MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

FOAM: Searching for Hardware-Optimal SPN Structures and Components with a Fair Comparison

Abstract: In this article, we propose a new comparison metric, the figure of adversarial merit FOAM, which combines the inherent security provided by cryptographic structures and components with their implementation properties. To the best of our knowledge, this is the first such metric proposed to ensure a fairer comparison of cryptographic designs. We then apply this new metric to meaningful use cases by studying Substitution-Permutation Network permutations that are suited for hardware implementations, and we provide new results on hardware-friendly cryptographic building blocks. For practical reasons, we considered linear and differential attacks and we restricted ourselves to fully serial and round-based implementations. We explore several design strategies, from the geometry of the internal state to the size of the S-box, the field size of the diffusion layer or even the irreducible polynomial defining the finite field. We finally test all possible strategies to provide designers an exhaustive approach in building hardware-friendly cryptographic primitives according to area or FOAM metrics, also introducing a model for predicting the hardware performance of round-based or serial-based implementations. In particular, we exhibit new diffusion matrices circulant or serial that are surprisingly more efficient than the current best known, such as the ones used in AES , LED and PHOTON .

On constructions of MDS matrices from companion matrices for lightweight cryptography

Abstract: Maximum distance separable (MDS) matrices have applications not only in coding theory but also are of great importance in the design of block ciphers and hash functions. It is highly nontrivial to find MDS matrices which could be used in lightweight cryptography. In a crypto 2011 paper, Guo et. al. proposed a new MDS matrix Serial(1,2,1,4)4 over \(\mathbb{F}_{2^8}\). This representation has a compact hardware implementation of the AES MixColumn operation. No general study of MDS properties of this newly introduced construction of the form Serial(z 0,…,z d − 1) d over \(\mathbb{F}_{2^n}\) for arbitrary d and n is available in the literature. In this paper we study some properties of MDS matrices and provide an insight of why Serial(z 0,…,z d − 1) d leads to an MDS matrix. For efficient hardware implementation, we aim to restrict the values of z i ’s in {1,α,α 2,α + 1}, such that Serial(z 0,…,z d − 1) d is MDS for d = 4 and 5, where α is the root of the constructing polynomial of \(\mathbb{F}_{2^n}\). We also propose more generic constructions of MDS matrices e.g. we construct lightweight 4 ×4 and 5 ×5 MDS matrices over \(\mathbb{F}_{2^n}\) for all n ≥ 4. An algorithm is presented to check if a given matrix is MDS. The algorithm follows from the basic properties of MDS matrix and is easy to implement.

Matrix sparsification for coded matrix multiplication

Abstract: Coded computation is a framework for providing redundancy in distributed computing systems to make them robust to slower nodes, or stragglers. In a recent work of Lee et al., the authors propose a coded computation scheme for distributedly computing A x x in the presence of stragglers. The proposed algorithm first encodes the data matrix A to obtain an encoded matrix F. It then computes F x x using distributed processors, waits for some subset of the processors to finish their computations, and decodes A x x from the partial computation results. In another recent work, Dutta et al. explore a new tradeoff between the sparsity of the encoded matrix F and the number of processors to wait to compute A x x. They show that one can introduce a large number of zeros into F to reduce the computational overheads while maintaining the number of processors to wait relatively low. Hence, one can potentially further speed up the distributed computation. In this work, motivated by this observation, we study the sparsity of the encoded matrix for coded computation. Our goal is to characterize the fundamental limits on the sparsity level. We first show that the Short-Dot scheme is optimal if an Maximum Distance Separable (MDS) matrix is fixed. Further, by also designing this MDS matrix, we propose a new encoding scheme that can achieve a strictly larger sparsity than the existing schemes. We also provide an information-theoretic upper bound on the sparsity.

Cryptographic processing apparatus and cryptographic processing method, and computer program

Abstract: There is provided a highly secure cryptographic processing apparatus and method where an analysis difficulty is increased. In a Feistel type common key block encrypting process in which an SPN type F function having a nonlinear conversion section and a linear conversion section is repeatedly executed a plurality of rounds. The linear conversion process of an F function corresponding to each of the plurality of rounds is performed as a linear conversion process which employs an MDS (Maximum Distance Separable) matrix, and a linear conversion process is carried out which employs a different MDS matrix at least at each of consecutive odd number rounds and consecutive even number rounds. This structure makes it possible to increase the minimum number (a robustness index against a differential attack in common key block encryption) of the active S box in the entire encrypting function.

The Hash Function "Fugue".

Abstract: We describe Fugue, a hash function supporting inputs of length upto 2 − 1 bits and hash outputs of length upto 512 bits. Notably, Fugue is not based on a compression function. Rather, it is directly a hash function that supports variable-length inputs. The starting point for Fugue is the hash function Grindahl, but it extends that design to protect against the kind of attacks that were developed for Grindahl, as well as earlier hash functions like SHA-1. A key enhancement is the design of a much stronger round function which replaces the AES round function of Grindahl, using better codes (over longer words) than the AES 4× 4 MDS matrix. Also, Fugue makes judicious use of this new round function on a much larger internal state. The design of Fugue is proof-oriented: the various components are designed in such a way as to allow proofs of security, and yet be efficient to implement. As a result, we can prove that current attack methods cannot find collisions in Fugue any faster than the trivial birthday attack. Although the proof is computer assisted, the assistance is limited to computing ranks of various matrices.