Advertisement

XOR-Counts and Lightweight Multiplication with Fixed Elements in Binary Finite Fields

  • Lukas KölschEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11476)

Abstract

XOR-metrics measure the efficiency of certain arithmetic operations in binary finite fields. We prove some new results about two different XOR-metrics that have been used in the past. In particular, we disprove a conjecture from [10]. We consider implementations of multiplication with one fixed element in a binary finite field. Here we achieve a complete characterization of all elements whose multiplication matrix can be implemented using exactly 2 XOR-operations, confirming a conjecture from [2]. Further, we provide new results and examples in more general cases, showing that significant improvements in implementations are possible.

Keywords

Lightweight cryptography Linear layer XOR-count Multiplication Finite fields 

Notes

Acknowledgments

The author wishes to thank the anonymous referees for their comments that improved especially the introduction considerably and helped to set this work into context with existing literature.

I also thank Gohar Kyureghyan for many discussions and help with structuring this paper.

References

  1. 1.
    Babbage, S., Dodd, M.: The MICKEY stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 191–209. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68351-3_15CrossRefGoogle Scholar
  2. 2.
    Beierle, C., Kranz, T., Leander, G.: Lightweight multiplication in \(GF(2^n)\) with applications to MDS matrices. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 625–653. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_23CrossRefzbMATHGoogle Scholar
  3. 3.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005).  https://doi.org/10.1007/11545262_32CrossRefGoogle Scholar
  4. 4.
    Daemen, J., Rijmen, V.: Correlation analysis in \({GF}(2^n)\). In: Junod, P., Canteaut, A. (eds.) Advanced Linear Cryptanalysis of Block and Stream Ciphers. Cryptology and Information Security, pp. 115–131. IOS Press (2011)Google Scholar
  5. 5.
    De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68351-3_18CrossRefGoogle Scholar
  6. 6.
    Duval, S., Leurent, G.: MDS matrices with lightweight circuits. IACR Trans. Symmetric Cryptol. 2018(2), 48–78 (2018).  https://doi.org/10.13154/tosc.v2018.i2.48-78CrossRefGoogle Scholar
  7. 7.
    Hahn, A., O’Meara, T.: The Classical Groups and K-Theory. Springer, Heidelberg (1989).  https://doi.org/10.1007/978-3-662-13152-7CrossRefzbMATHGoogle Scholar
  8. 8.
    Hell, M., Johansson, T., Meier, W.: Grain; a stream cipher for constrained environments. Int. J. Wire. Mob. Comput. 2(1), 86–93 (2007).  https://doi.org/10.1504/IJWMC.2007.013798CrossRefGoogle Scholar
  9. 9.
    Hoffman, K., Kunze, R.: Linear Algebra. Prentice-Hall, Englewood Cliffs (1961)zbMATHGoogle Scholar
  10. 10.
    Jean, J., Peyrin, T., Sim, S.M., Tourteaux, J.: Optimizing implementations of lightweight building blocks. IACR Trans. Symmetric Cryptol. 2017(4), 130–168 (2017)Google Scholar
  11. 11.
    Kaplansky, I.: Elementary divisors and modules. Trans. Amer. Math. Soc. 66, 464–491 (1949).  https://doi.org/10.1090/S0002-9947-1949-0031470-3MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Khoo, K., Peyrin, T., Poschmann, A.Y., Yap, H.: FOAM: searching for hardware-optimal SPN structures and components with a fair comparison. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 433–450. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_24CrossRefzbMATHGoogle Scholar
  13. 13.
    Kranz, T., Leander, G., Stoffelen, K., Wiemer, F.: Shorter linear straight-line programs for MDS matrices. IACR Trans. Symmetric Cryptol. 2017(4), 188–211 (2017).  https://doi.org/10.13154/tosc.v2017.i4.188-211. https://tosc.iacr.org/index.php/ToSC/article/view/813CrossRefGoogle Scholar
  14. 14.
    LaMacchia, B.A., Odlyzko, A.M.: Solving large sparse linear systems over finite fields. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 109–133. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-38424-3_8CrossRefGoogle Scholar
  15. 15.
    Li, Y., Wang, M.: On the construction of lightweight circulant involutory MDS matrices. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 121–139. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_7CrossRefGoogle Scholar
  16. 16.
    Liu, M., Sim, S.M.: Lightweight MDS generalized circulant matrices. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 101–120. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_6CrossRefGoogle Scholar
  17. 17.
    Saarinen, M.-J.O.: Cryptographic analysis of all 4 \(\times \) 4-bit S-boxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 118–133. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28496-0_7CrossRefGoogle Scholar
  18. 18.
    Sajadieh, M., Mousavi, M.: Construction of lightweight MDS matrices from generalized feistel structures. IACR Cryptology ePrint Archive 2018, 1072 (2018)Google Scholar
  19. 19.
    Sarkar, S., Sim, S.M.: A deeper understanding of the XOR count distribution in the context of lightweight cryptography. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 167–182. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-31517-1_9CrossRefGoogle Scholar
  20. 20.
    Sim, S.M., Khoo, K., Oggier, F., Peyrin, T.: Lightweight MDS involution matrices. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 471–493. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48116-5_23CrossRefGoogle Scholar
  21. 21.
    Swan, R.G.: Factorization of polynomials over finite fields. Pacific J. Math. 12(3), 1099–1106 (1962)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Zhao, R., Wu, B., Zhang, R., Zhang, Q.: Designing optimal implementations of linear layers (full version). Cryptology ePrint Archive, Report 2016/1118 (2016)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.University of RostockRostockGermany

Personalised recommendations