Construction of MDS block diffusion matrices for block ciphers and hash functions

Abstract: Dear editor,Block ciphers are one of the most important building blocks in many cryptosystems. Modern block ciphers are often iterations with several rounds, where each round comprises a (nonlinear) confusion layer and a (linear) diffusion layer. The diffusion layer plays a significant role in block ciphers as well as in other cryptographic primitives such as hash functions. The security of a diffusion layer is measured by its differential branch number and the linear branch number. If the two branch numbers a… Show more

“…MIBS is a 16-subblock Feistel structure with substitution and permutation input: A differential pair (Δin, Δout) and the system S output: A boolean flag indicates if (Δin, Δout) is an impossible differential (1) is the × augmented matrix of S; (2) is the − 1 dimension variable vector; (3) N is the map of constraints of S; (4) flag←false; (5) index←true; (6) Initialize every variable in according to (Δin, Δout) and the constraints in N; (7) while index do (8) UpdateMatrix ( , ) // Update according to ; / * Transform into the reduced-row-echelon form by Gauss-Jordan Elimination * / (9) ReducedRowEchelon ( ); (10) if has no solution then (11) flag←true; (12) break; (13) else (14) index ← false; (15) count← 0; (16) for ← to 1 do (17) → V ← Row of ; (18) if the sum of the first − 1 elements of → V is 1 then (19) ← the index of the element 1 in → V ; (20) ← the last element of → V ; // the solution of the th variable in (21) / * update the variable vector with ( , ) and return true if there is no contradiction and return false otherwise. * / (22) ←UpdateVector ( , N, , ); (23) if is false then (24) flag ← true; (25) return flag; (26) else (27) index ← true; (28) end (29) end (30) end ( …”

“…If there is a contradiction for these two intermediate differences, then an impossible differential (Δin Δout) is verified. Representing a block cipher by the matrix has been a popular method in impossible differential and integral and zero correlation linear cryptanalysis [8,10,[15][16][17][18][19][20].…”

Improvements for Finding Impossible Differentials of Block Cipher Structures

“…MIBS is a 16-subblock Feistel structure with substitution and permutation input: A differential pair (Δin, Δout) and the system S output: A boolean flag indicates if (Δin, Δout) is an impossible differential (1) is the × augmented matrix of S; (2) is the − 1 dimension variable vector; (3) N is the map of constraints of S; (4) flag←false; (5) index←true; (6) Initialize every variable in according to (Δin, Δout) and the constraints in N; (7) while index do (8) UpdateMatrix ( , ) // Update according to ; / * Transform into the reduced-row-echelon form by Gauss-Jordan Elimination * / (9) ReducedRowEchelon ( ); (10) if has no solution then (11) flag←true; (12) break; (13) else (14) index ← false; (15) count← 0; (16) for ← to 1 do (17) → V ← Row of ; (18) if the sum of the first − 1 elements of → V is 1 then (19) ← the index of the element 1 in → V ; (20) ← the last element of → V ; // the solution of the th variable in (21) / * update the variable vector with ( , ) and return true if there is no contradiction and return false otherwise. * / (22) ←UpdateVector ( , N, , ); (23) if is false then (24) flag ← true; (25) return flag; (26) else (27) index ← true; (28) end (29) end (30) end ( …”

“…If there is a contradiction for these two intermediate differences, then an impossible differential (Δin Δout) is verified. Representing a block cipher by the matrix has been a popular method in impossible differential and integral and zero correlation linear cryptanalysis [8,10,[15][16][17][18][19][20].…”

Improvements for Finding Impossible Differentials of Block Cipher Structures

“…Therefore, the careful design of the diffusion layer can effectively resist cryptographic attacks, such as differential cryptanalysis and linear cryptanalysis. In order to design better iterative structure and diffusion layer of block cipher, cryptographers at home and abroad have also done a lot of research in these aspects and achieved remarkable results [1][2][3]. In the diffusion layer of the block cipher, regarding the construction of its linear transformation function, researchers have successively proposed methods such as MDS code, BCH and Goppa code, Vandermonde and Cauchy matrix construction.…”

Design Principle and Method of Lightweight Block Cipher Diffusion Layer

Lightweight Recursive MDS Matrices with Generalized Feistel Network