,1t))

) .

;

&
;

alG
ak
&

U !U D

,
)
!

;
;

:$Unh.h



: U ?
o L

/

:t:
;
)

)

/at,
g(V a
/ )

(al,av )

( 1, 4 )
d

.
;( 1 t ?)

(, T t
9 :
9lc
a v
= / 9

9 i

9 c) l (
C
(!)
kak)= ccW 1,- , t)=
) Ia! a

a

c ).,(X -/X= k Q

/ <

t 1 ( I ) ak)= aI/ ., 1.H K)
,
,
n( a .9 ak
)
, k h: cJ .,

kck at
:
: :
;: a
( , k) h)t
) X

$r @ K u
r

av ak
4q )

J, hh..
i
, /
9 k CU nlcl

n
C
i
(ak
a l
)
.
tv; , a q4 Qk / (a 4m,

F) : v

.
n::

(:
:(a i:) :4
: ; l:::: :
::
9i, :
( r. i b U+ 4 4 ,ak, a / <
rJ+ A

)/ tI) n
o
4 n aV(
at, a z/

t 1. i
a6) p

a

) a(aI/ / t) C a ,t0
/ Ca k) )
2a

(

(




p

e



4
i
-i
:
L:i

:: )

lr



a y, ) x

Ph 9
c

; 69:: 6: :t : ;;;:: . )

. u Y )v , U

9) 3)=
C P tc
.ht ?

 u

u*
4
u

Y:
)
Kt LhT
6
i

e : ,

\I - ?<2 J a


(
,% t a

4 P k - /J ,Y2/ 2 t a
+ + I= ( raI, a )
X n

t /
:

L
V
6 (

a

p:: :.: U

a ( + + ra

=

)+ ) Uv+

$
mh l/n

4

m ) . U
l b

(m,m



U)

L



u4 uu )

;
lkrR
! = i 4 ta r9
!+
a r
Ui 9,

U h+

/ i

c k v . V a; (6i I

)f \:;:

.. 1
b ) (j!

a: )

(o!
!; : : b
x :: r : vt

)

X )


:9;:
(a ( ;

a $ (i n1 )

b q
: e
.Je
U
..(.,
P k (
e H
::::,

l/C Qn r
ur
v ( q

l(

(

/ 4 k

+t

6

D
 I
Add:t Untab eUfZ4 Mu t p ication tab eUfZ4

U 1 2 3 U 2 3
U U 2 3 U U U U @
2 3 U @ 2 3
2 2 3 U 2 3 2 U 2
3 3 U 2 3 @ 3 2 1

AdditiUntab eUfZ5 Mu tip icat Untab eofZ5

U 2 3 4 2 3 4
@ l 2 3 4 @ @ @ @
2 3 4 @ U 2 3 4
2 2 3 4 @ 2 4 3
.

3 4 @ 2 U 3 4 2
4 4 U 2 U 4 3 2

AdditiUntab eUfZ6 Mu tip cation tab eUfZ6

U 2 3 4 5 U 1 2
3 4 5
U U 2 3 4 5 9 U @ U 9 @ U
1 2 3 4 5 @ U 2 3 4 5
2 2 3 4 5 9 2 2 4 U 2 4

3 3 4 U 2 3 @ 3 8 3 @ 3
4 4 5 @ 1 2 3 4 9 4 2 U 4 2
5 5 1 2 3 4 5 @ 5 4 3 2 l

4. U 2 arewithUut rnu tip cativeinverseinZ4

are
U,2,3 4 thUutmu tip cativeinverseinZ6.
Because5iScoprimetUa nonzerUe ements inZ5.Fora x,x:sanonzerUe ement inZ5,wecanfindintge bsuch

thatax+5b=1thrUugheuc deana gU thm.

ft

:rf

rr) l:

:
a :

::
.

C :

i ?
: n
<::
I

?.:

D r i
:-.r

;<: ),:

? ;fr
, !/:
r.

-
:
)
Zt, lt, d , C /

Vt
k: :

2 D .

c u
H

.

h C

.
, e

a
(

p

(

(,
U oo o :

o
o U
U
U
U U
i: f
.

v vU

UUio r 1. 3 i
/

U U I U / oi l
U U

9. \
.

( (

) Pr

2 k
m


(
n

P -,
+ c U , . P

S =P
?

.
o

P Fu UP
.
I

P
.

P
: = P




9

2 U $

?

J
( f/ , e pzt %t

h P 2
P

r-

C k

> p U
a

U
o U -

+ h R
9,= o
U
Sq i !;; :9; <

9(: t
t

9




L
.

i 6

/

/

2
 c J
eh P

nc r
)

 PrUceed:ngSofthe9thWS AS nterna1ona ConferenceonAPPL D NFURMA
CSANDCUMMVN UNS(A C 9)
CA

impIemented as a 1 b Ie shii fUllUwed by a flgure4ThegatecUuntUfth uementatlUn(u ng

cUn t nal bitwise XUR with (UUUl1Ul1),w ch CUmun nalcirculsUnl asshUwn in ig. ) as
4
represents X3+X+1). fUllUws:8XURstUcalculate(sU slDincqtlatbn
6.l), sU 32 XURs are req red fUr the same

calculatiUns in equajUns4.
) If =U
(2)

(UUUl1U11)If 7=1 b2 b1 1J

hIt1lt icatiUnbyahigherpUwerUfxca beachieved

by repeated app ca Un Ufequa Un (2). By adding
mm cU t
t

3 MixcUlum SImplement U C9 C6 C 4 C3 C2 1 C
Thc fUrward mix cUl mn tra fUrInat n (i
e cryPI. prUcess9,calledmixcUlu s,Uperates
UneachcUlulIm in vidually.Eachb eUfacUlllml Fig.4.x* ImPleme tatiU (C=U2*B)
is lnappedintUane valuethat isafuIlctiUnUfa11
fUufb es in thatcUluIlm.ThetransfUli1 a Uncanbe AddiiUnal 8 XUR6 are needcd tU calculate Tmp.
deflnedbythefUllUwingmatnxmtll plcajUnUn 3XURsarereq redtUcalculate2*(sUjUsl in

&

equat (4.1)sUweneed12XURsfUrthesame
EU
e.

a2113

n
uhv

0oo0

00o0

calculauUns in equaHUns 4. Fh ly wc need an 8

%
132l

mm

XURs(with3 puts9URl6XURs(with2puts9tU
s

calc ate(s Uj) cquat (4.l),sUweneed32

s

XURs(with3input UR64XURs(witl12 uts9tU

calculate equatiUns 4. inally wc can implemcnt
Each element in the prUduct mat x is thc suln Uf
prUductsUfelementsUfUnerUwandUilecUlulIln.In
thiscase,theindividualaddijUnsandmultiplicatiUns
areperfUrIned G
8).


tUtal84XUR9.
TheIIllxcUlumStraIlsfUrIna UnUnas glecUluiIln Ill g. ,theblUcklabeledMulby )means muhply
o( 39UfSta canbeexpressedas:- its inputby2usi gthcimplementa UnshUwIl inflg.
S Uj= *Soj) *slj) s2j s3j 4(us g3XURgates9.EachaIUwfepresent8bi
S lj=SUj
*sIj).(3*s2j) s3j and eachblUcksuch as S Ijrepresent 8 wireshUlds
*S2j) (3*s3j)
S 2j=SUj
. S
) valuesUfS Ij

= *sU5) slj s2j (2*s3j) The i verse mk cUl m transfUr a U (i

s 3

dec PtiUn prUcess> callcd InvMix CUluIIlns, is

As lruxcUlumsUnlyrequiresInult iica UIlby U2

ned

ich,as
pl

..,

and U3 , ehaveseen,invUlveds ple

nssss

shiis,cUnd UnalXURs,andXURs.T scanbe

,l,2,

LmpleInentcdinaIllUreefflcientwaYthatel munates
theshiftsandcU di UnalXU .EquatiUnSet )
,

shUws the equbnS fUr thc ix cUlulIllls

transfUmat nUnasinglecUlulIm.U ngtheidentiy
Each element in the prUduct matrix is the sum Uf
U .x=( U2 .x)x,wecanrewr eequajUnSet
(3)asfUIlUws:
prUductsUfelcmentsUfUnerUlvandUnccUluInn.In
thiscase,theindividualaddijUnsandInuIjphcauU s
Tmp=sUj slj s2j s3j
areperfU 11ledin GF(2b.The
mixcUlulrlns
S Uj=SUj Tmp 2*(sU sl )
transfUmatiUn Un a singIe cUlumn ( 3) Uf
lj=Sl Tmp u*(sli.s2j)

S
Statecanbecxpressedas:-
S 2j=S2j Tmp u*(s2j.s3j) Uj=(UE*Soj) V(UB*slj) V(UD*s2j)
S (U,*s )
S 3j=S3. Tlnp :2*(s3jUsUj) shj=(U9*sUi) (UE*sIJ))(UB*s2.) UD*s3J)

ultiplicatiUn by U2 equivalents tU multiply by x
s =(UD*sUj) (U,*slj) D(UE*s2j) (UB*s3j)(S)
whichcanbeimplementedusingequauUn (2) as in B*SU)U(UD*sl ) 9*s2) (UPs3p
S j=

SSN:179U 51 9
256 ISBN:978-96U 74-1U7-6
:;:: :4





V



:
F

: t:

.u

N

,

iQ
v

>

i

v


 6 .

:





fcc )
&


J
U

;i(
+/

e t ck
4r :

9

a (,

i 9

i <,,.r 9

\ p

:::,


.



i., t
e >r nt

j !

+l
t

t


r1 lt (9 4; r:ov

CB C ic 6 UFg
rTl

(

v
K i

e m .


,,a Li
X
P (hY

;
c
u




:::::::::: :;:9:;:::::i: alk+

sL , p =
(
p U