• Posted on

Research on Centralized Operation of S-Box Parameter Integration Method

Based on the known truth table of an S-box output, the vector representation of the algebraic polynomial for y1 can be derived by XORing the corresponding terms from the minimal logical expression of y1. The optimized method requires pre-storing a 22m-bit table, and the time complexity for computing the algebraic polynomial of the S-box output is O(n2²ᵐ). Polynomial interpolation for a function f involves finding, for each possible input value xi, a polynomial fi such that fi(xi) = 1 and fi(xj) = 0 for all xj ≠ xi. This allows the function to be expressed as f(x) = ∑f(xi)fi(x). This approach is also applicable to Boolean functions.

The specific method involves, for each of the 2ᵐ possible m-bit inputs to the S-box, finding a polynomial that evaluates to 1 at that input and 0 elsewhere. For an input x₁x₂...xₘ = a₁a₂...aₘ, the required polynomial is (x₁ - a₁ - 1)(x₂ - a₂ - 1)...(xₘ - aₘ - 1). Thus, for any output bit of the S-box, its polynomial expression becomes the sum of f(a₁,a₂,...,aₘ) multiplied by the above product, which is then expanded and simplified to obtain the desired algebraic polynomial.

The implementation of this polynomial interpolation method aligns with the process of converting a minimal term logical expression into an algebraic form. Similarly, reference <3> applies Lagrange interpolation to derive the Boolean expression of the S-box. Another approach, the algebraic polynomial item-by-item accumulation method, starts by expressing the minimal term logical expression as an algebraic expression over GF(2). Instead of fully expanding each minimal term, it checks whether each m-term exists in the expansion. If the term appears an odd number of times across all minimal expressions, it is included in the final polynomial; otherwise, it is excluded. This way, all 2ᵐ possible terms are evaluated to determine their presence in the final algebraic polynomial.

The time complexity of computing the algebraic polynomial using this method is O(n2²ᵐ). However, the accumulation process can be optimized using XOR operations. Since modern CPUs support at least 16-bit parallel bitwise operations, and most S-box outputs do not exceed 16 bits, the computation can be performed in parallel, reducing the total number of operations to O(2²ᵐ).

The minimal term accumulation method follows a similar logic. Once the minimal term logical expression is converted to an algebraic form, each of the 2ᵐ possible minimal terms is checked against all 2ᵐ input combinations. If a term is present in the expanded polynomial, it is counted. After up to 2²ᵐ counting operations, the final algebraic polynomial is determined, where odd counts correspond to a coefficient of 1 and even counts to 0.

In practice, the algebraic polynomial item-by-item accumulation method is very similar to the minimal term accumulation method. Both require checking 2²ᵐ terms for each S-box output, but they differ in how they perform the evaluation. When analyzing a term like x₁ᵃ¹x₂ᵃ²...xₘᵃᵐ (where aᵢ is 0 or 1), only those minimal terms that contain the variables corresponding to the 1s in the exponent set will contribute to the term. Therefore, there's no need to check all 2ᵐ minimal terms one by one.

The number of minimal terms to evaluate depends on the number of variables in the term, i.e., the number of 1s in the exponents. This reduces the computational load significantly. The method requires n³ᵐ operations, resulting in a time complexity of O(n³ᵐ). A similar approach was proposed by Wei Baodian in <2>, and the Möbius transformation used by Liu Jia et al. in <6> is also based on this principle.

Sanitary Pipe Fittings Series

Sanitary Pipe Fittings Series,Sanitary Pipe Fittings,Sanitary Stainless Steel Elbow,Sanitary Stainless Steel Pipe Fittings

WENZHOU FOREVER CLASSIC TECHNOLOGY CO.,LTD , https://www.fosicvalve.com