On the Lower Bound of Cost of MDS Matrices
Ever since lightweight cryptography emerged as one of the trending topics in symmetric key cryptography, optimizing the implementation cost of MDS matrices has been in the center of attention. In this direction, various metrics like d-XOR, s-XOR and g-XOR have been proposed to mimic the hardware co...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2022-12-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/9979 |
| _version_ | 1811205973771026432 |
|---|---|
| author | Ayineedi Venkateswarlu Abhishek Kesarwani Sumanta Sarkar |
| author_facet | Ayineedi Venkateswarlu Abhishek Kesarwani Sumanta Sarkar |
| author_sort | Ayineedi Venkateswarlu |
| collection | DOAJ |
| description |
Ever since lightweight cryptography emerged as one of the trending topics in symmetric key cryptography, optimizing the implementation cost of MDS matrices has been in the center of attention. In this direction, various metrics like d-XOR, s-XOR and g-XOR have been proposed to mimic the hardware cost. Consequently, efforts also have been made to search for the optimal MDS matrices for dimensions relevant to cryptographic applications according to these metrics. However, finding the optimal MDS matrix in terms of hardware cost still remains an unsolved problem. In this paper, we settle the question of the optimal 4 x 4 MDS matrices over GL(n, F2) under the recently proposed metric sequential XOR count based on words (sw-XOR). We prove that the sw-XOR of such matrices is at least 8n + 3, and the bound is tight as matrices with sw-XOR cost 35 and 67 for the values of n = 4 and 8, respectively, were already known. Moreover, the lower bound for these values of n matches with the known lower bounds according to s-XOR and g-XOR metrics.
|
| first_indexed | 2024-04-12T03:40:22Z |
| format | Article |
| id | doaj.art-cea9df7d0b884230b7241c06df474fbf |
| institution | Directory Open Access Journal |
| issn | 2519-173X |
| language | English |
| last_indexed | 2024-04-12T03:40:22Z |
| publishDate | 2022-12-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | IACR Transactions on Symmetric Cryptology |
| spelling | doaj.art-cea9df7d0b884230b7241c06df474fbf2022-12-22T03:49:19ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2022-12-012022410.46586/tosc.v2022.i4.266-290On the Lower Bound of Cost of MDS MatricesAyineedi Venkateswarlu0Abhishek Kesarwani1Sumanta Sarkar2Indian Statistical Institute, Chennai Centre, Chennai, IndiaIHUB NTIHAC FOUNDATION, IIT Kanpur, Kanpur, IndiaUniversity of Warwick, Coventry, United Kingdom Ever since lightweight cryptography emerged as one of the trending topics in symmetric key cryptography, optimizing the implementation cost of MDS matrices has been in the center of attention. In this direction, various metrics like d-XOR, s-XOR and g-XOR have been proposed to mimic the hardware cost. Consequently, efforts also have been made to search for the optimal MDS matrices for dimensions relevant to cryptographic applications according to these metrics. However, finding the optimal MDS matrix in terms of hardware cost still remains an unsolved problem. In this paper, we settle the question of the optimal 4 x 4 MDS matrices over GL(n, F2) under the recently proposed metric sequential XOR count based on words (sw-XOR). We prove that the sw-XOR of such matrices is at least 8n + 3, and the bound is tight as matrices with sw-XOR cost 35 and 67 for the values of n = 4 and 8, respectively, were already known. Moreover, the lower bound for these values of n matches with the known lower bounds according to s-XOR and g-XOR metrics. https://tosc.iacr.org/index.php/ToSC/article/view/9979Lightweight cryptographyDiffusion layerMDS matrixHardware implementationXOR cost |
| spellingShingle | Ayineedi Venkateswarlu Abhishek Kesarwani Sumanta Sarkar On the Lower Bound of Cost of MDS Matrices IACR Transactions on Symmetric Cryptology Lightweight cryptography Diffusion layer MDS matrix Hardware implementation XOR cost |
| title | On the Lower Bound of Cost of MDS Matrices |
| title_full | On the Lower Bound of Cost of MDS Matrices |
| title_fullStr | On the Lower Bound of Cost of MDS Matrices |
| title_full_unstemmed | On the Lower Bound of Cost of MDS Matrices |
| title_short | On the Lower Bound of Cost of MDS Matrices |
| title_sort | on the lower bound of cost of mds matrices |
| topic | Lightweight cryptography Diffusion layer MDS matrix Hardware implementation XOR cost |
| url | https://tosc.iacr.org/index.php/ToSC/article/view/9979 |
| work_keys_str_mv | AT ayineedivenkateswarlu onthelowerboundofcostofmdsmatrices AT abhishekkesarwani onthelowerboundofcostofmdsmatrices AT sumantasarkar onthelowerboundofcostofmdsmatrices |