Author

# Mahdi Sajadieh

Other affiliations: Isfahan University of Technology, Islamic Azad University

Bio: Mahdi Sajadieh is an academic researcher from Islamic Azad University, Isfahan. The author has contributed to research in topics: Block cipher & MDS matrix. The author has an hindex of 4, co-authored 11 publications receiving 152 citations. Previous affiliations of Mahdi Sajadieh include Isfahan University of Technology & Islamic Azad University.

Topics: Block cipher, MDS matrix, Computer science, Block size, Hash function

##### Papers

More filters

••

19 Mar 2012

TL;DR: This paper proposes a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively Finally, we try to extend our results for up to 8×8 words diffusion layers

76 citations

••

TL;DR: This paper suggests a method that makes an involutory MDS matrix from the Vandermonde matrices and proposes another method for the construction of 2n × 2n Hadamard MDS matrices in the finite field GF(2q).

Abstract: Due to their remarkable application in many branches of applied mathematics such as combinatorics, coding theory, and cryptography, Vandermonde matrices have received a great amount of attention. Maximum distance separable (MDS) codes introduce MDS matrices which not only have applications in coding theory but also are of great importance in the design of block ciphers. Lacan and Fimes introduce a method for the construction of an MDS matrix from two Vandermonde matrices in the finite field. In this paper, we first suggest a method that makes an involutory MDS matrix from the Vandermonde matrices. Then we propose another method for the construction of 2 n × 2 n Hadamard MDS matrices in the finite field GF(2 q ). In addition to introducing this method, we present a direct method for the inversion of a special class of 2 n × 2 n Vandermonde matrices.

46 citations

••

TL;DR: This paper proposes a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer, which is an indication of the highest level of security with respect to linear and differential attacks. We try to extend our results for up to 8×8 words diffusion layers. The proposed diffusion layers only require simple operations such as word-level XORs, rotations, and they have simple inverses. They can replace the diffusion layer of several block ciphers and hash functions in the literature to increase their security, and performance. Furthermore, it can be deployed in the design of new efficient lightweight block ciphers and hash functions in future.

12 citations

••

TL;DR: A new counting method is introduced to find tighter lower bounds for the minimum number of active S-boxes for several consecutive rounds of Rijndael with larger block lengths, and a modified version of RIJndael-192 is proposed for which the minimumNumber of activeS-boxes is more than that of Rio-192.

Abstract: Security against differential and linear cryptanalysis is an essential requirement for modern block ciphers. This measure is usually evaluated by finding a lower bound for the minimum number of active S-boxes. The 128-bit block cipher AES which was adopted by National Institute of Standards and Technology (NIST) as a symmetric encryption standard in 2001 is a member of Rijndael family of block ciphers. For Rijndael, the block length and the key length can be independently specified to 128, 192 or 256 bits. It has been proved that for all variants of Rijndael the lower bound of the number of active S-boxes for any 4-round differential or linear trail is 25, and for 4r ($$r \ge 1$$rź1) rounds 25r active S-boxes is a tight bound only for Rijndael with block length 128. In this paper, a new counting method is introduced to find tighter lower bounds for the minimum number of active S-boxes for several consecutive rounds of Rijndael with larger block lengths. The new method shows that 12 and 14 rounds of Rijndael with 192-bit block length have at least 87 and 103 active S-boxes, respectively. Also the corresponding bounds for Rijndael with 256-bit block are 105 and 120, respectively. Additionally, a modified version of Rijndael-192 is proposed for which the minimum number of active S-boxes is more than that of Rijndael-192. Moreover, we extend the method to obtain a better lower bound for the number of active S-boxes for the block cipher 3D. Our counting method shows that, for example, 20 and 22 rounds of 3D have at least 185 and 205 active S-boxes, respectively.

12 citations

••

TL;DR: This paper introduces a verifiable multi-secret sharing scheme using NTRU cryptosystem which is a post quantum cryptos system based on multivariate polynomials and uses hash functions for verification.

Abstract: The existing secret sharing schemes suffer from resistance against quantum attacks or requirement to a secure channel. In this paper, we introduce a verifiable multi-secret sharing scheme using NTRU cryptosystem which is a post quantum cryptosystem. Our scheme is based on multivariate polynomials and uses hash functions for verification. In addition, our scheme does not require a secure channel and all public data are resistant against quantum attacks.

7 citations

##### Cited by

More filters

••

17 Aug 2014TL;DR: In this paper, a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs is proposed, and a new block cipher called PRIDE is presented.

Abstract: The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count.

125 citations

••

19 Mar 2012

TL;DR: This paper proposes a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively Finally, we try to extend our results for up to 8×8 words diffusion layers

76 citations

••

08 Mar 2015TL;DR: In this article, the authors provide new methods to look for lightweight MDS matrices, and in particular involutory ones, by proving many new properties and equivalence classes for various MDS matrix constructions such as circulant, Hadamard, Cauchy, and Hadhamard-Cauchy.

Abstract: In this article, we provide new methods to look for lightweight MDS matrices, and in particular involutory ones. By proving many new properties and equivalence classes for various MDS matrices constructions such as circulant, Hadamard, Cauchy and Hadamard-Cauchy, we exhibit new search algorithms that greatly reduce the search space and make lightweight MDS matrices of rather high dimension possible to find. We also explain why the choice of the irreducible polynomial might have a significant impact on the lightweightness, and in contrary to the classical belief, we show that the Hamming weight has no direct impact. Even though we focused our studies on involutory MDS matrices, we also obtained results for non-involutory MDS matrices. Overall, using Hadamard or Hadamard-Cauchy constructions, we provide the (involutory or non-involutory) MDS matrices with the least possible XOR gates for the classical dimensions \(4 \times 4\), \(8 \times 8\), \(16 \times 16\) and \(32 \times 32\) in \(\mathrm {GF}(2^4)\) and \(\mathrm {GF}(2^8)\). Compared to the best known matrices, some of our new candidates save up to 50 % on the amount of XOR gates required for an hardware implementation. Finally, our work indicates that involutory MDS matrices are really interesting building blocks for designers as they can be implemented with almost the same number of XOR gates as non-involutory MDS matrices, the latter being usually non-lightweight when the inverse matrix is required.

75 citations

••

15 Aug 2012TL;DR: This paper revisits the design strategy of PHOTON lightweight hash family and the work of FSE 2012, in which perfect diffusion layers are constructed by one bundle-based LFSR, and investigates new strategies to constructperfect diffusion layers using more than one Bundle-Based LFSRs.

Abstract: Diffusion layers with maximum branch numbers are widely used in block ciphers and hash functions. In this paper, we construct recursive diffusion layers using Linear Feedback Shift Registers (LFSRs). Unlike the MDS matrix used in AES, whose elements are limited in a finite field, a diffusion layer in this paper is a square matrix composed of linear transformations over a vector space. Perfect diffusion layers with branch numbers from 5 to 9 are constructed. On the one hand, we revisit the design strategy of PHOTON lightweight hash family and the work of FSE 2012, in which perfect diffusion layers are constructed by one bundle-based LFSR. We get better results and they can be used to replace those of PHOTON to gain smaller hardware implementations. On the other hand, we investigate new strategies to construct perfect diffusion layers using more than one bundle-based LFSRs. Finally, we construct perfect diffusion layers by increasing the number of iterations and using bit-level LFSRs. Since most of our proposals have lightweight examples corresponding to 4-bit and 8-bit Sboxes, we expect that they will be useful in designing (lightweight) block ciphers and (lightweight) hash functions.

71 citations

••

20 Mar 2016TL;DR: With this method, it is shown that circulant involutory MDS matrices, which have been proved do not exist over the finite field $$\mathbb {F}_{2^m}$$, can be constructed by using non-commutative entries.

Abstract: In the present paper, we investigate the problem of constructing MDS matrices with as few bit XOR operations as possible. The key contribution of the present paper is constructing MDS matrices with entries in the set of $$m\times m$$ non-singular matrices over $$\mathbb {F}_2$$ directly, and the linear transformations we used to construct MDS matrices are not assumed pairwise commutative. With this method, it is shown that circulant involutory MDS matrices, which have been proved do not exist over the finite field $$\mathbb {F}_{2^m}$$, can be constructed by using non-commutative entries. Some constructions of $$4\times 4$$ and $$5\times 5$$ circulant involutory MDS matrices are given when $$m=4,8$$. To the best of our knowledge, it is the first time that circulant involutory MDS matrices have been constructed. Furthermore, some lower bounds on XORs that required to evaluate one row of circulant and Hadamard MDS matrices of order 4 are given when $$m=4,8$$. Some constructions achieving the bound are also given, which have fewer XORs than previous constructions.

57 citations