returns the next four bits of the intermediate vector, and so on. Every four bits

of the subkey related to the S-box will be attacked. In this way, the subkey can

be revealed by the power analysis attack. If each subkey is revealed, the whole

secret key of the Serpent cipher can be obtained.

Fig. 11. The sub-module of Serpent cipher.

3.2 QCA Implementation of the Serpent Sub-Module

The sub-module of the Serpent cipher contains two parts: one is the 4-bit XOR

operation and the other is the S 0 -box. An XOR gate is designed in QCA and its

schematic and layout are shown in Fig. 12 .

The S 0 -box is the first Serpent S-box and comprises four inputs and four

outputs. Its truth table is shown in Table 4 . There are two methods to imple-

ment the S-box. One is to emulate a lookup table (LUT); however, memory

architectures in QCA require many cells and introduce high latency. The second

technique is to design a logic-based S-box. This method will occupy less area

and introduce low latency. In this work, the logic-based QCA S 0 -box is designed

by using majority logic reduction.

Let X denote the input and Y denote the output of the S 0 -box. First, by

using the Karnaugh map, the minimized logic expressions for Y = y 4 y 3 y 2 y 1 can

be obtained with AND and OR gates as follows:

y 1 = x 4 x 3 x 1 + x 4 x 2 + x 4 x 3 x 1 + x 4 x 3 x 2 x 1

= x 4 ( x 3 x 1 + x 2 )+ x 4 ( x 3 x 1 + x 3 x 1 x 2 ) ,

(11)

y 2 = x 4 x 3 x 1 + x 4 x 3 x 1 + x 4 x 3 x 2 x 1 + x 2 x 1

= x 4 ( x 3 x 1 + x 3 x 1 )+ x 4 ( x 3 x 2 x 1 )+ x 2 x 1 ,

(12)

y 3 = x 4 x 2 x 1 + x 4 x 3 x 2 x 1 + x 4 x 3 x 1 + x 4 x 2 x 1 + x 4 x 3 x 2 + x 4 x 3 x 2 x 1

= x 4 ( x 2 x 1 + x 2 x 1 x 3 )+ x 4 [ x 3 x 1 +( x 1 x 2 + x 2 x 3 + x 1 x 2 x 3 )] ,

(13)

y 4 = x 4 x 3 x 2 x 1 + x 4 x 3 x 2 x 1 + x 4 x 3 x 2 + x 4 x 3 x 2 + x 3 x 2 x 1 + x 3 x 2 x 1

= x 4 x 1 ( x 3 x 2 + x 3 x 2 )+( x 4 + x 1 )( x 3 x 2 + x 3 x 2 ) .

(14)