Improved Heuristics for Short Linear Programs

Tan, Quan Quan; Peyrin, Thomas

doi:10.46586/tches.v2020.i1.203-230

Cited by 12 publications

(10 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2019, Li et al (34) focused on the construction of involutory MDS matrices and modified Boyar's SLP [26,47] by considering the circuit depth metric. In 2019, Tan and Peyrin (54) proposed new heuristics called Randomized Normal Boyar Peralta (RNBP) and two nondeterministic A1 and A2 algorithms. Liu et al, (55) proposed a new heuristic based on forward and backward searching by considering low-latency criteria.…”

Section: Local Optimization and Global Optimization Techniquesmentioning

confidence: 99%

“…On the other hand, open synthesis tools provide efficient circuits, but they have some limitations (54). LIGHTER (14) and SAT-based tools (56) find efficient or even optimal (under some assumptions) circuits for small dimensions but their heuristics do not provide good circuits for larger dimensions.…”

Section: Local Optimization and Global Optimization Techniquesmentioning

confidence: 99%

See 1 more Smart Citation

On the Construction of New Lightweight Involutory MDS Matrices in Generalized Subfield Form

et al. 2023

View full text Add to dashboard Cite

Maximum Distance Separable (MDS) matrices are used as the main component of diffusion layers in block ciphers. MDS matrices have the optimal diffusion properties and the maximum branch number, which is a criterion to measure diffusion rate and security against linear and differential cryptanalysis. However, it is a challenging problem to construct hardware-friendly MDS matrices with optimal or close to optimal circuits, especially for involutory ones. In this paper, we consider the generalized subfield construction method given in (1) from the global optimization perspective and then give new 4×4 involutory MDS matrices over F 2 3 and F 2 5 . After that, we present 1,176 (= 28 × 42) new 4 × 4 involutory and MDS diffusion matrices by 33 XORs and depth 3. This new record also improves the previously best-known cost of 38 XOR gates.

show abstract

Section: Local Optimization and Global Optimization Techniquesmentioning

confidence: 99%

Section: Local Optimization and Global Optimization Techniquesmentioning

confidence: 99%

On the Construction of New Lightweight Involutory MDS Matrices in Generalized Subfield Form

et al. 2023

View full text Add to dashboard Cite

show abstract

“… Boyar, Find & Peralta (2019) proposed a new heuristic creating smaller linear and nonlinear circuits for a given circuit depth bound. Tan & Peyrin (2019) proposed Randomized Normal Boyar Peralta (RNBP) heuristic and two non-deterministic algorithms A1 and A2. All these given heuristics focus on the reduction of XOR counts by using temporary intermediate signals (gates) to determine the globally optimized implementations of a diffusion matrix.…”

Section: Introductionmentioning

confidence: 99%

“…Specifically, they converted circuits constructed using only two-input gates into new ones with a combination of two-input and three-input XOR gates. Then, Baksi et al (2021) introduced enhanced versions of BP heuristic (originally presented in Boyar & Peralta (2010) and Tan & Peyrin (2019) ), simply called BDKCI. These improved versions support two-input, three-input, and four-input XOR gates.…”

Section: Introductionmentioning

confidence: 99%

Optimizing implementations of linear layers using two and higher input XOR gates

Kurt Pehlivanoğlu,

Demir

2024

PeerJ Computer Science

View full text Add to dashboard Cite

Maximum distance separable (MDS) matrices are often used in the linear layer of a block cipher due to their good diffusion property. A well-designed lightweight MDS matrix, especially an involutory one, can provide both security and performance benefits to the cipher. Finding the corresponding effective linear straight-line program (SLP) of the circuit of a linear layer is still a challenging problem. In this article, first, we propose a new heuristic algorithm called Superior Boyar-Peralta (SBP) in the computation of the minimum number of two-input Exclusive-OR (XOR) gates with the minimum circuit depth for the SLPs. Contrary to the existing global optimization methods supporting only two-input XOR gates, SBP heuristic algorithm provides the best global optimization solutions, especially for extracting low-latency circuits. Moreover, we give a new 4 × 4 involutory MDS matrix over F24, which requires only 41 XOR gates and depth 3 after applying SBP heuristic, whereas the previously best-known cost is 45 XOR gates with the same depth. In the second part of the article, for further optimization of the circuit area of linear layers with multiple-input XOR gates, we enhance the recently proposed BDKCI heuristic algorithm by incorporating circuit depth awareness, which limits the depth of the circuits created. By using the proposed circuit depth-bounded version of BDKCI, we present better circuit implementations of linear layers of block ciphers than those given in the literature. For instance, the given circuit for the AES MixColumn matrix only requires 44 XOR gates/depth 3/240.95 GE in the STM 130 nm (simply called ASIC4) library, while the previous best-known result is 55 XOR gates/depth 5/243.00 GE. Much better, our new 4 × 4 involutory MDS matrix requires only 19 XOR gates/depth3/79.75 GE in the STM 90 nm (simply called ASIC1) library, which is the lightest and superior to the state-of-the-art results.

show abstract

“…In 2017 [14], Kranz et al showed that the AES MixColumns matrix is implemented with only 97 xor gates by using BP algorithm [8]. Furthermore, many other variants of the BP algorithm are proposed in [3,23,24]. Recently, a quite different heuristic based on the decomposition of a matrix was proposed in [26], which provided an implementation circuit of the AES MixColumns matrix with remarkably, 92 xor gates.…”

Section: Introductionmentioning

confidence: 99%

Four by four MDS matrices with the fewest XOR gates based on words

Shi¹,

Li²,

Tian³

et al. 2023

AMC

View full text Add to dashboard Cite

<p style='text-indent:20px;'>MDS matrices play an important role in the design of block ciphers, and constructing MDS matrices with fewer xor gates is of significant interest for lightweight ciphers. For this topic, Duval and Leurent proposed an approach to construct MDS matrices by using three linear operations in ToSC 2018. Taking words as elements, they found <inline-formula><tex-math id="M1">\begin{document}$ 16\times16 $\end{document}</tex-math></inline-formula> and <inline-formula><tex-math id="M2">\begin{document}$ 32\times 32 $\end{document}</tex-math></inline-formula> MDS matrices over <inline-formula><tex-math id="M3">\begin{document}$ \mathbb{F}_2 $\end{document}</tex-math></inline-formula> with only <inline-formula><tex-math id="M4">\begin{document}$ 35 $\end{document}</tex-math></inline-formula> xor gates and <inline-formula><tex-math id="M5">\begin{document}$ 67 $\end{document}</tex-math></inline-formula> xor gates respectively, which are also the best known implementations up to now. Based on the same observation as their work, we consider three linear operations as three kinds of elementary linear operations of matrices, and obtain more MDS matrices with <inline-formula><tex-math id="M6">\begin{document}$ 35 $\end{document}</tex-math></inline-formula> and <inline-formula><tex-math id="M7">\begin{document}$ 67 $\end{document}</tex-math></inline-formula> xor gates. In addition, some <inline-formula><tex-math id="M8">\begin{document}$ 16\times16 $\end{document}</tex-math></inline-formula> or <inline-formula><tex-math id="M9">\begin{document}$ 32\times32 $\end{document}</tex-math></inline-formula> involutory MDS matrices with only <inline-formula><tex-math id="M10">\begin{document}$ 36 $\end{document}</tex-math></inline-formula> or <inline-formula><tex-math id="M11">\begin{document}$ 72 $\end{document}</tex-math></inline-formula> xor gates over <inline-formula><tex-math id="M12">\begin{document}$ \mathbb{F}_2 $\end{document}</tex-math></inline-formula> are also proposed, which are better than previous results. Moreover, our method can be extended to general linear groups, and we prove that the lower bound of the sequential xor count based on words for <inline-formula><tex-math id="M13">\begin{document}$ 4 \times 4 $\end{document}</tex-math></inline-formula> MDS matrix over general linear groups is <inline-formula><tex-math id="M14">\begin{document}$ 8n+2 $\end{document}</tex-math></inline-formula>.</p>

show abstract

Improved Heuristics for Short Linear Programs

Cited by 12 publications

References 8 publications

On the Construction of New Lightweight Involutory MDS Matrices in Generalized Subfield Form

On the Construction of New Lightweight Involutory MDS Matrices in Generalized Subfield Form

Optimizing implementations of linear layers using two and higher input XOR gates

Four by four MDS matrices with the fewest XOR gates based on words

Contact Info

Product

Resources

About