Optimizing Implementations of Linear Layers
In this paper, we propose a new heuristic algorithm to search efficient implementations (in terms of Xor count) of linear layers used in symmetric-key cryptography. It is observed that the implementation cost of an invertible matrix is related to its matrix decomposition if sequential-Xor (s-Xor) m...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2020-07-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/8671 |
| id |
doaj-b70376c709384ac1a6248d7f83f124a8 |
|---|---|
| record_format |
Article |
| spelling |
doaj-b70376c709384ac1a6248d7f83f124a82021-04-02T09:58:24ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2020-07-012020210.13154/tosc.v2020.i2.120-145Optimizing Implementations of Linear LayersZejun Xiang0Xiangyoung Zeng1Da Lin2Zhenzhen Bao3Shasha Zhang4Faculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, ChinaFaculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, ChinaFaculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, ChinaDivison of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, SingaporeFaculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, China In this paper, we propose a new heuristic algorithm to search efficient implementations (in terms of Xor count) of linear layers used in symmetric-key cryptography. It is observed that the implementation cost of an invertible matrix is related to its matrix decomposition if sequential-Xor (s-Xor) metric is considered, thus reducing the implementation cost is equivalent to constructing an optimized matrix decomposition. The basic idea of this work is to find various matrix decompositions for a given matrix and optimize those decompositions to pick the best implementation. In order to optimize matrix decompositions, we present several matrix multiplication rules over F2, which are proved to be very powerful in reducing the implementation cost. We illustrate this heuristic by searching implementations of several matrices proposed recently and matrices already used in block ciphers and Hash functions, and the results show that our heuristic performs equally good or outperforms Paar’s and Boyar-Peralta’s heuristics in most cases. https://tosc.iacr.org/index.php/ToSC/article/view/8671Linear LayerImplementationXor CountAES |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Zejun Xiang Xiangyoung Zeng Da Lin Zhenzhen Bao Shasha Zhang |
| spellingShingle |
Zejun Xiang Xiangyoung Zeng Da Lin Zhenzhen Bao Shasha Zhang Optimizing Implementations of Linear Layers IACR Transactions on Symmetric Cryptology Linear Layer Implementation Xor Count AES |
| author_facet |
Zejun Xiang Xiangyoung Zeng Da Lin Zhenzhen Bao Shasha Zhang |
| author_sort |
Zejun Xiang |
| title |
Optimizing Implementations of Linear Layers |
| title_short |
Optimizing Implementations of Linear Layers |
| title_full |
Optimizing Implementations of Linear Layers |
| title_fullStr |
Optimizing Implementations of Linear Layers |
| title_full_unstemmed |
Optimizing Implementations of Linear Layers |
| title_sort |
optimizing implementations of linear layers |
| publisher |
Ruhr-Universität Bochum |
| series |
IACR Transactions on Symmetric Cryptology |
| issn |
2519-173X |
| publishDate |
2020-07-01 |
| description |
In this paper, we propose a new heuristic algorithm to search efficient implementations (in terms of Xor count) of linear layers used in symmetric-key cryptography. It is observed that the implementation cost of an invertible matrix is related to its matrix decomposition if sequential-Xor (s-Xor) metric is considered, thus reducing the implementation cost is equivalent to constructing an optimized matrix decomposition. The basic idea of this work is to find various matrix decompositions for a given matrix and optimize those decompositions to pick the best implementation. In order to optimize matrix decompositions, we present several matrix multiplication rules over F2, which are proved to be very powerful in reducing the implementation cost. We illustrate this heuristic by searching implementations of several matrices proposed recently and matrices already used in block ciphers and Hash functions, and the results show that our heuristic performs equally good or outperforms Paar’s and Boyar-Peralta’s heuristics in most cases.
|
| topic |
Linear Layer Implementation Xor Count AES |
| url |
https://tosc.iacr.org/index.php/ToSC/article/view/8671 |
| work_keys_str_mv |
AT zejunxiang optimizingimplementationsoflinearlayers AT xiangyoungzeng optimizingimplementationsoflinearlayers AT dalin optimizingimplementationsoflinearlayers AT zhenzhenbao optimizingimplementationsoflinearlayers AT shashazhang optimizingimplementationsoflinearlayers |
| _version_ |
1724168238200258560 |