CWI Cryptology Group

Abstract: We present the construction and implementation of an 8-bit S-box with a differential and linear branch number of 3. We show an application by designing Fly: a simple block cipher based on bitsliced evaluations of the S-box and bit rotations, that targets the same platforms as Pride, and which can be seen as a variant of Present with 8-bit S-boxes. The round function of Fly achieves the same performance as the one of Pride on 8-bit microcontrollers (in terms of number of instructions per round) while having 1.5 times more equivalent active S-boxes on average. The S-box also has an efficient implementation with SIMD instructions, a low implementation cost in hardware and it can be masked efficiently thanks to its sparing use of non-linear gates and to the fact that it has a natural expression in terms of a single 4-bit S-box.