Low-complexity Hardware architecture of APN permutations using TU-decomposition

Abstract

Functions with good cryptographic properties which are used as S-boxes in the design of block ciphers have a fundamental importance to the security of these ciphers since they determine the resistance to various kinds of cryptanalytic attacks. Almost Perfect Nonlinear (APN) functions provide the best possible resistance to differential cryptanalysis, which is one of the most efficient cryptographic attacks against block ciphers known to date. Furthermore, APN permutations are of particular interest in practice since many cipher designs require the S-box to be a permutation. In this paper, we present a low-complexity hardware architecture for the TU-decomposition of APN permutations, showing how Dillon’s APN permutation can be decomposed in this way as a practically relevant example. The TU-decomposition of an m-bit permutation is based on the use of two m/2-bit keyed permutations (T and U) to reduce the complexity of the original permutation. Dillon’s permutation on 6 bits is the only known APN permutation on an even number of bits, so its study is of fundamental interest. We present hardware theoretical complexities and experimental results obtained from FPGA and ASIC implementations for the proposed TU-decomposition hardware architecture. These complexities and results are compared with other hardware architectures given in the literature for the same function. From the comparisons, it can be observed that the TU-decomposition architecture presented here greatly outperforms other hardware approaches with respect to area, delay and area×delay complexities.