Composite field GF(((22)2)2) AES S-Box with direct computation in GF(24) inversion

Composite field arithmetic (CFA) has been widely used in designing combinatorial logic circuits for the S-Box function in the Advanced Encryption Standard (AES) in order to mitigate the performance bottleneck in VLSI implementation. In this work, we first categorize all of the possible composite field AES S-box constructions into four main architectures based on their field representations and the chosen algebraic properties. Each category is then investigated thoroughly. Next, we show that by computing the F(2⁴) inversion directly in the composite field F(((2²)²)²), we can further reduce the total area gate count as well as the critical path gate count. The architecture that leads to the maximum reduction in both total area coverage and critical path gate count through the exploitation of direct computation in F(2⁴) inversion is found and reported. Our best architecture has a total area gate count of 35 AND gates and 117 XOR gates and critical path gate count of 3 AND gates and 20 XOR gates.