Abstract
In this paper, we propose a new heuristic algorithm to search efficient implementations (in terms of Xor count) of linear layers used in symmetric-key cryptography. It is observed that the implementation cost of an invertible matrix is related to its matrix decomposition if sequential-Xor (s-Xor) metric is considered, thus reducing the implementation cost is equivalent to constructing an optimized matrix decomposition. The basic idea of this work is to find various matrix decompositions for a given matrix and optimize those decompositions to pick the best implementation. In order to optimize matrix decompositions, we present several matrix multiplication rules over F2, which are proved to be very powerful in reducing the implementation cost. We illustrate this heuristic by searching implementations of several matrices proposed recently and matrices already used in block ciphers and Hash functions, and the results show that our heuristic performs equally good or outperforms Paar’s and Boyar-Peralta’s heuristics in most cases.
Highlights
Lightweight cryptography has become one of the main focuses in cryptographic community as the rapid development of lightweight applications, such as Radio-Frequency IDentification (RFID) tags and Internet of Things (IoTs)
The Advanced Encryption Standard (AES) [DR02] has been widely used in practice, and its round function has been frequently used in the design of other cryptographic primitives, an implementation of its linear layer with a smaller Xor count will directly reduce the cost of deploying AES and the primitives that uses its round function
We introduced a new heuristic search algorithm to globally optimize the implementation of linear matrices, which is built on the decomposition theory of invertible matrices
Summary
Lightweight cryptography has become one of the main focuses in cryptographic community as the rapid development of lightweight applications, such as Radio-Frequency IDentification (RFID) tags and Internet of Things (IoTs). The Advanced Encryption Standard (AES) [DR02] has been widely used in practice, and its round function has been frequently used in the design of other cryptographic primitives (such as AEGIS [WP13] and ForkAES [ARVV18]), an implementation of its linear layer with a smaller Xor count will directly reduce the cost of deploying AES and the primitives that uses its round function This paper follows this line of work and offers an alternative heuristic to search optimized implementations of linear matrices. In [JPST17], the authors presented an exhaustive search algorithm to determine the optimal s-Xor count of small-scale matrices Following this line of work, we will present in this paper a new heuristic to search optimized implementations under s-Xor metric for reasonable large matrices.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
