Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ExpanderGraph-128: A Novel Graph-Theoretic Block Cipher with Formal Security Analysis and Hardware Implementation

W. A. Susantha Wijesinghe

Abstract

Lightweight block cipher design has largely focused on incremental optimization of established paradigms such as substitution--permutation networks, Feistel structures, and ARX constructions, where security derives from the algebraic complexity of individual components. We propose a different approach based on \emph{expander-graph interaction networks}, where diffusion and security arise from sparse structural connectivity rather than component sophistication. We present \textbf{ExpanderGraph-128 (EGC128)}, a 128-bit block cipher constructed as a 20-round balanced Feistel network. Each round applies a 64-bit nonlinear transformation governed by a 3-regular expander graph whose vertices execute identical 4-input Boolean functions on local neighborhoods. Security analysis combines MILP-based differential bounds, proven optimal through 10 rounds via SCIP, establishing 147.3-bit differential security and conservatively extrapolating to 413 bits for the full cipher. Linear analysis provides MILP bounds of $\geq 2^{145}$, while related-key evaluation shows no free rounds for any nonzero key difference. Additional tests confirm rapid algebraic degree growth and the absence of invariant affine subspaces. Implementation results demonstrate practical efficiency. FPGA synthesis on Xilinx Artix-7 achieves 261~Mbps at 100~MHz using only 380 LUTs, while ARM Cortex-M4F software requires 25.8~KB Flash and 1.66~ms per encryption. These results show that expander-graph-driven diffusion provides a promising design methodology for lightweight cryptography.

ExpanderGraph-128: A Novel Graph-Theoretic Block Cipher with Formal Security Analysis and Hardware Implementation

Abstract

Lightweight block cipher design has largely focused on incremental optimization of established paradigms such as substitution--permutation networks, Feistel structures, and ARX constructions, where security derives from the algebraic complexity of individual components. We propose a different approach based on \emph{expander-graph interaction networks}, where diffusion and security arise from sparse structural connectivity rather than component sophistication. We present \textbf{ExpanderGraph-128 (EGC128)}, a 128-bit block cipher constructed as a 20-round balanced Feistel network. Each round applies a 64-bit nonlinear transformation governed by a 3-regular expander graph whose vertices execute identical 4-input Boolean functions on local neighborhoods. Security analysis combines MILP-based differential bounds, proven optimal through 10 rounds via SCIP, establishing 147.3-bit differential security and conservatively extrapolating to 413 bits for the full cipher. Linear analysis provides MILP bounds of , while related-key evaluation shows no free rounds for any nonzero key difference. Additional tests confirm rapid algebraic degree growth and the absence of invariant affine subspaces. Implementation results demonstrate practical efficiency. FPGA synthesis on Xilinx Artix-7 achieves 261~Mbps at 100~MHz using only 380 LUTs, while ARM Cortex-M4F software requires 25.8~KB Flash and 1.66~ms per encryption. These results show that expander-graph-driven diffusion provides a promising design methodology for lightweight cryptography.
Paper Structure (73 sections, 24 equations, 5 figures, 20 tables, 2 algorithms)

This paper contains 73 sections, 24 equations, 5 figures, 20 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Classical Cipher Design Paradigms
  4. Substitution-Permutation Networks
  5. Feistel Structures and ARX Constructions
  6. Limitations of Incremental Optimization
  7. Expander Graphs: Spectral Theory and Mixing
  8. Theoretical Foundations
  9. Cryptographic Potential
  10. Expander-Based Cryptographic Constructions
  11. Theoretical Foundations
  12. Gap in Practical Block Cipher Design
  13. Relation to Goldreich-Type Constructions
  14. Theoretical Foundations
  15. Expander Graphs and Mixing Properties
  16. ...and 58 more sections

Figures (5)

  • Figure 1: 3-regular expander graph topology for the $F_{\text{core}}$ layer (16-vertex subset shown; full cipher uses 64 vertices). Each vertex $i$ connects to three neighbors: $n_1(i) = (i-1) \bmod 64$ (blue), $n_2(i) = (i+1) \bmod 64$ (orange), and $n_3(i) = (i+16) \bmod 64$ (green). Example: vertex 0 (magenta) receives inputs from neighbors 15, 1, and 4 (yellow). Sparse connectivity enables efficient hardware implementation while maintaining rapid mixing through expansion properties. The full cipher employs the identical topology pattern scaled to 64 vertices.
  • Figure 2: Single Feistel round architecture. The 128-bit state $(L_r, R_r)$ transforms to $(L_{r+1}, R_{r+1})$ through branch swap and expander-graph-based nonlinear function $F_{\text{core}}$. The right branch $R_r$ undergoes graph-theoretic diffusion where each of 64 bits applies Rule-A using inputs from three neighbors determined by the 3-regular topology. Round key $RK_r$ combines with the transformed branch via XOR operations to produce $R_{r+1}$, while $L_{r+1}$ receives the unmodified right branch, ensuring invertibility.
  • Figure 3: Key schedule architecture for 20-round ExpanderGraph-128. The 128-bit master key $K$ splits into $K_{\text{high}}$ and $K_{\text{low}}$. The upper 64 bits initialize a maximal-period LFSR with primitive polynomial $x^{64} + x^4 + x^3 + x + 1$, generating evolving state $S_r$ through shift-and-XOR operations with feedback taps at positions $\{0, 1, 3, 4\}$. Round key $RK_r$ derives from three-way XOR: the constant lower key half $K_{\text{low}}$, current LFSR state $S_r$, and round-specific constant $RC_r$ extracted from $\pi$ digits. This lightweight design requires no S-box lookups while ensuring unique keys across all rounds.
  • Figure 4: MILP differential analysis results showing: (a) the cumulative growth of active Rule-A nodes across rounds, demonstrating two-phase behavior with super-linear expansion followed by saturation approach; and (b) the per-round activation increments, highlighting the progression toward full saturation at 64 nodes per round.
  • Figure 5: Avalanche diffusion progression for single-bit input differences across 20 rounds, averaged over 8,192 trials (64 key-plaintext pairs $\times$ 128 input bits). The cipher exhibits two phases: rapid expansion (rounds 1--10) achieving 25% diffusion through graph expansion properties, and saturation approach (rounds 10--20) converging to 49% by round 20 (within 1% of the 50% ideal for random permutations). Dashed line indicates theoretical maximum.