Lifted MDS Codes over Finite Fields

MDS codes are elegant constructions in coding theory and have mode important applications in cryptography, network coding, distributed data storage, communication systems et. In this study, a method is given which MDS codes are lifted to a higher finite field. The presented method satisfies the protection of the distance and creating the MDS code over the $F_q$ by using MDS code over $F_p.

On the Direct Construction of MDS and Near-MDS Matrices

The optimal branch number of MDS matrices makes them a preferred choice for designing diffusion layers in many block ciphers and hash functions. Consequently, various methods have been proposed for designing MDS matrices, including search and direct methods. While exhaustive search is suitable for small order MDS matrices, direct constructions are preferred for larger orders due to the vast search space involved. In the literature, there has been extensive research on the direct construction of MDS matrices using both recursive and nonrecursive methods. On the other hand, in lightweight cryptography, Near-MDS (NMDS) matrices with sub-optimal branch numbers offer a better balance between security and efficiency as a diffusion layer compared to MDS matrices. However, no direct construction method is available in the literature for constructing recursive NMDS matrices. This paper introduces some direct constructions of NMDS matrices in both nonrecursive and recursive settings. Additionally, it presents some direct constructions of nonrecursive MDS matrices from the generalized Vandermonde matrices. We propose a method for constructing involutory MDS and NMDS matrices using generalized Vandermonde matrices. Furthermore, we prove some folklore results that are used in the literature related to the NMDS code

Exhaustive Search for Small Dimension Recursive MDS Diffusion Layers for Block Ciphers and Hash Functions

This article presents a new algorithm to find MDS matrices that are well suited for use as a diffusion layer in lightweight block ciphers. Using an recursive construction, it is possible to obtain matrices with a very compact description. Classical field multiplications can also be replaced by simple F2-linear transformations (combinations of XORs and shifts) which are much lighter. Using this algorithm, it was possible to design a 16x16 matrix on a 5-bit alphabet, yielding an efficient 80-bit diffusion layer with maximal branch number.Comment: Published at ISIT 201

Hankel Rhotrices and Constructions of Maximum Distance Separable Rhotrices over Finite Fields

Many block ciphers in cryptography use Maximum Distance Separable (MDS) matrices to strengthen the diffusion layer. Rhotrices are represented by coupled matrices. Therefore, use of rhotrices in the cryptographic ciphers doubled the security of the cryptosystem. We define Hankel rhotrix and further construct the maximum distance separable rhotrices over finite fields

On the Construction of Near-MDS Matrices

The optimal branch number of MDS matrices makes them a preferred choice for designing diffusion layers in many block ciphers and hash functions. However, in lightweight cryptography, Near-MDS (NMDS) matrices with sub-optimal branch numbers offer a better balance between security and efficiency as a diffusion layer, compared to MDS matrices. In this paper, we study NMDS matrices, exploring their construction in both recursive and nonrecursive settings. We provide several theoretical results and explore the hardware efficiency of the construction of NMDS matrices. Additionally, we make comparisons between the results of NMDS and MDS matrices whenever possible. For the recursive approach, we study the DLS matrices and provide some theoretical results on their use. Some of the results are used to restrict the search space of the DLS matrices. We also show that over a field of characteristic 2, any sparse matrix of order $n\geq 4$ with fixed XOR value of 1 cannot be an NMDS when raised to a power of $k\leq n$. Following that, we use the generalized DLS (GDLS) matrices to provide some lightweight recursive NMDS matrices of several orders that perform better than the existing matrices in terms of hardware cost or the number of iterations. For the nonrecursive construction of NMDS matrices, we study various structures, such as circulant and left-circulant matrices, and their generalizations: Toeplitz and Hankel matrices. In addition, we prove that Toeplitz matrices of order $n>4$ cannot be simultaneously NMDS and involutory over a field of characteristic 2. Finally, we use GDLS matrices to provide some lightweight NMDS matrices that can be computed in one clock cycle. The proposed nonrecursive NMDS matrices of orders 4, 5, 6, 7, and 8 can be implemented with 24, 50, 65, 96, and 108 XORs over $\mathbb{F}_{2^4}$, respectively

On Circulant-Like Rhotrices over Finite Fields

Circulant matrices over finite fields are widely used in cryptographic hash functions, Lattice based cryptographic functions and Advanced Encryption Standard (AES). Maximum distance separable codes over finite field GF2 have vital a role for error control in both digital communication and storage systems whereas maximum distance separable matrices over finite field GF2 are used in block ciphers due to their properties of diffusion. Rhotrices are represented in the form of coupled matrices. In the present paper, we discuss the circulant- like rhotrices and then construct the maximum distance separable rhotrices over finite fields

Lightweight Diffusion Layer from the kthk^{th} root of the MDS Matrix

The Maximum Distance Separable (MDS) mapping, used in cryptography deploys complex Galois field multiplications, which consume lots of area in hardware, making it a costly primitive for lightweight cryptography. Recently in lightweight hash function: PHOTON, a matrix denoted as ‘Serial’, which required less area for multiplication, has been multiplied 4 times to achieve a lightweight MDS mapping. But no efficient method has been proposed so far to synthesize such a serial matrix or to find the required number of repetitive multiplications needed to be performed for a given MDS mapping. In this paper, first we provide an generic algorithm to find out a low-cost matrix, which can be multiplied k times to obtain a given MDS mapping. Further, we optimize the algorithm for using in cryptography and show an explicit case study on the MDS mapping of the hash function PHOTON to obtain the ‘Serial’. The work also presents quite a few results which may be interesting for lightweight implementation

Lightweight Design Choices for LED-like Block Ciphers

Serial matrices are a preferred choice for building diffusion layers of lightweight block ciphers as one just needs to implement the last row of such a matrix. In this work we analyze a new class of serial matrices which are the lightest possible $4 \times 4$ serial matrix that can be used to build diffusion layers. With this new matrix we show that block ciphers like LED can be implemented with a reduced area in hardware designs, though it has to be cycled for more iterations. Further, we suggest the usage of an alternative S-box to the standard S-box used in LED with similar cryptographic robustness, albeit having lesser area footprint. Finally, we combine these ideas in an end-end FPGA based prototype of LED. We show that with these optimizations, there is a reduction of $16$ in area footprint of one round implementation of LED

The Design Space of Lightweight Cryptography

International audienceFor constrained devices, standard cryptographic algorithms can be too big, too slow or too energy-consuming. The area of lightweight cryptography studies new algorithms to overcome these problems. In this paper, we will focus on symmetric-key encryption, authentication and hashing. Instead of providing a full overview of this area of research, we will highlight three interesting topics. Firstly, we will explore the generic security of lightweight constructions. In particular, we will discuss considerations for key, block and tag sizes, and explore the topic of instantiating a pseudorandom permutation (PRP) with a non-ideal block cipher construction. This is inspired by the increasing prevalence of lightweight designs that are not secure against related-key attacks, such as PRINCE, PRIDE or Chaskey. Secondly, we explore the efficiency of cryptographic primitives. In particular, we investigate the impact on efficiency when the input size of a primitive doubles. Lastly, we provide some considerations for cryptographic design. We observe that applications do not always use cryptographic algorithms as they were intended, which negatively impacts the security and/or efficiency of the resulting implementations

Shorter Linear Straight-Line Programs for MDS Matrices

Recently a lot of attention is paid to the search for efficiently implementable MDS matrices for lightweight symmetric primitives. Previous work concentrated on locally optimizing the multiplication with single matrix elements. Separate from this line of work, several heuristics were developed to find shortest linear straight-line programs. Solving this problem actually corresponds to globally optimizing multiplications by matrices. In this work we combine those, so far largely independent line of works. As a result, we achieve implementations of known, locally optimized, and new MDS matrices that significantly outperform all implementations from the literature. Interestingly, almost all previous locally optimized constructions behave very similar with respect to the globally optimized implementation. As a side effect, our work reveals the so far best implementation of the AES MixColumns operation with respect to the number of XOR operations needed