摘要
S-Box是AES密码算法硬件实现的关键,目前主要有两种实现方法:一种是基于查找表,一种是基于有限域求逆。文章首先经过数学变换将有限域GF(28)上的元素映射到有限域GF(24)2上,并把GF(24)2上的一个元素变换为GF(24)上的两个元素的线性运算。在此基础上,把GF(28)上的求逆问题转化为GF(24)上的求逆,从而提出了一种基于有限域求逆的低硬件开销的S-Box实现算法。该算法和查找表实现相比,面积减少了57%,适用于诸如智能卡、移动设备等对面积要求比较严格的场合。
S-Box is the key step of hardware implementation of AES, which can be designed by two approaches. The first method is constructing a single circuit directly from the look-up table. The second method is using the inverse transformation in Galois field. This paper first maps an element in GF (2^8) to the corresponding element in GF(2^4)^2 and expresses the element in GF(2^4)^2 by the linear sum of two elements in GF(2^4), and then presents a low hardware overhead implementation algorithm of S-Box based on the inverse transformation approach from GF(2^8) to GF(2^4). Compared with look-up tables' implementation, this algorithm can reduce area by 57% and is suitable for smart cards or mobile devices that need small area.
出处
《微电子学与计算机》
CSCD
北大核心
2006年第3期109-111,115,共4页
Microelectronics & Computer
基金
西北工业大学研究生创业种子基金(Z20040049)
关键词
S-BOX
逆变换
有限域
查找表
S-Box, Inverse transformation, Galois field, Look-up tables
