{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T17:05:01Z","timestamp":1753895101793,"version":"3.41.2"},"reference-count":47,"publisher":"International Association for Cryptologic Research","issue":"4","license":[{"start":{"date-parts":[[2024,10,7]],"date-time":"2024-10-07T00:00:00Z","timestamp":1728259200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2022YFB2701900"],"award-info":[{"award-number":["2022YFB2701900"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62032014"],"award-info":[{"award-number":["62032014"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,12,3]]},"abstract":"<jats:p>  Boolean formula minimization is a notoriously hard problem.   Circuit minimization, typically   studied in the context of a much broader subject   known as synthesis and optimization of circuits, introduces another   layer of complexity since ultimately those technology-independent   representations (e.g., Boolean formulas and truth tables) has to be   transformed into a netlist of cells of the target technology library.   To manage those complexities, the industrial community typically separates the   synthesis process into two steps: technology-independent optimization and   technology mapping. In each step, this approach only tries to find the   local optimal solution and relies heavily on heuristics rather than a   systematic search. However, for small S-boxes, a more systematic exploration   of the design space is possible. Aiming at the global optimum,   we propose a method which can synthesize a truth table   for a small S-box directly into a netlist of the cells of a given technology library.   Compared with existing technology-dependent synthesis tools like LIGHTER and PEIGEN, our method   produces improved results for many S-boxes with respect to circuit area.   In particular, by applying our method   to the GF(2^4)-inverter involved in the tower field implementation of the AES S-box,   we obtain the currently known lightest implementation of the AES S-box.   The search framework can be tweaked to take circuit delay into account. As a result,   we find implementations for certain S-boxes with both latency and area improved. <\/jats:p>","DOI":"10.62056\/akmpdkp10","type":"journal-article","created":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:00:52Z","timestamp":1736787652000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":0,"title":["Technology-Dependent Synthesis and Optimization of Circuits for Small S-boxes"],"prefix":"10.62056","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5836-0282","authenticated-orcid":false,"given":"Zihao","family":"Wei","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05qbk4x57","id-type":"ROR","asserted-by":"publisher"}],"name":"School of Cryptology","place":["Beijing, Beijing, China"],"department":["University of Chinese Academy of Sciences"]},{"name":"Data Communication Science and Technology Research Institute","place":["Beijing, Beijing, China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3058-2377","authenticated-orcid":false,"given":"Siwei","family":"Sun","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05qbk4x57","id-type":"ROR","asserted-by":"publisher"}],"name":"School of Cryptology","place":["Beijing, Beijing, China"],"department":["University of Chinese Academy of Sciences"]},{"id":[{"id":"https:\/\/ror.org\/02pn5rj08","id-type":"ROR","asserted-by":"publisher"}],"name":"State Key Laboratory of Cryptology","place":["Beijing, Beijing, P.O. Box 5159, China"]}]},{"given":"Fengmei","family":"Liu","sequence":"additional","affiliation":[{"name":"Data Communication Science and Technology Research Institute","place":["Beijing, Beijing, China"]}]},{"given":"Lei","family":"Hu","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/04r53se39","id-type":"ROR","asserted-by":"publisher"}],"name":"Key Laboratory of Cyberspace Security Defense","place":["Beijing, Beijing, China"],"department":["Institute of Information Engineering, Chinese Academy of Sciences"]},{"id":[{"id":"https:\/\/ror.org\/05qbk4x57","id-type":"ROR","asserted-by":"publisher"}],"name":"School of Cyber Security","place":["Beijing, Beijing, China"],"department":["University of Chinese Academy of Sciences"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8992-1647","authenticated-orcid":false,"given":"Zhiyu","family":"Zhang","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05qbk4x57","id-type":"ROR","asserted-by":"publisher"}],"name":"School of Cryptology","place":["Beijing, Beijing, China"],"department":["University of Chinese Academy of Sciences"]}]}],"member":"48349","published-online":{"date-parts":[[2025,1,13]]},"reference":[{"key":"ref1:Sim_FSE2015","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"471","DOI":"10.1007\/978-3-662-48116-5_23","article-title":"Lightweight MDS Involution Matrices","volume":"9054","author":"Siang Meng Sim","year":"2015"},{"key":"ref2:Beierle_CRYPTO2016","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"625","DOI":"10.1007\/978-3-662-53018-4_23","article-title":"Lightweight Multiplication in GF(2n) with Applications\n  to MDS Matrices","volume":"9814","author":"Christof Beierle","year":"2016"},{"key":"ref3:Yongqiang_FSE2016","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-662-52993-5_7","article-title":"On the Construction of Lightweight Circulant Involutory\n  MDS Matrices","volume":"9783","author":"Yongqiang Li","year":"2016"},{"key":"ref4:Chaoyun_FSE2017","doi-asserted-by":"publisher","first-page":"129","DOI":"10.13154\/TOSC.V2017.I1.129-155","article-title":"Design of Lightweight Linear Diffusion Layers from Near-MDS\n  Matrices","volume":"2017","author":"Chaoyun Li","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref5:Sarkar_FSE2016","doi-asserted-by":"publisher","first-page":"95","DOI":"10.13154\/TOSC.V2016.I1.95-113","article-title":"Lightweight Diffusion Layer: Importance of Toeplitz\n  Matrices","volume":"2016","author":"Sumanta Sarkar","year":"2016","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref6:Jean_FSE2018","doi-asserted-by":"publisher","first-page":"130","DOI":"10.13154\/TOSC.V2017.I4.130-168","article-title":"Optimizing Implementations of Lightweight Building Blocks","volume":"2017","author":"J\u00e9r\u00e9my Jean","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref7:Lijing_FSE2018","doi-asserted-by":"publisher","first-page":"180","DOI":"10.13154\/TOSC.V2018.I1.180-200","article-title":"On Efficient Constructions of Lightweight MDS Matrices","volume":"2018","author":"Lijing Zhou","year":"2018","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref8:wu-xor","first-page":"1036","article-title":"Direct Construction of Lightweight Rotational-XOR MDS\n  Diffusion Layers","author":"Zhiyuan Guo","year":"2016","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref9:sat-sbox-synthesis","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-662-52993-5_8","article-title":"Optimizing S-Box Implementations for Several Criteria Using\n  SAT Solvers","volume":"9783","author":"Ko Stoffelen","year":"2016"},{"key":"ref10:sat-slp","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-642-14186-7_8","article-title":"Synthesizing Shortest Linear Straight-Line Programs over\n  GF(2) Using SAT","volume":"6175","author":"Carsten Fuhs","year":"2010"},{"key":"ref11:jean-lighter","doi-asserted-by":"publisher","first-page":"130","DOI":"10.13154\/TOSC.V2017.I4.130-168","article-title":"Optimizing Implementations of Lightweight Building Blocks","volume":"2017","author":"J\u00e9r\u00e9my Jean","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref12:peigen","doi-asserted-by":"publisher","first-page":"330","DOI":"10.13154\/TOSC.V2019.I1.330-394","article-title":"PEIGEN - a Platform for Evaluation, Implementation, and\n  Generation of S-boxes","volume":"2019","author":"Zhenzhen Bao","year":"2019","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref13:BoyarMP_JoC2013","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/S00145-012-9124-7","article-title":"Logic Minimization Techniques with Applications to\n  Cryptology","volume":"26","author":"Joan Boyar","year":"2013","journal-title":"J. Cryptol."},{"key":"ref14:shun_fse19","doi-asserted-by":"publisher","first-page":"84","DOI":"10.13154\/TOSC.V2019.I1.84-117","article-title":"Constructing Low-latency Involutory MDS Matrices with\n  Lightweight Circuits","volume":"2019","author":"Shun Li","year":"2019","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref15:Kranz_FSE2018","doi-asserted-by":"publisher","first-page":"188","DOI":"10.13154\/TOSC.V2017.I4.188-211","article-title":"Shorter Linear Straight-Line Programs for MDS Matrices","volume":"2017","author":"Thorsten Kranz","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref16:Duval_FSE2019","doi-asserted-by":"publisher","first-page":"48","DOI":"10.13154\/TOSC.V2018.I2.48-78","article-title":"MDS Matrices with Lightweight Circuits","volume":"2018","author":"S\u00e9bastien Duval","year":"2018","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref17:tobias-schneider-sbox","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-662-53140-2_9","article-title":"Strong 8-bit Sboxes with Efficient Masking in Hardware","volume":"9813","author":"Erik Boss","year":"2016"},{"key":"ref18:tobias-schneider-sbox-full","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/S13389-017-0156-7","article-title":"Strong 8-bit Sboxes with efficient masking in hardware\n  extended version","volume":"7","author":"Erik Boss","year":"2017","journal-title":"J. Cryptogr. Eng."},{"key":"ref19:qiao-depth","doi-asserted-by":"publisher","first-page":"33","DOI":"10.13154\/TOSC.V2016.I1.33-56","article-title":"Invariant Subspace Attack Against Midori64 and The\n  Resistance Criteria for S-box Designs","volume":"2016","author":"Jian Guo","year":"2016","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref20:aes-mds-92xor","first-page":"833","article-title":"AES MixColumn with 92 XOR gates","author":"Alexander Maximov","year":"2019","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref21:slp-new-ches","doi-asserted-by":"publisher","first-page":"203","DOI":"10.13154\/TCHES.V2020.I1.203-230","article-title":"Improved Heuristics for Short Linear Programs","volume":"2020","author":"Quan Quan Tan","year":"2020","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref22:Canright-CHES2005","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"441","DOI":"10.1007\/11545262_32","article-title":"A Very Compact S-Box for AES","volume":"3659","author":"David Canright","year":"2005"},{"key":"ref23:smash-aes-record-ches","doi-asserted-by":"publisher","first-page":"298","DOI":"10.13154\/TCHES.V2018.I2.298-336","article-title":"Smashing the Implementation Records of AES S-box","volume":"2018","author":"Arash Reyhani-Masoleh","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref24:alexander-aes","doi-asserted-by":"publisher","first-page":"91","DOI":"10.13154\/TCHES.V2019.I4.91-125","article-title":"New Circuit Minimization Techniques for Smaller and Faster\n  AES SBoxes","volume":"2019","author":"Alexander Maximov","year":"2019","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref25:TI_Moradi","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-642-20465-4_6","article-title":"Pushing the Limits: A Very Compact and a Threshold\n  Implementation of AES","volume":"6632","author":"Amir Moradi","year":"2011"},{"key":"ref26:mc-mpc","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","article-title":"Ciphers for MPC and FHE","volume":"9056","author":"Martin R. Albrecht","year":"2015"},{"key":"ref27:mccluskey1956","doi-asserted-by":"publisher","first-page":"1417","DOI":"10.1002\/j.1538-7305.1956.tb03835.x","article-title":"Minimization of Boolean functions","volume":"35","author":"Edward J. McCluskey","year":"1956","journal-title":"The Bell System Technical Journal"},{"key":"ref28:brayton1990multilevel","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1109\/5.52213","article-title":"Multilevel logic synthesis","volume":"78","author":"Robert K. Brayton","year":"1990","journal-title":"Proc. IEEE"},{"key":"ref29:multiplicative-complexity","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","article-title":"Ciphers for MPC and FHE","volume":"9056","author":"Martin R. Albrecht","year":"2015"},{"volume-title":"ABC: A System for Sequential Synthesis and Verification","key":"ref30:abc-synthesis"},{"key":"ref31:abc-tool","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-3-642-14295-6_5","article-title":"ABC: An Academic Industrial-Strength Verification Tool","volume":"6174","author":"Robert K. Brayton","year":"2010"},{"key":"ref32:DBLP:conf\/fse\/DaemenGV93","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/3-540-58108-1_2","article-title":"A New Approach to Block Cipher Design","volume":"809","author":"Joan Daemen","year":"1993"},{"key":"ref33:DBLP:conf\/dagstuhl\/Courtois07","series-title":"Dagstuhl Seminar Proceedings","article-title":"How Fast can be Algebraic Attacks on Block Ciphers?","volume":"07021","author":"Nicolas T. Courtois","year":"2007"},{"key":"ref34:DBLP:conf\/ches\/KnudsenLPR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-642-15031-9_2","article-title":"PRINTcipher: A Block Cipher for IC-Printing","volume":"6225","author":"Lars R. Knudsen","year":"2010"},{"key":"ref35:DBLP:conf\/cardis\/StandaertPGQ06","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/11733447_16","article-title":"SEA: A Scalable Encryption Algorithm for Small Embedded\n  Applications","volume":"3928","author":"Fran\u00e7ois-Xavier Standaert","year":"2006"},{"key":"ref36:Joltik14","article-title":"Joltik v1","author":"J\u00e9r\u00e9my Jean","year":"2014","journal-title":"CAESAR competition"},{"key":"ref37:DBLP:journals\/chinaf\/ZhangBLR0V15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11432-015-5459-7","article-title":"RECTANGLE: a bit-slice lightweight block cipher suitable\n  for multiple platforms","volume":"58","author":"Wentao Zhang","year":"2015","journal-title":"Sci. China Inf. Sci."},{"key":"ref38:DBLP:conf\/crypto\/BeierleJKL0PSSS16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","article-title":"The SKINNY Family of Block Ciphers and Its Low-Latency\n  Variant MANTIS","volume":"9815","author":"Christof Beierle","year":"2016"},{"key":"ref39:DBLP:conf\/infocom\/ZhouJB06","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2006.183","article-title":"TWINE: A Hybrid Emulation Testbed for Wireless Networks\n  and Applications","author":"Junlan Zhou","year":"2006"},{"key":"ref40:DBLP:conf\/ches\/BogdanovKLPPRSV07","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","article-title":"PRESENT: An Ultra-Lightweight Block Cipher","volume":"4727","author":"Andrey Bogdanov","year":"2007"},{"key":"ref41:DBLP:conf\/acns\/WuZ11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-21554-4_19","article-title":"LBlock: A Lightweight Block Cipher","volume":"6715","author":"Wenling Wu","year":"2011"},{"key":"ref42:DBLP:conf\/ches\/BanikPPSST17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-319-66787-4_16","article-title":"GIFT: A Small Present - Towards Reaching the Limit of\n  Lightweight Encryption","volume":"10529","author":"Subhadeep Banik","year":"2017"},{"key":"ref43:DBLP:conf\/asiacrypt\/BanikBISHAR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-662-48800-3_17","article-title":"Midori: A Block Cipher for Low Energy","volume":"9453","author":"Subhadeep Banik","year":"2015"},{"key":"ref44:DBLP:journals\/tosc\/CanteautDLNPPS20","doi-asserted-by":"publisher","first-page":"160","DOI":"10.13154\/tosc.v2020.iS1.160-207","article-title":"Saturnin: a suite of lightweight symmetric algorithms for\n  post-quantum security","volume":"2020","author":"Anne Canteaut","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref45:DBLP:journals\/tosc\/BanikILMS21","doi-asserted-by":"publisher","first-page":"37","DOI":"10.46586\/tosc.v2021.i1.37-77","article-title":"Orthros: A Low-Latency PRF","volume":"2021","author":"Subhadeep Banik","year":"2021","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref46:misty-sbox","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/978-3-319-31301-6_22","article-title":"Construction of Lightweight S-Boxes Using Feistel and\n  MISTY Structures","volume":"9566","author":"Anne Canteaut","year":"2015"},{"key":"ref47:yongqiang-sbox","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-662-44709-3_8","article-title":"Constructing S-boxes for Lightweight Cryptography with\n  Feistel Structure","volume":"8731","author":"Yongqiang Li","year":"2014"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:11:47Z","timestamp":1736788307000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/4\/20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,13]]},"references-count":47,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,1,13]]}},"URL":"https:\/\/doi.org\/10.62056\/akmpdkp10","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2025,1,13]]},"assertion":[{"value":"2024-10-07","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-03","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-4-33"}}