MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

Direct Constructions of (Involutory) MDS Matrices from Block Vandermonde and Cauchy-Like Matrices

Abstract: MDS matrices are important components in the design of linear diffusion layers of many block ciphers and hash functions. Recently, there have been a lot of work on searching and construction of lightweight MDS matrices, most of which are based on matrices of special types over finite fields. Among all those work, Cauchy matrices and Vandermonde matrices play an important role since they can provide direct constructions of MDS matrices. In this paper, we consider constructing MDS matrices based on block Vandermonde matrices. We find that previous constructions based on Vandermonde matrices over finite fields can be directly generalized if the building blocks are pairwise commutative. Different from previous proof method, the MDS property of a matrix constructed by two block Vandermonde matrices is confirmed adopting a Lagrange interpolation technique, which also sheds light on a relationship between it and an MDS block Cauchy matrix. Those constructions generalize previous ones over finite fields as well, but our proofs are much simpler. Furthermore, we present a new type of block matrices called block Cauchy-like matrices, from which MDS matrices can also be constructed. More interestingly, those matrices turn out to have relations with MDS matrices constructed from block Vandermonde matrices and the so-called reversed block Vandermonde matrices. For all these constructions, we can also obtain involutory MDS matrices under certain conditions. Computational experiments show that lightweight involutory MDS matrices can be obtained from our constructions.

Improved Meet-in-the-Middle Attacks on Reduced Round Kuznyechik

Abstract: Kuznyechik is an SPN block cipher that has been chosen recently to be standardized by the Russian federation as a new GOST cipher. The cipher employs a 256-bit key which is used to generate ten 128-bit round keys. The encryption procedure updates the 16-byte state by iterating the round function for nine rounds. In this work, we improve the previous 5-round Meet-in-the-Middle (MitM) attack on Kuznyechik by presenting a 6-round attack using the MitM with differential enumeration technique. Unlike previous distinguishers which utilize only the structural properties of the Maximum Distance Separable (MDS) linear transformation layer of the cipher, our 3-round distinguisher is computed based on the exact values of the coefficients of this MDS transformation. More specifically, first, we identified the MDS matrix that is utilized in this cipher. Then, we find all the relations that relate between subset of the inputs and outputs of this linear transformation. Finally, we utilized one of these relations in order to find the best distinguisher that can optimize the time complexity of the attack. Also, instead of placing the distinguisher in the middle rounds of the cipher as in the previous 5-round attack, we place it at the first 3 rounds which allows us to convert the attack from the chosen ciphertext model to the chosen plaintext model. Then, to extend the distinguisher by 3 rounds, we performed the matching between the offline and online phases around the linear transformation instead of matching on a state byte.

Searching all truncated impossible differentials in SPN

Abstract: This study concentrates on finding all truncated impossible differentials in substitution-permutation networks (SPNs) ciphers. Instead of using the miss-in-the-middle approach, the authors propose a mathematical description of the truncated impossible differentials. First, they prove that all truncated impossible differentials in an r + 1 rounds SPN cipher could be obtained by searching entry `0' in D ( P ) r , where D ( P ) denotes the differential pattern matrix (DPM) of P -layer, thus the length of impossible differentials of an SPN cipher is upper bounded by the minimum integer r such that there is no entry `0' in D ( P ) r . Second, they provide two efficient algorithms to compute the DPMs for both bit-shuffles and matrices over GF(2 n ). Using these tools they prove that the longest truncated impossible differentials in SPN structure is 2-round, if the P -layer is designed as an maximum distance separable (MDS) matrix. Finally, all truncated impossible differentials of advanced encryption standard (AES), ARIA, AES-MDS, PRESENT, MAYA and Puffin are obtained.

eSPF: A Family of Format-Preserving Encryption Algorithms Using MDS Matrices

Abstract: The construction SPF, presented in Inscrypt-2016 was the first known SPN based format-preserving encryption algorithm. In this work, we significantly improve its performance and flexibility. We term this new construction as eSPF. Unlike SPF, all the basic transformations of eSPF are defined under the field \(\mathbb {F}_p\). This allows us to use a MDS matrix instead of the binary matrix used in SPF. The optimal diffusion of MDS matrix leads to an efficient and secure design. However, this change leads to violations in the message format. To mitigate this, we propose a discarding algorithm to drop the symbols that are not the elements of the format thus preserving it.

On Efficient Constructions of Lightweight MDS Matrices

Abstract: The paper investigates the maximum distance separable (MDS) matrix over the matrix polynomial residue ring. Firstly, by analyzing the minimal polynomials of binary matrices with 1 XOR count and element-matrices with few XOR counts, we present an efficient method for constructing MDS matrices with as few XOR counts as possible. Comparing with previous constructions, our corresponding constructions only cost 1 minute 27 seconds to 7 minutes, while previous constructions cost 3 days to 4 weeks. Secondly, we discuss the existence of several types of involutory MDS matrices and propose an efficient necessary-and-sufficient condition for identifying a Hadamard matrix being involutory. According to the condition, each involutory Hadamard matrix over a polynomial residue ring can be accurately and efficiently searched. Furthermore, we devise an efficient algorithm for constructing involutory Hadamard MDS matrices with as few XOR counts as possible. We obtain many new involutory Hadamard MDS matrices with much fewer XOR counts than optimal results reported before.