MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

Cryptographically significant mds matrices over finite fields: A brief survey and some generalized results

Abstract: A matrix is MDS or super-regular if and only if every square submatrices of it are nonsingular. MDS matrices provide perfect diffusion in block ciphers and hash functions. In this paper we provide a brief survey on cryptographically significant MDS matrices - a first to the best of our knowledge. In addition to providing a summary of existing results, we make several contributions. We exhibit some deep and nontrivial interconnections between different constructions of MDS matrices. For example, we prove that all known Vandermonde constructions are basically equivalent to Cauchy constructions. We prove some folklore results which are used in MDS matrix literature. Wherever possible, we provide some simpler alternative proofs. We do not discuss efficiency issues or hardware implementations; however, the theory accumulated and discussed here should provide an easy guide towards efficient implementations.

Strongest AES with S-Boxes Bank and Dynamic Key MDS Matrix (SDK-AES)

Abstract:  Abstract—With computers, security is only a matter of software. The Internet has made computer security much more difficult than it used to be. In this paper, we introduce modified AES with S-boxes bank to be acted like rotor mechanism and dynamic key MDS matrix (SDK-AES). In this paper we try to make AES key dependent and resist the frequency attack. The SDK-AES algorithm is compared with AES and gives excellent results from the viewpoint of the security characteristics and the statistics of the ciphertext. Also, we apply the randomness tests to the SDK-AES algorithm and the results shown that the new design passes all tests which proven its security.

MDS Matrices over Small Fields: A Proof of the GM-MDS Conjecture

Abstract: An MDS matrix is a matrix whose minors all have full rank. A question arising in coding theory is, what zero patterns can MDS matrices have. There is a natural combinatorial necessary condition (called the MDS condition) which is necessary over any field, and sufficient over very large fields by a probabilistic argument. Dau et al. (ISIT 2014) conjectured that the MDS condition is sufficient over small fields as well, and gave an algebraic conjecture which would imply this. In this work, we prove this conjecture.

Towards a general construction of recursive MDS diffusion layers

Abstract: MDS matrices are of great importance in the design of block ciphers and hash functions. MDS matrices are not sparse and have a large description and thus induce costly implementation in software/hardware. To overcome this problem, in particular for applications in light-weight cryptography, it was proposed by Guo et al. to use recursive MDS matrices. A recursive MDS matrix is an MDS matrix which can be expressed as a power of some companion matrix. Following the work of Guo et al., some ad-hoc search techniques are proposed to find recursive MDS matrices which are suitable for hardware/software implementation. In another direction, coding theoretic techniques are used to directly construct recursive MDS matrices: Berger technique uses Gabidulin codes and Augot et al. technique uses shortened BCH codes. In this paper, we first characterize the polynomials that yield recursive MDS matrices in a more general setting. Based on this we provide three methods for obtaining such polynomials. Moreover, the recursive MDS matrices obtained using shortened BCH codes can also be obtained with our first method. In fact we get a larger set of polynomials than the method which uses shortened BCH codes. Our other methods appear similar to the method which uses Gabidulin codes. We get a new infinite class of recursive MDS matrices from one of the proposed methods. Although we propose three methods for the direct construction of recursive MDS matrices, our characterization results pave the way for new direct constructions.

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits

Abstract: MDS matrices are important building blocks providing diffusion functionality for the design of many symmetric-key primitives. In recent years, continuous efforts are made on the construction of MDS matrices with small area footprints in the context of lightweight cryptography. Just recently, Duval and Leurent (ToSC 2018/FSE 2019) reported some 32 × 32 binary MDS matrices with branch number 5, which can be implemented with only 67 XOR gates, whereas the previously known lightest ones of the same size cost 72 XOR gates.In this article, we focus on the construction of lightweight involutory MDS matrices, which are even more desirable than ordinary MDS matrices, since the same circuit can be reused when the inverse is required. In particular, we identify some involutory MDS matrices which can be realized with only 78 XOR gates with depth 4, whereas the previously known lightest involutory MDS matrices cost 84 XOR gates with the same depth. Notably, the involutory MDS matrix we find is much smaller than the AES MixColumns operation, which requires 97 XOR gates with depth 8 when implemented as a block of combinatorial logic that can be computed in one clock cycle. However, with respect to latency, the AES MixColumns operation is superior to our 78-XOR involutory matrices, since the AES MixColumns can be implemented with depth 3 by using more XOR gates.We prove that the depth of a 32 × 32 MDS matrix with branch number 5 (e.g., the AES MixColumns operation) is at least 3. Then, we enhance Boyar’s SLP-heuristic algorithm with circuit depth awareness, such that the depth of its output circuit is limited. Along the way, we give a formula for computing the minimum achievable depth of a circuit implementing the summation of a set of signals with given depths, which is of independent interest. We apply the new SLP heuristic to a large set of lightweight involutory MDS matrices, and we identify a depth 3 involutory MDS matrix whose implementation costs 88 XOR gates, which is superior to the AES MixColumns operation with respect to both lightweightness and latency, and enjoys the extra involution property.