Erik Pohle,Aysajan Abidin,Bart Preneel

DOI: https://doi.org/10.1109/tifs.2024.3402145

IF: 7.231

2024-05-29

IEEE Transactions on Information Forensics and Security

Abstract:Garbling schemes are vital primitives for privacy-preserving protocols and secure two-party computation. This paper presents a projective garbling scheme that assigns values to wires in a circuit comprising XOR and unary projection gates. A generalization of FreeXOR allows the XOR of wires with values to be very efficient. We then analyze the performance of our scheme by evaluating substitution-permutation ciphers. Using our proposal, we measure high-speed evaluation of the ciphers with a moderately increased cost in garbling and bandwidth. Theoretical analysis suggests that for evaluating the nine examined ciphers, one can expect a 4- to 70-fold improvement in evaluation performance with, at most, a 4-fold increase in garbling cost and, at most, an 8-fold increase in communication cost compared to the Half-Gates (Zahur, Rosulek and Evans; Eurocrypt'15) and ThreeHalves (Rosulek and Roy; Crypto'21) garbling schemes. In an offline/online setting, such as secure function evaluation as a service, the circuit garbling and communication to the evaluator can proceed in the offline phase. Thus, our scheme offers a fast online phase. Furthermore, we present efficient Boolean circuits for the S-boxes of TWINE and Midori64 ciphers. To our knowledge, our formulas give the smallest number of AND gates for the S-boxes of these two ciphers.

computer science, theory & methods,engineering, electrical & electronic

Ke Lin

2023-12-05

Abstract:In classic settings of garbled circuits, each gate type is leaked to improve both space and speed optimization. Zahur et al. have shown in EUROCRYPT 2015 that a typical linear garbling scheme requires at least two $\lambda$-bit elements per gate with a security parameter of $\lambda$, which limits their efficiency. In contrast to typical garbled circuits, gate-hiding garbled circuits have the potential to drastically reduce time costs, although they have been underappreciated. We propose the first skipping scheme for gate-hiding garbled circuits to enhance the efficiency of evaluation by observing prime implicants. Our scheme introduces skip gates to eliminate the need to calculate the entire circuit, enabling unnecessary execution paths to be avoided. We also introduce two variants of our scheme that balance security with parallelism. A proof of hybrid security that combines simulation-based and symmetry-based security in semi-honest scenarios is presented to demonstrate its security under gate-hiding conditions. Our scheme will inspire new directions to improve the general garbling scheme and lead to more practical ones.

Cryptography and Security

Xu Yan,Bin Lian,Yunhao Yang,Xiaotie Wang,Jialin Cui,Xianghong Zhao,Fuqun Wang,Kefei Chen

DOI: https://doi.org/10.3390/sym16060664

2024-05-28

Symmetry

Abstract:The secure computation of symmetric encryption schemes using Yao's garbled circuits, such as AES, allows two parties, where one holds a plaintext block m and the other holds a key k, to compute Enc(k,m) without leaking m and k to one another. Due to its wide application prospects, secure AES computation has received much attention. However, the evaluation of AES circuits using Yao's garbled circuits incurs substantial communication overhead. To further improve its efficiency, this paper, upon observing the special structures of AES circuits and the symmetries of an S-box, proposes a novel ciphertext reduction scheme for garbling an S-box in the last SubBytes step. Unlike the idea of traditional Yao's garbled circuits, where the circuit generator uses the input wire labels to encrypt the corresponding output wire labels, our garbling scheme uses the input wire labels of an S-box to encrypt the corresponding "flip bit strings". This approach leads to a significant performance improvement in our garbling scheme, which necessitates only 28 ciphertexts to garble an S-box and a single invocation of a cryptographic primitive for decryption compared to the best result in previous work that requires 8×28 ciphertexts to garble an S-box and multiple invocations of a cryptographic primitive for decryption. Crucially, the proposed scheme provides a new idea to improve the performance of Yao's garbled circuits. We analyze the security of the proposed scheme in the semi-honest model and experimentally verify its efficiency.

multidisciplinary sciences

Yongxia Liu,Aijiao Cui

DOI: https://doi.org/10.1109/cadgraphics.2013.20

2013-01-01

Abstract:Space compactor is usually applied in DfT design to compact the output response data in order to reduce testing time and storage. We propose an efficient method to implement a tree-like zero-aliasing space compactor with elementary logic gates combined with the XOR gates. Based on the fault-output response table, our method selects appropriate logic gates to combine the outputs of the CUT with remaining most D and D'. When faults are concealed in the table, all other available test patterns for these faults will be checked to determine whether the faults can be detected. No ATPG is involved in the search of new test patterns for the covered faults during compaction. To reduce the hardware overhead, the XOR gate is only used when all other elementary gates fail to achieve further compaction. When compared with existing ATPG-based compactors, our proposed compactor can achieve similar compaction ratio with similar hardware cost. However, our method will be much more efficient because it does not perform the time-consuming ATPG procedure. When compared with other XOR-based compactors, our method can achieve higher compaction ratio with smaller area overhead.

Vinayak M. Kumar

2023-05-20

Abstract:We initiate the study of generalized AC0 circuits comprised of negations and arbitrary unbounded fan-in gates that only need to be constant over inputs of Hamming weight $\ge k$, which we denote GC0$(k)$. The gate set of this class includes biased LTFs like the $k$-$OR$ (output $1$ iff $\ge k$ bits are 1) and $k$-$AND$ (output $0$ iff $\ge k$ bits are 0), and thus can be seen as an interpolation between AC0 and TC0. We establish a tight multi-switching lemma for GC0$(k)$ circuits, which bounds the probability that several depth-2 GC0$(k)$ circuits do not simultaneously simplify under a random restriction. We also establish a new depth reduction lemma such that coupled with our multi-switching lemma, we can show many results obtained from the multi-switching lemma for depth-$d$ size-$s$ AC0 circuits lifts to depth-$d$ size-$s^{.99}$ GC0$(.01\log s)$ circuits with no loss in parameters (other than hidden constants). Our result has the following applications: 1.Size-$2^{\Omega(n^{1/d})}$ depth-$d$ GC0$(\Omega(n^{1/d}))$ circuits do not correlate with parity (extending a result of Håstad (SICOMP, 2014)). 2. Size-$n^{\Omega(\log n)}$ GC0$(\Omega(\log^2 n))$ circuits with $n^{.249}$ arbitrary threshold gates or $n^{.499}$ arbitrary symmetric gates exhibit exponentially small correlation against an explicit function (extending a result of Tan and Servedio (RANDOM, 2019)). 3. There is a seed length $O((\log m)^{d-1}\log(m/\varepsilon)\log\log(m))$ pseudorandom generator against size-$m$ depth-$d$ GC0$(\log m)$ circuits, matching the AC0 lower bound of Håstad stad up to a $\log\log m$ factor (extending a result of Lyu (CCC, 2022)). 4. Size-$m$ GC0$(\log m)$ circuits have exponentially small Fourier tails (extending a result of Tal (CCC, 2017)).

Computational Complexity

Owen C. Wetherbee,Saswata Roy,Baptiste Royer,Valla Fatemi

2024-12-12

Abstract:Bosonic encodings of quantum information offer hardware-efficient, noise-biased approaches to quantum error correction relative to qubit register encodings. Implementations have focused in particular on error correction of stored, idle quantum information, whereas quantum algorithms are likely to desire high duty cycles of active control. Error-transparent operations are one way to preserve error rates during operations, but, to the best of our knowledge, only phase gates have so far been given an explicitly error-transparent formulation for binomial encodings. Here, we introduce the concept of 'parity nested' operations, and show how these operations can be designed to achieve continuous amplitude-mixing logical gates for binomial encodings that are fully error-transparent to the photon loss channel. For a binomial encoding that protects against l photon losses, the construction requires $\lfloor$l/2$\rfloor$ + 1 orders of generalized squeezing in the parity nested operation to fully preserve this protection. We further show that error-transparency to all the correctable photon jumps, but not the no-jump errors, can be achieved with just a single order of squeezing. Finally, we comment on possible approaches to experimental realization of this concept.

Quantum Physics

S.Ciliberti,M.Mezard,R.Zecchina

DOI: https://doi.org/10.1103/PhysRevLett.95.038701

2005-04-20

Abstract:We introduce a new protocol for a lossy data compression algorithm which is based on constraint satisfaction gates. We show that the theoretical capacity of algorithms built from standard parity-check gates converges exponentially fast to the Shannon's bound when the number of variables seen by each gate increases. We then generalize this approach by introducing random gates. They have theoretical performances nearly as good as parity checks, but they offer the great advantage that the encoding can be done in linear time using the Survey Inspired Decimation algorithm, a powerful algorithm for constraint satisfaction problems derived from statistical physics.

Disordered Systems and Neural Networks

Zheng-Hong Li,Xiao-Fei Ji,Saeed Asiri,Luojia Wang,M. Al-Amri

DOI: https://doi.org/10.1103/PhysRevA.102.022606

2020-08-11

Abstract:We present how basic logic gates including nand , nor , and xor gates can be implemented counterfactually. The two inputs (Bob and Charlie) and the output (Alice) of the proposed counterfactual logic gate are not within the same station but rather separated in three different locations. We show that t... [Phys. Rev. A 102, 022606] Published Mon Aug 10, 2020

English Else

Meltem Kurt Pehlivanoğlu,Mehmet Ali Demir

DOI: https://doi.org/10.7717/peerj-cs.1820

2024-01-20

PeerJ Computer Science

Abstract:Maximum distance separable (MDS) matrices are often used in the linear layer of a block cipher due to their good diffusion property. A well-designed lightweight MDS matrix, especially an involutory one, can provide both security and performance benefits to the cipher. Finding the corresponding effective linear straight-line program (SLP) of the circuit of a linear layer is still a challenging problem. In this article, first, we propose a new heuristic algorithm called Superior Boyar-Peralta (SBP) in the computation of the minimum number of two-input Exclusive-OR (XOR) gates with the minimum circuit depth for the SLPs. Contrary to the existing global optimization methods supporting only two-input XOR gates, SBP heuristic algorithm provides the best global optimization solutions, especially for extracting low-latency circuits. Moreover, we give a new 4 × 4 involutory MDS matrix over F24, which requires only 41 XOR gates and depth 3 after applying SBP heuristic, whereas the previously best-known cost is 45 XOR gates with the same depth. In the second part of the article, for further optimization of the circuit area of linear layers with multiple-input XOR gates, we enhance the recently proposed BDKCI heuristic algorithm by incorporating circuit depth awareness, which limits the depth of the circuits created. By using the proposed circuit depth-bounded version of BDKCI, we present better circuit implementations of linear layers of block ciphers than those given in the literature. For instance, the given circuit for the AES MixColumn matrix only requires 44 XOR gates/depth 3/240.95 GE in the STM 130 nm (simply called ASIC4) library, while the previous best-known result is 55 XOR gates/depth 5/243.00 GE. Much better, our new 4 × 4 involutory MDS matrix requires only 19 XOR gates/depth3/79.75 GE in the STM 90 nm (simply called ASIC1) library, which is the lightest and superior to the state-of-the-art results.

computer science, information systems, artificial intelligence, theory & methods

de Silva, Nadish

DOI: https://doi.org/10.1007/s00220-024-05050-2

IF: 2.361

2024-08-22

Communications in Mathematical Physics

Abstract:Motivated by their central role in fault-tolerant quantum computation, we study the sets of gates of the third-level of the Clifford hierarchy and their distinguished subsets of 'nearly diagonal' semi-Clifford gates. The Clifford hierarchy gates can be implemented via gate teleportation given appropriate magic states. The vast quantity of these resource states required for achieving fault-tolerance is a significant bottleneck for the practical realisation of universal quantum computers. Semi-Clifford gates are important because they can be implemented with far more efficient use of these resource states. We prove that every third-level gate of up to two qudits is semi-Clifford. We thus generalise results of Zeng et al. (Phys Rev A 77(4):042313, 2008) in the qubit case and of the second author (2020) in the qutrit case to the case of qudits of arbitrary prime dimension d . Earlier results relied on exhaustive computations whereas our present work leverages tools of algebraic geometry. Specifically, we construct two schemes corresponding to the sets of third-level Clifford hierarchy gates and third-level semi-Clifford gates. We then show that the two algebraic sets resulting from reducing these schemes modulo d share the same set of rational points.

physics, mathematical

Kaveh Shamsi,Meng Li,Travis Meade,Zheng Zhao,David Z. Pan,Yier Jin

DOI: https://doi.org/10.1145/3060403.3060458

2017-01-01

Abstract:Logic locking and IC camouflaging are proactive circuit obfuscation methods that if proven secure can thwart hardware attacks such as reverse engineering and IP theft. However, the security of both these schemes is called into question by recent SAT based attacks. While a number of methods have been proposed in literature that exponentially increase the running time of such attacks, they are vulnerable to \"findand-remove\" attacks, and only slightly hide the circuit functionality. In this paper, we present a novel approach towards creating SAT attack resiliency based on creating densely cyclic obfuscated circuit topologies by adding dummy paths to the circuit. Our methodology is applicable to both IC camouflaging and logic locking. We demonstrate that cyclic logic locking creates SAT resilient circuits with 40% less area and 20% less delay compared to an insecure XOR/XNOR-obfuscation with the same key length. Furthermore, we show that cyclic IC camouflaging can be implemented at the layout level with no substrate area overhead and little delay and power overhead with respect to the original circuit.

Armanda O. Quintavalle,Paul Webster,Michael Vasmer

DOI: https://doi.org/10.22331/q-2023-10-24-1153

2023-10-17

Abstract:The promise of high-rate low-density parity check (LDPC) codes to substantially reduce the overhead of fault-tolerant quantum computation depends on constructing efficient, fault-tolerant implementations of logical gates on such codes. Transversal gates are the simplest type of fault-tolerant gate, but the potential of transversal gates on LDPC codes has hitherto been largely neglected. We investigate the transversal gates that can be implemented in hypergraph product codes, a class of LDPC codes. Our analysis is aided by the construction of a symplectic canonical basis for the logical operators of hypergraph product codes, a result that may be of independent interest. We show that in these codes transversal gates can implement Hadamard (up to logical SWAP gates) and control-Z on all logical qubits. Moreover, we show that sequences of transversal operations, interleaved with error correction, allow implementation of entangling gates between arbitrary pairs of logical qubits in the same code block. We thereby demonstrate that transversal gates can be used as the basis for universal quantum computing on LDPC codes, when supplemented with state injection.

Quantum Physics

Monika Trimoska,Sorina Ionica,Gilles Dequen

DOI: https://doi.org/10.48550/arXiv.2001.11229

2020-01-30

Cryptography and Security

Abstract:Cryptographic problems can often be reduced to solving Boolean polynomial systems, whose equivalent logical formulas can be treated using SAT solvers. Given the algebraic nature of the problem, the use of the logical XOR operator is common in SAT-based cryptanalysis. Recent works have focused on advanced techniques for handling parity (XOR) constraints, such as the Gaussian Elimination technique. First, we propose an original XOR-reasoning SAT solver, named WDSat (Weil Descent SAT solving), dedicated to a specific cryptographic problem. Secondly, we show that in some cases Gaussian Elimination on SAT instances does not work as well as Gaussian Elimination on algebraic systems. We demonstrate how this oversight is fixed in our solver, which is adapted to read instances in algebraic normal form (ANF). Finally, we propose a novel preprocessing technique based on the Minimal Vertex Cover Problem in graph theory. This preprocessing technique is, within the framework of multivariate Boolean polynomial systems, used as a DLL branching selection rule that leads to quick linearization of the underlying algebraic system. Our benchmarks use a model obtained from cryptographic instances for which a significant speedup is achieved using the findings in this paper. We further explain how our preprocessing technique can be used as an assessment of the security of a cryptographic system.

Benjamin Rossman,Srikanth Srinivasan

DOI: https://doi.org/10.48550/arXiv.1702.03625

2017-02-13

Abstract:This paper gives the first separation between the power of {\em formulas} and {\em circuits} of equal depth in the $\mathrm{AC}^0[\oplus]$ basis (unbounded fan-in AND, OR, NOT and MOD$_2$ gates). We show, for all $d(n) \le O(\frac{\log n}{\log\log n})$, that there exist {\em polynomial-size depth-$d$ circuits} that are not equivalent to {\em depth-$d$ formulas of size $n^{o(d)}$} (moreover, this is optimal in that $n^{o(d)}$ cannot be improved to $n^{O(d)}$). This result is obtained by a combination of new lower and upper bounds for {\em Approximate Majorities}, the class of Boolean functions $\{0,1\}^n \to \{0,1\}$ that agree with the Majority function on $3/4$ fraction of inputs. $\mathrm{AC}^0[\oplus]$ formula lower bound: We show that every depth-$d$ $\mathrm{AC}^0[\oplus]$ formula of size $s$ has a {\em $1/8$-error polynomial approximation} over $\mathbb{F}_2$ of degree $O(\frac{1}{d}\log s)^{d-1}$. This strengthens a classic $O(\log s)^{d-1}$ degree approximation for \underline{circuits} due to Razborov. Since the Majority function has approximate degree $\Theta(\sqrt n)$, this result implies an $\exp(\Omega(dn^{1/2(d-1)}))$ lower bound on the depth-$d$ $\mathrm{AC}^0[\oplus]$ formula size of all Approximate Majority functions for all $d(n) \le O(\log n)$. Monotone $\mathrm{AC}^0$ circuit upper bound: For all $d(n) \le O(\frac{\log n}{\log\log n})$, we give a randomized construction of depth-$d$ monotone $\mathrm{AC}^0$ circuits (without NOT or MOD$_2$ gates) of size $\exp(O(n^{1/2(d-1)}))$ that compute an Approximate Majority function. This strengthens a construction of \underline{formulas} of size $\exp(O(dn^{1/2(d-1)}))$ due to Amano.

Computational Complexity

Yongqiang Zhang,Feifei Deng,Xin Cheng,Guangjun Xie

DOI: https://doi.org/10.1007/s10773-019-04343-w

2019-01-01

International Journal of Theoretical Physics

Abstract:Quantum-dot cellular automata (QCA) offer a promising design paradigm for complementing conventional integrated circuits. The XOR plays a crucial role in arithmetic circuits and communications. Existing design schemes consume more operational components and thus are inefficient in terms of area and QCA cost at present. In this paper, a coplanar XOR composed of an NAND-NOR-Inverter (NNI) and a five-input majority voter (M5) is proposed for the first time. This new structure not only excludes complex crossovers but also has full accessibility to its input/output pins. The simulation waveforms and performance figures verify the functionality and merits of the proposed circuits. The implementation of the proposed XOR scheme in QCA consumes less overhead than that of its counterparts. Its occupied area and QCA cost are respectively reduced by 9.26% and 33.33% compared with the state-of-the-art XOR. To prove its practicability, multi-bit parity generators are also proposed in the means of hierarchically cascading the proposed XOR gates. The area and cost of the proposed 32-bit generator are respectively reduced by 39.47% and 33.33% compared with the existing best design.

Ryan Krueger

DOI: https://doi.org/10.48550/arXiv.2209.06874

2022-09-15

Abstract:Traditional quantum circuit optimization is performed directly at the circuit level. Alternatively, a quantum circuit can be translated to a ZX-diagram which can be simplified using the rules of the ZX-calculus, after which a simplified circuit can be extracted. However, the best-known extraction procedures can drastically increase the number of 2-qubit gates. In this work, we take advantage of the fact that local changes in a ZX-diagram can drastically affect the complexity of the extracted circuit. We use a pair of congruences (i.e., non-simplification rewrite rules) based on the graph-theoretic notions of local complementation and pivoting to generate local variants of a simplified ZX-diagram. We explore the space of equivalent ZX-diagrams generated by these congruences using simulated annealing and genetic algorithms to obtain a simplified circuit with fewer 2-qubit gates. On randomly generated circuits, our method can outperform state-of-the-art optimization techniques for low-qubit (<10) circuits. On a set of previously reported benchmark circuits with <=14 qubits, our method outperforms off-the-shelf methods in 87% of cases, consistently reducing overall circuit complexity by an additional ~15-30% and eliminating up to 46% of 2-qubit gates. These preliminary results serve as a proof-of-concept for a new circuit optimization strategy in the ZX-calculus.

Quantum Physics

Tian Wang,Xiaoxin Cui,Dunshan Yu,Omid Aramoon,Timothy Dunlap,Gang Qu,Xiaole Cui

DOI: https://doi.org/10.1109/aspdac.2018.8297288

2018-01-01

Abstract:Polymorphic gates are reconfigurable devices whose functionality may vary in response to the change of execution environment such as temperature, supply voltage or external control signals. This feature makes them a perfect candidate for circuit watermarking. However, polymorphic gates are hard to find because they do not exhibit the traditional structure. In this paper, we report four dual-function polymorphic gates that we have discovered using an evolutionary approach. With these gates, we propose a circuit watermarking scheme that selectively replaces certain standard logic gates with the polymorphic gates. Experimental results on ISCAS and MCNC benchmark circuits demonstrate that this scheme introduces low overhead. More specifically, the average overhead in area, speed and power are 4.10%, 2.08% and 1.17% respectively when we embed 30-bit watermark sequences. These overheads increase to 6.36%, 4.75% and 2.08% respectively when 10% of the gates in the original circuits are replaced to embed watermark up to more than 300 bits.

Uma Girish,Makrand Sinha,Avishay Tal,Kewen Wu

2023-07-26

Abstract:The level-$k$ $\ell_1$-Fourier weight of a Boolean function refers to the sum of absolute values of its level-$k$ Fourier coefficients. Fourier growth refers to the growth of these weights as $k$ grows. It has been extensively studied for various computational models, and bounds on the Fourier growth, even for the first few levels, have proven useful in learning theory, circuit lower bounds, pseudorandomness, and quantum-classical separations. We investigate the Fourier growth of certain functions that naturally arise from communication protocols for XOR functions (partial functions evaluated on the bitwise XOR of the inputs to Alice and Bob). If a protocol $\mathcal C$ computes an XOR function, then $\mathcal C(x,y)$ is a function of the parity $x\oplus y$. This motivates us to analyze the XOR-fiber of $\mathcal C$, defined as $h(z):=\mathbb E_{x,y}[\mathcal C(x,y)|x\oplus y=z]$. We present improved Fourier growth bounds for the XOR-fibers of protocols that communicate $d$ bits. For the first level, we show a tight $O(\sqrt d)$ bound and obtain a new coin theorem, as well as an alternative proof for the tight randomized communication lower bound for Gap-Hamming. For the second level, we show an $d^{3/2}\cdot\mathrm{polylog}(n)$ bound, which improves the previous $O(d^2)$ bound by Girish, Raz, and Tal (ITCS 2021) and implies a polynomial improvement on the randomized communication lower bound for the XOR-lift of Forrelation, extending its quantum-classical gap. Our analysis is based on a new way of adaptively partitioning a relatively large set in Gaussian space to control its moments in all directions. We achieve this via martingale arguments and allowing protocols to transmit real values. We also show a connection between Fourier growth and lifting theorems with constant-sized gadgets as a potential approach to prove optimal bounds for the second level and beyond.

Computational Complexity,Discrete Mathematics