150 research outputs found
Lifted MDS Codes over Finite Fields
MDS codes are elegant constructions in coding theory and have mode important
applications in cryptography, network coding, distributed data storage,
communication systems et. In this study, a method is given which MDS codes are
lifted to a higher finite field. The presented method satisfies the protection
of the distance and creating the MDS code over the by using MDS code over
$F_p.
On the Direct Construction of MDS and Near-MDS Matrices
The optimal branch number of MDS matrices makes them a preferred choice for
designing diffusion layers in many block ciphers and hash functions.
Consequently, various methods have been proposed for designing MDS matrices,
including search and direct methods. While exhaustive search is suitable for
small order MDS matrices, direct constructions are preferred for larger orders
due to the vast search space involved. In the literature, there has been
extensive research on the direct construction of MDS matrices using both
recursive and nonrecursive methods. On the other hand, in lightweight
cryptography, Near-MDS (NMDS) matrices with sub-optimal branch numbers offer a
better balance between security and efficiency as a diffusion layer compared to
MDS matrices. However, no direct construction method is available in the
literature for constructing recursive NMDS matrices. This paper introduces some
direct constructions of NMDS matrices in both nonrecursive and recursive
settings. Additionally, it presents some direct constructions of nonrecursive
MDS matrices from the generalized Vandermonde matrices. We propose a method for
constructing involutory MDS and NMDS matrices using generalized Vandermonde
matrices. Furthermore, we prove some folklore results that are used in the
literature related to the NMDS code
Exhaustive Search for Small Dimension Recursive MDS Diffusion Layers for Block Ciphers and Hash Functions
This article presents a new algorithm to find MDS matrices that are well
suited for use as a diffusion layer in lightweight block ciphers. Using an
recursive construction, it is possible to obtain matrices with a very compact
description. Classical field multiplications can also be replaced by simple
F2-linear transformations (combinations of XORs and shifts) which are much
lighter. Using this algorithm, it was possible to design a 16x16 matrix on a
5-bit alphabet, yielding an efficient 80-bit diffusion layer with maximal
branch number.Comment: Published at ISIT 201
Hankel Rhotrices and Constructions of Maximum Distance Separable Rhotrices over Finite Fields
Many block ciphers in cryptography use Maximum Distance Separable (MDS) matrices to strengthen the diffusion layer. Rhotrices are represented by coupled matrices. Therefore, use of rhotrices in the cryptographic ciphers doubled the security of the cryptosystem. We define Hankel rhotrix and further construct the maximum distance separable rhotrices over finite fields
On the Construction of Near-MDS Matrices
The optimal branch number of MDS matrices makes them a preferred choice for
designing diffusion layers in many block ciphers and hash functions. However,
in lightweight cryptography, Near-MDS (NMDS) matrices with sub-optimal branch
numbers offer a better balance between security and efficiency as a diffusion
layer, compared to MDS matrices. In this paper, we study NMDS matrices,
exploring their construction in both recursive and nonrecursive settings. We
provide several theoretical results and explore the hardware efficiency of the
construction of NMDS matrices. Additionally, we make comparisons between the
results of NMDS and MDS matrices whenever possible. For the recursive approach,
we study the DLS matrices and provide some theoretical results on their use.
Some of the results are used to restrict the search space of the DLS matrices.
We also show that over a field of characteristic 2, any sparse matrix of order
with fixed XOR value of 1 cannot be an NMDS when raised to a power of
. Following that, we use the generalized DLS (GDLS) matrices to
provide some lightweight recursive NMDS matrices of several orders that perform
better than the existing matrices in terms of hardware cost or the number of
iterations. For the nonrecursive construction of NMDS matrices, we study
various structures, such as circulant and left-circulant matrices, and their
generalizations: Toeplitz and Hankel matrices. In addition, we prove that
Toeplitz matrices of order cannot be simultaneously NMDS and involutory
over a field of characteristic 2. Finally, we use GDLS matrices to provide some
lightweight NMDS matrices that can be computed in one clock cycle. The proposed
nonrecursive NMDS matrices of orders 4, 5, 6, 7, and 8 can be implemented with
24, 50, 65, 96, and 108 XORs over , respectively
On Circulant-Like Rhotrices over Finite Fields
Circulant matrices over finite fields are widely used in cryptographic hash functions, Lattice based cryptographic functions and Advanced Encryption Standard (AES). Maximum distance separable codes over finite field GF2 have vital a role for error control in both digital communication and storage systems whereas maximum distance separable matrices over finite field GF2 are used in block ciphers due to their properties of diffusion. Rhotrices are represented in the form of coupled matrices. In the present paper, we discuss the circulant- like rhotrices and then construct the maximum distance separable rhotrices over finite fields
Lightweight Diffusion Layer from the root of the MDS Matrix
The Maximum Distance Separable (MDS) mapping, used in cryptography deploys complex Galois field multiplications, which consume lots of area in hardware, making it a costly primitive for lightweight cryptography. Recently in lightweight hash function: PHOTON, a matrix denoted as ‘Serial’, which required less area for multiplication, has been multiplied 4 times to achieve a lightweight MDS mapping. But no efficient method has been proposed so far to synthesize such a serial matrix or to find the required number of repetitive multiplications needed to be performed for a given MDS mapping. In this paper, first we provide an generic algorithm to find out a low-cost matrix, which can be multiplied k times to obtain a given MDS mapping. Further, we optimize the algorithm for using in cryptography and show an explicit case study on the MDS mapping of the hash function PHOTON to obtain the ‘Serial’. The work also presents quite a few results which may be interesting for lightweight implementation
Lightweight Design Choices for LED-like Block Ciphers
Serial matrices are a preferred choice for building diffusion layers of lightweight block ciphers as one just needs to implement the last row of such a matrix. In this work we analyze a new class of serial matrices which are the lightest possible serial matrix that can be used to build diffusion layers. With this new matrix we show that block ciphers like LED can be implemented with a reduced area in hardware designs, though it has to be cycled for more iterations. Further, we suggest the usage of an alternative S-box to the standard S-box used in LED with similar cryptographic robustness, albeit having lesser area footprint. Finally, we combine these ideas in an end-end FPGA based prototype of LED. We show that with these optimizations, there is a reduction of in area footprint of one round implementation of LED
The Design Space of Lightweight Cryptography
International audienceFor constrained devices, standard cryptographic algorithms can be too big, too slow or too energy-consuming. The area of lightweight cryptography studies new algorithms to overcome these problems. In this paper, we will focus on symmetric-key encryption, authentication and hashing. Instead of providing a full overview of this area of research, we will highlight three interesting topics. Firstly, we will explore the generic security of lightweight constructions. In particular, we will discuss considerations for key, block and tag sizes, and explore the topic of instantiating a pseudorandom permutation (PRP) with a non-ideal block cipher construction. This is inspired by the increasing prevalence of lightweight designs that are not secure against related-key attacks, such as PRINCE, PRIDE or Chaskey. Secondly, we explore the efficiency of cryptographic primitives. In particular, we investigate the impact on efficiency when the input size of a primitive doubles. Lastly, we provide some considerations for cryptographic design. We observe that applications do not always use cryptographic algorithms as they were intended, which negatively impacts the security and/or efficiency of the resulting implementations
Shorter Linear Straight-Line Programs for MDS Matrices
Recently a lot of attention is paid to the search for efficiently implementable MDS matrices for lightweight symmetric primitives. Previous work concentrated on locally optimizing the multiplication with single matrix elements. Separate from this line of work, several heuristics were developed to find shortest linear straight-line programs. Solving this problem actually corresponds to globally optimizing multiplications by matrices.
In this work we combine those, so far largely independent line of works. As a result, we achieve implementations of known, locally optimized, and new MDS matrices that significantly outperform all implementations from the literature. Interestingly, almost all previous locally optimized constructions behave very similar with respect to the globally optimized implementation.
As a side effect, our work reveals the so far best implementation of the AES MixColumns operation with respect to the number of XOR operations needed
- …