Using normal bases for compact hardware implementations of the AES S-box

Abstract

The substitution box (S-box) of the Advanced Encryption Standard (AES) is based on the multiplicative inversion s(x)∈=∈x -∈1 in GF(256) and followed by an affine transformation in GF(2). The S-box is the most expansive building block of any hardware implementation of the AES, and the multiplicative inversion is the most costly step of the S-box transformation. There exist many publications about hardware implementations of the S-box and the smallest known implementations are based on normal bases. In this paper, we introduce a new method to implement the multiplicative inversion over GF(256) based on normal bases that have not been considered before in the context of AES implementations. © Springer-Verlag Berlin Heidelberg 2008.