Direct construction of quasi-involutory recursive-like MDS matrices from 2-cyclic codes

Victor Cauchois,Nabil Merkiche,Pierre Loidreau

doi:10.46586/tosc.v2016.i2.80-98

Victor Cauchois, Nabil Merkiche + Show 1 more

Open Access

PDF Available

https://doi.org/10.46586/tosc.v2016.i2.80-98

Copy DOI

Export

Save

Cite

Abstract
Highlights/Summary
Full-Text PDF
Similar Papers

Abstract

Listen

A good linear diffusion layer is a prerequisite in the design of block ciphers. Usually it is obtained by combining matrices with optimal diffusion property over the Sbox alphabet. These matrices are constructed either directly using some algebraic properties or by enumerating a search space, testing the optimal diffusion property for every element. For implementation purposes, two types of structures are considered: Structures where all the rows derive from the first row and recursive structures built from powers of companion matrices. In this paper, we propose a direct construction for new recursive-like MDS matrices. We show they are quasi-involutory in the sense that the matrix-vector product with the matrix or with its inverse can be implemented by clocking a same LFSR-like architecture. As a direct construction, performances do not outperform the best constructions found with exhaustive search. However, as a new type of construction, it offers alternatives for MDS matrices design.

Highlights

The construction of good linear diffusion layers that can be efficiently implemented both in hardware and in software is an important challenge in the design of block ciphers or hash functions
One future work could be to go through exhaustive search to determine if new MDS matrices with lower costs than the state-of-the-art may be found with these direct constructions
Our work may be seen as a generalization of cyclic codes and classical polynomials in the sense that if we choose the identity automorphism to construct our polynomial ring, we get back to the classical theory

Summary

Introduction

The construction of good linear diffusion layers that can be efficiently implemented both in hardware and in software is an important challenge in the design of block ciphers or hash functions. Since the design of the AES MixColumn function, this issue has been thoroughly considered. These matrices form the ground on which diffusion layers are designed. MDS matrices ensure the maximal diffusion of symbols (usually bytes or nibbles), giving a direct lower bound on the bit diffusion. Not all of them can lead to efficient hardware or software implementation. To this end, two types of matrix structure are usually investigated:

Objectives

Results

Conclusion