Patent•

# A method for linear transformation in substitution-permutation network symmetric-key block cipher

17 Jun 2011-

TL;DR: In this paper, the authors presented a method of linear transformation in substitution-permutation network symmetric-key block cipher (SPSC) for key-dependent MDS matrices.

Abstract: One embodiment of the present invention is a method of linear transformation in Substitution-Permutation Network symmetric-key block cipher producing n x n key-dependent MDS matrices from given n x n MDS matrix by scalar multiplication and permutations of elements of given matrix where multiplicative scalar and permutations are derived from binary inputs of length l . The method comprising deriving multiplicative scalar from binary input; multiplying given matrix with multiplicative scalar, producing first intermediate matrix; deriving first permutation of n objects from binary input; permuting rows of first intermediate matrix according to first permutation, producing second intermediate matrix; deriving second permutation of n objects from binary input; and permuting columns of second intermediate matrix according to second permutation to produce final MDS matrix. Another embodiment of the present invention is a method of linear transformation in Substitution-Permutation Network symmetric-key block cipher producing n x n key-dependent MDS matrices from given n x n MDS matrix by scalar multiplication and permutations of elements of given matrix where multiplicative scalar and permutations are derived from binary inputs of length l . The method comprising deriving multiplicative scalar from the key (202); multiplying given matrix with multiplicative scalar to produce first intermediate matrix (204); deriving first permutation of n objects from the key (206); permuting rows of first intermediate matrix according to first permutation to produce second intermediate matrix (208); deriving second permutation of n objects from the key (304); and permuting columns of second intermediate matrix according to second permutation (212) to produce final MDS matrix (214).

##### Citations

More filters

•

Artemis

^{1}TL;DR: In this paper, a ring cam and a plurality of working chambers are mounted to rotate relative to each other, cycles of working chamber volume being coupled to rotation of the ring cam relative to the working chambers.

Abstract: A fluid-working machine for a renewable energy generation device, the fluid-working machine comprising a ring cam and a plurality of working chambers, the ring cam having an annular working surface extending around an axis of rotation of the ring cam, the annular working surface defining a plurality of waves, each working chamber having a piston, each piston in operative engagement with the ring cam working surface, the ring cam and working chambers being mounted to rotate relative to each other, cycles of working chamber volume being thereby coupled to rotation of the ring cam relative to the working chambers, characterised in that the individual waves of the ring cam working surface have an asymmetric profile.

14 citations

•

Artemis

^{1}TL;DR: In this paper, a ring cam is formed from a plurality of segments, including a leading cooperating formation (46) and a trailing cooperating formation(40), with a piston facing surface which forms part of the working surface at a leading end, and which is recessed from the working surfaces at a trailing end.

Abstract: A ring cam (1 ) for a fluid-working machine is formed from a plurality of segments. (5, 7) The segments have piston facing surfaces (15, 16)together defining a working surface of the fluid-working machine. The segments comprise a leading cooperating formation (46) which has a piston facing surface which forms part of the working surface, at a trailing end, and which is recessed from the working surface at a leading end, and a trailing cooperating formation (40) which has a piston facing surface which forms part of the working surface at a leading end, and which is recessed from the working surface at a trailing end. The cooperating formations interlock and rollers (9) are thereby handed over smoothly from one segment to the next irrespective of slight variations in alignment due to manufacturing tolerance or wear. The segments having piston facing surfaces which are in compressive stress such as to partially or fully compensate for tensile stress arising from the action of rollers in use. The segments form a wavelike cam surface and attachment means (3) are provided, through the working surface, on whichever of the leading or trailing surfaces thereof is subject to lowest forces from pistons in use.

12 citations

••

01 Oct 2015

TL;DR: Some new results on direct exponent transformation are presented to show the k* number (cycle) that direct p exponent of the MDS matrix fork times results in the original M DS matrix, which has important applications in block ciphers.

Abstract: MDS code has been studied for a long time in the theory of error-correcting code and has been applied widely in cryptography. Some authors studied and proposed some methods for constructing MDS matrices which do not based on MDS code. Some MDS matrix transformations have been studied and direct exponent is such a transformation. In this paper we present some new results on direct exponent transformation to show the k* number (cycle) that direct p exponent of the MDS matrix fork times results in the original MDS matrix. In addition, the results are shown to have important applications in block ciphers.

3 citations

••

01 Jun 2017

TL;DR: The process of encryption and decryption by dynamic MDS matrices is proven to be calculated more quickly by salvaging the original M DS matrices.

Abstract: MDS (Maximum Distance Separable) matrices have an important role in the design of block ciphers and hash functions. The methods for transforming an MDS matrix into other ones to create dynamic MDS matrix for use have been proposed by many authors in the literature. In this paper, dynamic MDS matrices generated from direct exponent and scalar multiplication transformations are studied in the term of calculating effectively the outputs of the dynamic MDS matrices based on original MDS matrices when the inputs are known, as well as the calculating effectively the inputs of the dynamic MDS matrices based on original MDS matrices when the outputs are known. The process of encryption and decryption by dynamic MDS matrices is proven to be calculated more quickly by salvaging the original MDS matrices. In addition, a way for calculating quickly the direct exponent of MDS matrices based on a lookup table is presented.

2 citations

##### References

More filters

•

10 Dec 2001

TL;DR: In this article, the authors proposed a white-box encryption scheme, where the attacker has total visibility into software implementation and execution and can observe even minor aspects of the algorithm's execution.

Abstract: Existing encryption systems are designed to protect secret keys or other data under a "black box attack, where the attacker may examine the algorithm, and various inputs and outputs, but has no visibility into the execution of the algotitm itself. However, it has been shown that the black box model is generally unrealistic, and that attack efficiency rises dramatically if the attacker can observe even minor aspects of the algorithm's execution. The invention protects software from a "white-box attack", where the attacker has total visibility into software implementation and execution. In general, this is done by encoding the software and widely diffusing sites of information transfer and/or combination and/or loss. Other embodiments of the invention include : the introduction of lossy subcomponents, processing inputs and outputs with random cryptographic functions, and representing algorithmic steps or components as tables, which permits encoding to be represented with arbitrary nonlinear bijections.

151 citations

•

Qualcomm

^{1}TL;DR: In this article, a block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored, and the encrypted data is then stored in the memory location.

Abstract: A block cipher is provided that secures data by encrypting it based on the memory address where it is to be stored. When encrypting data for storage in the memory address, the memory address is encrypted in a first plurality of block cipher rounds. Data round keys are generated using information from the first plurality of block cipher rounds. Data to be stored is combined with the encrypted memory address and encrypted in a second plurality of block cipher rounds using the data round keys. The encrypted data is then stored in the memory location. When decrypting data, the memory address is again encrypted as before while the encrypted stored data is decrypted in a second plurality of the block cipher rounds using the data round keys to obtain a partially decrypted data. The partially decrypted data is combined with the encrypted memory address to obtain fully decrypted data.

59 citations

•

29 Aug 2007TL;DR: In this article, the authors proposed a high-security cryptographic processing apparatus that increases difficulty in analyzing the key of a common-key-block cipher, and a method therefor, to realize cryptographic processing whereby resistance to linear cryptanalysis attacks in the Common-Key-Block cipher is improved.

Abstract: The invention realizes a high-security cryptographic processing apparatus that increases difficulty in analyzing its key and a method therefor. In Feistel-type common-key-block cryptographic processing that repeatedly executes an SPN-type F-function having the nonlinear conversion section and the linear conversion section over a plurality of rounds, Linear conversion processing of an F-function corresponding to each of the plurality of rounds is carried out by linear conversion processing that applies square MDS (Maximum Distance Separable) matrices. The invention uses a setting that arbitrary m column vectors included in inverse matrices of square MDS matrices being set up at least in consecutive even-numbered rounds and in consecutive odd-numbered rounds, respectively, constitute a square MDS matrix. This structure realizes cryptographic processing whereby resistance to linear cryptanalysis attacks in the common-key-block cipher is improved.

34 citations

••

28 Nov 2002TL;DR: In this paper, the authors describe the efficient implementation of Maximum Distance Separable (MDS) mappings and Substitution-boxes (S-boxes) in gate-level hardware for application to Substitution Permutation Network (SPN) block cipher design.

Abstract: This paper describes the efficient implementation of Maximum Distance Separable (MDS) mappings and Substitution-boxes (S-boxes) in gate-level hardware for application to Substitution-Permutation Network (SPN) block cipher design Different implementations of parameterized MDS mappings and S-boxes are evaluated using gate count as the space complexity measure and gate levels traversed as the time complexity measure On this basis, a method to optimize MDS codes for hardware is introduced by considering the complexity analysis of bit parallel multipliers We also provide a general architecture to implement any invertible S-box which has low space and time complexities As an example, two efficient implementations of Rijndael, the Advanced Encryption Standard (AES), are considered to examine the different tradeoffs between speed and time

15 citations

•

TL;DR: Ghulam Murtaza, Nassar Ikram as discussed by the authors presented an idea of direct exponent and direct square of a matrix and showed that direct exponent may not be an MDS matrix.

Abstract: Ghulam Murtaza, Nassar Ikram 1,2 National University of Sciences and Technology, Pakistan azarmurtaza@hotmail.com dr_nassar_ikram@yahoo.com Abstract. An MDS matrix is an important building block adopted by different algorithms that provides diffusion and therefore, has been an area of active research. In this paper, we present an idea of direct exponent and direct square of a matrix. We prove that direct square of an MDS matrix results in an MDS matrix whereas direct exponent may not be an MDS matrix. We also delineate direct exponent class and scalar multiplication class of an MDS matrix and determine the number of elements in these classes. In the end, we discuss the standing of design properties of a cryptographic primitive by replacing MDS matrix by dynamic one.

8 citations