Abstract
In this paper, we study the behavior of the XOR count distributions under different bases of finite field. XOR count of a field element is a simplified metric to estimate the hardware implementation cost to compute the finite field multiplication of an element. It is an important criterion in the design of lightweight cryptographic primitives, typically to estimate the efficiency of the diffusion layer in a block cipher. Although several works have been done to find lightweight MDS diffusion matrices, to the best of our knowledge, none has considered finding lightweight diffusion matrices under other bases of finite field apart from the conventional polynomial basis. The main challenge for considering different bases for lightweight diffusion matrix is that the number of bases grows exponentially as the dimension of a finite field increases, causing it to be infeasible to check all possible bases. Through analyzing the XOR count distributions and the relationship between the XOR count distributions under different bases, we find that when all possible bases for a finite field are considered, the collection of the XOR count distribution is invariant to the choice of the irreducible polynomial of the same degree. In addition, we can partition the set of bases into equivalence classes, where the XOR count distribution is invariant in an equivalence class, thus when changing bases within an equivalence class, the XOR count of a diffusion matrix will be the same. This significantly reduces the number of bases to check as we only need to check one representative from each equivalence class for lightweight diffusion matrices. The empirical evidence from our investigation says that the bases which are in the equivalence class of the polynomial basis are the recommended choices for constructing lightweight MDS diffusion matrices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This notation should not be confused with the finite field notation \(\mathrm {GF}(2)[X]/(P)\), where (P) is an ideal generated by irreducible polynomial P. Nevertheless, both notations refer to the same thing. i.e., \(\mathrm {GF}(2^n)/p(X)=\mathrm {GF}(2)[X]/(P)\).
- 2.
This is a necessary condition for a normal basis, not every i forms a basis.
- 3.
We acknowledge that common terms in the expression could be computed just once and reused to save some XOR count. However, that would require additional cycle and extra memory cost which would very likely to outweigh the cost saved for the XOR count.
- 4.
Note that the element \(\alpha ^{12}\) can also be written as \(\alpha ^5\) as the finite field multiplication of primitive element has a cycle of length 7.
References
Babbage, S., Dodd, M.: The stream cipher MICKEY 2.0 (2006). http://www.ecrypt.eu.org/stream/mickeypf.html
Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Kneževic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE - a low-latency block cipher for pervasive computing applications (Full version). Cryptology ePrint Archive, Report /529 (2012). http://eprint.iacr.org/
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002)
Gehring, F.W., Halmos, P.R. (eds.): Introduction to Analytic Number Theory. Undergraduate Texts in Mathematics. Springer, New York (1976)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)
Hell, M., Johansson, T., Meier, W.: Grain : a stream cipher for constrained environments. Int. J. Wire. Mob. Comput. 2(1), 86–93 (2007)
Khoo, K., Peyrin, T., Poschmann, A.Y., Yap, H.: FOAM: searching for hardware-optimal SPN structures and components with a fair comparison. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 433–450. Springer, Heidelberg (2014)
Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)
Sim, S.M., Khoo, K., Oggier, F., Peyrin, T.: Lightweight MDS involution matrices. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 471–493. Springer, Heidelberg (2015)
Tian, Y., Chen, G., Li, J.: On the design of Trivium. Cryptology ePrint Archive, Report /431 (2009). http://eprint.iacr.org/
Acknowledgements
The authors would like to thank Thomas Peyrin for his valuable comments. The second author is supported by Singapore National Research Foundation Fellowship 2012 (NRF-NRFF2012-06).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Pseudocode for finding equivalent bases of \(\mathrm {GF}(2^n)\)
B Pseudocode for Finding Lightweight (involutory) MDS Hadamard Matrices over \(\mathrm {GF}(2^n)\)
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Sarkar, S., Sim, S.M. (2016). A Deeper Understanding of the XOR Count Distribution in the Context of Lightweight Cryptography. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds) Progress in Cryptology – AFRICACRYPT 2016. AFRICACRYPT 2016. Lecture Notes in Computer Science(), vol 9646. Springer, Cham. https://doi.org/10.1007/978-3-319-31517-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-31517-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31516-4
Online ISBN: 978-3-319-31517-1
eBook Packages: Computer ScienceComputer Science (R0)