SHA-3

Efficient Scheduling

Lane Complementing

Bit Interleaving

General

School book multiplication

Karatsuba mul
Unique integer representation
Redundant integer representation / reduced-radix representation

Native Rotation Instructions for crypto

Exclusive Carry flag or carry detection instruction
No. of registers available for computations

Division in finite field arithmetic is multiplication by the inverse modulo p, which may be computed
using the extended Euclidean algorithm.

A particular case is GF(2), where addition is exclusive OR (XOR) and multiplication is AND. Since the
only invertible element is 1, division is the identity function.

In a finite field with characteristic 2, addition modulo 2, subtraction modulo 2, and XOR are identical.
Thus,

Multiplicative inverse
See also Itoh–Tsujii inversion algorithm.

The multiplicative inverse for an element a of a finite field can be calculated a number of
different ways:

 By multiplying a by every number in the field until the product is one. This is a brute-
force search.
 Since the nonzero elements of GF(pn) form a finite group with respect to
multiplication, apn−1 = 1 (for a ≠ 0), thus the inverse of a is apn−2.
 By using the extended Euclidean algorithm.
 By making logarithm and exponentiation tables for the finite field, subtracting the
logarithm from pn−1 and exponentiating the result.
 By making a modular multiplicative inverse table for the finite field and doing a
lookup.
 By mapping to a composite field where inversion is simpler, and mapping back.
  By constructing a special integer (in case of a finite field of a prime order) or a special
polynomial (in case of a finite field of a non-prime order) and dividing it by a.[5]

he operation consists in the modular multiplication of two four-term polynomials whose

coefficients are elements of . The modulus used for this operation is .

The first four-term polynomial coefficients are defined by the state column , which contains
four bytes. Each byte is a coefficient of the four-term so that

The second four-term polynomial is a constant polynomial . Its coefficients are also elements
of . Its inverse is .

We need to define some notation:

denotes multiplication modulo .

denotes addition over .
denotes multiplication (usual polynomial multiplication when between polynomials
and multiplication over for the coefficients). See Multiplication Section of Finite Field
Arithmetic for an explanation of why it isn't simple multiplication.

Modular reduction

The result is a seven-term polynomial, which must be reduced to a four-byte word, which is
done by doing the multiplication modulo .

If we do some basic polynomial modular operations we can see that:

In general, we can say that

A. Definition: Two fields are isomorphic if they are the same after renaming elements. Formally:
Fields K and L are isomorphic if there is a bijection K φ −→ L such that φ(x + y) = φ(x) + φ(y) and φ(x ·
y) = φ(x) · φ(y) for all x, y ∈ K. The map φ is called an isomorphism (or “renaming”).
An S-Box is the multiplicative inverse of a Galois field GF (28) followed by an affine transformation.

SubBytes is a nonlinear transformation that uses 16 byte substitution tables (S-Boxes).

In the decryption process, the affine transformation is executed prior to the inversion. The
irreducible polynomial used by a Rijndael S-Box is
The key expander in Fig. 1 generates 11 sets of 128-bit round keys from one 128-bit secret key by
using a 4-byte S-Box. These round keys can be prepared on the fly in parallel with the encryption
process. In the decryption process, these sets of keys are used in reverse order. Therefore, all keys
have to be generated and stored in registers in advance, or the final round key in the encryption
process has to be pre-calculated for on-the-fly key scheduling. Because the first method requires the
equivalent of a 1,408-bit register (128 bits × 11), and is not suitable for compact hardware.
 2009

24 depth 113 gates

2011
UENO CHES 2015
 2018

Uses GF ((24)2)
Area delay product metrics……for performance analysis

SATOH adopted PB representations….

CANRIGHT adopted NB representations….

BIT MANIPULATION INSTRUCTIONS REQUIRED FOR SCALAR CRYPTOGRAPHY

Zbkb
Zbkc

Zbkx

AES DECRYPTION
AES ENCRYPTION
1. Debdeep Mukhopadhyay and Rajat Subhra Chakraborty,“Hardware Security: Design,
Threats, and Safeguards”,
CRC Press, 2014.
2. Doug Stinson, Cryptography Theory and Practice, CRC Press, 2005.
3. Samir Palnitkar, “Verilog HDL: A Guide to Digital Design and Synthesis”, Prentice Hall,
1996.
4. Michael D. Ciletti, “Advanced Digital Design with the Verilog HDL”, Pearson, 1996.
5. Ted Huffmire et al: “Handbook of FPGA Design Security”, Springer, 2014.

Verification of AES-128(sakura implementation) using verilog testbench

and implementation on FPGA