Abstract
In this paper, we investigate the hardware circuit complexity of the class of Boolean functions recently introduced by Tang and Maitra (IEEE-TIT 64(1): 393–402, 2018). While this class of functions has very good cryptographic properties, the exact hardware requirement is an immediate concern as noted in the paper itself. In this direction, we consider different circuit architectures based on finite field arithmetic and Boolean optimization. An estimation of the circuit complexity is provided for such functions given any input size n. We study different candidate architectures for implementing these functions, all based on the finite field arithmetic. We also show different implementations for both ASIC and FPGA, providing further analysis on the practical aspects of the functions in question and the relation between these implementations and the theoretical bound. The practical results show that the Tang-Maitra functions are quite competitive in terms of area, while still maintaining an acceptable level of throughput performance for both ASIC and FPGA implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Carlet, C.: Two new classes of bent functions. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 77–101. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_8
Thomas, W., Cusick, W., Stănică, P.: Cryptographic Boolean Functions and Applications. Academic Press, Cambridge (2009)
Dillon, J.F.: Elementary Hadamard difference sets. Ph.D. thesis (1974)
Deschamps, J.-P., Imana, J.L., Sutter, G.D.: Hardware Implementation of Finite-Field Arithmetic. McGraw-Hill, New York (2009)
Dobbertin, H.: Construction of bent functions and balanced Boolean functions with high nonlinearity. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 61–74. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_5
Filiol, E., Fontaine, C.: Highly nonlinear balanced Boolean functions with a good correlation-immunity. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 475–488. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054147
Fontaine, C.: On some cosets of the first-order Reed-Muller code with high minimum weight. IEEE Trans. Inf. Theory 45(4), 1237–1243 (1999)
Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in GF (2m) using normal bases. Inf. comput. 78(3), 171–177 (1988)
Khairallah, M., Chattopadhyay, A., Peyrin, T.: Looting the LUTs: FPGA optimization of AES and AES-like ciphers for authenticated encryption. In: Patra, A., Smart, N.P. (eds.) INDOCRYPT 2017. LNCS, vol. 10698, pp. 282–301. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71667-1_15
Kavut, S., Maitra, S., Tang, D.: Searching balanced Boolean functions on even number of variables with excellent autocorrelation profile. In: Tenth International Workshop on Coding and Cryptography, Saint-Petersburg, Russia, 18–22 September 2017
Lidl, R., Niederreiter, H.: Introduction to Finite Fields and Their Applications. Cambridge University Press, Cambridge (1994)
McFarland, R.L.: A family of difference sets in non-cyclic groups. J. Comb. Theory Ser. A 15(1), 1–10 (1973)
Mesnager, S.: Bent Functions. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32595-8
Pasalic, E., Chattopadhyay, A., Zhang, W.: Efficient implementation of generalized Maiorana-McFarland class of cryptographic functions. J. Cryptogr. Eng. 7(4), 287–295 (2017)
Rothaus, O.S.: On “bent” functions. J. Comb. Theory Ser. A 20(3), 300–305 (1976)
Stănică, P., Maitra, S.: Rotation symmetric Boolean functions-count and cryptographic properties. Discrete Appl. Math. 156(10), 1567–1580 (2008)
Spillman, R.J.: The effect of DON’T CARES on the complexity of combinational circuits. Proc. IEEE 68(8), 1021–1022 (1980)
Tang, D., Maitra, S.: Construction of \(n\)-variable (n\(\equiv \) 2 mod 4) balanced Boolean functions with maximum absolute value in autocorrelation spectra \(< 2^{n/2}\). IEEE Trans. Inf. Theory 64(1), 393–402 (2018)
Tang, D., Kavut, S., Mandal, B., Maitra, S.: Modifying Maiorana-McFarland type bent functions for good cryptographic properties, April 2018 (preprint)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Discrete-Log Representation of \(\mathbb {F}_{2^n}\) Arithmetic
The Discrete-Log representation is described in Sect. 2.3. Multiplication can be defined as
While inversion can be defined as
Both operations require circuit complexity of \(\mathcal {O}(n)\), which is smaller than the corresponding circuits for both normal and polynomial bases. While the same can be said about squaring, we show now that it can be implemented as a cyclic shift operation (similar to the case of normal basis). Squaring can be written in terms of multiplication as follows, where \(\times \) is used for integer multiplications as opposed to finite field multiplication \(\odot \),
and
Using the two’s complement representation of integer arithmetic, Eq. (11) can be written as
Equation (12) means that the squaring operation in the discrete-log representation is a left shift operation with the most significant bit of x becoming the least significant bit, i.e., a cyclic shift of x.
In addition, however, in the discrete-log representation is complicated. It can be implemented by using look-up tables or by conversion to another representation. Hence, studying the complexity of trace function is this representation without using addition is an interesting problem. Using property 2 of trace function in Sect. 2.1 and Eq. (12), we can conclude, as in the case of normal basis, that trace function is a Rotation Symmetric Boolean Function (RSBF). Now we define the rotation symmetric Boolean functions. Let \(x_i\in \mathbb F_2\) for \(0\le i\le n-1\). We define
Let \(P_n=\{\rho _n^0,\rho _n^1,\ldots ,\rho _n^{n-1}\}\) be the permutation group which contains the rotations of n symbols, defined as
Definition 1
A Boolean function f in n variables is said to be rotation symmetric if and only if for any \(x\in \mathbb {F}_2^n\), \(f(\rho _n^i(x))=f(x), \,{ for}\,\, {all } \,\,0\le i\le n-1\).
The problem of defining an RSBF is related to the problem of necklace equivalence in combinatorics. This helps to derive an upper bound on the circuit complexity of a trace function in the discrete-log representation.
Definition 2
A binary necklace of length n is an equivalence class of n-character strings over the alphabet \(\{0,1\}\), where two arrangements are equivalent if one can be obtained from the other by applying cyclic rotations.
Definition 3
The lexicographical representation of a binary necklace N is the member of [N] with the maximum number of leading 0’s.
B Circuit for the Tang-Maitra Functions Based on Discrete-Log Representation
The circuit in Fig. 3 can be used to compute the Tang-Maitra function when the inputs are in the discrete-log representation. The operation \(\frac{x}{y}\) is computed as \(x-y \pmod {2^k-1}\), with complexity \(\mathcal {O}(k)\). After that, \(\mathrm{Tr}^k_1\) is computed as an RSBF. In this Section, we give a circuit for any RSBF, with sub-exponential complexity \(\mathcal {O}(k^2+2^k/k^2)\).
Rotation Symmetric Boolean Function Circuits. Let f be a rotation symmetric Boolean function in k variables, i.e., \(f(\rho _k^i(x))=f(x)\), for all \(0\le i\le k-1\). Hence, [x] is an equivalence class (orbit) that includes all the rotations of x, i.e., \([x]=\{\rho _k^i(x)| 0\le i\le k-1\}\). We choose the representative of that class to be \(\rho _k^r(x)\), such that \(\rho _k^r(x) \ge \rho _k^i(x)\), for all \(0\le i\le k-1\). In other words, it is the rotation of x that has the maximum integer value. For more details of rotation symmetric Boolean function we refer to [FF98, Fon99]. This is the lexicographical representation of [x] based on the alphabet \(\{0,1\}\).
Lemma 3
A rotation symmetric Boolean function (RSBF) of k variables has a circuit complexity bounded by \(\mathcal {O}(k^2+2^k/k^2)\).
Lemma 4
The discrete-log implementation of the Tang-Maitra function of n variables, where n is even, has a circuit complexity bounded by \(\mathcal {O}(2^{k}+k^2+2^k/k^2)\), where \(n = 2k\).
Proof
In order to convert any x to its lexicographical orbit representation, the orbit detection circuit generates all the k rotations of x, then chooses the value of x that has the maximum integer value using a selection tree that consists of \(k-1\) two-input MAX circuits. Every two-input MAX circuit consists of \(k+1\) integer subtractor (\(6k+6\) gates) and k \(2\times 1\) MUXes, 3K gates. Hence, the orbit detection circuit has a complexity of around \(9k^2-3k-6\) gates. After the lexicographical orbit representation has been detected, a circuit decides whether the given orbit functional value is 0 or 1. This circuit expects only 1 of the lexicographical representations, which, according to Burnside’s Lemma and [SM08, Theorem 3], are \(N_O = \frac{1}{k}\sum _{d|k}\phi (d)2^{\frac{k}{d}}\), where \(\phi \) is Euler’s phi-function. Hence, \(n_x=2^k-N_O\) values in the Truth table of such circuit can be set as DON’T CARES ‘X’. In [Spi80], the author gave an analysis of the circuit complexity of combinational circuits with a large number of DON’T CARES. The number of AND/OR/NOT gates was given by
where \(d=\frac{n_x}{2^k}\), \(p=\frac{n_1}{(1-d)2^k}\), \(H(p)=-p\log (p) - (1-p)\log (1-p)\) and \(L_\infty (G)=\frac{2^k}{k}\). By substitution for the case of the trace circuit, the number of gates is \(\frac{N_O}{n}H(p)\), where \(H(p)\le 1\). Hence, the circuit complexity is \(\mathcal {O}(\frac{N_O}{n})\), and from Burnside’s Lemma, it can be expressed as \(\mathcal {O}(\frac{2^k}{k})\). Hence, the overall complexity of this construction is \(\mathcal {O}(k^2+2^k/k^2)\). \(\square \)
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Khairallah, M., Chattopadhyay, A., Mandal, B., Maitra, S. (2018). On Hardware Implementation of Tang-Maitra Boolean Functions. In: Budaghyan, L., Rodríguez-Henríquez, F. (eds) Arithmetic of Finite Fields. WAIFI 2018. Lecture Notes in Computer Science(), vol 11321. Springer, Cham. https://doi.org/10.1007/978-3-030-05153-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-05153-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05152-5
Online ISBN: 978-3-030-05153-2
eBook Packages: Computer ScienceComputer Science (R0)