FOAM : searching for hardware-optimal SPN structures and components with a fair comparison

Abstract

In this article, we propose a new comparison metric, the gure of adversarial merit (FOAM), which combines the inherent security provided by cryptographic structures and components with their implementation properties. To the best of our knowledge, this is the rst such metric proposed to ensure a fairer comparison of cryptographic designs. We then apply this new metric to meaningful use cases by studying Substitution-Permutation Network permutations that are suited for hardware implementations, and we provide new results on hardware-friendly cryptographic building blocks. For practical reasons, we considered linear and di erential attacks and we restricted ourselves to fully serial and round-based implementations. We explore several design strategies, from the geometry of the internal state to the size of the S-box, the eld size of the di usion layer or even the irreducible polynomial de ning the nite eld. We nally test all possible strategies to provide designers an exhaustive approach in building hardware-friendly cryptographic primitives (according to area or FOAM metrics), also introducing a model for predicting the hardware performance of round-based or serial-based implementations. In particular, we exhibit new di usion matrices (circulant or serial) that are surprisingly more e cient than the current best known, such as the ones used in AES, LED and PHOTON.