Effective Linear Transformation Matrices for Block Cipher Based on Bi-regular Matrix
Although the separation matrix with maximum distance (MDS matrix) has been widely used in the cipher and hash function, the implementation of the linear transformation based on MDS matrix in many current block ciphers is not effective because the number o
- PDF / 381,647 Bytes
- 11 Pages / 439.37 x 666.142 pts Page_size
- 64 Downloads / 218 Views
Abstract Although the separation matrix with maximum distance (MDS matrix) has been widely used in the cipher and hash function, the implementation of the linear transformation based on MDS matrix in many current block ciphers is not effective because the number of occurrences of 1 in matrices is not much and the number of different elements in the matrices is quite large. In this paper, we propose a method to develop the effective MDS matrices based on the bi-regular matrix that maximizes the number of occurrences of 1 and minimizes the number of different elements in MDS matrices. By using the proposed method, we will construct the square MDS matrices 4 × 4, 8 × 8, 16 × 16 for using in the block ciphers. Keywords MDS matrix ⋅ Bi-regular matrix ⋅ Block ciphers
1 Introduction The replacement of permutation layer on Substitution-Permutation Network (SPN) by a diffusion linear transformation will improve the SAC property of the block ciphers, thereby increasing the resistance to the linear and differential attacks [1– 3]. The MDS matrices play an important role in the design of block ciphers and hash functions to provide the level of high security that resists many strong attacks on block ciphers such as: linear attack and differential attack. The MDS linear transformation was first proposed by Vaudenay [4] and then used in block ciphers SHARK [6] and SQUARE [5]. The advantage of linear transformation layer is that it creates the minimum number of active S-boxes in two consecutive rounds of a linear approximation or in two consecutive rounds of a differential property to be m + 1 (where m is the number of S-boxes in a round of SPN), in theory, this is the possible largest value of the minimum number of active S-boxes in two consecutive rounds. In other words, the MDS matrix changes the number of branches in diffusion layer. Therefore T.D. Luong (✉) Academy of Cryptography Techniques, Hanoi, Vietnam e-mail: [email protected] © Springer International Publishing Switzerland 2016 P. Meesad et al. (eds.), Recent Advances in Information and Communication Technology 2016, Advances in Intelligent Systems and Computing 463, DOI 10.1007/978-3-319-40415-8_23
233
234
T.D. Luong
it reaches the maximum value. For block ciphers, the level of security against strong attacks (such as linear attack, differential attack) depends on the number of branches of the diffusion layer. Therefore, if the diffusion layer of block ciphers uses the MDS matrix, the resistance of the block ciphers against linear and differential attacks will be the best quality. In fact, the MDS matrices are used for the diffusion layer of many block ciphers such as: AES [11], SHARK [6], KHAZAD, SQUARE [5], Anubis, . . . MDS matrix is also used in the design of hash functions such as Maelstrom, and the family of lightweight hash functions in which they use the MDS matrix as a key component in the diffusion layer. The MDS matrix plays an important role, but there is not many systematic studies on how to find the effective matrix. Pascal Junod and Serge Vaudenay are the first t
Data Loading...
