XOR-Counts and Lightweight Multiplication with Fixed Elements in Binary Finite Fields

  • Lukas KölschEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11476)


XOR-metrics measure the efficiency of certain arithmetic operations in binary finite fields. We prove some new results about two different XOR-metrics that have been used in the past. In particular, we disprove a conjecture from [10]. We consider implementations of multiplication with one fixed element in a binary finite field. Here we achieve a complete characterization of all elements whose multiplication matrix can be implemented using exactly 2 XOR-operations, confirming a conjecture from [2]. Further, we provide new results and examples in more general cases, showing that significant improvements in implementations are possible.


Lightweight cryptography Linear layer XOR-count Multiplication Finite fields 



The author wishes to thank the anonymous referees for their comments that improved especially the introduction considerably and helped to set this work into context with existing literature.

I also thank Gohar Kyureghyan for many discussions and help with structuring this paper.


  1. 1.
    Babbage, S., Dodd, M.: The MICKEY stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 191–209. Springer, Heidelberg (2008). Scholar
  2. 2.
    Beierle, C., Kranz, T., Leander, G.: Lightweight multiplication in \(GF(2^n)\) with applications to MDS matrices. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 625–653. Springer, Heidelberg (2016). Scholar
  3. 3.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). Scholar
  4. 4.
    Daemen, J., Rijmen, V.: Correlation analysis in \({GF}(2^n)\). In: Junod, P., Canteaut, A. (eds.) Advanced Linear Cryptanalysis of Block and Stream Ciphers. Cryptology and Information Security, pp. 115–131. IOS Press (2011)Google Scholar
  5. 5.
    De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008). Scholar
  6. 6.
    Duval, S., Leurent, G.: MDS matrices with lightweight circuits. IACR Trans. Symmetric Cryptol. 2018(2), 48–78 (2018). Scholar
  7. 7.
    Hahn, A., O’Meara, T.: The Classical Groups and K-Theory. Springer, Heidelberg (1989). Scholar
  8. 8.
    Hell, M., Johansson, T., Meier, W.: Grain; a stream cipher for constrained environments. Int. J. Wire. Mob. Comput. 2(1), 86–93 (2007). Scholar
  9. 9.
    Hoffman, K., Kunze, R.: Linear Algebra. Prentice-Hall, Englewood Cliffs (1961)zbMATHGoogle Scholar
  10. 10.
    Jean, J., Peyrin, T., Sim, S.M., Tourteaux, J.: Optimizing implementations of lightweight building blocks. IACR Trans. Symmetric Cryptol. 2017(4), 130–168 (2017)Google Scholar
  11. 11.
    Kaplansky, I.: Elementary divisors and modules. Trans. Amer. Math. Soc. 66, 464–491 (1949). Scholar
  12. 12.
    Khoo, K., Peyrin, T., Poschmann, A.Y., Yap, H.: FOAM: searching for hardware-optimal SPN structures and components with a fair comparison. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 433–450. Springer, Heidelberg (2014). Scholar
  13. 13.
    Kranz, T., Leander, G., Stoffelen, K., Wiemer, F.: Shorter linear straight-line programs for MDS matrices. IACR Trans. Symmetric Cryptol. 2017(4), 188–211 (2017). Scholar
  14. 14.
    LaMacchia, B.A., Odlyzko, A.M.: Solving large sparse linear systems over finite fields. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 109–133. Springer, Heidelberg (1991). Scholar
  15. 15.
    Li, Y., Wang, M.: On the construction of lightweight circulant involutory MDS matrices. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 121–139. Springer, Heidelberg (2016). Scholar
  16. 16.
    Liu, M., Sim, S.M.: Lightweight MDS generalized circulant matrices. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 101–120. Springer, Heidelberg (2016). Scholar
  17. 17.
    Saarinen, M.-J.O.: Cryptographic analysis of all 4 \(\times \) 4-bit S-boxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 118–133. Springer, Heidelberg (2012). Scholar
  18. 18.
    Sajadieh, M., Mousavi, M.: Construction of lightweight MDS matrices from generalized feistel structures. IACR Cryptology ePrint Archive 2018, 1072 (2018)Google Scholar
  19. 19.
    Sarkar, S., Sim, S.M.: A deeper understanding of the XOR count distribution in the context of lightweight cryptography. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 167–182. Springer, Cham (2016). Scholar
  20. 20.
    Sim, S.M., Khoo, K., Oggier, F., Peyrin, T.: Lightweight MDS involution matrices. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 471–493. Springer, Heidelberg (2015). Scholar
  21. 21.
    Swan, R.G.: Factorization of polynomials over finite fields. Pacific J. Math. 12(3), 1099–1106 (1962)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Zhao, R., Wu, B., Zhang, R., Zhang, Q.: Designing optimal implementations of linear layers (full version). Cryptology ePrint Archive, Report 2016/1118 (2016)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.University of RostockRostockGermany

Personalised recommendations