Results 1 -
3 of
3
Linear Cryptanalysis of Non Binary Ciphers with an Application to SAFER
"... Abstract. In this paper we re-visit distinguishing attacks. We show how to generalize the notion of linear distinguisher to arbitrary sets. Our thesis is that our generalization is the most natural one. We compare it with the one by Granboulan et al. from FSE’06 by showing that we can get sharp esti ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
Abstract. In this paper we re-visit distinguishing attacks. We show how to generalize the notion of linear distinguisher to arbitrary sets. Our thesis is that our generalization is the most natural one. We compare it with the one by Granboulan et al. from FSE’06 by showing that we can get sharp estimates of the data complexity and cumulate characteristics in linear hulls. As a proof of concept, we propose a better attack on their toy cipher TOY100 than the one that was originally suggested and we propose the best known plaintext attack on SAFER K/SK so far. This provides new directions to block cipher cryptanalysis even in the binary case. On the constructive side, we introduce DEAN18, a toy cipher which encrypts blocks of 18 decimal digits and we study its security. 1
Dynamic MDS Matrices for Substantial Cryptographic Strength
"... Abstract. Ciphers get their strength from the mathematical functions of confusion and diffusion, also known as substitution and permutation. These were the basics of classical cryptography and they are still the basic part of modern ciphers. In block ciphers diffusion is achieved by the use of Maxim ..."
Abstract
- Add to MetaCart
Abstract. Ciphers get their strength from the mathematical functions of confusion and diffusion, also known as substitution and permutation. These were the basics of classical cryptography and they are still the basic part of modern ciphers. In block ciphers diffusion is achieved by the use of Maximum Distance Separable (MDS) matrices. In this paper we present some methods for constructing dynamic (and random) non-linear MDS matrices.
On Constructions of MDS Matrices from Companion Matrices for Lightweight Cryptography
"... Abstract. Maximum distance separable (MDS) matrices have applications not only in coding theory but also are of great importance in the design of block ciphers and hash functions. It is highly nontrivial to find MDS matrices which could be used in lightweight cryptography. In a crypto 2011 paper, Gu ..."
Abstract
- Add to MetaCart
Abstract. Maximum distance separable (MDS) matrices have applications not only in coding theory but also are of great importance in the design of block ciphers and hash functions. It is highly nontrivial to find MDS matrices which could be used in lightweight cryptography. In a crypto 2011 paper, Guo et. al. proposed a new MDS matrix Serial(1, 2, 1, 4) 4 over F28. This representation has a compact hardware implementation of the AES MixColumn operation. No general study of MDS properties of this newly introduced construction of the form Serial(z0,..., zd−1) d over F2n for arbitrary d and n is available in the literature. In this paper we study some properties of MDS matrices and provide an insight of why Serial(z0,..., zd−1) d leads to an MDS matrix. For efficient hardware implementation, we aim to restrict the values of zi’s in {1, α, α 2, α+1}, such that Serial(z0,..., zd−1) d is MDS for d = 4 and 5, where α is the root of the constructing polynomial of F2n. We also propose more generic constructions of MDS matrices e.g. we construct lightweight 4 × 4 and 5 × 5 MDS matrices over F2n for all n ≥ 4. An algorithm is presented to check if a given matrix is MDS. The algorithm directly follows from the basic properties of MDS matrix and is easy to implement.
