MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

Construction of Efficient MDS Matrices Based on Block Circulant Matrices for Lightweight Application

Abstract: Maximum distance separable (MDS) codes introduce MDS matrices which not only have applications in coding theory but also are of great importance in the design of block ciphers. It has received a great amount of attention. In this paper, we first i ntroduce a special generalization of circulant matrices called block circulants with circulant blocks, which can be used to construct MDS matrices. Then we investigate some interesting and useful properties of this class of matrices and prove that their inverse matrices can be implemented efficie ntly. Furthermore, we present some 4×4 and8×8 efficient MDS matrices of this class which are suitable for MD S diffusion layer. Compared with previous results, our construction provides better ef ficiency for the implementation of both the matrix and the its inverse matrix.

A proof of the GM-MDS conjecture

Abstract: An MDS matrix is a matrix whose minors all have full rank. A question arising in coding theory is what zero patterns can MDS matrices have. There is a natural combinatorial characterization (called the MDS condition) which is necessary over any field, as well as sufficient over very large fields by a probabilistic argument. Dau et al. (ISIT 2014) conjectured that the MDS condition is sufficient over small fields as well, where the construction of the matrix is algebraic instead of probabilistic. This is known as the GM-MDS conjecture. Concretely, if a $k \times n$ zero pattern satisfies the MDS condition, then they conjecture that there exists an MDS matrix with this zero pattern over any field of size $|\mathbb{F}| \ge n+k-1$. In recent years, this conjecture was proven in several special cases. In this work, we resolve the conjecture.

Lightweight Diffusion Layer from the k th root of the MDS Matrix.

Abstract: The Maximum Distance Separable (MDS) mapping, used in cryptography deploys complex Galois field multiplications, which consume lots of area in hardware, making it a costly primitive for lightweight cryptography. Recently in lightweight hash function: PHOTON, a matrix denoted as ‘Serial’, which required less area for multiplication, has been multiplied 4 times to achieve a lightweight MDS mapping. But no efficient method has been proposed so far to synthesize such a serial matrix or to find the required number of repetitive multiplications needed to be performed for a given MDS mapping. In this paper, first we provide an generic algorithm to find out a low-cost matrix, which can be multiplied k times to obtain a given MDS mapping. Further, we optimize the algorithm for using in cryptography and show an explicit case study on the MDS mapping of the hash function PHOTON to obtain the ‘Serial’. The work also presents quite a few results which may be interesting for lightweight implementation.

The preservation of the coefficient of fixed points of an MDS matrix under direct exponent transformation

Abstract: MDS (Maximum Distance Separable) code has been studied for a long time in the theory of error-correcting code and has been applied widely in cryptography. Some authors studied and proposed some methods for constructing MDS matrices which do not base on MDS codes. Some MDS matrix transformations have been studied and direct exponent is such a transformation. In this paper, we present some new results on the preservation of the number of fixed points of an MDS matrix under direct exponent transformation. In addition, the important applications of these results will be shown in block ciphers.

Construction of dyadic MDS matrices for cryptographic applications

Abstract: Many recent block ciphers use Maximum Distance Separable (MDS) matrices in their diffusion layer. The main objective of this operation is to spread as much as possible the differences between the outputs of nonlinear Sboxes. So they generally act at nibble or at byte level. The MDS matrices are associated to MDS codes of ratio 1/2. The most famous example is the MixColumns operation of the AES block cipher. In this example, the MDS matrix was carefully chosen to obtain compact and efficient implementations. However, this MDS matrix is dedicated to 8-bit words, and is not always adapted to lightweight applications. Recently, several studies have been devoted to the construction of recursive diffusion layers. Such a method allows to apply an MDS matrix using an iterative process which looks like a Feistel network with linear functions instead of nonlinear. Our approach is quite different. We present a generic construction of classical MDS matrices that are not recursively computed, but that are strong symmetric in order to either accelerate their evaluation with a minimal number of look-up tables, or to perform this evaluation with a minimal number of gates in a circuit. We call this particular kind of matrices "dyadic matrices", since they are related to dyadic codes. We study some basic properties of such matrices. We introduce a generic construction of involutive dyadic MDS matrices from Reed Solomon codes. Finally, we discuss the implementation aspects of these dyadic MDS matrices in order to build efficient block ciphers.