Debranjan Pal,Vishal Pankaj Chandratreya,Abhijit Das,Dipanwita Roy Chowdhury

2024-05-01

Abstract:Symmetric key cryptography stands as a fundamental cornerstone in ensuring security within contemporary electronic communication frameworks. The cryptanalysis of classical symmetric key ciphers involves traditional methods and techniques aimed at breaking or analyzing these cryptographic systems. In the evaluation of new ciphers, the resistance against linear and differential cryptanalysis is commonly a key design criterion. The wide trail design technique for block ciphers facilitates the demonstration of security against linear and differential cryptanalysis. Assessing the scheme's security against differential attacks often involves determining the minimum number of active SBoxes for all rounds of a cipher. The propagation characteristics of a cryptographic component, such as an SBox, can be expressed using Boolean functions. Mixed Integer Linear Programming (MILP) proves to be a valuable technique for solving Boolean functions. We formulate a set of inequalities to model a Boolean function, which is subsequently solved by an MILP solver. To efficiently model a Boolean function and select a minimal set of inequalities, two key challenges must be addressed. We propose algorithms to address the second challenge, aiming to find more optimized linear and non-linear components. Our approaches are applied to modeling SBoxes (up to six bits) and EXOR operations with any number of inputs. Additionally, we introduce an MILP-based automatic tool for exploring differential and impossible differential propagations within a cipher. The tool is successfully applied to five lightweight block ciphers: Lilliput, GIFT64, SKINNY64, Klein, and MIBS.

Cryptography and Security

Xinxin Gong,Yonglin Hao,Qingju Wang

DOI: https://doi.org/10.1007/s10623-024-01362-5

IF: 1.4

2024-03-05

Designs Codes and Cryptography

Abstract:The Mixed Integer Linear Programming (MILP) technique has been widely applied in the realm of symmetric-key cryptanalysis. In this paper, we propose a new bitwise breakdown MILP modeling strategy for describing the linear propagation rules of modular addition-based operations. We apply such new techniques to cryptanalysis of the SNOW stream cipher family and find new linear masks: we use the MILP model to find many linear mask candidates among which the best ones are identified with particular algebraic bias evaluation techniques. For SNOW 3G, the correlation of the linear mask we found is the highest on record: such results are highly likely to be optimal according to our analysis. For SNOW 2.0, we find new masks matching the correlation record and many new sub-optimal masks applicable to improving correlation attacks. For SNOW-V/Vi, by investigating both bitwise and truncated linear masks, we find all linear masks having the highest correlation and prove the optimum of the corresponding truncated patterns under the "fewest active S-box preferred" strategy. By using the newly found linear masks, we give correlation attacks on the SNOW family with improved complexities. We emphasize that the newly proposed uniform MILP-aided framework can be potentially applied to analyze LFSR-FSM structures composed of modular addition and S-box as non-linear components.

mathematics, applied,computer science, theory & methods

Kexin Qiao,Lei Hu,Siwei Sun,Xiaoshuang Ma,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e98.a.72

2015-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Counting the number of differentially active S-boxes is of great importance in evaluating the security of a block cipher against differential attack. Mouha et al. proposed a technique based on Mixed-Integer Linear Programming (MILP) to automatically calculate a lower bound of the number of differentially active S-boxes for word-oriented block ciphers, and applied it to symmetric ciphers AES and Enocoro-128v2. Later Sun et al. extended the method by introducing bit-level representations for S-boxes and new constraints in the MILP problem, and applied the extended method to PRESENT-80 and LBlock. This kind of methods greatly depends on the constraints in the MILP problem describing the differential propagation of the block cipher. A more accurate description of the differential propagation leads to a tighter bound on the number of differentially active S-boxes. In this paper, we refine the constraints in the MILP problem describing XOR operations, and apply the refined MILP modeling to determine a lower bound of the number of active S-boxes for the Lai-Massey type block cipher FOX in the model of single-key differential attack, and obtain a tighter bound in FOX64 than existing results. Experimental results show that 6, instead of currently known 8, rounds of FOX64 is strong enough to resist against basic single-key differential attack since the differential characteristic probability is upper bounded by 2(-64), and thus the maximum differential characteristic probability of 12-round FOX64 is upper bounded by 2(-128), where 128 is the key-length of FOX64. We also get the lower bound of the number of differentially active S-boxes for 5-round FOX128, and proved the security of the full-round FOX128 with respect to single-key differential attack.

Zejun Xiang,Wentao Zhang,Zhenzhen Bao,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-662-53887-6_24

2016-01-01

Abstract:Division property is a generalized integral property proposed by Todo at EUROCRYPT 2015, and very recently, Todo et al. proposed bit-based division property and applied to SIMON32 at FSE 2016. However, this technique can only be applied to block ciphers with block size no larger than 32 due to its high time and memory complexity. In this paper, we extend Mixed Integer Linear Programming (MILP) method, which is used to search differential characteristics and linear trails of block ciphers, to search integral distinguishers of block ciphers based on division property with block size larger than 32. Firstly, we study how to model division property propagations of three basic operations (copy, bitwise AND, XOR) and an Sbox operation by linear inequalities, based on which we are able to construct a linear inequality system which can accurately describe the division property propagations of a block cipher given an initial division property. Secondly, by choosing an appropriate objective function, we convert a search algorithm under Todo's framework into an MILP problem, and we use this MILP problem appropriately to search integral distinguishers. As an application of our technique, we have searched integral distinguishers for SIMON, SIMECK, PRESENT, RECTANGLE, LBlock and TWINE. Our results show that we can find 14-, 16-, 18-, 22- and 26-round integral distinguishers for SIMON32, 48, 64, 96 and 128 respectively. Moreover, for two SP-network lightweight block ciphers PRESENT and RECTANGLE, we found 9-round integral distinguishers for both ciphers which are two more rounds than the best integral distinguishers in the literature [ 22,29]. For LBlock and TWINE, our results are consistent with the best known ones with respect to the longest distinguishers.

Nicky Mouha,Qingju Wang,Dawu Gu,Bart Preneel

DOI: https://doi.org/10.1007/978-3-642-34704-7_5

2011-01-01

Abstract:Differential and linear cryptanalysis are two of the most powerful techniques to analyze symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. In this paper, we propose a novel technique to prove security bounds against both differential and linear cryptanalysis. We use mixed-integer linear programming (MILP), a method that is frequently used in business and economics to solve optimization problems. Our technique significantly reduces the workload of designers and cryptanalysts, because it only involves writing out simple equations that are input into an MILP solver. As very little programming is required, both the time spent on cryptanalysis and the possibility of human errors are greatly reduced. Our method is used to analyze Enocoro-128v2, a stream cipher that consists of 96 rounds. We prove that 38 rounds are sufficient for security against differential cryptanalysis, and 61 rounds for security against linear cryptanalysis. We also illustrate our technique by calculating the number of active S-boxes for AES.

Siwei Chen,Zejun Xiang,Xiangyong Zeng,Guangxue Qin

2024-08-02

Abstract:In this paper, we propose an improved method based on Mixed-Integer Linear Programming/Mixed-Integer Quadratic Constraint Programming (MILP/MIQCP) to automatically find better differential-linear (DL) distinguishers for the all members of Simon and Simeck block cipher families. To be specific, we first give the completely precise MILP model to describe the linear part, and explain how to utilize the general expressions of \textsf{Gurobi} solver to model the propagation of continuous difference for the middle part in a quite easy way. Secondly, in order to solve the MILP/MIQCP model in a reasonable time, we propose two heuristic strategies based on the divide-and-conquer idea to speed up the search process. Thirdly, we introduce the transforming technique, which exploits the clustering effect on DL trails, to improve the estimated correlation of the DL approximation. We apply our method to Simon and Simeck block cipher families. Consequently, we find the 14/17/21/26-round theoretical DL distinguishers of Simon32/48/64/96, which extend the previous longest ones of Simon32/48/96 by one round and Simon64 by two rounds, respectively. For Simeck, we do not explore longer distinguishers compared to the currently best results, but refresh all the results of Zhou et al. (the first work to automate finding DL distinguishers for Simon-like ciphers using MILP/MIQCP). Besides, in order to validate the correctness of these distinguishers, the experimental verifications are conducted on Simon32/Simeck32 and Simon48/Simeck48. The results show that our theoretical estimations on correlations are very close to the experimental ones, which can be regarded as a concrete support for the effectiveness of our method.

Cryptography and Security

Yanyan Zhou,Senpeng Wang,Bin Hu

DOI: https://doi.org/10.1049/2024/8315115

2024-01-12

IET Information Security

Abstract:Differential-linear (DL) cryptanalysis is an important cryptanalytic method in cryptography and has received extensive attention from the cryptography community since its proposal by Langford and Hellman in 1994. At CT-RSA 2023, Bellini et al. introduced continuous difference propagations of XOR, rotation, and modulo-addition operations and proposed a fully automatic method using Mixed-Integer Linear Programing (MILP) and Mixed-Integer Quadratic Constraint Programing (MIQCP) techniques to search for DL distinguishers of Addition-Rotation-XOR (ARX) ciphers. In this paper, we propose continuous difference propagation of AND operation and construct an MILP/MIQCP-based fully automatic model of searching for DL distinguishers of SIMON-like ciphers. We apply the fully automatic model to all versions of SIMON and SIMECK. As a result, for SIMON, we find 13 and 14-round DL distinguishers of SIMON32, 15, 16, and 17-round DL distinguishers of SIMON48, 20-round DL distinguishers of SIMON64, 25 and 26-round DL distinguishers of SIMON96, 31 and 32-round DL distinguishers of SIMON128. For SIMECK, we find 14-round DL distinguishers of SIMECK32, 17 and 18-round DL distinguishers of SIMECK48, 22, 23, 24, and 25-round DL distinguishers of SIMECK64. As far as we know, our results are currently the best.

computer science, information systems, theory & methods

Yong Liu,Zejun Xiang,Siwei Chen,Shasha Zhang,Xiangyong Zeng

DOI: https://doi.org/10.1007/978-3-031-33488-7_5

2023-01-01

Abstract:The Mixed Integer Linear Programming (MILP) is a common method of searching for impossible differentials (IDs). However, the optimality of the distinguisher should be confirmed by an exhaustive search of all input and output differences, which is clearly computationally infeasible due to the huge search space. In this paper, we propose a new technique that uses two-dimensional binary variables to model the input and output differences and characterize contradictions with constraints. In our model, the existence of IDs can be directly obtained by checking whether the model has a solution. In addition, our tool can also detect any contradictions between input and output differences by changing the position of the contradictions. Our method is confirmed by applying it to several block ciphers, and our results show that we can find 6-, 13-, and 12-round IDs for Midori-64, CRAFT, and SKINNY-64 within a few seconds, respectively. Moreover, by carefully analyzing the key schedule of Midori-64, we propose an equivalent key transform technique and construct a complete MILP model for an 11-round impossible differential attack (IDA) on Midori-64 to search for the minimum number of keys to be guessed. Based on our automatic technique, we present a new 11-round IDA on Midori-64, where 23 nibbles of keys need to be guessed, which reduces the time complexity compared to previous work. The time and data complexity of our attack are 2 116.59 and 2 60 , respectively. To the best of our knowledge, this is the best IDA on Midori-64 at present.

Guanjie Qin,Xuemin Cheng,Jianshe Ma

DOI: https://doi.org/10.2991/amcce-15.2015.309

2015-01-01

Abstract:Substitution box (S-box) is an important nonlinear component in block cipher algorithms. Evaluating the cryptographic properties of an S-box requires attention to criteria such as nonlinearity, differential properties, and diffusion properties. In this paper, Artificial Bee Colony algorithm was introduced for global optimization of random S-boxes, using Pareto improvement to identify highly profitable solutions. The experimental results demonstrated the effectiveness of the proposed algorithm, which simultaneously optimized their nonlinearity, differential properties, and diffusion properties. The proposed model thus offers a new tool for the optimization of random S-boxes.

Ala’a Talib Khudhair,Abeer Tariq Maolood,Ekhlas Khalaf Gbashi

DOI: https://doi.org/10.3390/sym16070872

2024-07-10

Symmetry

Abstract:The lack of an S-Box in some lightweight cryptography algorithms, like Speck and Tiny Encryption Algorithm, or the presence of a fixed S-Box in others, like Advanced Encryption Standard, makes them more vulnerable to attacks. This proposal presents a novel approach to creating two dynamic 8-bit S-Boxes (16 × 16). The generation process for each S-Box consists of two phases. Initially, the number initialization phase involves generating sequence numbers 1, sequence numbers 2, and shift values for S-Box1 using the 2D Tinkerbell map. Additionally, sequence numbers 3, sequence numbers 4, and shift values for S-Box2 are generated using the 2D Duffing map. Subsequently, the S-Box construction phase involves the construction of S-Box1 and S-Box2. The effectiveness of the newly proposed S-Boxes was evaluated based on various criteria, including the bijective property, balance, fixed points, and strict avalanche criteria. It was observed that S-Box1 achieved a remarkable linear and differential branch number of 4, surpassing any previous studies. Furthermore, it exhibited a non-linearity of 105.50, a differential uniformity of 12, and an algebraic degree of 7. Similarly, S-Box2 also achieved a linear and differential branch number of 4, a non-linearity of 105.25, a differential uniformity of 14, and an algebraic degree of 7. Moreover, the reduction in the number of linear and nonlinear operations for both S-Boxes makes them suitable for lightweight algorithms. The architecture of the proposed S-Boxes demonstrates robustness, with a total of 3.35 × 10504 possible S-Boxes, providing protection against algebraic attacks.

multidisciplinary sciences

Vahid Mahmoodian,Iman Dayarian,Payman Ghasemi Saghand,Yu Zhang,Hadi Charkhgard

DOI: https://doi.org/10.1287/ijoc.2021.1097

IF: 3.288

2022-01-04

INFORMS Journal on Computing

Abstract:This study introduces a branch-and-bound algorithm to solve mixed-integer bilinear maximum multiplicative programs (MIBL-MMPs). This class of optimization problems arises in many applications, such as finding a Nash bargaining solution (Nash social welfare optimization), capacity allocation markets, reliability optimization, etc. The proposed algorithm applies multiobjective optimization principles to solve MIBL-MMPs exploiting a special characteristic in these problems. That is, taking each multiplicative term in the objective function as a dummy objective function, the projection of an optimal solution of MIBL-MMPs is a nondominated point in the space of dummy objectives. Moreover, several enhancements are applied and adjusted to tighten the bounds and improve the performance of the algorithm. The performance of the algorithm is investigated by 400 randomly generated sample instances of MIBL-MMPs. The obtained result is compared against the outputs of the mixed-integer second order cone programming (SOCP) solver in CPLEX and a state-of-the-art algorithm in the literature for this problem. Our analysis on this comparison shows that the proposed algorithm outperforms the fastest existing method, that is, the SOCP solver, by a factor of 6.54 on average. Summary of Contribution: The scope of this paper is defined over a class of mixed-integer programs, the so-called mixed-integer bilinear maximum multiplicative programs (MIBL-MMPs). The importance of MIBL-MMPs is highlighted by the fact that they are encountered in applications, such as Nash bargaining, capacity allocation markets, reliability optimization, etc. The mission of the paper is to introduce a novel and effective criterion space branch-and-cut algorithm to solve MIBL-MMPs by solving a finite number of single-objective mixed-integer linear programs. Starting with an initial set of primal and dual bounds, our proposed approach explores the efficient set of the multiobjective problem counterpart of the MIBL-MMP through a criterion space–based branch-and-cut paradigm and iteratively improves the bounds using a branch-and-bound scheme. The bounds are obtained using novel operations developed based on Chebyshev distance and piecewise McCormick envelopes. An extensive computational study demonstrates the efficacy of the proposed algorithm.

computer science, interdisciplinary applications,operations research & management science

Adil Waheed,Fazli Subhan,Mazliham Mohd Suud,Mansoor Alam,Sohaib Ahmad

DOI: https://doi.org/10.1007/s11042-023-14910-3

IF: 2.577

2023-03-05

Multimedia Tools and Applications

Abstract:The expansion of worldwide networking has created new possibilities for management, development, and presentation in the form of digital data. The uncomplicated accessibility to digital resources i.e., internet banking, electronic advertising, digital marketing, and libraries has resulted in grave security concerns. Consequently, rapid use of digital information and technology, security of digital transactions is a big concern. Although many data security solutions exist, still they need further improvement. In symmetric cryptography, the strength of a Substitution Box (S-box) assures the strength of block ciphers. S-box is a critical nonlinear element of cryptosystem that creates turmoil in transactions. This study aims to formulate a variety of methodologies to measure the effectiveness of an S-box against linear and differential algebraic attacks. These malicious attacks may disrupt and leak confidential information. Therefore, a comparative analysis is presented to understand the S-box construction methodologies, key characteristics of eminent S-boxes, major challenges, and their weak cryptographic properties. S-box is considered to be secure if it meets a number of criteria, i.e., maximum linear probability, bijection, nonlinearity, input/output XOR distribution, bit independence criterion, and strict avalanche criterion. These criteria are analyzed in detail to evaluate the performance, reliability, and effectiveness of S-box.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Adil Waheed,Fazli Subhan,Mazliham Mohd Su'ud,Muhammad Mansoor Alam

DOI: https://doi.org/10.1016/j.eij.2024.100480

IF: 4.195

2024-05-02

Egyptian Informatics Journal

Abstract:This study introduces a novel and refined approach for generating exceptionally efficient S-boxes. The proposed methodology employs a hybrid approach that combines linear fractional transformation (LFT) with a multilayer perceptron (MLP) architecture. This method makes use of a perceptron with three layers: input, hidden, and output. Each layer's neuron count is fine-tuned to conform to the S-box layout. In addition, a threshold nonlinear transformation is utilized to increase nonlinearity, and a novel algorithm for boosting nonlinearity is introduced. The utilization of both LFT and MLP approaches has led to the development of S-boxes that possess nearly ideal average nonlinearity values, surpassing those that have been presented in literature. Notably, one S-box achieved an exceptional nonlinearity score of 114.50. Furthermore, to demonstrate how well the S-box works, this study also employs it in an image encryption application.

computer science, information systems, artificial intelligence

Kai Hu,Qingju Wang,Meiqin Wang

DOI: https://doi.org/10.13154/tosc.v2020.i1.396-424

2020-01-01

Abstract:The bit-based division property (BDP) is the most effective technique for finding integral characteristics of symmetric ciphers. Recently, automatic search tools have become one of the most popular approaches to evaluating the security of designs against many attacks. Constraint-aided automatic tools for the BDP have been applied to many ciphers with simple linear layers like bit-permutation. Constructing models of complex linear layers accurately and efficiently remains hard. A straightforward method proposed by Sun et al. (called the S method), decomposes a complex linear layer into basic operations like COPY and XOR, then models them one by one. However, this method can easily insert invalid division trails into the solution pool, which results in a quicker loss of the balanced property than the cipher itself would. In order to solve this problem, Zhang and Rijmen propose the ZR method to link every valid trail with an invertible sub-matrix of the matrix corresponding to the linear layer, and then generate linear inequalities to represent all the invertible sub-matrices. Unfortunately, the ZR method is only applicable to invertible binary matrices (defined in Definition 3). To avoid generating a huge number of inequalities for all the sub-matrices, we build a new model that only includes that the sub-matrix corresponding to a valid trail should be invertible. The computing scale of our model can be tackled by most of SMT/SAT solvers, which makes our method practical. For applications, we improve the previous BDP for LED and MISTY1. We also give the 7-round BDP results for Camellia with FL/FL−1, which is the longest to date. Furthermore, we remove the restriction of the ZR method that the matrix has to be invertible, which provides more choices for future designs. Thanks to this, we also reproduce 5-round key-dependent integral distinguishers proposed at Crypto 2016 which cannot be obtained by either the S or ZR methods.

Xincheng Hu,Xiao Zeng,Zhaoqiang Liu,Guowu Yang

2024-11-19

Abstract:We investigate the affine equivalence (AE) problem of S-boxes. Given two S-boxes denoted as $S_1$ and $S_2$, we aim to seek two invertible AE transformations $A,B$ such that $S_1\circ A = B\circ S_2$ holds. Due to important applications in the analysis and design of block ciphers, the investigation of AE algorithms has performed growing significance. In this paper, we propose zeroization on S-box firstly, and the AE problem can be transformed into $2^n$ linear equivalence problems by this zeroization operation. Secondly, we propose standard orthogonal spatial matrix (SOSM), and the rank of the SOSM is invariant under AE transformations. Finally, based on the zeroization operation and the SOSM method, we propose a depth first search (DFS) method for determining AE of S-boxes, named the AE\_SOSM\_DFS algorithm. Using this matrix invariant, we optimize the temporal complexity of the algorithm to approximately $\frac{1}{2^n}$ of the complexity without SOSM. Specifically, the complexity of our algorithm is $O(2^{3n})$. In addition, we also conducted experiments with non-invertible S-boxes, and the performance is similar to that of invertible S-boxes. Moreover, our proposed algorithm can effectively handle S-boxes with low algebraic degree or certain popular S-boxes such as namely AES and ARIA\_s2, which are difficult to be handled by the algorithm proposed by Dinur (2018). Using our algorithm, it only takes 5.5 seconds to find out that the seven popular S-boxes namely AES, ARIA\_s2, Camellia, Chiasmus, DBlock, SEED\_S0, and SMS4 are affine equivalent and the AE transformations of these S-boxes are provided.

Cryptography and Security,Data Structures and Algorithms

Yan Tong,Shiwei Xu,Jinzhou Huang,Bangju Wang,Zhengwei Ren

DOI: https://doi.org/10.1016/j.jisa.2023.103574

IF: 4.96

2023-08-14

Journal of Information Security and Applications

Abstract:We analyze five newly emerged cryptographic characteristics and a new notion of algebraic immunity proposed by us of 16 best affine equivalence classes of 4 × 4 S-boxes, as well as the only best affine equivalence class of 3-bit ones. The best class among the 16 classes of 4-bit ones is determined based on our analysis. A strategy to search for good candidates in the best class is also proposed, which can generate many 4 × 4 S-boxes with better cryptographic characteristics than the ones previously proposed. We also obtain many candidates with better cryptographic characteristics than the previously proposed 3-bit S-boxes by a similar method. The implementations of our candidates and the previously proposed ones are also discussed. The discussion shows that our candidates can achieve a good balance between implementation cost and security.

computer science, information systems

Sufang Zhou,Shundong Li,Jiawei Dou,Yaling Geng,Xin Liu

DOI: https://doi.org/10.1155/2017/9717580

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:Secure subset problem is important in secure multiparty computation, which is a vital field in cryptography. Most of the existing protocols for this problem can only keep the elements of one set private, while leaking the elements of the other set. In other words, they cannot solve the secure subset problem perfectly. While a few studies have addressed actual secure subsets, these protocols were mainly based on the oblivious polynomial evaluations with inefficient computation. In this study, we first design an efficient secure subset protocol for sets whose elements are drawn from a known set based on a new encoding method and homomorphic encryption scheme. If the elements of the sets are taken from a large domain, the existing protocol is inefficient. Using the Bloom filter and homomorphic encryption scheme, we further present an efficient protocol with linear computational complexity in the cardinality of the large set, and this is considered to be practical for inputs consisting of a large number of data. However, the second protocol that we design may yield a false positive. This probability can be rapidly decreased by reexecuting the protocol with different hash functions. Furthermore, we present the experimental performance analyses of these protocols.

Luca Mariot,Stjepan Picek,Alberto Leporati,Domagoj Jakobovic

DOI: https://doi.org/10.1007/s12095-018-0311-8

2018-05-21

Cryptography and Communications

Abstract:Cellular Automata (CA) represent an interesting approach to design Substitution Boxes (S-boxes) having good cryptographic properties and low implementation costs. From the cryptographic perspective, up to now there have been only ad-hoc studies about specific kinds of CA, the best known example being the χ$$\chi $$ nonlinear transformation used in Keccak. In this paper, we undertake a systematic investigation of the cryptographic properties of S-boxes defined by CA, proving some upper bounds on their nonlinearity and differential uniformity. Next, we extend some previous published results about the construction of CA-based S-boxes by means of a heuristic technique, namely Genetic Programming (GP). In particular, we propose a “reverse engineering” method based on De Bruijn graphs to determine whether a specific S-box is expressible through a single CA rule. Then, we use GP to assess if some CA-based S-box with optimal cryptographic properties can be described by a smaller CA. The results show that GP is able to find much smaller CA rules defining the same reference S-boxes up to the size 7×7\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$7\times 7$\end{document}, suggesting that our method could be used to find more efficient representations of CA-based S-boxes for hardware implementations. Finally, we classify up to affine equivalence all 3×3\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$3\times 3$\end{document} and 4×4\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$4\times 4$\end{document} CA-based S-boxes.

Mina Mirhosseini,Mahmood Fazlali,Mohammad K Fallah,Jeong-A Lee

DOI: https://doi.org/10.1007/s11227-023-05109-2

IF: 3.3

2023-03-06

The Journal of Supercomputing

Abstract:Modeling high-level synthesis (HLS) as mixed integer linear programming (MILP) affords the opportunity to integrate constraints and optimization objectives of hardware design in the form of a mathematical intermediate representation. Consequently, it is possible to improve previously developed methods to solve MILP models and customize them for application in domain-specific functions. However, the problem remains NP-hard, and solving large models requires methods that investigate the state space intelligently. Despite the high potential of branch and bound (B&B) algorithms to solve MILP models quickly, computing the best answer is still an open challenge. In this paper, we first develop three model improvement techniques that reduce the size of the search space for MILP models derived from HLS. Then, we present a new B&B algorithm to tackle the computational challenge by considering the properties of the original HLS problem. In this regard, we propose two heuristic techniques that enable the B&B algorithm to prove that some branches are not promising and should be pruned. Moreover, we have developed a best-first strategy by suggesting a new priority key calculation scheme to improve tree traversal in the B&B algorithm. Besides, the sifting method has been employed as the LP relaxation method to achieve fast processing of large models. Our proposed approach was evaluated using a set of MILP models derived from the synthesis of Mediabench data flow graphs. The experimental results indicate that our approach outperforms modern MILP solvers in terms of speed and the scale of the MILP models which can solve. According to the test results on the large MILP models, we solved models with 7254 integer and binary variables in less than 13 minutes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Vahid Mahmoodian,Hadi Charkhgard,Yu Zhang

DOI: https://doi.org/10.1016/j.cor.2020.105178

2021-04-01

Abstract:<p>We present two new algorithms for a class of single-objective non-linear optimization problems, the so-called Mixed Integer Linear minimum Multiplicative Programs (MIL-mMPs). This class of optimization problems has a desirable characteristic: a MIL-mMP can be viewed as a special case of the problem of optimization over the efficient set in multi-objective optimization. The proposed algorithms exploit this characteristic and solve any MIL-mMP from the viewpoint of multi-objective optimization. A computational study on 960 instances demonstrates that the proposed algorithms outperform a generic-purpose solver, SCIP, by a factor of more than 10 on many instances. We numerically show that selecting the best algorithm among our proposed algorithms highly depends on the class of instances used. Specifically, since one of the proposed algorithms is a decision space search algorithm and the other one is a criterion space search algorithm, one can significantly outperform the other depending on the dimension of decision space and criterion space. Although it is possible to linearize some instances of MIL-mMPs, we show that a commercial solver, CPLEX, struggles to directly solve such linearized instances because linearization introduces additional constraints and binary decision variables.</p>

computer science, interdisciplinary applications,engineering, industrial,operations research & management science