iBet uBet web content aggregator. Adding the entire web to your favor.
iBet uBet web content aggregator. Adding the entire web to your favor.



Link to original content: https://doi.org/10.1007/s12095-021-00512-z
Efficient generation of quadratic cyclotomic classes for shortest quadratic decompositions of polynomials | Cryptography and Communications Skip to main content
Log in

Efficient generation of quadratic cyclotomic classes for shortest quadratic decompositions of polynomials

  • Original Research
  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Nikova et al. investigated the decomposition problem of power permutations over finite fields \(\mathbb {F}_{2^{n}}\) in (Cryptogr. Commun. 11:379–384, 2019). In particular, they provided an algorithm to give a decomposition of a power permutation into quadratic power permutations. Their algorithm has a precomputation step that finds all cyclotomic classes of \(\mathbb {F}_{2^{n}}\) and then use the quadratic ones. In this paper, we provide an efficient and systematic method to generate the representatives of quadratic cyclotomic classes and hence reduce the complexity of the precomputation step drastically. We then apply our method to extend their results on shortest quadratic decompositions of \(x^{2^{n}-2}\) from 3 ≤ n ≤ 16 to 3 ≤ n ≤ 24 and correct a typo (for n = 11). We also give two explicit formulas for the time complexity of the adaptive search to understand its efficiency with respect to the parameters.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Tokareva, N., Vitkup, V.: Threshold implementations of small S-boxes. Cryptogr. Commun. 7 (1), 3–33 (2015)

    Article  MathSciNet  Google Scholar 

  2. Carlet, C., Prouff, E., Rivain, M., Roche, T.: Algebraic Decomposition for Probing Security, CRYPTO LNCS 9215, pp 742–763. Springer, Berlin (2015)

    MATH  Google Scholar 

  3. Carlitz, L.: Permutations in a finite field. Proc. Amer. Math. Soc. 4, 538 (1953)

    Article  MathSciNet  Google Scholar 

  4. Coron, J.-S., Roy, A., Vivek, S.: Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures. J. Cryptogr. Eng. 5(2), 73–83 (2015)

    Article  Google Scholar 

  5. Daemen, J., Rijmen, R.: The Design of Rijndael: AES - the advanced encryption standard. Information Security and Cryptography: Springer (2002)

  6. Kutzner, S., Ha Nguyen, P., Poschmann, A.: Enabling 3-share threshold implementations for all 4-bit S-boxes. International Conference on Information Security and Cryptology, pp 91–108 (2013)

  7. Lidl, R., Niederreiter, H.: Finite Fields, vol. 20. Cambridge University Press, Cambridge (1997)

    MATH  Google Scholar 

  8. Nikova, S., Nikov, V., Rijmen, V.: Decomposition of permutations in a finite field. Cryptogr. Commun. 11, 37–384 (2019)

    Article  MathSciNet  Google Scholar 

  9. Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24 (2), 322–345 (2011)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the editor and anonymous reviewers for their invaluable comments that helped to improve the content and language of the paper significantly.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Kamil Otal.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix: Interpreting the adaptive search in a different way

Appendix: Interpreting the adaptive search in a different way

In this section, we give Algorithm 2 below as a different interpretation of the adaptive search in Algorithm 1. Our main purpose is to give another formulation, particularly in the form of a sum of combinations only, for the time complexity from a different perspective. As a result, we provide Theorem 3 (in addition to Theorem 1) for the time complexity of the adaptive search.

figure b

Theorem 3

  1. 1.

    Algorithm 2 gives all quadratic decompositions of xd in the form of equation (??), with length less than or equal to t.

  2. 2.

    Let s denote the size of S in Step 1 of Algorithm 2 (which is also upper bounded by s ≤⌈n/2⌉). Then Step 2 is operated exactly

    $$ \begin{array}{@{}rcl@{}} \sum\limits_{i=1}^{s} \left( \begin{array}{c}t+i-2\\ i-1 \end{array}\right) \end{array} $$
    (4)

    times.

Proof

  1. 1.

    In Step 1, set S is constructed taking Theorem 2 into account, hence we work on a smaller subset instead of trying all possible \(i=1,2,\dots ,n-1\). Also, integer 1 is inserted to S to see the existence of shorter decompositions with length less than t. In Step 2, we order all the elements of S considering their values, hence we try a decomposition only once, not unnecessarily many times.

  2. 2.

    Note that we order the exponents from the smallest to largest one in Step 2. Therefore, Step 2 resembles to the number of shortest paths problem on a grid: Construct a grid of length t − 1 and height s − 1; we want to start at a point on the left-most line, and arrive at a point on the right-most line and not above of the starting point. That means, we need to count the shortest paths from the left top corner to the right bottom corner on a i × t grid for all 1 ≤ iu, where 1 ≤ us. For this purpose, we need to go (t − 1) times horizontally (H) and (i − 1) times vertically (V). Then, we must select the positions of H (or V) on a sequence \((H,V,H,H,V,\dots ,V)\) in which there are (i − 1) times H and (t − 1) times V. The number of repetitions of this procedure is equation (4).

We would like to note that the terms in the sum are linear, not multiplications of combinations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Otal, K., Tekin, E. Efficient generation of quadratic cyclotomic classes for shortest quadratic decompositions of polynomials. Cryptogr. Commun. 13, 837–845 (2021). https://doi.org/10.1007/s12095-021-00512-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-021-00512-z

Keywords

Mathematics Subject Classification (2010)

Navigation