US-12627468-B2 - Systems and methods for providing substitution boxes

Abstract

Systems and methods for providing an S-box. The methods comprise: implementing a plurality of layers on a field programmable gate array, wherein each of the layers comprises a substitution sublayer and a mixing sublayer. The substitution sublayer comprises a plurality of μ-boxes that are each configured to perform a different randomly chosen non-linear bijective mapping from GF(2 4 ) to GF(2 4 ). The mixing sublayer is configured to (i) compute a plurality of product terms each representing a product of an element of a maximum distance separable matrix M and an output from one of the plurality of μ-boxes, and (ii) compute a plurality of column vector elements each comprising a sum of respective ones of the plurality of product terms.

Inventors

• Michael Kurdziel
• Steven Farris
• ALAN KAMINSKY
• Peter Bajorski
• Payton Burak
• MARCIN LUKOWIAK
• STANISLAW RADZISZOWSKI

Assignees

• L3HARRIS GLOBAL COMMUNICATIONS, INC.

Dates

Publication Date

20260512

Application Date

20231208

Claims (20)

1. 1 . A method for providing and using a cryptographic algorithm with an S-box, comprising: providing an electronic device with the cryptographic algorithm by implementing a plurality of layers of the S-box on a field programmable gate array of the electronic device, each of the layers comprises a substitution sublayer and a mixing sublayer; using input data as an index for a lookup table implementing the S-box in the field programmable gate array to obtain a data item; using the data item to obtain encrypted data; and communicating the encrypted data in a message sent from the electronic device; wherein the substitution sublayer comprises a plurality of μ-boxes that are each configured to perform a different randomly chosen non-linear bijective mapping from GF(2 4 ) to GF(2 4 ); and wherein the mixing sublayer is configured to (i) compute a plurality of product terms each representing a product of an element of a maximum distance separable matrix M and an output from one of the plurality of μ-boxes, and (ii) compute a plurality of column vector elements each comprising a sum of respective ones of the plurality of product terms.
2. 2 . The method according to claim 1 , wherein the S-box is configured to meet the following requirements: no fixed points where S(x)=x; and no opposite fixed points where S(x)=bitwise complement of x.
3. 3 . The method according to claim 1 , wherein each of said μ-boxes is configured to meet the following requirements: no fixed points where μ(x)=x; no opposite fixed points where μ(x)=bitwise complement of x; maximum differential probability of 4/16 or smaller; and maximum absolute linear bias of 4/16 or smaller.
4. 4 . The method according to claim 1 , wherein the plurality of μ-boxes comprises four or more μ-boxes with a 4-bit input and a 4-bit output.
5. 5 . The method according to claim 1 , wherein the plurality of μ-boxes are each implemented via at least four look-up tables of the field programmable gate array.
6. 6 . The method according to claim 1 , wherein the plurality of layers comprises four or more layers.
7. 7 . The method according to claim 1 , wherein the plurality of product terms are computed by product operators that are each implemented via at least two lookup tables of the field programmable gate array.
8. 8 . The method according to claim 7 , wherein each of the product operators is implemented via four or more lookup tables of the field programmable gate array.
9. 9 . The method according to claim 1 , wherein each element of the maximum distance separable matrix M, the output of each of said μ-boxes, and each of said column vector elements comprises an element in a finite field GF(2 4 )/ƒ(x), wherein ƒ(x) is a degree-4 irreducible polynomial.
10. 10 . The method according to claim 9 , further comprising performing a plurality of rounds of the mixing sublayer using a different randomly chosen maximum distance separable matrix and a different randomly chosen irreducible polynomial.
11. 11 . A system, comprising: a field programmable gate array comprising lookup tables implementing at least a portion of an encryption algorithm with an S-box; the S-box configured to map input data to output data and comprising a plurality of layers implemented in the field programmable gate array, each of the layers comprises a substitution sublayer and a mixing sublayer; and a communication device configured to communicate encrypted data in a message; wherein the field programmable gate array uses the input data as an index for at least one of the lookup tables to retrieve a data item and uses the data item to obtain encrypted data; wherein the substitution sublayer comprises a plurality of μ-boxes that are each configured to perform a different randomly chosen non-linear bijective mapping from GF(2 4 ) to GF(2 4 ); and wherein the mixing sublayer is configured to (i) compute a plurality of product terms each representing a product of an element of a maximum distance separable matrix M and an output from one of the plurality of μ-boxes, and (ii) compute a plurality of column vector elements each comprising a sum of respective ones of the plurality of product terms.
12. 12 . The system according to claim 11 , wherein the S-box is configured to meet the following requirements: no fixed points where S(x)=x; and no opposite fixed points where S(x)=bitwise complement of x.
13. 13 . The system according to claim 11 , wherein each of said μ-boxes is configured to meet the following requirements: no fixed points where μ(x)=x; no opposite fixed points where μ(x)=bitwise complement of x; maximum differential probability of 4/16 or smaller; and maximum absolute linear bias of 4/16 or smaller.
14. 14 . The system according to claim 11 , wherein the plurality of μ-boxes comprises four or more μ-boxes with a 4-bit input and a 4-bit output.
15. 15 . The system according to claim 11 , wherein the plurality of μ-boxes are each implemented via at least four look-up tables of the field programmable gate array.
16. 16 . The system according to claim 11 , wherein the plurality of layers comprises four or more layers.
17. 17 . The system according to claim 11 , wherein the plurality of product terms are computed by product operators that are each implemented via at least two lookup tables of the field programmable gate array.
18. 18 . The system according to claim 17 , wherein each of the product operators is implemented via four or more lookup tables of the field programmable gate array.
19. 19 . The system according to claim 11 , wherein each element of the maximum distance separable matrix M, the output of each of said μ-boxes, and each of said column vector elements comprises an element in a finite field GF(2 4 )/ƒ(x), wherein ƒ(x) is a degree-4 irreducible polynomial.
20. 20 . The system according to claim 19 , wherein each of a plurality of rounds of the mixing sublayer uses a different randomly chosen maximum distance separable matrix and a different randomly chosen irreducible polynomial.

Description

BACKGROUND Description of the Related Art Crypto development kits (CDKs) allow users to generate sovereign cipher designs by forming the cipher using a series of predefined building blocks, testing the cipher, and synthesizing a hardware image. The predefined building blocks of conventional CDKs are often not suitable for implementation on field programmable gate arrays (FPGAs). SUMMARY This document concerns systems and methods for providing an S-box. The methods comprise implementing a plurality of layers on a field programmable gate array, wherein each of the layers comprises a substitution sublayer and a mixing sublayer. The substitution sublayer comprises a plurality of p-boxes that are each configured to perform a different randomly chosen non-linear bijective mapping from GF(24) to GF(24). The mixing sublayer is configured to (i) compute a plurality of product terms each representing a product of an element of a maximum distance separable matrix M and an output from one of the plurality of p-boxes, and (ii) compute a plurality of column vector elements each comprising a sum of respective ones of the plurality of product terms. The S-box is configured to meet the following requirements: no fixed points where S(x)=x; and no opposite fixed points where S(x)=bitwise complement of x. Each of said μ-boxes is configured to meet the following requirements: no fixed points where μ(x)=x; no opposite fixed points where μ(x)=bitwise complement of x; maximum differential probability of 4/16 or smaller; and maximum absolute linear bias of 4/16 or smaller. In some scenarios, the plurality of layers may comprise four layers. The plurality of μ-boxes may comprise four μ-boxes with a 4-bit input and a 1-bit output. Each μ-box may be implemented via at least four look-up tables of the field programmable gate array. The product terms may be computed by product operators that are each implemented via at least two lookup tables of the field programmable gate array. Each of the product operators may be implemented via four lookup tables of the field programmable gate array. In those or other scenarios, each element of the maximum distance separable matrix M, the output of each of the μ-boxes, and each of the column vector elements comprises an element in a finite field GF(24)/ƒ(x), wherein ƒ(x) is a degree-4 irreducible polynomial. The methods further comprise performing a plurality of rounds of the mixing sublayer using a different randomly chosen maximum distance separable matrix and a different randomly chosen irreducible polynomial. The present document also concerns an S-box. The S-box comprises a field programmable gate array implementing a plurality of layers that each comprises a substitution sublayer and a mixing sublayer. The substitution sublayer comprising a plurality of μ-boxes that are each configured to perform a different randomly chosen non-linear bijective mapping from GF(24) to GF(24). The mixing sublayer is configured to (i) compute a plurality of product terms each representing a product of an element of a maximum distance separable matrix M and an output from one of the plurality of μ-boxes, and (ii) compute a plurality of column vector elements each comprising a sum of respective ones of the plurality of product terms. The S-box is configured to meet the following requirements: no fixed points where S(x)=x; and no opposite fixed points where S(x)=bitwise complement of x. Each of the μ-boxes is configured to meet the following requirements: no fixed points where μ(x)=x; no opposite fixed points where μ(x)=bitwise complement of x; maximum differential probability of 4/16 or smaller; and maximum absolute linear bias of 4/16 or smaller. In some scenarios, the plurality of layers may comprise four layers. The plurality of μ-boxes may comprise four μ-boxes with a 4-bit input and a 1-bit output. Each μ-box may be implemented via at least four look-up tables of the field programmable gate array. The product terms may be computed by product operators that are each implemented via at least two lookup tables of the field programmable gate array. Each product operator may be implemented via four lookup tables of the field programmable gate array. Each element of the maximum distance separable matrix M, the output of each of said μ-boxes, and each of said column vector elements may comprise an element in a finite field GF(24)/ƒ(x), wherein ƒ(x) is a degree-4 irreducible polynomial. Each of a plurality of rounds of the mixing sublayer uses a different randomly chosen maximum distance separable matrix and a different randomly chosen irreducible polynomial. BRIEF DESCRIPTION OF THE DRAWINGS This disclosure is facilitated by reference to the following drawing figures, in which like numerals represent like items throughout the figures. FIG. 1 shows an S-box in accordance with the present solution. FIG. 2 provides an illustration of a μ-box. FIG. 3 provides an illustration of a mixing sublayer. FIG. 4 provides an illus