constructing low latency involutory mds matrices with
play

Constructing Low-latency Involutory MDS Matrices with Lightweight - PowerPoint PPT Presentation

Dec 26, 2023 •327 likes •782 views

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu FSE 2019 @ Paris, France Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE

  1. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu FSE 2019 @ Paris, France Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 1 / 30

  2. Outlines 1 Background and Motivation 2 Lightweight Involutory MDS matrices 3 Our Construction 4 Low-latency Involutory MDS Matrices 5 Main Results Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 2 / 30

  3. Background and Motivation Outline 1 Background and Motivation 2 Lightweight Involutory MDS matrices 3 Our Construction 4 Low-latency Involutory MDS Matrices 5 Main Results Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 3 / 30

  4. Background and Motivation Difgusion Matrices The difgusion layers are typically realized with linear operations, expressed as matrices and spreading the internal dependencies as much as possible. The difgusion property of a difgusion matrix is up to its branch number: Defjnition Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 3 / 30 The branch number B n ( A ) of A ∈ M nk ( F 2 ) is defjned as x ∈ F 2 nk \{ 0 } { ω n ( x ) + ω n ( Ax ) } . min

  5. Background and Motivation Difgusion Layer Regular lightweight primitive have following types of difgusion layer: Bit-level Permutations: PRESENT[A. Bogdanov et al., CHES’07], GIFT[S. Banik et al., CHES’17] Bitwise XORs and Rotations: Skinny[C. Beierle et al., CRYPTO’16], CRAFT[C. Beierle et al., FSE’19] Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 4 / 30

  6. Background and Motivation Difgusion Layer Regular lightweight primitive have following types of difgusion layer: Bit-level Permutations: PRESENT[A. Bogdanov et al., CHES’07], GIFT[S. Banik et al., CHES’17] Bitwise XORs and Rotations: Skinny[C. Beierle et al., CRYPTO’16], CRAFT[C. Beierle et al., FSE’19] Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 4 / 30

  7. Background and Motivation Difgusion Layer Regular lightweight primitive have following types of difgusion layer: Bit-level Permutations: PRESENT[A. Bogdanov et al., CHES’07], GIFT[S. Banik et al., CHES’17] Bitwise XORs and Rotations: Skinny[C. Beierle et al., CRYPTO’16], CRAFT[C. Beierle et al., FSE’19] Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 4 / 30

  8. Background and Motivation 1 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. 0 1 1 1 1 0 1 1 Difgusion Layer 1 0 1 1 1 1 0 M Midori QARMA[R. Avanzi, FSE’17] Almost MDS Matrices: Midori[S. Banik et al., ASIACRYPT’15], Maximal Distance Separable (MDS) Matrices: AES 5 / 30

  9. Background and Motivation 1 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. 0 1 1 1 1 0 1 1 Difgusion Layer 1 0 1 Maximal Distance Separable (MDS) Matrices: AES Almost MDS Matrices: Midori[S. Banik et al., ASIACRYPT’15], QARMA[R. Avanzi, FSE’17] 5 / 30 0 1 1 1     M Midori =    

  10. Background and Motivation 3 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. 2 1 1 3 3 2 1 1 MDS Matrices 1 2 1 Defjnition Example 6 / 30 2 3 1 1 An invertible nk × nk binary matrix A is MDS over k n -bit words if and only if B n ( A ) = k + 1. The MDS matrix in AES:        

  11. Background and Motivation Midori Almost MDS, 128-bit block size and 128-bit key FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. simple and clear security proofs followed from AES. number of round is 10. AES MDS, 128-bit block size and 128-bit key size, size, number of round is 20. tweakey size, number of round is 40. Wide Trail Strategy Skinny Bitwise XORs, 128-bit block size and 128-bit Relatively small numbers of rounds, low-latency designs. block cipher: with the strategy, have advantages as difgusion layers in iterative difgerential and linear cryptanalysis. MDS matrices are in accordance transformations that combine effjciency and resistance against The wide trail strategy is an approach used to design the round 7 / 30

  12. Background and Motivation 9 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. Circuit-search-based: S. Duval and G. Leurent, FSE’19 Cauchy, Involutory matrices Special-type-based: Circulant, Orthogonal, Hadamard, Toeplitz, 66 149 100 11 24 66 17 38 17 6 4 Construction 4 1 2 1 4 1 2 1 4 0 0 0 1 0 0 1 0 0 1 0 0 CRYPTO’11] Iteration-based: PHOTON hash functions[J. Guo et al., XOR and Rotations-based: Hight[D. Hong et al., CHES’06] 8 / 30

  13. Background and Motivation 9 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. Circuit-search-based: S. Duval and G. Leurent, FSE’19 Cauchy, Involutory matrices Special-type-based: Circulant, Orthogonal, Hadamard, Toeplitz, 66 149 100 11 24 66 17 38 17 6 4 Construction 4 1 2 1 4 1 2 1 4 0 0 0 1 0 0 1 0 0 1 0 0 CRYPTO’11] Iteration-based: PHOTON hash functions[J. Guo et al., XOR and Rotations-based: Hight[D. Hong et al., CHES’06] 8 / 30

  14. Background and Motivation Construction FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. Circuit-search-based: S. Duval and G. Leurent, FSE’19 Cauchy, Involutory matrices Special-type-based: Circulant, Orthogonal, Hadamard, Toeplitz, 66 149 100 11 24 66 17 38 17 6 9 4 4 1 2 1 2 1 4 0 0 0 1 0 0 1 0 CRYPTO’11] Iteration-based: PHOTON hash functions[J. Guo et al., XOR and Rotations-based: Hight[D. Hong et al., CHES’06] 8 / 30 ( 0 1 0 0 ) 4 ( 1 ) = ,

  15. Background and Motivation Construction FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. Circuit-search-based: S. Duval and G. Leurent, FSE’19 Cauchy, Involutory matrices Special-type-based: Circulant, Orthogonal, Hadamard, Toeplitz, 66 149 100 11 24 66 17 38 17 6 9 4 4 1 2 1 2 1 4 0 0 0 1 0 0 1 0 CRYPTO’11] Iteration-based: PHOTON hash functions[J. Guo et al., XOR and Rotations-based: Hight[D. Hong et al., CHES’06] 8 / 30 ( 0 1 0 0 ) 4 ( 1 ) = ,

  16. Background and Motivation Involutory Matrices Defjnition An involutory matrix M is a square matrix that is its own inverse. That is, multiplication by matrix M is an involution if and only if Involutory matrices are preferable in term of hardware implementation, since the same circuit can be reused when the inverse is required. Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 9 / 30 M 2 = I .

  17. Background and Motivation 6 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. PRINCE, [J. Borghofg et al., ASIACRYPT’12] ICEBERG, [F. Standaert et al., FSE’04] 1 2 4 6 2 1 4 Involutory MDS Matrices 4 6 1 2 6 4 2 1 Anubis, [P. Barreto et al., 2000] more preferable, Involutory MDS matrices applied in designs: The advantage of MDS and Involutory makes involutory matrices 10 / 30

  18. Background and Motivation 4 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. PRINCE, [J. Borghofg et al., ASIACRYPT’12] ICEBERG, [F. Standaert et al., FSE’04] 1 2 4 6 2 1 6 Involutory MDS Matrices 4 6 1 The advantage of MDS and Involutory makes involutory matrices more preferable, Involutory MDS matrices applied in designs: Anubis, [P. Barreto et al., 2000] 10 / 30 1 2 4 6 2        

  19. Background and Motivation 4 FSE 2019 Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Li, Sun et al. PRINCE, [J. Borghofg et al., ASIACRYPT’12] ICEBERG, [F. Standaert et al., FSE’04] 1 2 4 6 2 1 6 Involutory MDS Matrices 4 6 1 The advantage of MDS and Involutory makes involutory matrices more preferable, Involutory MDS matrices applied in designs: Anubis, [P. Barreto et al., 2000] 10 / 30 1 2 4 6 2        

  20. Lightweight Involutory MDS matrices Outline 1 Background and Motivation 2 Lightweight Involutory MDS matrices 3 Our Construction 4 Low-latency Involutory MDS Matrices 5 Main Results Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 11 / 30

  21. Lightweight Involutory MDS matrices Metrics We estimate the hardware cost of a linear operation as the number of It is NP-hard to obtain the minimum number of XOR2 gates required: Theorem (J. Boyar et al.) Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE 2019 11 / 30 F 2 × F 2 → F 2 XOR2 gates required in its implementation. For any fjeld F , SHORTEST LINEAR PROGRAM is NP-hard.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Direct construction of quasi-involutory recursive-like MDS matrices from 2 -cyclic codes Cauchois

Direct construction of quasi-involutory recursive-like MDS matrices from 2 -cyclic codes Cauchois

Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Direct construction of quasi-involutory recursive-like MDS matrices from 2 -cyclic codes Cauchois Victor 1 Loidreau Pierre 1 Merkiche Nabil 23 1 DGA-MI

540 views • 25 slides
Constructing (0 , 1)-matrices with large minimal defining sets Nicholas Cavenagh, Reshma

Constructing (0 , 1)-matrices with large minimal defining sets Nicholas Cavenagh, Reshma

Constructing (0 , 1)-matrices with large minimal defining sets Nicholas Cavenagh, Reshma Ramadurai University of Waikato Let R = ( r 1 , r 2 , . . . , r m ) and S = ( s 1 , s 2 , . . . , s n ) be vectors of non-negative integers such that m i

407 views • 14 slides
Involutory Turing Machines Keisuke Nakano RIEC, Tohoku University RC 2020 @ Online Involution f

Involutory Turing Machines Keisuke Nakano RIEC, Tohoku University RC 2020 @ Online Involution f

Involutory Turing Machines Keisuke Nakano RIEC, Tohoku University RC 2020 @ Online Involution f x dom ( f ). f ( f (x) ) = x Involution (a.k.a. involutory function) A function that is own inverse I.e., f(x) = y if and only if f(y)

1.21k views • 18 slides
MATHEMATICS 1 CONTENTS Matrices Special matrices Operations with matrices Matrix

MATHEMATICS 1 CONTENTS Matrices Special matrices Operations with matrices Matrix

Matrices BUSINESS MATHEMATICS 1 CONTENTS Matrices Special matrices Operations with matrices Matrix multipication More operations with matrices Matrix transposition Symmetric matrices Old exam question Further study 2 MATRICES A

615 views • 25 slides
Models and refined models for involutory reflection groups and classical Weyl groups FABRIZIO

Models and refined models for involutory reflection groups and classical Weyl groups FABRIZIO

Models and refined models for involutory reflection groups and classical Weyl groups Models and refined models for involutory reflection groups and classical Weyl groups FABRIZIO CASELLI AND ROBERTA FULCI FPSAC10 - San Francisco Models and

1.25k views • 91 slides
Why Are We Matrices? Studying plenty Matrices have uses in Computer Science. E.g.: of

Why Are We Matrices? Studying plenty Matrices have uses in Computer Science. E.g.: of

Topic 7: Matrices - p. - CSc (Mccann) Matrlcs 245 v1.1 1 Why Are We Matrices? Studying plenty Matrices have uses in Computer Science. E.g.: of o Representation... o . graph (see . . of the data structure CSc

253 views • 8 slides
Transformations and Matrices Transformations I Transformations are functions Matrices

Transformations and Matrices Transformations I Transformations are functions Matrices

Transformations and Matrices Transformations I Transformations are functions Matrices are functions representations Matrices represent linear transfs CS5600 Computer Graphics Lecture Set 5 by 2 x 2 Matrices == 2D Linear

269 views • 9 slides
Constructing Inverse Probability Weights for Static Constructing Inverse Probability Weights for

Constructing Inverse Probability Weights for Static Constructing Inverse Probability Weights for

Constructing Inverse Probability Weights for Static Constructing Inverse Probability Weights for Interventions Selection Bias Kunjal Patel, DSc MPH Senior Research Scientist Harvard T.H. Chan School of Public Health Acknowledgement Slides

928 views • 61 slides
Adjacency Matrices Representations memory? 1. Adjacency matrices. 2. Adjacency lists. 3.

Adjacency Matrices Representations memory? 1. Adjacency matrices. 2. Adjacency lists. 3.

Lecture 11 | Part 1 Adjacency Matrices Representations memory? 1. Adjacency matrices. 2. Adjacency lists. 3. Dictionary of sets How do we store a graph in a computers Three approaches: Adjacency Matrices Assume nodes are

927 views • 26 slides
Is It Latency or Do You Just Suck? Latency Can Kill: Precision and Deadline in Online Games

Is It Latency or Do You Just Suck? Latency Can Kill: Precision and Deadline in Online Games

12/6/2011 Is It Latency or Do You Just Suck? Latency Can Kill: Precision and Deadline in Online Games http://www.youtube.com/watch?v=r6PwHkhEAkU Mark Claypool and Kajal Claypool ACM MMSys Scottsdale, AZ, USA February 2010

412 views • 4 slides
JUST THE MATHS SLIDES NUMBER 9.9 MATRICES 9 (Modal & spectral matrices) by

JUST THE MATHS SLIDES NUMBER 9.9 MATRICES 9 (Modal & spectral matrices) by

JUST THE MATHS SLIDES NUMBER 9.9 MATRICES 9 (Modal & spectral matrices) by A.J.Hobson 9.9.1 Assumptions and definitions 9.9.2 Diagonalisation of a matrix UNIT 9.9 - MATRICES 9 MODAL AND SPECTRAL MATRICES 9.9.1 ASSUMPTIONS AND

549 views • 10 slides
Results for different matrices and comparisons Dense Matrices Rectangular Matrices

Results for different matrices and comparisons Dense Matrices Rectangular Matrices

Results for different matrices and comparisons Dense Matrices Rectangular Matrices Rectangular Matrices Symmetric Matrices Sparse Matrices Dense Rectangular matrices Dense Rectangular matrices Dense Rectangular matrices Dense

515 views • 25 slides
(yes, again! ) Stephan van Staden Outline The Views framework The motivation for

(yes, again! ) Stephan van Staden Outline The Views framework The motivation for

Constructing the Views Framework (yes, again! ) Stephan van Staden Outline The Views framework The motivation for constructing it again Formal languages Constructing the program logic Constructing operational calculi

648 views • 20 slides
Asynchronous I/O Stack: A Low-latency Kernel I/O Stack for Ultra-Low Latency SSDs Jinkyu Jeong

Asynchronous I/O Stack: A Low-latency Kernel I/O Stack for Ultra-Low Latency SSDs Jinkyu Jeong

Asynchronous I/O Stack: A Low-latency Kernel I/O Stack for Ultra-Low Latency SSDs Jinkyu Jeong Sungkyunkwan University (SKKU) Source: Gyusun Lee et al., Asynchronous I/O Stack: A Low-latency Kernel I/O Stack for Ultra-Low Latency SSDs, USENIX

672 views • 48 slides
Matrices and Vectors Marco Chiarandini Department of Mathematics & Computer Science

Matrices and Vectors Marco Chiarandini Department of Mathematics & Computer Science

DM559 Linear and Integer Programming Lecture 2 Matrices and Vectors Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark Matrices and Vectors Outline 1. Matrices and Vectors 2 Matrices and

698 views • 27 slides
Structural Matrices in MDOF Systems Structural Matrices Evaluation of Structural Giacomo Boffi

Structural Matrices in MDOF Systems Structural Matrices Evaluation of Structural Giacomo Boffi

Structural Matrices Giacomo Boffi Introductory Remarks Structural Matrices in MDOF Systems Structural Matrices Evaluation of Structural Giacomo Boffi Matrices Choice of Property http://intranet.dica.polimi.it/people/boffi-giacomo

949 views • 76 slides
Difference sets and Hadamard matrices Padraig Cathin University of Queensland 5 November

Difference sets and Hadamard matrices Padraig Cathin University of Queensland 5 November

Difference sets and Hadamard matrices Padraig Cathin University of Queensland 5 November 2012 Padraig Cathin Difference sets and Hadamard matrices 5 November 2012 Outline Hadamard matrices 1 Symmetric designs 2 Hadamard

586 views • 30 slides
Search for systems of linked symmetric 2 (36 , 15 , 6) designs Matan Ziv-Av Ben-Gurion

Search for systems of linked symmetric 2 (36 , 15 , 6) designs Matan Ziv-Av Ben-Gurion

Search for systems of linked symmetric 2 (36 , 15 , 6) designs Matan Ziv-Av Ben-Gurion University of the Negev AGT16, Plze n, October 2016. Outline Symmetric 2-designs 1 Systems of linked symmetric designs 2 Parameters (36 , 15 , 6)

564 views • 30 slides
Matrix-Multiply FSMD Start Din WEn WEn Cnt=0 WAddr WAddr Start=0 S1 Sum=0 RegFile

Matrix-Multiply FSMD Start Din WEn WEn Cnt=0 WAddr WAddr Start=0 S1 Sum=0 RegFile

Matrix-Multiply FSMD Start Din WEn WEn Cnt=0 WAddr WAddr Start=0 S1 Sum=0 RegFile RegFile (RFA) (RFB) Rst Start=1 Counter Inc REn REn (Cnt) RAddr RAddr Cnt=63 i j k RFB(j,k)=Din Cnt=0 S3 S2 Cnt = Cnt +1 Rst Rst Reg

82 views • 5 slides
Sparse Kernel Machines - RVM Henrik I. Christensen Robotics & Intelligent Machines @ GT

Sparse Kernel Machines - RVM Henrik I. Christensen Robotics & Intelligent Machines @ GT

Introduction Regression Model RVM for classification Summary Sparse Kernel Machines - RVM Henrik I. Christensen Robotics & Intelligent Machines @ GT Georgia Institute of Technology, Atlanta, GA 30332-0280 hic@cc.gatech.edu Henrik I.

565 views • 22 slides
MSc in Computer Engineering, Cybersecurity and Artificial Intelligence Course FDE , a.a.

MSc in Computer Engineering, Cybersecurity and Artificial Intelligence Course FDE , a.a.

MSc in Computer Engineering, Cybersecurity and Artificial Intelligence Course FDE , a.a. 2019/2020, Lecture 15 Design procedure for state observers and observer-based feedback Prof. Mauro Franceschelli Dept. of Electrical and Electronic

1.35k views • 71 slides
Determinants: Definitions The Key Fact Fact. A square matrix is invertible if and only if its

Determinants: Definitions The Key Fact Fact. A square matrix is invertible if and only if its

Determinants: Definitions The Key Fact Fact. A square matrix is invertible if and only if its determinant is not zero. detONE: 2 The 2 2 Case a b a b det = = ad bc c d c d We use both

435 views • 9 slides
Announcements Monday, October 23 The midterm will be returned in recitation on Friday. The

Announcements Monday, October 23 The midterm will be returned in recitation on Friday. The

Announcements Monday, October 23 The midterm will be returned in recitation on Friday. The grade breakdown is posted on Piazza. You can pick it up from me in office hours before then. Keep tabs on your grades on Canvas. No

324 views • 21 slides
JUST THE MATHS SLIDES NUMBER 7.1 DETERMINANTS 1 (Second order determinants) by

JUST THE MATHS SLIDES NUMBER 7.1 DETERMINANTS 1 (Second order determinants) by

JUST THE MATHS SLIDES NUMBER 7.1 DETERMINANTS 1 (Second order determinants) by A.J.Hobson 7.1.1 Pairs of simultaneous linear equations 7.1.2 The definition of a second order determinant 7.1.3 Cramers Rule for two simultaneous

321 views • 9 slides

More recommend