Applications of design theory for the constructions of MDS matrices for lightweight cryptography

Abstract In this paper, we observe simple yet subtle interconnections among design theory, coding theory and cryptography. Maximum distance separable (MDS) matrices have applications not only in coding theory but are also of great importance in the design of block ciphers and hash functions. It is nontrivial to find MDS matrices which could be used in lightweight cryptography. In the SAC 2004 paper [12], Junod and Vaudenay considered bi-regular matrices which are useful objects to build MDS matrices. Bi-regular matrices are those matrices all of whose entries are nonzero and all of whose 2 × 2 {2\times 2} submatrices are nonsingular. Therefore MDS matrices are bi-regular matrices, but the converse is not true. They proposed the constructions of efficient MDS matrices by studying the two major aspects of a d × d {d\times d} bi-regular matrix M, namely v 1 ⁢ ( M ) {v_{1}(M)} , i.e. the number of occurrences of 1 in M, and c 1 ⁢ ( M ) {c_{1}(M)} , i.e. the number of distinct elements in M other than 1. They calculated the maximum number of ones that can occur in a d × d {d\times d} bi-regular matrices, i.e. v 1 d , d {v_{1}^{d,d}} for d up to 8, but with their approach, finding v 1 d , d {v_{1}^{d,d}} for d ≥ 9 {d\geq 9} seems difficult. In this paper, we explore the connection between the maximum number of ones in bi-regular matrices and the incidence matrices of Balanced Incomplete Block Design (BIBD). In this paper, tools are developed to compute v 1 d , d {v_{1}^{d,d}} for arbitrary d. Using these results, we construct a restrictive version of d × d {d\times d} bi-regular matrices, introducing by calling almost-bi-regular matrices, having v 1 d , d {v_{1}^{d,d}} ones for d ≤ 21 {d\leq 21} . Since, the number of ones in any d × d {d\times d} MDS matrix cannot exceed the maximum number of ones in a d × d {d\times d} bi-regular matrix, our results provide an upper bound on the number of ones in any d × d {d\times d} MDS matrix. We observe an interesting connection between Latin squares and bi-regular matrices and study the conditions under which a Latin square becomes a bi-regular matrix and finally construct MDS matrices from Latin squares. Also a lower bound of c 1 ⁢ ( M ) {c_{1}(M)} is computed for d × d {d\times d} bi-regular matrices M such that v 1 ⁢ ( M ) = v 1 d , d {v_{1}(M)=v_{1}^{d,d}} , where d = q 2 + q + 1 {d=q^{2}+q+1} and q is any prime power. Finally, d × d {d\times d} efficient MDS matrices are constructed for d up to 8 from bi-regular matrices having maximum number of ones and minimum number of other distinct elements for lightweight applications.

[1]  Vincent Rijmen,et al.  The KHAZAD Legacy-Level Block Cipher , 2001 .

[2]  Kyoji Shibutani,et al.  On the diffusion matrix employed in the Whirlpool hashing function , 2022 .

[3]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[4]  Jorge Nakahara,et al.  A New Involutory MDS Matrix for the AES , 2009, Int. J. Netw. Secur..

[5]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[6]  Bruce Schneier,et al.  The Twofish Encryption Algorithm , 1999 .

[7]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[8]  Kishan Chand Gupta,et al.  On Constructions of Circulant MDS Matrices for Lightweight Cryptography , 2014, ISPEC.

[9]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[10]  Kishan Chand Gupta,et al.  On Constructions of Involutory MDS Matrices , 2013, AFRICACRYPT.

[11]  A. Youssef On the Design of Linear Transformations for Substitution Permutation Encryption Networks , 2007 .

[12]  Wenling Wu,et al.  Recursive Diffusion Layers for (Lightweight) Block Ciphers and Hash Functions , 2012, Selected Areas in Cryptography.

[13]  Jérôme Lacan,et al.  Systematic MDS erasure codes based on Vandermonde matrices , 2004, IEEE Communications Letters.

[14]  S. Vaudenay,et al.  Perfect diffusion primitives for block ciphers - building efficient MDS matrices , 2004 .

[15]  Kishan Chand Gupta,et al.  On Constructions of MDS Matrices from Companion Matrices for Lightweight Cryptography , 2013, IACR Cryptol. ePrint Arch..

[16]  Daniel Augot,et al.  Direct Construction of Recursive MDS Diffusion Layers Using Shortened BCH Codes , 2014, FSE.

[17]  Bart Preneel,et al.  A New Keystream Generator MUGI , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[18]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[19]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[20]  Mahdi Sajadieh,et al.  Recursive Diffusion Layers for Block Ciphers and Hash Functions , 2012, FSE.

[21]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[22]  Mahdi Sajadieh,et al.  On construction of involutory MDS matrices from Vandermonde Matrices in GF(2q) , 2011, Designs, Codes and Cryptography.

[23]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[24]  Vincent Rijmen,et al.  The Cipher SHARK , 1996, FSE.

[25]  Douglas R. Stinson,et al.  Combinatorial designs: constructions and analysis , 2003, SIGA.

[26]  Paulo S. L. M. Barreto,et al.  The MAELSTROM-0 Hash Function , 2006, Anais do VI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2006).