# Showing papers on "MDS matrix published in 2015"

••

08 Mar 2015TL;DR: In this article, the authors provide new methods to look for lightweight MDS matrices, and in particular involutory ones, by proving many new properties and equivalence classes for various MDS matrix constructions such as circulant, Hadamard, Cauchy, and Hadhamard-Cauchy.

Abstract: In this article, we provide new methods to look for lightweight MDS matrices, and in particular involutory ones. By proving many new properties and equivalence classes for various MDS matrices constructions such as circulant, Hadamard, Cauchy and Hadamard-Cauchy, we exhibit new search algorithms that greatly reduce the search space and make lightweight MDS matrices of rather high dimension possible to find. We also explain why the choice of the irreducible polynomial might have a significant impact on the lightweightness, and in contrary to the classical belief, we show that the Hamming weight has no direct impact. Even though we focused our studies on involutory MDS matrices, we also obtained results for non-involutory MDS matrices. Overall, using Hadamard or Hadamard-Cauchy constructions, we provide the (involutory or non-involutory) MDS matrices with the least possible XOR gates for the classical dimensions \(4 \times 4\), \(8 \times 8\), \(16 \times 16\) and \(32 \times 32\) in \(\mathrm {GF}(2^4)\) and \(\mathrm {GF}(2^8)\). Compared to the best known matrices, some of our new candidates save up to 50 % on the amount of XOR gates required for an hardware implementation. Finally, our work indicates that involutory MDS matrices are really interesting building blocks for designers as they can be implemented with almost the same number of XOR gates as non-involutory MDS matrices, the latter being usually non-lightweight when the inverse matrix is required.

75 citations

••

TL;DR: This paper introduces a new type of circulant-like matrices which are involutory by construction and they are called Type-II circulants-likeMatrices, which are suitable for lightweight cryptography for d up to 8 and considers orthogonal and involutory properties of such matrices.

Abstract: MDS matrices incorporate diffusion layers in block ciphers and hash functions. MDS matrices are in general not sparse and have a large description and thus induce costly implementations both in hardware and software. It is also nontrivial to find MDS matrices which could be used in lightweight cryptography. In the AES MixColumn operation, a circulant MDS matrix is used which is efficient as its elements are of low hamming weights, but no general constructions and study of MDS matrices from d×d circulant matrices for arbitrary d is available in the literature. In a SAC 2004 paper, Junod et al. constructed a new class of efficient matrices whose submatrices were circulant matrices and they coined the term circulating-like matrices for these new class of matrices. We call these matrices as Type-I circulant-like matrices. In this paper we introduce a new type of circulant-like matrices which are involutory by construction and we call them Type-II circulant-like matrices.
We study the MDS properties of d×d circulant, Type-I and Type-II circulant-like matrices and construct new and efficient MDS matrices which are suitable for lightweight cryptography for d up to 8. We also consider orthogonal and involutory properties of such matrices and study the construction of efficient MDS matrices whose inverses are also efficient. We explore some interesting and useful properties of circulant, Type-I and Type-II circulant-like matrices which are prevalent in many parts of mathematics and computer science.

22 citations

••

TL;DR: This article explains one approach for altering the MixColumns transformation engaged in the AES algorithm, which employed methods inspired from DNA processes and structure, which relied on the key.

Abstract: The use of key-dependent MixColumns can be regarded as one of the applied techniques for changing the quality of a cryptographic algorithm. This article explains one approach for altering the MixColumns transformation engaged in the AES algorithm. The approach employed methods inspired from DNA processes and structure, which relied on the key.The parameters of the proposedMixCloumns have characteristics identical to those of the original algorithm AES besides increasing its resistance against attack.The original transformation uses single static MDS matrix while the proposed methods used dynamic MDS. The security of the new MixColumns was analyzed, and the NIST Test Suite tests were used to test the randomness for the block cipher that used the new transformation.

12 citations

••

TL;DR: This paper proposes a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer, which is an indication of the highest level of security with respect to linear and differential attacks. We try to extend our results for up to 8×8 words diffusion layers. The proposed diffusion layers only require simple operations such as word-level XORs, rotations, and they have simple inverses. They can replace the diffusion layer of several block ciphers and hash functions in the literature to increase their security, and performance. Furthermore, it can be deployed in the design of new efficient lightweight block ciphers and hash functions in future.

12 citations

••

01 Oct 2015

TL;DR: Some new results on direct exponent transformation are presented to show the k* number (cycle) that direct p exponent of the MDS matrix fork times results in the original M DS matrix, which has important applications in block ciphers.

Abstract: MDS code has been studied for a long time in the theory of error-correcting code and has been applied widely in cryptography. Some authors studied and proposed some methods for constructing MDS matrices which do not based on MDS code. Some MDS matrix transformations have been studied and direct exponent is such a transformation. In this paper we present some new results on direct exponent transformation to show the k* number (cycle) that direct p exponent of the MDS matrix fork times results in the original MDS matrix. In addition, the results are shown to have important applications in block ciphers.

3 citations

•

TL;DR: Kalyna as discussed by the authors was proposed as the new encryption standard of the National Public Cryptographic Competition (2007-2010) and its slight modification was approved by the National Cryptographic Council (NCC) of Ukraine in 2015.

Abstract: The Kalyna block cipher was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine in 2015. Main requirements for Kalyna were both high security level and high performance of software implementation on general-purpose 64-bit CPUs. The cipher has SPN-based (Rijndael-like) structure with increased MDS matrix size, a new set of four different S-boxes, preand postwhitening using modulo 2 addition and a new construction of the key schedule. Kalyna supports block size and key length of 128, 256 and 512 bits (key length can be either equal or double of the block size). On the time of this paper publishing, no more effective cryptanalytic attacks than exhaustive search are known. In this paper we present the adapted English translated specification of Kalyna as it is given in the national standard of Ukraine. 1 Introducton Block ciphers are the most widely used symmetric cryptographic primitives. Besides providing confidentiality, they are also used as main components in hashing functions, message authentication codes, pseudorandom number generators, etc. Until 2015 GOST 28147-89 was the main block cipher used in Ukraine [1]. Even now this cipher still provides acceptable level of 2 practical security. However, its software implementation is significantly slower and less effective on modern platforms comparing to newer solutions like AES [2]. In addition, more effective theoretical attacks than brute force search were discovered [3]. Based on the experience of international cryptographic competitions, like AES [4] or NESSIE [5], The State Service of Special Communication and Information Protection of Ukraine had been organized National Public Cryptographic Competition [6] to select a block cipher that could become a prototype of the national standard. Main requirements to candidates were a high level of cryptographic security, variable block size and key length (128, 256, 512), and an acceptable performance of encryption in software implementation. There were no restrictions concerning lightweight (hardware) implementations. The block cipher Kalyna was selected among other candidates [7] and its slight modification (aimed to performance improvement and more compact implementation) was approved as the national standard DSTU 7624:2014 [8]. The new standard describes both the block cipher and ten modes of operation for it. In this paper we describe an adapted version of the specification based on Electronic Code Book (ECB) mode as it is given in the national standard of Ukraine. 2 Symbols and notations The following notations are used in the standard. 0x – prefix of numbers given in the hexadecimal notation; GF (2) – the finite field with the irreducible polynomial x + x + x + x + 1; ⊕ – logical exclusive OR (XOR) operation for binary vectors; bxc – integer part of x, i.e. for a rational x the greatest y such that y ≤ x; |X| – the length of the bit sequence X; Ll,r(X) – the function that returns r least significant bits from the input sequence X of l-bit length; Rl,r(X) – the function that returns r most significant bits from the input sequence X of l-bit length; 3 – the right shift of the fixed length sequence (to the least significant symbols); the most significant symbols are filled with 0’s; number of symbols to be shifted is defined by the second argument – the left shift of the fixed length sequence (to the most significant symbols); the least significant symbols are filled with 0’s; number of symbols to be shifted is defined by the second argument ≫ – the cyclic shift (rotation) right of the fixed length sequence (the least significant symbols are moved to the most significant positions); ≪ – the cyclic shift (rotation) left of the fixed length sequence (the most significant symbols are moved to the least significant positions); + – addition defined on the additive group of the least nonnegative remainders Z264 (addition modulo 2); ⊗ – scalar product of two vectors defined over the finite field; l – the block size of Kalyna, l ∈ {128, 256, 512}; k – the key length of Kalyna, k ∈ {128, 256, 512} (k = l or k = 2 · l); c – the number of rows in the state matrix; Vj – j-dimensional vector space over GF (2), j ≥ 1; T (K) l,k – the basic encryption transformation, a mapping Vl 7→ Vl parametrized by the encryption key K; U (K) l,k – the basic decryption transformation, a mapping Vl 7→ Vl parametrized by the encryption key K; W1||W2 – concatenation of the two bit sequences in such a way that the left (the least significant) part of the resulting sequence is equal to W1 and the right (the most significant) one to W2; the length of the resulting sequence is equal to the sum of W1 and W2; Ξ ◦ Λ – sequential application of transformations Ξ and Λ (Λ is applied first); t – the number of iterations in the transformations T (K) l,k and U (K) l,k ;

3 citations

••

01 Oct 2015

TL;DR: Some new results on the preservation of the number of fixed points of an MDS matrix under direct exponent transformation are presented and the important applications will be shown in block ciphers.

Abstract: MDS (Maximum Distance Separable) code has been studied for a long time in the theory of error-correcting code and has been applied widely in cryptography. Some authors studied and proposed some methods for constructing MDS matrices which do not base on MDS codes. Some MDS matrix transformations have been studied and direct exponent is such a transformation. In this paper, we present some new results on the preservation of the number of fixed points of an MDS matrix under direct exponent transformation. In addition, the important applications of these results will be shown in block ciphers.

2 citations

••

01 Sep 2015TL;DR: This paper considers MDS matrices over commutative rings acting on corresponding modules and using the minors of such matrices, it is shown that new MDS diffusion layers are constructed.

Abstract: Diffusion layers are an important part of most symmetric ciphers and MDS matrices can be used to construct perfect diffusion layers. However, there are few techniques for constructing these matrices with low implementation cost in software/hardware. Conventional MDS matrices are constructed on finite fields and MDS matrices over commutative rings acting on modules have been characterized by Dong Dong et. al. in 1998. In this paper, we consider MDS matrices over commutative rings acting on corresponding modules and using the minors of such matrices, we construct new MDS diffusion layers.

1 citations