Cryptology ePrint Archive: Report 2017/194

Improved upper bounds for the expected circuit complexity of dense systems of linear equations over GF(2)

Andrea Visconti and Chiara Valentina Schiavo and René Peralta

Abstract: Minimizing the Boolean circuit implementation of a given cryptographic function is an important issue. A number of papers [12,13,11,5] only consider cancellation-free straight-line programs for producing short circuits over GF(2) while [4] does not. Boyar-Peralta (BP) heuristic [4] yields a valuable tool for practical applications such as building fast software and low-power circuits for cryptographic applications, e.g. AES [4], PRESENT [7], and GOST [7]. However, BP heuristic does not take into account the matrix density. In a dense linear system the rows can be computed by adding or removing a few elements from a "common path" that is "close" to almost all rows. The new heuristic described in this paper will merge the idea of "cancellation" and "common path". An extensive testing activity has been performed. Experimental results of new and BP heuristic were compared. They show that the Boyar-Peralta bounds are not tight on dense systems.

Category / Keywords: Gate complexity; linear systems; dense matrices; circuit depth; gate count; XOR gates

Date: received 25 Feb 2017, last revised 28 Feb 2017

Contact author: andrea visconti at unimi it

Available format(s): PDF | BibTeX Citation

Version: 20170301:045933 (All versions of this report)

Short URL: ia.cr/2017/194

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]