Compact Implementations of Multi-Sbox Designs

© Springer International Publishing Switzerland 2016. Implementations of cryptographic algorithms using several different Sboxes by design are typically considered burdensome. The first reason is that unlike single-Sbox designs, serialized implementations of such cryptographic algorithms require instantiations of all Sboxes which prohibits the desired reduction of area. The second reason is that applying countermeasures such as masking causes an undesired increase in area due to the amount of different nonlinear blocks in the algorithm. In this paper, we propose a novel method to implement multi-Sbox designs using as few nonlinear blocks as possible. We exemplify our finding on DES algorithm of which the Triple-DES variant is still widely used in practice.With this method, it is possible to implement the DES substitution layer, which is composed of eight 6×4 Sboxes, using only three 4-bit nonlinear and several affine 4-bit permutations. Our investigation shows that such an implementation requires less area than the state-of-the-art. Moreover, it opens up the possibilities for compact implementations with countermeasures.