123 research outputs found
On the Direct Construction of MDS and Near-MDS Matrices
The optimal branch number of MDS matrices makes them a preferred choice for
designing diffusion layers in many block ciphers and hash functions.
Consequently, various methods have been proposed for designing MDS matrices,
including search and direct methods. While exhaustive search is suitable for
small order MDS matrices, direct constructions are preferred for larger orders
due to the vast search space involved. In the literature, there has been
extensive research on the direct construction of MDS matrices using both
recursive and nonrecursive methods. On the other hand, in lightweight
cryptography, Near-MDS (NMDS) matrices with sub-optimal branch numbers offer a
better balance between security and efficiency as a diffusion layer compared to
MDS matrices. However, no direct construction method is available in the
literature for constructing recursive NMDS matrices. This paper introduces some
direct constructions of NMDS matrices in both nonrecursive and recursive
settings. Additionally, it presents some direct constructions of nonrecursive
MDS matrices from the generalized Vandermonde matrices. We propose a method for
constructing involutory MDS and NMDS matrices using generalized Vandermonde
matrices. Furthermore, we prove some folklore results that are used in the
literature related to the NMDS code
On the Construction of Near-MDS Matrices
The optimal branch number of MDS matrices makes them a preferred choice for
designing diffusion layers in many block ciphers and hash functions. However,
in lightweight cryptography, Near-MDS (NMDS) matrices with sub-optimal branch
numbers offer a better balance between security and efficiency as a diffusion
layer, compared to MDS matrices. In this paper, we study NMDS matrices,
exploring their construction in both recursive and nonrecursive settings. We
provide several theoretical results and explore the hardware efficiency of the
construction of NMDS matrices. Additionally, we make comparisons between the
results of NMDS and MDS matrices whenever possible. For the recursive approach,
we study the DLS matrices and provide some theoretical results on their use.
Some of the results are used to restrict the search space of the DLS matrices.
We also show that over a field of characteristic 2, any sparse matrix of order
with fixed XOR value of 1 cannot be an NMDS when raised to a power of
. Following that, we use the generalized DLS (GDLS) matrices to
provide some lightweight recursive NMDS matrices of several orders that perform
better than the existing matrices in terms of hardware cost or the number of
iterations. For the nonrecursive construction of NMDS matrices, we study
various structures, such as circulant and left-circulant matrices, and their
generalizations: Toeplitz and Hankel matrices. In addition, we prove that
Toeplitz matrices of order cannot be simultaneously NMDS and involutory
over a field of characteristic 2. Finally, we use GDLS matrices to provide some
lightweight NMDS matrices that can be computed in one clock cycle. The proposed
nonrecursive NMDS matrices of orders 4, 5, 6, 7, and 8 can be implemented with
24, 50, 65, 96, and 108 XORs over , respectively
Exhaustive Search for Small Dimension Recursive MDS Diffusion Layers for Block Ciphers and Hash Functions
This article presents a new algorithm to find MDS matrices that are well
suited for use as a diffusion layer in lightweight block ciphers. Using an
recursive construction, it is possible to obtain matrices with a very compact
description. Classical field multiplications can also be replaced by simple
F2-linear transformations (combinations of XORs and shifts) which are much
lighter. Using this algorithm, it was possible to design a 16x16 matrix on a
5-bit alphabet, yielding an efficient 80-bit diffusion layer with maximal
branch number.Comment: Published at ISIT 201
Systematization of a 256-bit lightweight block cipher Marvin
In a world heavily loaded by information, there is a great need for keeping
specific information secure from adversaries. The rapid growth in the research
field of lightweight cryptography can be seen from the list of the number of
lightweight stream as well as block ciphers that has been proposed in the
recent years. This paper focuses only on the subject of lightweight block
ciphers. In this paper, we have proposed a new 256 bit lightweight block cipher
named as Marvin, that belongs to the family of Extended LS designs.Comment: 12 pages,6 figure
Lifted MDS Codes over Finite Fields
MDS codes are elegant constructions in coding theory and have mode important
applications in cryptography, network coding, distributed data storage,
communication systems et. In this study, a method is given which MDS codes are
lifted to a higher finite field. The presented method satisfies the protection
of the distance and creating the MDS code over the by using MDS code over
$F_p.
Direct Construction of Recursive MDS Diffusion Layers using Shortened BCH Codes
MDS matrices allow to build optimal linear diffusion layers in block ciphers.
However, MDS matrices cannot be sparse and usually have a large description,
inducing costly software/hardware implementations. Recursive MDS matrices allow
to solve this problem by focusing on MDS matrices that can be computed as a
power of a simple companion matrix, thus having a compact description suitable
even for constrained environ- ments. However, up to now, finding recursive MDS
matrices required to perform an exhaustive search on families of companion
matrices, thus limiting the size of MDS matrices one could look for. In this
article we propose a new direct construction based on shortened BCH codes, al-
lowing to efficiently construct such matrices for whatever parameters.
Unfortunately, not all recursive MDS matrices can be obtained from BCH codes,
and our algorithm is not always guaranteed to find the best matrices for a
given set of parameters.Comment: Best paper award; Carlos Cid and Christian Rechberger. 21st
International Workshop on Fast Software Encryption, FSE 2014, Mar 2014,
London, United Kingdom. springe
Lightweight Design Choices for LED-like Block Ciphers
Serial matrices are a preferred choice for building diffusion layers of lightweight block ciphers as one just needs to implement the last row of such a matrix. In this work we analyze a new class of serial matrices which are the lightest possible serial matrix that can be used to build diffusion layers. With this new matrix we show that block ciphers like LED can be implemented with a reduced area in hardware designs, though it has to be cycled for more iterations. Further, we suggest the usage of an alternative S-box to the standard S-box used in LED with similar cryptographic robustness, albeit having lesser area footprint. Finally, we combine these ideas in an end-end FPGA based prototype of LED. We show that with these optimizations, there is a reduction of in area footprint of one round implementation of LED
On the Construction of Lightweight Orthogonal MDS Matrices
In present paper, we investigate 4 problems.
Firstly,
it is known that, a matrix is MDS if and only if all sub-matrices of this matrix of degree from 1 to are full rank. In this paper, we propose a theorem that an orthogonal matrix is MDS if and only if all sub-matrices of this orthogonal matrix of degree from 1 to are full rank. With this theorem, calculation of constructing orthogonal MDS matrices is reduced largely.
Secondly,
Although it has been proven that the circulant orthogonal matrix does not exist over the finite field, we discover that it also does not exist over a bigger set. Thirdly, previous algorithms have to continually change entries of the matrix to construct a lot of candidates. Unfortunately, in these candidates, only very few candidates are orthogonal matrices. With the matrix polynomial residue ring and the minimum polynomials of lightweight element-matrices, we propose an extremely efficient algorithm for constructing circulant orthogonal MDS matrices. In this algorithm, every candidate must be an circulant orthogonal matrix.
Finally, we use this algorithm to construct a lot of lightweight results, and some of them are constructed first time
Construction of generalized-involutory MDS matrices
Maximum Distance Separable (MDS) matrices are usually used to be diffusion
layers in cryptographic designs. The main advantage of involutory MDS matrices lies in
that both encryption and decryption share the same matrix-vector product. In this paper,
we present a new type of MDS matrices called generalized-involutory MDS matrices, implementation
of whose inverse matrix-vector products in decryption is the combination of the
matrix-vector products in encryption plus a few extra XOR gates. For the purpose of verifying
the existence of such matrices, we found 4 × 4 Hadamard generalized-involutory MDS
matrix over GF(24) consuming as little as 38 XOR gates with 4 additional XOR gates for
inverse matrix, while the best previous single-clock implementation in IWSEC 2019 needs
46 XOR gates with 51 XOR gates for inverse matrix. For GF(28), our results also beat the
best previous records in ToSC 2017
- …