Logic Minimization Techniques with Applications to Cryptology
 Joan Boyar,
 Philip Matthews,
 René Peralta
 … show all 3 hide
Purchase on Springer.com
$39.95 / €34.95 / £29.95*
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Abstract
A new technique for combinational logic optimization is described. The technique is a twostep process. In the first step, the nonlinearity of a circuit—as measured by the number of nonlinear gates it contains—is reduced. The second step reduces the number of gates in the linear components of the already reduced circuit. The technique can be applied to arbitrary combinational logic problems, and often yields improvements even after optimization by standard methods has been performed. In this paper we show the results of our technique when applied to the Sbox of the Advanced Encryption Standard (FIPS in Advanced Encryption Standard (AES), National Institute of Standards and Technology, 2001).
We also show that, in the second step, one is faced with an NPhard problem, the Shortest Linear Program (SLP) problem, which is to minimize the number of linear operations necessary to compute a set of linear forms. In addition to showing that SLP is NPhard, we show that a special case of the corresponding decision problem is Max SNPcomplete, implying limits to its approximability.
Previous algorithms for minimizing the number of gates in linear components produced cancellationfree straightline programs, i.e., programs in which there is no cancellation of variables in GF(2). We show that such algorithms have approximation ratios of at least 3/2 and therefore cannot be expected to yield optimal solutions to nontrivial inputs. The straightline programs produced by our techniques are not always cancellationfree. We have experimentally verified that, for randomly chosen linear transformations, they are significantly smaller than the circuits produced by previous algorithms.
 S. Arora, C. Lund, R. Motwani, M. Sudan, M. Szegedy, Proof verification and the hardness of approximation problems. J. Assoc. Comput. Mach. 45, 501–555 (1998) CrossRef
 P. Austrin, S. Khot, M. Safra, Inapproximability of vertex cover and independent set in bounded degree graphs, in IEEE Conference on Computational Complexity (IEEE Computer Society, Los Alamitos, 2009), pp. 74–80
 D.J. Bernstein, Optimizing linear maps modulo 2, in Workshop Record of SPEEDCC: Software Performance Enhancement for Encryption and Decryption and Cryptographic Compilers. http://cr.yp.to/papers.html#linearmod2
 L. Blum, M. Shub, S. Smale, On a theory of computation and complexity over the real numbers: NPcompleteness, recursive functions and universal machines. Bull. Am. Math. Soc. 21, 1–46 (1989) CrossRef
 J. Boyar, R. Peralta, Tight bounds for the multiplicative complexity of symmetric functions. Theor. Comput. Sci. 396(1–3), 223–246 (2008) CrossRef
 J. Boyar, R. Peralta, Patent application number 61089998 filed with the U.S. Patent and Trademark Office. A new technique for combinational circuit optimization and a new circuit for the SBox for AES, 2009
 J. Boyar, R. Peralta, A new combinational logic minimization technique with applications to cryptology, in 9th International Symposium on Experimental Algorithms, SEA 2010. Lecture Notes in Computer Science, vol. 6049 (Springer, Berlin, 2010), pp. 178–189
 J. Boyar, R. Peralta, A depth16 circuit for the AES Sbox. Cryptology ePrint archive, report 2011/332, 2011. http://eprint.iacr.org/
 J. Boyar, R. Peralta, D. Pochuev, On the multiplicative complexity of Boolean functions over the basis (∧,⊕,1). Theor. Comput. Sci. 235, 43–57 (2000) CrossRef
 J. Boyar, P. Matthews, R. Peralta, On the shortest linear straightline program for computing linear forms, in 33rd International Symposium on Mathematical Foundations of Computer Science, MFCS 2008. Lecture Notes in Computer Science, vol. 5162 (Springer, Berlin, 2008), pp. 168–179 CrossRef
 P. Bürgisser, M. Clausen, M.A. Shokrollahi, Algebraic Complexity Theory (Springer, Berlin, 1997), Chap. 13 CrossRef
 D. Canright, A very compact Rijndael Sbox. Technical report NPSMA05001, Naval Postgraduate School, 2005
 D. Canright, A very compact Rijndael Sbox, in 7th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2005. Lecture Notes in Computer Science, vol. 3659 (Springer, Berlin, 2005), pp. 441–455 CrossRef
 A.E.F. Clementi, L. Trevisan, Improved nonapproximability results for vertex cover with density constraints, in Computing and Combinatorics (1996), pp. 333–342 CrossRef
 J.W. Cooley, J.W. Tukey, An algorithm for the machine calculation of complex Fourier series. Math. Comput. 19, 297–301 (1965) CrossRef
 N. Courtois, D. Hulme, T. Mourouzis, Solving circuit optimisation problems in cryptography and cryptanalysis. IACR Cryptology ePrint Archive, 2011:475, 2011
 FIPS, Advanced Encryption Standard (AES) (National Institute of Standards and Technology, Gaithersburg, 2001)
 C. Fuhs, P. SchneiderKamp, Synthesizing shortest linear straightline programs over GF(2) using SAT, in 13th International Conference on Theory and Applications of Satisfiability Testing. Lecture Notes in Computer Science, vol. 6175 (Springer, Berlin, 2010), pp. 71–84
 C. Fuhs, P. SchneiderKamp, Optimizing the AES SBox using SAT, in Proceedings of the 8th International Workshop on the Implementation of Logics (2010)
 J. Håstad, Tensor rank is NPComplete. J. Algorithms 11(4), 644–654 (1990) CrossRef
 Y. Huang, D. Evans, J. Katz, L. Malka, Faster secure twoparty computation using garbled circuits, in Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, August 2011
 T. Itoh, S. Tsujii, A fast algorithm for computing multiplicative inverses in GF(2^{ m }) using normal bases. Inf. Comput. 78(3), 171–177 (1988) CrossRef
 E. Käsper, P. Schwabe, Faster and timingattack resistant AESGCM, in 11th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2009. Lecture Notes in Computer Science, vol. 5747 (Springer, Berlin, 2009), pp. 1–17 CrossRef
 S. Khot, On the power of unique 2prover 1round games, in Proceedings of the 34th Annual ACM Symposium on Theory of Computing, STOC ’02, New York, NY, USA (ACM, New York, 2002), pp. 767–775
 V. Kolesnikov, T. Schneider, Improved garbled circuit: free XOR gates and applications, in Proceedings of Automata, Languages and Programming, 35th International Colloquium, ICALP 2008. Lecture Notes in Computer Science, vol. 5126 (Springer, Berlin, 2008), pp. 486–498
 O.B. Lupanov, A method of circuit synthesis. Izv. Vysš. Učebn. Zaved., Radiofiz. 1, 120–140 (1958)
 E. Mastrovito, VLSI architectures for computation in Galois fields. Ph.D. thesis, Linköping University, Dept. Electr. Eng., Sweden, 1991
 S. Morioka, A. Satoh, An optimized SBox circuit architecture for low power AES design, in Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2002. Lecture Notes in Computer Science, vol. 2523 (Springer, Berlin, 2003), pp. 172–186 CrossRef
 Y. Nogami, K. Nekado, T. Toyota, N. Hongo, Y. Morikawa, Mixed bases for efficient inversion in f(((2^{2})^{2})^{2}) and conversion matrices of subbytes of AES, in 12th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2010. Lecture Notes in Computer Science, vol. 6225 (Springer, Berlin, 2010), pp. 234–247 CrossRef
 C. Paar, Some remarks on efficient inversion in finite fields, in 1995 IEEE International Symposium on Information Theory, Whistler, BC, Canada (1995), p. 58 CrossRef
 C. Paar, Optimized arithmetic for ReedSolomon encoders, in IEEE International Symposium on Information Theory (1997), p. 250 CrossRef
 C. Papadimitriou, M. Yannakakis, Optimization, approximation, and complexity classes. J. Comput. Syst. Sci. 43, 425–440 (1991) CrossRef
 A. Satoh, S. Morioka, K. Takano, S. Munetoh, A compact Rijndael hardware architecture with SBox optimization, in Advances in Cryptology—Proceedings of ASIACRYPT 01. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 239–254
 J.E. Savage, An algorithm for the computation of linear forms. SICOMP 3(2), 150–158 (1974)
 C. Shannon, The synthesis of twoterminal switching circuits. Bell Syst. Tech. J. 28, 59–98 (1949)
 L.G. Valiant, Completeness classes in algebra, in Proceedings of the 11th Annual ACM Symposium on the Theory of Computing (1979), pp. 249–261
 R. Williams, Matrixvector multiplication in subquadratic time (some preprocessing required), in Proceedings of the 18th Annual ACMSIAM Symposium on Discrete Algorithms (2007), pp. 995–1001
 S. Winograd, On the number of multiplications necessary to compute certain functions. Commun. Pure Appl. Math. 23, 165–179 (1970) CrossRef
 J. Wolkerstorfer, E. Oswald, M. Lamberger, An ASIC implementation of AES SBoxes, in Topics in Cryptology—CTRSA 2002. Lecture Notes in Computer Science, vol. 2271 (Springer, Berlin, 2002), pp. 67–78 CrossRef
 Title
 Logic Minimization Techniques with Applications to Cryptology
 Journal

Journal of Cryptology
Volume 26, Issue 2 , pp 280312
 Cover Date
 20130401
 DOI
 10.1007/s0014501291247
 Print ISSN
 09332790
 Online ISSN
 14321378
 Publisher
 SpringerVerlag
 Additional Links
 Topics
 Keywords

 Circuit complexity
 Multiplicative complexity
 Linear component minimization
 Shortest Linear Program
 Cancellation
 AES
 Sbox
 Industry Sectors
 Authors

 Joan Boyar ^{(1)}
 Philip Matthews ^{(2)}
 René Peralta ^{(3)}
 Author Affiliations

 1. Department of Mathematics and Computer Science, University of Southern Denmark, Odense, Denmark
 2. Aarhus University, Aarhus, Denmark
 3. Information Technology Laboratory, NIST, Gaithersburg, MD, USA