MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

A New Encryption Standard of Ukraine: The Kalyna Block Cipher.

Abstract: The Kalyna block cipher was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine in 2015. Main requirements for Kalyna were both high security level and high performance of software implementation on general-purpose 64-bit CPUs. The cipher has SPN-based (Rijndael-like) structure with increased MDS matrix size, a new set of four different S-boxes, preand postwhitening using modulo 2 addition and a new construction of the key schedule. Kalyna supports block size and key length of 128, 256 and 512 bits (key length can be either equal or double of the block size). On the time of this paper publishing, no more effective cryptanalytic attacks than exhaustive search are known. In this paper we present the adapted English translated specification of Kalyna as it is given in the national standard of Ukraine. 1 Introducton Block ciphers are the most widely used symmetric cryptographic primitives. Besides providing confidentiality, they are also used as main components in hashing functions, message authentication codes, pseudorandom number generators, etc. Until 2015 GOST 28147-89 was the main block cipher used in Ukraine [1]. Even now this cipher still provides acceptable level of 2 practical security. However, its software implementation is significantly slower and less effective on modern platforms comparing to newer solutions like AES [2]. In addition, more effective theoretical attacks than brute force search were discovered [3]. Based on the experience of international cryptographic competitions, like AES [4] or NESSIE [5], The State Service of Special Communication and Information Protection of Ukraine had been organized National Public Cryptographic Competition [6] to select a block cipher that could become a prototype of the national standard. Main requirements to candidates were a high level of cryptographic security, variable block size and key length (128, 256, 512), and an acceptable performance of encryption in software implementation. There were no restrictions concerning lightweight (hardware) implementations. The block cipher Kalyna was selected among other candidates [7] and its slight modification (aimed to performance improvement and more compact implementation) was approved as the national standard DSTU 7624:2014 [8]. The new standard describes both the block cipher and ten modes of operation for it. In this paper we describe an adapted version of the specification based on Electronic Code Book (ECB) mode as it is given in the national standard of Ukraine. 2 Symbols and notations The following notations are used in the standard. 0x – prefix of numbers given in the hexadecimal notation; GF (2) – the finite field with the irreducible polynomial x + x + x + x + 1; ⊕ – logical exclusive OR (XOR) operation for binary vectors; bxc – integer part of x, i.e. for a rational x the greatest y such that y ≤ x; |X| – the length of the bit sequence X; Ll,r(X) – the function that returns r least significant bits from the input sequence X of l-bit length; Rl,r(X) – the function that returns r most significant bits from the input sequence X of l-bit length; 3 – the right shift of the fixed length sequence (to the least significant symbols); the most significant symbols are filled with 0’s; number of symbols to be shifted is defined by the second argument – the left shift of the fixed length sequence (to the most significant symbols); the least significant symbols are filled with 0’s; number of symbols to be shifted is defined by the second argument ≫ – the cyclic shift (rotation) right of the fixed length sequence (the least significant symbols are moved to the most significant positions); ≪ – the cyclic shift (rotation) left of the fixed length sequence (the most significant symbols are moved to the least significant positions); + – addition defined on the additive group of the least nonnegative remainders Z264 (addition modulo 2); ⊗ – scalar product of two vectors defined over the finite field; l – the block size of Kalyna, l ∈ {128, 256, 512}; k – the key length of Kalyna, k ∈ {128, 256, 512} (k = l or k = 2 · l); c – the number of rows in the state matrix; Vj – j-dimensional vector space over GF (2), j ≥ 1; T (K) l,k – the basic encryption transformation, a mapping Vl 7→ Vl parametrized by the encryption key K; U (K) l,k – the basic decryption transformation, a mapping Vl 7→ Vl parametrized by the encryption key K; W1||W2 – concatenation of the two bit sequences in such a way that the left (the least significant) part of the resulting sequence is equal to W1 and the right (the most significant) one to W2; the length of the resulting sequence is equal to the sum of W1 and W2; Ξ ◦ Λ – sequential application of transformations Ξ and Λ (Λ is applied first); t – the number of iterations in the transformations T (K) l,k and U (K) l,k ;

Perfect involutory diffusion layers based on invertibility of some linear functions

Abstract: One of the most important structures used in modern block ciphers is the substitution-permutation network (SPN) structure. Many block ciphers with this structure widely use Maximun Distance Separable (MDS) matrices over finite fields as their diffusion layers, for example, advanced encryption standard (AES) uses a 4-4 MDS matrix as the main part of its diffusion layer and the block cipher Khazad has an involutory 8-8 matrix. In this study, first a construction is proposed for a 4-4 linear diffusion layer that can intermix four words of arbitrary size with branch number 5. Then extend this idea for 8-8 diffusion layer using low-cost linear functions. In this construction, first, certain binary linear combinations of inputs are fed into two or three different invertible linear functions and then combined using XOR operation. In order to show the efficiency of the proposed diffusion layer, the authors exploit it in a nested SPN structure and compare its efficiency with some well-known diffusion layers such as the diffusion layer of Hierocrypt.

Analysis of Corresponding Structure of Differential Branch of MDS Matrixes on Finite Field

Abstract: Maximum distance separable matrixes (MDS) are widely used in design of block ciphers and hash functions etc. Investigating characters of differential branch of MDS matrixes redound to analyze the characters of cryptology of block ciphers and hash functions. In this paper, we investigate corresponding framework of differential branch of MDS matrixes on finite field, and find differential frameworks when the weight of input difference is 1 or 2, and find all differential frameworks when the weight of input difference is any integer k. Furthermore, we find a fast algorithm for seeking differential branch framework of MDS matrixes on finite field. At last we give all differential branch frameworks of MDS matrix on finite field using fast algorithm by an example.

On the calculation of input and output for dynamic MDS matrices in diffusion layer of SPN block ciphers

Abstract: MDS (Maximum Distance Separable) matrices have an important role in the design of block ciphers and hash functions. The methods for transforming an MDS matrix into other ones to create dynamic MDS matrix for use have been proposed by many authors in the literature. In this paper, dynamic MDS matrices generated from direct exponent and scalar multiplication transformations are studied in the term of calculating effectively the outputs of the dynamic MDS matrices based on original MDS matrices when the inputs are known, as well as the calculating effectively the inputs of the dynamic MDS matrices based on original MDS matrices when the outputs are known. The process of encryption and decryption by dynamic MDS matrices is proven to be calculated more quickly by salvaging the original MDS matrices. In addition, a way for calculating quickly the direct exponent of MDS matrices based on a lookup table is presented.

A Generalized Format Preserving Encryption Framework Using MDS Matrices

Abstract: The construction SPF, presented in Inscrypt-2016, was the first known substitution permutation network (SPN)–based format preserving encryption (FPE) algorithm. In this work, we present a new family of SPN-based FPE algorithms “eSPF” that significantly improves the performance and flexibility of SPF. The eSPF uses a MDS matrix instead of the binary matrix used in SPF. The optimal diffusion of MDS matrix leads to an efficient and secure design. However, this change leads to violations in the message format. To mitigate this, we propose a discarding algorithm to drop the symbols that are not the elements of the format thus preserving it. In this work, we propose the general framework of eSPF and then show how our construction can be adapted under different use cases. We provide detailed analysis of eSPF for four popular concrete instantiations—digits , alphabets, case-insensitive alphanumeric, and case-sensitive alphanumeric. We provide security and performance analysis for all these use cases. We also compare our construction with existing FPE algorithms like FFX and SPF and show that the proposed design is approx ten times faster than FFX for most of the practical applications.