedy algorithm." Introducing some NOR gates gives further savings. The best case improves on [14] by 20%. This decreased size could help for area-limited hardware implementations, e.g., smart cards, and to allow more copies of the S-box for parallelism and/or pipelining of AES.
Abstract. Implementations of the Advanced Encryption Standard (AES), including hardware applications with limited resources (e.g., smart cards), may be vulnerable to "side-channel attacks" such as differential power analysis. One countermeasure against such attacks is adding a random mask to the data; this randomizes the statistics of the calculation at the cost of computing "mask corrections." The single nonlinear step in each AES round is the "S-box" (involving a Galois inversion), which incurs the majority of the cost for mask corrections. Oswald et al. [1] showed how the "tower field" representation allows maintaining an additive mask throughout the Galois inverse calculation. This work applies a similar masking strategy to the most compact (unmasked) S-box to date [2]. The result is the most compact masked S-box so far, with "perfect masking" (by the definition of Blömer[3]) giving suitable implementations immunity to first-order differential side-channel attacks.
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. One key step in the Advanced Encryption Standard (AES), or Rijndael, algorithm is called the "S-box", the only nonlinear step in each round of encryption/decryption. A wide variety of implementations of AES have been proposed, for various desiderata, that effect the S-box in various ways. In particular, the most compact implementation to date of Satoh et al. performs the 8-bit Galois field inversion of the S-box using subfields of 4 bits and of 2 bits. This work describes a refinement of this approach that minimizes the circuitry, and hence the chip area, required for the S-box. While Satoh used polynomial bases at each level, we consider also normal bases, with arithmetic optimizations; altogether, 432 different cases were considered. The isomorphism bit matrices are fully optimized, improving on the "greedy algorithm." The best case reduces the number of gates in the S-box by 20%. This decrease in chip area could be important for area-limited hardware implementations, e.g., smart cards. And for applications using larger chips, this approach could allow more copies of the S-box, for parallelism and/or pipelining in non-feedback modes of AES. Abstract One key step in the Advanced Encryption Standard (AES), or Rijndael, algorithm is called the "S-box", the only nonlinear step in each round of encryption/decryption. A wide variety of implementations of AES have been proposed, for various desiderata, that effect the S-box in various ways. In particular, the most compact implementation to date of Satoh et al.[12] performs the 8-bit Galois field inversion of the S-box using subfields of 4 bits and of 2 bits. This work describes a refinement of this approach that minimizes the circuitry, and hence the chip area, required for the S-box. While Satoh[12] used polynomial bases at each level, we consider also normal bases, with arithmetic optimizations; altogether, 432 different cases were considered. The isomorphism bit matrices are fully optimized, improving on the "greedy algorithm." The best case reduces the number of gates in the S-box by 20%. This decrease in chip area could be important for area-limited hardware implementations, e.g., smart cards. And for applications using larger chips, this approach could allow more copies of the S-box, for parallelism and/or pipelining in non-feedback modes of AES. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) SUBJECT TERMS
In certain geophysical contexts such as lava lakes and mantle convection, a cold, viscous boundary layer forms over a deep pool. The following model problem investigates the buoyant instability of the layer. Beneath a shear-free horizontal boundary, a thin layer (thickness d 1 ) of very viscous fluid overlies a deep layer of less dense, much less viscous fluid; inertia and surface tension are negligible. After the initial unstable equilibrium is perturbed, a long-wave analysis describes the growth of the disturbance, including the nonlinear effects of large amplitude. The results show that nonlinear effects greatly enhance growth, so that initial local maxima in the thickness of the viscous film grow to infinite thickness in finite time, with a timescale 8µ/∆ρ gd 1 . In the final catastrophic growth the peak thickness is inversely proportional to the remaining time. (A parallel analysis for fluids with power-law rheology shows similar catastrophic growth.) While the small-slope approximation must fail before this singular time, the failure is only local, and a similarity solution describes how the peaks become downwelling plumes as the viscous film drains away. BUOYANT INSTABILITY OF A VISCOUS FILM OVER A PASSIVE FLUID INTRODUCTIONThis work examines the strongly nonlinear effects of finite amplitude in the RayleighTaylor instability of a horizontal viscous film under a shear-free boundary and over a much less viscous fluid. Inertia and surface tension are neglected, and, in the parameter range considered, the motion is limited by normal stresses in the more viscous fluid. The analysis exploits the fact that the most unstable wavelengths are long compared to the thickness of the film. The results show how the growth of disturbances to the interface becomes greatly enhanced when the disturbance amplitude becomes large, leading to the formation of downwelling sheets or plumes in a finite time.The motivation for this problem comes from certain geophysical situations, particularly the stability of the Earth's lithospheric plates. In simplified terms, the oceanic lithosphere (tectonic plates) can be considered a cold, stiff thermal boundary layer above the convecting mantle. Where two plates come together, one subducts under the other and flows downward due to its negative buoyancy. The question of how a new subduction zone is formed, how one large plate may break into two and thus allow some of the dense material to flow back down into the mantle, is not yet resolved. Other closely related geophysical situations include the surfaces of lava lakes, thermal convection in the mantles of other planets, and possibly convection in the Earth's solid core.This work examines a simple model of one possible mechanism for the initiation of subduction: the Rayleigh-Taylor instability. In this model, the lithosphere and the mantle are treated as distinct, highly viscous fluids, the lithosphere being denser (and much more viscous) than the mantle. In this unstable configuration, any variations in the lithosphere thickness t...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
