Paper 2023/799

Twin Column Parity Mixers and Gaston - A New Mixing Layer and Permutation

Solane El Hirch, Radboud University Nijmegen
Joan Daemen, Radboud University Nijmegen
Raghvendra Rohit, Technology Innovation Institute
Rusydi H. Makarim
Abstract

We introduce a new type of mixing layer for the round function of cryptographic permutations, called circulant twin column parity mixer (CPM), that is a generalization of the mixing layers in KECCAK-f and XOODOO. While these mixing layers have a bitwise differential branch number of 4 and a computational cost of 2 (bitwise) additions per bit, the circulant twin CPMs we build have a bitwise differential branch number of 12 at the expense of an increase in computational cost: depending on the dimension this ranges between $3$ and $3.34$ XORs per bit. Our circulant twin CPMs operate on a state in the form of a rectangular array and can serve as mixing layer in a round function that has as non-linear step a layer of S-boxes operating in parallel on the columns. When sandwiched between two ShiftRow-like mappings, we can obtain a columnwise branch number of 12 and hence it guarantees 12 active S-boxes per two rounds in differential trails. Remarkably, the linear branch numbers (bitwise and columnwise alike) of these mappings is only 4. However, we define the transpose of a circulant twin CPM that has linear branch number of 12 and a differential branch number of 4. We give a concrete instantiation of a permutation using such a mixing layer, named Gaston. It operates on a state of $5 \times 64$ bits and uses $\chi$ operating on columns for its non-linear layer. Most notably, the Gaston round function is lightweight in that it takes as few bitwise operations as the one of NIST lightweight standard ASCON. We show that the best 3-round differential and linear trails of Gaston have much higher weights than those of ASCON. Permutations like Gaston can be very competitive in applications that rely for their security exclusively on good differential properties, such as keyed hashing as in the compression phase of Farfalle.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2023
Keywords
Mixing layerPermutationsBranch numberColumn parity mixer (CPM)ASCON
Contact author(s)
solane elhirch @ ru nl
joan @ cs ru nl
raghvendra rohit @ tii ae
rusydi @ makarim id
History
2023-06-06: revised
2023-05-31: received
See all versions
Short URL
https://ia.cr/2023/799
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/799,
      author = {Solane El Hirch and Joan Daemen and Raghvendra Rohit and Rusydi H. Makarim},
      title = {Twin Column Parity Mixers and Gaston - A New Mixing Layer and Permutation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/799},
      year = {2023},
      url = {https://eprint.iacr.org/2023/799}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.