How lightweight is the Hardware Implementation of Quasigroup S-boxes

Abstract

In this paper, we present a novel method for realizing S-boxes using non-associative algebraic structures - quasigroups, which - in certain cases - leads to more optimized hardware implementations. We aim to give cryptographers an iterative tool for designing cryptographically strong S-boxes (which we denote as Q-S-boxes) with additional flexibility for hardware implementation. Existence of the set of cryptographically strong 4-bit Q-S-boxes depends on the non-linear quasigroups of order 4 and quasigroup string transformations. The Q-S-boxes offer the option to not only iteratively reuse the same circuit to implement several different strong 4-bit S-boxes, but they can also be serialized down to bit level, leading to S-box implementations below 10 GEs. With Q-S-boxes we can achieve over 40% area reduction with respect to a lookup table based implementation, and also over 16% area reduction in a parallel implementation of Present. We plan to generalize our approach to S-boxes of any size in the future.