Fast Software Encryption

MDS matrices allow to build optimal linear diffusion layers in block ciphers. However, MDS matrices cannot be sparse and usually have a large description, inducing costly software/hardware implementations. Recursive MDS matrices allow to solve this problem by focusing on MDS matrices that can be computed as a power of a simple companion matrix, thus having a compact description suitable even for constrained environments. However, up to now, finding recursive MDS matrices required to perform an exhaustive search on families of companion matrices, thus limiting the size of MDS matrices one could look for. In this article we propose a new direct construction based on shortened BCH codes, allowing to efficiently construct such matrices for whatever parameters. Unfortunately, not all recursive MDS matrices can be obtained from BCH codes, and our algorithm is not always guaranteed to find the best matrices for a given set of parameters.

[1]  Mihir Bellare,et al.  A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion , 1999, IACR Cryptol. ePrint Arch..

[2]  Xiaoli Yu,et al.  Reflection Cryptanalysis of PRINCE-Like Ciphers , 2013, Journal of Cryptology.

[3]  Elisabeth Oswald,et al.  A Leakage Resilient MAC , 2015, IMACC.

[4]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[5]  Krzysztof Pietrzak,et al.  A Tight Bound for EMAC , 2006, ICALP.

[6]  Bart Preneel,et al.  MacDES: MAC algorithm based on DES , 1998 .

[7]  Kaoru Kurosawa,et al.  Stronger Security Bounds for OMAC, TMAC, and XCBC , 2003, INDOCRYPT.

[8]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[9]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[10]  Bart Preneel,et al.  On the Security of Iterated Message Authentication Codes , 1999, IEEE Trans. Inf. Theory.

[11]  Mihir Bellare,et al.  Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[12]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[13]  Moni Naor,et al.  On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract) , 1997, STOC '97.

[14]  John Viega,et al.  The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[15]  Lars R. Knudsen,et al.  Chosen-text attack on CBC-MAC , 1997 .

[16]  Erez Petrank,et al.  CBC MAC for Real-Time Data Sources , 2015, Journal of Cryptology.

[17]  Jacques Patarin Generic Attacks for the Xor of k Random Permutations , 2013, ACNS.

[18]  Jacques Patarin,et al.  A Proof of Security in O(2n) for the Xor of Two Random Permutations , 2008, ICITS.

[19]  Stefan Lucks,et al.  The Sum of PRPs Is a Secure PRF , 2000, EUROCRYPT.

[20]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[21]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[22]  Valérie Nachef,et al.  Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations , 2010, INDOCRYPT.

[23]  Lei Wang,et al.  Impact of ANSI X9.24-1: 2009 Key Check Value on ISO/IEC 9797-1: 2011 MACs , 2014, FSE.

[24]  Stefan Lucks,et al.  Faster Luby-Rackoff Ciphers , 1996, FSE.

[25]  Mridul Nandi,et al.  Improved security analysis for OMAC as a pseudorandom function , 2009, J. Math. Cryptol..

[26]  Ramarathnam Venkatesan,et al.  Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.