Perfect diffusion primitives for block ciphers
09 Aug 2004-Vol. 3357, pp 84-99
TL;DR: This paper considers software implementations on various platforms of linear perfect diffusion primitives to construct efficient 4 × 4 and 8 × 8 MDS matrices to be used e.g. in block ciphers.
Abstract: Although linear perfect diffusion primitives, i.e. MDS matrices, are widely used in block ciphers, e.g. AES, very little systematic work has been done on how to find “efficient” ones. In this paper we attempt to do so by considering software implementations on various platforms. These considerations lead to interesting combinatorial problems: how to maximize the number of occurrences of 1 in those matrices, and how to minimize the number of pairwise different entries. We investigate these problems and construct efficient 4 × 4 and 8 × 8 MDS matrices to be used e.g. in block ciphers.
Citations
More filters
01 Jan 2003
TL;DR: Whirlpool, a 512-bit hash function operating on messages less than 2 bits in length, is presented, designed according to the Wide Trail strategy and permits a wide variety of implementation tradeoffs.
Abstract: We present Whirlpool, a 512-bit hash function operating on messages less than 2 bits in length. The function structure is designed according to the Wide Trail strategy and permits a wide variety of implementation tradeoffs. (Revised on May 24, 2003)
239 citations
Book•
30 Oct 2011
TL;DR: This book provides a technically detailed, yet readable, account of the state of the art of block cipher analysis, design, and deployment and provides an overview of some of the most important cryptanalytic methods.
Abstract: Block ciphers encrypt blocks of plaintext, messages, into blocks of ciphertext under the action of a secret key, and the process of encryption is reversed by decryption which uses the same user-supplied key. Block ciphers are fundamental to modern cryptography, in fact they are the most widely used cryptographic primitive useful in their own right, and in the construction of other cryptographic mechanisms. In this book the authors provide a technically detailed, yet readable, account of the state of the art of block cipher analysis, design, and deployment. The authors first describe the most prominent block ciphers and give insights into their design. They then consider the role of the cryptanalyst, the adversary, and provide an overview of some of the most important cryptanalytic methods. The book will be of value to graduate and senior undergraduate students of cryptography and to professionals engaged in cryptographic design. An important feature of the presentation is the authors' exhaustive bibliography of the field, each chapter closing with comprehensive supporting notes.
186 citations
Cites background from "Perfect diffusion primitives for bl..."
...Descriptions and surveys [185, 189, 217, 436, 551] Selected cryptanalysis [87, 158, 204, 240, 305, 457, 501, 605] Design insights [25, 26, 159, 189, 241, 341, 361, 626, 692, 739] Implementation aspects [5, 41, 43, 85, 111, 112, 114, 115, 117, 135, 152] [153, 237, 242, 263, 264, 275, 368, 422, 462, 465] [513, 467, 490, 519, 584, 585, 655, 656, 657, 696] [693, 706, 707, 710]...
[...]
...4 Junod and Vaudenay [341] suggest that different choices of MDS matrix might be better in this respect....
[...]
09 Aug 2004
TL;DR: The main features of this design, besides a very high security level, are a large implementation flexibility on various platforms as well as high performances and a new design of strong and efficient key-schedule algorithms.
Abstract: In this paper, we describe the design of a new family of block ciphers based on a Lai-Massey scheme, named FOX. The main features of this design, besides a very high security level, are a large implementation flexibility on various platforms as well as high performances. In addition, we propose a new design of strong and efficient key-schedule algorithms. We provide evidence that FOX is immune to linear and differential cryptanalysis, and we discuss its security towards integral cryptanalysis, algebraic attacks, and other attacks.
121 citations
19 Mar 2012
TL;DR: This paper proposes a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.
Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively Finally, we try to extend our results for up to 8×8 words diffusion layers
76 citations
Additional excerpts
...Another approach which is not recursive was picked by Junod and Vaudenay in [8] to design efficient MDS matrices....
[...]
08 Mar 2015
TL;DR: In this article, the authors provide new methods to look for lightweight MDS matrices, and in particular involutory ones, by proving many new properties and equivalence classes for various MDS matrix constructions such as circulant, Hadamard, Cauchy, and Hadhamard-Cauchy.
Abstract: In this article, we provide new methods to look for lightweight MDS matrices, and in particular involutory ones. By proving many new properties and equivalence classes for various MDS matrices constructions such as circulant, Hadamard, Cauchy and Hadamard-Cauchy, we exhibit new search algorithms that greatly reduce the search space and make lightweight MDS matrices of rather high dimension possible to find. We also explain why the choice of the irreducible polynomial might have a significant impact on the lightweightness, and in contrary to the classical belief, we show that the Hamming weight has no direct impact. Even though we focused our studies on involutory MDS matrices, we also obtained results for non-involutory MDS matrices. Overall, using Hadamard or Hadamard-Cauchy constructions, we provide the (involutory or non-involutory) MDS matrices with the least possible XOR gates for the classical dimensions \(4 \times 4\), \(8 \times 8\), \(16 \times 16\) and \(32 \times 32\) in \(\mathrm {GF}(2^4)\) and \(\mathrm {GF}(2^8)\). Compared to the best known matrices, some of our new candidates save up to 50 % on the amount of XOR gates required for an hardware implementation. Finally, our work indicates that involutory MDS matrices are really interesting building blocks for designers as they can be implemented with almost the same number of XOR gates as non-involutory MDS matrices, the latter being usually non-lightweight when the inverse matrix is required.
75 citations
References
More filters
Book•
01 Jan 1977
TL;DR: This book presents an introduction to BCH Codes and Finite Fields, and methods for Combining Codes, and discusses self-dual Codes and Invariant Theory, as well as nonlinear Codes, Hadamard Matrices, Designs and the Golay Code.
Abstract: Linear Codes. Nonlinear Codes, Hadamard Matrices, Designs and the Golay Code. An Introduction to BCH Codes and Finite Fields. Finite Fields. Dual Codes and Their Weight Distribution. Codes, Designs and Perfect Codes. Cyclic Codes. Cyclic Codes: Idempotents and Mattson-Solomon Polynomials. BCH Codes. Reed-Solomon and Justesen Codes. MDS Codes. Alternant, Goppa and Other Generalized BCH Codes. Reed-Muller Codes. First-Order Reed-Muller Codes. Second-Order Reed-Muller, Kerdock and Preparata Codes. Quadratic-Residue Codes. Bounds on the Size of a Code. Methods for Combining Codes. Self-dual Codes and Invariant Theory. The Golay Codes. Association Schemes. Appendix A. Tables of the Best Codes Known. Appendix B. Finite Geometries. Bibliography. Index.
10,083 citations
TL;DR: A theory of secrecy systems is developed on a theoretical level and is intended to complement the treatment found in standard works on cryptography.
Abstract: THE problems of cryptography and secrecy systems furnish an interesting application of communication theory.1 In this paper a theory of secrecy systems is developed. The approach is on a theoretical level and is intended to complement the treatment found in standard works on cryptography.2 There, a detailed study is made of the many standard types of codes and ciphers, and of the ways of breaking them. We will be more concerned with the general mathematical structure and properties of secrecy systems.
8,777 citations
01 Jan 2002
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Abstract: From the Publisher:
In October 2000, the US National Institute of Standards and Technology selected the block cipher Rijndael as the Advanced Encryption Standard (AES). AES is expected to gradually replace the present Data Encryption Standard (DES) as the most widely applied data encryption technology.|This book by the designers of the block cipher presents Rijndael from scratch. The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked. Subsequent chapters review all known attacks against the Rijndael structure and deal with implementation and optimization issues. Finally, other ciphers related to Rijndael are presented.|This volume is THE authoritative guide to the Rijndael algorithm and AES. Professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
2,140 citations
Book•
01 Jan 2001
TL;DR: Simplified variants that omit a quadratic function and a fixed rotation in RC6 are examined to clarify their essential contribution to the overall security of RC6.
Abstract: RC6 has been submitted as a candidate for the Advanced Encryption Standard (AES). Two important features of RC6 that were absent from its predecessor RC5 are a quadratic function and a fixed rotation. By examining simplified variants that omit these features we clarify their essential contribution to the overall security of RC6.
1,487 citations