Document Type : Research Article


Ayatollah Boroujerdi University, Deptartment of Electrical Engineering, Ayatollah Boroujerdi University, Boroujerd, Iran.


In this paper, we present four low-cost substitution boxes (S-boxes) including two 4-bit S-boxes called S1 and S2 and two 8-bit S-boxes called SB1 and SB2, which are suitable for the development of lightweight block ciphers. The 8-bit SB1 S-box is constructed based on four 4-bit S-boxes, multiplication by constant 0x2 in the finite field F24 , and field addition operations. Also, the proposed 8-bit S-box SB2 is composed of five permutation blocks, two 4-bit S-boxes S1 and one 4-bit S-box S2, multiplication by constant 0x2, and addition operations in sequence. The proposed structures of the S-box are simple and low-cost. These structures have low area and low critical path delay. The cryptographic strength of the proposed S-boxes is analyzed by studying the properties of S-box such as Nonlinearity, Differential uniformity (DU), Strict avalanche criterion (SAC), Algebraic degree (AD), Differential approximation probability (DAP), and Linear approximation probability (LAP) in SAGE. The hardware results, in 180 nm CMOS technology, show the proposed S-boxes are comparable in terms of security properties, area, delay, and area×delay with most of the famous S-boxes.


[1] Hatzivasilis, G., Fysarakis, K., Papaefstathiou, I.and Manifavas, C., A review of lightweight block ciphers, Journal of Cryptographic Engineering, Vol. 11, Iss. 3, 2018, pp. 141-184.
[2] J. Mohd, B., Hayajneh, T. and V. Vasilakos, A.,A survey on lightweight block ciphers for lowresource devices: Comparative study and open issues, J Cryptogr Eng, Vol. 58, 2015, pp. 73-93.
[3] Rashidi, B., High-throughput and Flexible ASIC Implementations of SIMON and SPECK Lightweight Block Ciphers, International Journal of Circuit Theory and Applications, Vol. 47, Iss.8, 2019, pp. 1254-1268.
[4] Rashidi, B., Low-cost and Two-cycle Hardware Structures of PRINCE Lightweight Block Cipher, International Journal of Circuit Theory and Applications,, Vol. 48, Iss. 8, 2020, pp. 1227-1243.
[5] Farwa, S., Shah, T., and Idrees, L., A highly nonlinear S-box based on a fractional linear transformation, Springer Plus, Vol. 5, No. 1, 2016, pp.1-12.
[6] Razaq, A., Al-Olayan, H.A., Ullah, A., Riaz, A.,and Waheed, A., A Novel Technique for the Construction of Safe Substitution Boxes Based on Cyclic and Symmetric Groups, Security and Communication Networks, Vol. 2018, 2018, pp. 1-10.
[7] Tian, Y., and Lu, Z., Chaotic S-Box: Intertwining Logistic Map and Bacterial Foraging Optimization, Mathematical Problems in Engineering, Vol.2017, 2017, pp. 1-12.
[8] Khan M.F., Ahmed A., Saleem K., A Novel Cryptographic Substitution Box Design Using Gaussian Distribution, IEEE Access , Vol. 7, 2019, pp.15999-16007.
[9] Shuai, L., Wang, L., Miao, L., and Zhou, X., SBoxes Construction Based on the Cayley Graph of the Symmetric Group for UASNs, IEEE Access, Vol. 7, 2019, pp. 38826-38832.
[10] Asif Khan, M., Ali, A., Jeoti, V., and Manzoor, S., A Chaos-Based Substitution Box (S-Box) Design with Improved Differential Approximation Probability (DP), Iranian Journal of Science and Technology, Transactions of Electrical Engineering, Vol. 42, Iss. 2, 2018, pp. 219-238.
[11] Isa, H., Jamil, N., and Reza Zaba, M., Construction of Cryptographically Strong S-Boxes Inspired
by Bee Waggle Dance, New Generation Computing, Vol. 34, Iss. 3, 2016, pp. 221-238.
[12] Rafiq, A., and Khan, M., Construction of new S-boxes based on triangle groups and its applications in copyright protection, Multimedia Tools and Applications, Vol. 78, 2019, pp. 15527-15544.
[13] Muhammad Ali, K., and Khan, M., A new construction of confusion component of block ciphers, Multimedia Tools and Applications, Vol. 78, 2019, pp. 32585-32604.
[14] Dey, S., and Ghosh, R., A smart review and two new techniques using 4-bit Boolean functions for cryptanalysis of 4-bit crypto S-boxes, International Journal of Computers and Applications, Vol. 2018, 2018, pp. 1-19.
[15] Ahmad, M., Doja, M.N., and Sufyan Beg, M.M., ABC Optimization Based Construction of Strong Substitution-Boxes, Wireless Personal Communications, Vol. 101, Iss. 3, 2018, pp. 1715-1729.
[16] Zahid, A.H., Arshad, M.J., An Innovative Design of Substitution-Boxes Using Cubic Polynomial Mapping, Symmetry, Vol. 11, Iss. 3, 2019, pp. 1-10.
[17] Zahid, A.H., Arshad, M.J., Construction of Lightweight S-Boxes Using Feistel and MISTY Structures, in Proc. 22nd International Conference on Selected Areas in Cryptography, Sackville, NB, Canada, LNCS, Vol. 9566, 2015, pp. 373-393.
[18] Ullrich, M., De Canniere, C., Indesteege, S., Kucuk, O., Mouha, N., Preneel, B., Finding Optimal Bitsliced Implementations of 4*4-Bit S-boxes, in Proc. Symmetric Key Encryption Workshop, Copenhagen, DK, 2011, pp. 1-20.
[19] Grosso, G., Leurent, G., Standaert, F.X., and Varici, K., LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations, in Proc. 21st International Workshop on Fast Software Encryption, London, UK, LNCS, Vol. 8540, 2014, pp. 18-37.
[20] Daemen, J., Peeters, M., Assche, G.V., Rijmen, V., Nessie proposal: NOEKEON, 2000, Available at
[21] Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., and Regazzoni, F., Midori: A Block Cipher for Low Energy, in Proc. International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), Auckland, New Zealand, Vol.9453, 2015, pp. 411-436.
[22] Bao, Z., Guo, J., Ling, S., and Sasaki, Y., Peigena Platform for Evaluation, Implementation, and Generation of S-boxes, IACR Transactions on Symmetric Cryptology, Vol. 2019, No. 1, 2019, pp.330-394.
[23] Shahzad, I., Mushtaq, Q., and Razaq, A., Construction of New S-Box Using Action of Quotient of the Modular Group for Multimedia Security, Security and Communication Networks, Vol. 2019, 2019, pp. 1-10.
[24] Lambic, D., S-box design method based on improved onedimensional discrete chaotic map, Journal of Information and Telecommunication, Vol.2, Iss. 2, 2018, pp. 181-191.
[25] Muhammad Ali, K. and Khan, M., A new construction of confusion component of block ciphers, Multimedia Tools and Applications, Vol. 78, 2019, pp. 32585-application in image encryption, Neural Comput & Applic, Vol. 27, Iss. 3, 2016, pp. 677-685.
[27] Gerard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.X., Block ciphers that are easier to mask: how far can we go?, in Proc. 15th International Workshop on Cryptographic Hardware and Embedded Systems-CHES, Santa Barbara, CA, USA,
LNCS, Vol. 8086, 2013, pp. 383-399.
[28] Gondal, M.A., Raheem, A., Hussain, I., A scheme for obtaining secure S-boxes based on chaotic Baker’s map, 3D Research, Vol. 5, No. 3, 2014, pp. 1-8.
[29] Anees, A., Ahmed, Z., A technique for designing substitution box based on van der pol oscillator, Wirel Pers Commun, Vol. 82, No. 3, 2015, pp. 1497-1503.
[30] Stein, W., Joyner, D., SAGE: System for Algebra and Geometry Experimentation, Available at
[31] Belazi, A., Khan, M., Abd El-Latif, A. A., and Belghith, S., Efficient cryptosystem approaches: Sboxes and permutation-substitution-based encryption, Nonlinear Dynamics, Vol. 87, 2016, pp.337-361.
[32] Rashidi, B., Compact and Efficient structure of 8-bit S-box for lightweight cryptography, Integration, the VLSI Journal, Vol. 76, 2021, pp. 172-182.
[33] Matsui, M., Linear Cryptanalysis Method for DES Cipher, in Proc. EUROCRYPT: Workshop on the Theory and Application of of Cryptographic Techniques, Lofthus, Norway, Vol. 765, 1994, pp.386-397.
[34] Carlet, C., Ding, C., Nonlinearities of S-boxes, Finite Fields and Their Applications, Vol. 13, 2007, pp. 121-135.
[35] Chabaud, F., Vaudenay, S., Links Between Differential and Linear Cryptanalysis, in Proc. EUROCRYPT: Workshop on the Theory and Application of of Cryptographic Techniques, New York, USA, LNCS, Vol. 950, 1995, pp. 356-365.
[36] Boss, E., Grosso, V., G¨uneysu, T., Leander, G., Moradi, A., Schneider, T., Strong 8-bit Sboxes with efficient masking in hardware extended version, J. Cryptogr. Eng., Vol. 7, Iss. 2, 2017, pp.149-165.
[37] Biham, E. and Shamir, A., Differential Cryptanalysis of DES-like Cryptosystems, Journal of Cryptology, Vol. 4, 1991, pp. 3-72.
[38] Webster, A.F., and Tavares, S.E., On the design of S-boxes, in Proc. Advances in CryptologyCRYPTO, Berlin, LNCS, Vol. 218, 1986, pp. 523-534.
[39] Knudsen, L.R., Truncated and Higher Order Differentials, in Proc. International Workshop on Fast Software Encryption, Leuven, Belgium, LNCS, Vol. 1008, 1995, pp. 196-211.
[40] Carlet, C., On Known and New Differentially Uniform Functions, in Proc. Australasian Conference on Information Security and Privacy, Melbourne, Australia, LNCS, Vol. 6812, 2011, pp. 1-15.
[41] Jakimoski, G., and Kocarev, L.C., Chaos and cryptography: block encryption ciphers based on chaotic maps, IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, Vol. 48, No. 2, 2001, pp. 163-169.
[42] Rashidi, B., Efficient and Flexible Hardware Structures of the 128-bit CLEFIA Block Cipher, IET Computers & Digital Techniques, Vol. 14, Iss.2., 2020, pp. 69-79.
[43] Beierle, C., Jean, J., Kolbl, S., Leander, G., Moradi, A., Peyrin, T., Sasaki, Y., Sasdrich, P., Sim, S.M., The SKINNY family of block ciphers and its low-latency variant MANTIS, in Proc. 36th Advances in Cryptology-CRYPTO, Santa Barbara, CA, USA, LNCS, Vol. 9815, 2016, pp.123-153.
[44] Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T., Piccolo: An UltraLightweight Block cipher, in Proc. CHES: International Workshop on Cryptographic Hardware and Embedded Systems, Nara, Japan, LNCS, Vol. 6917, 2011, pp. 342-357.
[45] Rashidi, B., Efficient and high-throughput application-specific integrated circuit implementations of HIGHT and PRESENT block ciphers, IET Circuits, Devices & Systems, Vol. 13, Iss. 6,2019, pp. 731-740.
[46] Shirai, T., Shibutani, K., Akishita, T., Moriai, S., and Iwata, T., The 128-Bit Block cipher CLEFIA (Extended Abstract), in Proc. International Workshop on Fast Software Encryption, LNCS, Vol. 4593, Luxembourg, 2007, pp. 181-195.
[47] Daemen, J., Rijmen, V., The Design of Rijndael: AES-The Advanced Encryption Standard, Information Security and Cryptography, Springer, New York, 2002.
[48] Standaert, F., Piret, G., Rouvroy, G., Quisquater, J., Legat, J., ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware, in Proc. 11th International Workshop on Fast Software Encryption, Delhi, India, LNCS,
Vol. 3017, 2004, pp. 279-298.
[49] Barreto, P., Rijmen, V., The Khazad legacylevel block cipher, in Proc. First open NESSIE Workshop, Leuven, Belgium, 2000, pp. 1-15.
[50] Grosso, V., Leurent, G., Standaert, F., Varici, K., Journault, A., Durvaux, F., Gaspar, L., Kerckhof, S., SCREAM Side-Channel Resistant Authenticated Encryption with Maskingver 3, submission to CAESAR competition of authenticated ciphers, https://, 2015.
[51] Rijmen, V., Barreto, P., The WHIRLPOOL hash function, Submitted to NESSIE, pbar reto/WhirlpoolPage.html, 2001.
[52] Jakimoski, G., and Kocarev, L.C., Composite field GF(((22)2)2) Advanced Encryption Standard (AES) S-box with algebraic normal form representation in the subfield inversion, IET Circuits, Devices & Systems, Vol. 5, Iss. 6, 2011, pp.471-476.
[53] Mentens, N., Batina, L., Preneel, B., and Verbauwhede, I., A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box, in Proc. The Cryptographers’ Track at the RSA Conference, San Francisco, CA, USA, LNCS, Vol. 3376, 2005, pp. 323-333.
[54] Boyar, J., Peralta, R., A New Combinational Logic Minimization Technique with Applications to Cryptology, in Proc. 9th International Symposium SEA: International Symposium on Experimental Algorithms, Ischia Island, Naples, Italy, LNCS, Vol. 6049, 2010, pp. 178-189.
[55] Zhang, X., G., and Parhi, K.K., High-Speed VLSI Architectures for the AES Algorithm, IEEE Transactions on Very Large Scale Integration(VLSI) Systems, Vol. 12, Iss. 9, 2004, pp. 957-967.
[56] Ueno, R., Homma, N., Nogami, Y., and Aoki, T., Highly Efficient GF(28) inversion circuit based on hybrid GF representations, Journal of Cryptographic Engineering, Vol. 9, 2019, pp. 101-113.
[57] Monteiro, C., Takahashi, Y., Sekine, T., Lowpower secure S-box circuit using charge-sharing symmetric adiabatic logic for advanced encryption standard hardware design, IET Circuits, Devices & Systems, Vol. 9, Iss. 5, 2015, pp. 362-369.
[58] Reyhani-Masoleh, A., Taha, M., Ashmawy, D., Smashing the Implementation Records of AES Sbox, IACR Transactions on Cryptographic Hardware and Embedded Systems, Vol. 2018, No. 2, 2018, pp. 298-336.
[59] Rashidi, B., and Rashidi, B., Implementation of An Optimized and Pipelined Combinational Logic Rijndael S-Box on FPGA, I. J. Computer Network and Information Security, Vol. 2013, 2013, pp. 41-48.
[60] Maximov, A., and Ekdahl, P., New Circuit Minimization Techniques for Smaller and Faster AES SBoxes, IACR Transactions on Cryptographic Hardware and Embedded Systems, Vol. 2019, No.4, 2019, pp. 91-125.
[61] Ueno, R., Homma, N., Nogami, Y., and Aoki, T.,Highly Efficient GF(28) Inversion Circuit Based on Redundant GF Arithmetic and Its Application to AES Design, in Proc. 17th International Workshop on Cryptographic Hardware and Embedded Systems-CHES, Saint-Malo, France, LNCS Vol.9293, 2015, pp. 63-80.
[62] Canright, D., A Very Compact S-Box for AES,in Proc. 7th International Workshop on Cryptographic Hardware and Embedded Systems-CHES, Edinburgh, UK, LNCS Vol. 3659, 2005, pp. 441-455.
[63] Tillich, S., Feldhofer, M., Popp, T., and Grobschadl, J., Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES SBox, J Sign Process Syst, Vol. 50, 2008, pp. 251-261.