Download PDFOpen PDF in browser

Optimizing the AES S-Box using SAT

7 pagesPublished: May 15, 2012

Abstract

Non-trivial linear straight-line programs over the Galois field of two elements occur frequently in applications such as encryption or high-performance computing. Finding the shortest linear straight-line program for a given set of linear forms is known to be MaxSNP-complete, i.e., there is no ε-approximation for the problem unless <math>P = NP</math>.

This paper reiterates a non-approximative approach for finding the shortest linear straight-line program. After showing how to search for a circuit of XOR gates with the minimal number of such gates by a reduction of the associated decision problem ("Is there a program of length <math>k</math>?") to satisfiability of propositional logic, we show that using modern SAT solvers, provably optimal solutions to interesting problem instances from cryptography can be obtained. We substantiate this claim by a case study on optimizing the AES S-Box.

Keyphrases: AES, Optimization, program synthesis, SAT

In: Geoff Sutcliffe, Stephan Schulz and Eugenia Ternovska (editors). IWIL 2010. The 8th International Workshop on the Implementation of Logics, vol 2, pages 64--70

Links:
BibTeX entry
@inproceedings{IWIL2010:Optimizing_AES_S_Box_using,
  author    = {Carsten Fuhs and Peter Schneider-Kamp},
  title     = {Optimizing the AES S-Box using SAT},
  booktitle = {IWIL 2010. The 8th International Workshop on the Implementation of Logics},
  editor    = {Geoff Sutcliffe and Stephan Schulz and Eugenia Ternovska},
  series    = {EPiC Series in Computing},
  volume    = {2},
  pages     = {64--70},
  year      = {2012},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {https://easychair.org/publications/paper/},
  doi       = {10.29007/h5s4}}
Download PDFOpen PDF in browser