Topic

# MDS matrix

About: MDS matrix is a research topic. Over the lifetime, 102 publications have been published within this topic receiving 2000 citations.

##### Papers published on a yearly basis

##### Papers

More filters

••

03 Jul 2017TL;DR: This study leads to improving the known bounds of XOR counts of \(8\times 8\) M DS matrices by obtaining Toeplitz MDS matrices with lower XORcounts over \(\mathbb {F}_{2^4}\) and \(\ mathbb {f}_{ 2^8}\).

Abstract: This work considers the problem of constructing efficient MDS matrices over the field \(\mathbb {F}_{2^m}\) Efficiency is measured by the metric XOR count which was introduced by Khoo et al in CHES 2014 Recently Sarkar and Syed (ToSC Vol 1, 2016) have shown the existence of \(4\times 4\) Toeplitz MDS matrices with optimal XOR counts In this paper, we present some characterizations of Toeplitz matrices in light of MDS property Our study leads to improving the known bounds of XOR counts of \(8\times 8\) MDS matrices by obtaining Toeplitz MDS matrices with lower XOR counts over \(\mathbb {F}_{2^4}\) and \(\mathbb {F}_{2^8}\)

14 citations

••

TL;DR: In this article, it was shown that for a monic polynomial g(X) of degree ≥ 2, the matrix m = C_g^k$$M=Cgk is MDS if and only if m has no nonzero multiple of degree

Abstract: MDS matrices allow to build optimal linear diffusion layers in the design of block ciphers and hash functions. There has been a lot of study in designing efficient MDS matrices suitable for software and/or hardware implementations. In particular recursive MDS matrices are considered for resource constrained environments. Such matrices can be expressed as a power of simple companion matrices, i.e., an MDS matrix $$M = C_g^k$$M=Cgk for some companion matrix corresponding to a monic polynomial $$g(X) \in \mathbb {F}_q[X]$$g(X)źFq[X] of degree k. In this paper, we first show that for a monic polynomial g(X) of degree $$k\ge 2$$kź2, the matrix $$M = C_g^k$$M=Cgk is MDS if and only if g(X) has no nonzero multiple of degree $$\le 2k-1$$≤2k-1 and weight $$\le k$$≤k. This characterization answers the issues raised by Augot et al. in FSE-2014 paper to some extent. We then revisit the algorithm given by Augot et al. to find all recursive MDS matrices that can be obtained from a class of BCH codes (which are also MDS) and propose an improved algorithm. We identify exactly what candidates in this class of BCH codes yield recursive MDS matrices. So the computation can be confined to only those potential candidate polynomials, and thus greatly reducing the complexity. As a consequence we are able to provide formulae for the number of such recursive MDS matrices, whereas in FSE-2014 paper, the same numbers are provided by exhaustively searching for some small parameter choices. We also present a few ideas making the search faster for finding efficient recursive MDS matrices in this class. Using our approach, it is possible to exhaustively search this class for larger parameter choices which was not possible earlier. We also present our search results for the case $$k=8$$k=8 and $$q=2^{16}$$q=216.

13 citations

••

TL;DR: This article explains one approach for altering the MixColumns transformation engaged in the AES algorithm, which employed methods inspired from DNA processes and structure, which relied on the key.

Abstract: The use of key-dependent MixColumns can be regarded as one of the applied techniques for changing the quality of a cryptographic algorithm. This article explains one approach for altering the MixColumns transformation engaged in the AES algorithm. The approach employed methods inspired from DNA processes and structure, which relied on the key.The parameters of the proposedMixCloumns have characteristics identical to those of the original algorithm AES besides increasing its resistance against attack.The original transformation uses single static MDS matrix while the proposed methods used dynamic MDS. The security of the new MixColumns was analyzed, and the NIST Test Suite tests were used to test the randomness for the block cipher that used the new transformation.

12 citations

••

TL;DR: This paper proposes some other structures called almost involutory recursive MDS matrices which can use the same LFSR for realizing the diffusion layer part in both encryption and decryption, and presents a new method for the direct construction of recursive M DS matrices.

Abstract: A recursive MDS matrix is an MDS matrix which can be expressed as a power of some companion matrix. The advantage of such a matrix is that it can be implemented by a single LFSR clocking several times. Such matrices are suitable for the design of diffusion layer in lightweight cryptographic applications. It is known that there do not exist involutory recursive MDS matrices. It means that if a recursive MDS matrix M is considered for the diffusion layer in encryption then the diffusion layer process in both encryption and decryption (if $$M^{-1}$$
needs to be computed) cannot be the same, requiring two different LFSR implementations. In this paper we look at some possibilities of making the implementation of the diffusion layer part in both encryption and decryption to use almost the same circuit (LFSR) by using some special recursive MDS matrices. The difference or the cost of the additional operations/control mechanism used is minimal. In this direction we first discuss two known structures: regular recursive MDS matrices, symmetric recursive MDS matrices. We then propose some other structures called almost involutory recursive MDS matrices which can use the same LFSR for realizing the diffusion layer part in both encryption and decryption. We then present a new method for the direct construction of recursive MDS matrices. Our method gives a new infinite class polynomials that yield recursive MDS matrices. We also present some experimental results and comparison results.

12 citations

••

TL;DR: This paper proposes a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer, which is an indication of the highest level of security with respect to linear and differential attacks. We try to extend our results for up to 8×8 words diffusion layers. The proposed diffusion layers only require simple operations such as word-level XORs, rotations, and they have simple inverses. They can replace the diffusion layer of several block ciphers and hash functions in the literature to increase their security, and performance. Furthermore, it can be deployed in the design of new efficient lightweight block ciphers and hash functions in future.

12 citations