Symmetric Twin Column Parity Mixers and Their Applications

Authors

  • Hao Lei School of Cyber Science and Technology, Shandong University, Qingdao, Shandong, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Raghvendra Rohit Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, United Arab Emirates
  • Guoxiao Liu Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China
  • Jiahui He School of Cyber Science and Technology, Shandong University, Qingdao, Shandong, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Mohamed Rachidi Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, United Arab Emirates
  • Keting Jia Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China; BNRist, Tsinghua University, Beijing, China; Zhongguancun Laboratory, Beijing, China
  • Kai Hu School of Cyber Science and Technology, Shandong University, Qingdao, Shandong, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Meiqin Wang School of Cyber Science and Technology, Shandong University, Qingdao, Shandong, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; Quan Cheng Shandong Laboratory, Jinan, China

DOI:

https://doi.org/10.46586/tosc.v2024.i4.1-37

Keywords:

Mixing layer, Permutations, Branch number, Column parity mixer (CPM), Gaston, Ascon

Abstract

The circulant twin column parity mixer (TCPM) is a type of mixing layer for the round function of cryptographic permutations designed by Hirch et al. at CRYPTO 2023. It has a bitwise differential branch number of 12 and a bitwise linear branch number of 4, which makes it competitive in applications where differential security is required. Hirch et al. gave a concrete instantiation of a permutation using such a mixing layer, named Gaston, and showed the best 3-round differential and linear trails of Gaston have much higher weights than those of Ascon. In this paper, we first prove why the TCPM has linear branch number 4 and then show that Gaston’s linear behavior is worse than Ascon for more than 3 rounds. Motivated by these facts, we aim to enhance the linear security of the TCPM. We show that adding a specific set of row cyclic shifts to the TCPM can make its differential and linear branch numbers both 12. Notably, by setting a special relationship between the row shift parameters of the modified TCPM, we obtain a special kind of mixlayer called the symmetric circulant twin column parity mixer. The symmetric TCPM has a unique design property that its differential and linear branch histograms are the same, which makes the parameter selection process and the security analysis convenient. Using the symmetric TCPM, we present two new 320-bit cryptographic permutations, namely (1) Gaston-S where we replace the mixing layer in Gaston with the symmetric TCPM and (2) SBD which uses a low-latency degree-4 S-box as the non-linear layer and the symmetric TCPM as the mixing layer. We evaluate the security of these permutations considering differential, linear and algebraic analysis, and then provide the performance comparison with Gaston in both hardware and software. Our results indicate that Gaston-S and SBD are competitive with Gaston in both security and performance.

Downloads

Published

2024-12-18

Issue

Vol. 2024 No. 4

Section

Articles

License

Copyright (c) 2024 Hao Lei, Raghvendra Rohit, Guoxiao Liu, Jiahui He, Mohamed Rachidi, Keting Jia, Kai Hu, Meiqin Wang

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Symmetric Twin Column Parity Mixers and Their Applications. (2024). IACR Transactions on Symmetric Cryptology, 2024(4), 1-37. https://doi.org/10.46586/tosc.v2024.i4.1-37