MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

Lightweight Recursive MDS Matrices with Generalized Feistel Network

Abstract: Maximum distance separable (MDS) matrices are often used to construct optimal linear diffusion layers in many block ciphers. With the development of lightweight cryptography, the recursive MDS matrices play as good candidates. The recursive MDS matrices can be computed as powers of sparse matrices. In this paper, we consider searching recursive MDS matrices from Generalized Feistel Structure (GFN) matrices. The advantage of constructing MDS matrices based on GFN matrices mainly displays two aspects. First, the recursive GFN MDS matrix can be implemented by parallel computation that would reduce the running time. Second, the inverse matrix of recursive GFN MDS matrix is also a recursive GFN MDS matrix and they have the same XOR count. We provide some computational experiments to show we do find some lightweight \(4\times 4\) and \(8\times 8\) recursive GFN MDS matrices over \(\mathbb {F}_{2^{n}}\). Especially, the \(8\times 8\) recursive GFN MDS matrices over \(\mathbb {F}_{2^{8}}\) have lower XOR count than the previous recursive MDS matrices.

On the design strategies of diffusion layers and key schedule in lightweight block ciphers

Abstract: In recent years, lightweight cryptography has become essential especially for the resource-constrained devices to ensure data protection and security. The selection of suitable cryptographic algorithm which is directly linked to requirements of the system will have dynamically effect on following such metrics like performance of the device, hardware resource cost, the area, speed, efficiency, computation latency, communication bandwidth. This paper aims to provide a comprehensive survey on the lightweight block ciphers that were given in the literature and throw a light on the future research directions. Then, the focus is given to the diffusion layers in view of construction methods and efficiency. A new metric based on the order of the matrix to measure the security of diffusion layer consisting MDS matrix over a finite field extension is proposed and related experimental results are given. Key schedule of the lightweight block ciphers is analyzed.

Improving the Diffusion power of AES Rijndael with key multiplication

Abstract: Block ciphers are very important in communication systems as they provide confidentiality through encryption. The popular block cipher is an Advanced Encryption Standard (AES). Each cipher uses several rounds of fixed operations to achieve desired security level. The number of rounds in a block cipher is decided based upon the resistivity levels against the known attacks. The very first level of attack on an encryption algorithm is to search for repetitive cipher values and relate them to plaintext. The diffusion enables to spread out the repetitive plain text patterns in the cipher values. The diffusion is achieved using linear operations such as key addition, rotate byte, MDS matrix multiplication, etc. In this paper we propose a method of enhancing the diffusion power by key multiplication rather than conventional key addition used in the Advanced encryption standard algorithm. The paper discusses the problems associated with the key multiplication and provides the possible solutions. The measured results indicate more diffusion when compared with the existing method. Key multiplication, as a diffusion element, is a better solution in the design of encryption algorithms.

Structural Evaluation of AES and Chosen-Key Distinguisher of 9-round AES-128.

Abstract: While the symmetric-key cryptography community has now a good experience on how to build a secure and efficient fixed permutation, it remains an open problem how to design a key-schedule for block ciphers, as shown by the numerous candidates broken in the related-key model or in a hash function setting. Provable security against differential and linear cryptanalysis in the related-key scenario is an important step towards a better understanding of its construction. Using a structural analysis, we show that the full AES-128 cannot be proven secure unless the exact coefficients of the MDS matrix and the S-Box differential properties are taken into account since its structure is vulnerable to a related-key differential attack. We then exhibit a chosen-key distinguisher for AES-128 reduced to 9 rounds, which solves an open problem of the symmetric community. We obtain these results by revisiting algorithmic theory and graph-based ideas to compute all the best differential characteristics in SPN ciphers, with a special focus on AES-like ciphers subject to related-keys. We use a variant of Dijkstra’s algorithm to efficiently find the most efficient related-key attacks on SPN ciphers with an algorithm linear in the number of rounds.

Applications of design theory for the constructions of MDS matrices for lightweight cryptography

Abstract: Abstract In this paper, we observe simple yet subtle interconnections among design theory, coding theory and cryptography. Maximum distance separable (MDS) matrices have applications not only in coding theory but are also of great importance in the design of block ciphers and hash functions. It is nontrivial to find MDS matrices which could be used in lightweight cryptography. In the SAC 2004 paper [12], Junod and Vaudenay considered bi-regular matrices which are useful objects to build MDS matrices. Bi-regular matrices are those matrices all of whose entries are nonzero and all of whose 2 × 2 {2\times 2} submatrices are nonsingular. Therefore MDS matrices are bi-regular matrices, but the converse is not true. They proposed the constructions of efficient MDS matrices by studying the two major aspects of a d × d {d\times d} bi-regular matrix M, namely v 1 ⁢ ( M ) {v_{1}(M)} , i.e. the number of occurrences of 1 in M, and c 1 ⁢ ( M ) {c_{1}(M)} , i.e. the number of distinct elements in M other than 1. They calculated the maximum number of ones that can occur in a d × d {d\times d} bi-regular matrices, i.e. v 1 d , d {v_{1}^{d,d}} for d up to 8, but with their approach, finding v 1 d , d {v_{1}^{d,d}} for d ≥ 9 {d\geq 9} seems difficult. In this paper, we explore the connection between the maximum number of ones in bi-regular matrices and the incidence matrices of Balanced Incomplete Block Design (BIBD). In this paper, tools are developed to compute v 1 d , d {v_{1}^{d,d}} for arbitrary d. Using these results, we construct a restrictive version of d × d {d\times d} bi-regular matrices, introducing by calling almost-bi-regular matrices, having v 1 d , d {v_{1}^{d,d}} ones for d ≤ 21 {d\leq 21} . Since, the number of ones in any d × d {d\times d} MDS matrix cannot exceed the maximum number of ones in a d × d {d\times d} bi-regular matrix, our results provide an upper bound on the number of ones in any d × d {d\times d} MDS matrix. We observe an interesting connection between Latin squares and bi-regular matrices and study the conditions under which a Latin square becomes a bi-regular matrix and finally construct MDS matrices from Latin squares. Also a lower bound of c 1 ⁢ ( M ) {c_{1}(M)} is computed for d × d {d\times d} bi-regular matrices M such that v 1 ⁢ ( M ) = v 1 d , d {v_{1}(M)=v_{1}^{d,d}} , where d = q 2 + q + 1 {d=q^{2}+q+1} and q is any prime power. Finally, d × d {d\times d} efficient MDS matrices are constructed for d up to 8 from bi-regular matrices having maximum number of ones and minimum number of other distinct elements for lightweight applications.