A New Involutory MDS Matrix for the AES
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
VHDL Implementation of Twofish Algorithm
VHDL Implementation of Twofish Algorithm Purnima Gehlot Richa Sharma S. R. Biradar Mody Institute of Mody Institute of Mody Institute of Technology Technology Technology and Science and Science and Science Laxmangarh, Sikar Laxmangarh, Sikar Laxmangarh, Sikar Rajasthan,India Rajasthan,India Rajasthan,India [email protected] [email protected] [email protected] which consists of two modules of function g, one MDS i.e. maximum ABSTRACT distance separable matrix,a PHT i.e. pseudo hadamard transform and Every day hundreds and thousands of people interact electronically, two adders of 32-bit for one round. To increase the complexity of the whether it is through emails, e-commerce, etc. through internet. For algorithm we can perform Endian function over the input bit stream. sending sensitive messages over the internet, we need security. In this Different modules of twofish algorithms are: paper a security algorithms, Twofish (Symmetric key cryptographic algorithm) [1] has been explained. All the important modules of 2.1 ENDIAN FUNCTION Twofish algorithm, which are Function F and g, MDS, PHT, are implemented on Xilinx – 6.1 xst software and there delay calculations Endian Function is a transformation of the input data. It is used as an interface between the input data provided to the circuit and the rest has been done on FPGA families which are Spartan2, Spartan2E and of the cipher. It can be used with all the key-sizes [5]. Here 128-bit VirtexE. input is divided into 16 bytes from byte0 to byte15 and are rearranged to get the output of 128-bit. Keywords Twofish, MDS, PHT, symmetric key, Function F and g. -
Matrices That Are Similar to Their Inverses
116 THE MATHEMATICAL GAZETTE Matrices that are similar to their inverses GRIGORE CÃLUGÃREANU 1. Introduction In a group G, an element which is conjugate with its inverse is called real, i.e. the element and its inverse belong to the same conjugacy class. An element is called an involution if it is of order 2. With these notions it is easy to formulate the following questions. 1) Which are the (finite) groups all of whose elements are real ? 2) Which are the (finite) groups such that the identity and involutions are the only real elements ? 3) Which are the (finite) groups in which the real elements form a subgroup closed under multiplication? According to specialists, these (general) questions cannot be solved in any reasonable way. For example, there are numerous families of groups all of whose elements are real, like the symmetric groups Sn. There are many solvable groups whose elements are all real, and one can prove that any finite solvable group occurs as a subgroup of a solvable group whose elements are all real. As for question 2, note that in any Abelian group (conjugations are all the identity function), the only real elements are the identity and the involutions, and they form a subgroup. There are non-abelian examples as well, like a Suzuki 2-group. Question 3 is similar to questions 1 and 2. Therefore the abstract study of reality questions in finite groups is unlikely to have a good outcome. This may explain why in the existing bibliography there are only specific studies (see [1, 2, 3, 4]). -
Centro-Invertible Matrices Linear Algebra and Its Applications, 434 (2011) Pp144-151
References • R.S. Wikramaratna, The centro-invertible matrix:a new type of matrix arising in pseudo-random number generation, Centro-invertible Matrices Linear Algebra and its Applications, 434 (2011) pp144-151. [doi:10.1016/j.laa.2010.08.011]. Roy S Wikramaratna, RPS Energy [email protected] • R.S. Wikramaratna, Theoretical and empirical convergence results for additive congruential random number generators, Reading University (Conference in honour of J. Comput. Appl. Math., 233 (2010) 2302-2311. Nancy Nichols' 70th birthday ) [doi: 10.1016/j.cam.2009.10.015]. 2-3 July 2012 Career Background Some definitions … • Worked at Institute of Hydrology, 1977-1984 • I is the k by k identity matrix – Groundwater modelling research and consultancy • J is the k by k matrix with ones on anti-diagonal and zeroes – P/t MSc at Reading 1980-82 (Numerical Solution of PDEs) elsewhere • Worked at Winfrith, Dorset since 1984 – Pre-multiplication by J turns a matrix ‘upside down’, reversing order of terms in each column – UKAEA (1984 – 1995), AEA Technology (1995 – 2002), ECL Technology (2002 – 2005) and RPS Energy (2005 onwards) – Post-multiplication by J reverses order of terms in each row – Oil reservoir engineering, porous medium flow simulation and 0 0 0 1 simulator development 0 0 1 0 – Consultancy to Oil Industry and to Government J = = ()j 0 1 0 0 pq • Personal research interests in development and application of numerical methods to solve engineering 1 0 0 0 j =1 if p + q = k +1 problems, and in mathematical and numerical analysis -
The Whirlpool Secure Hash Function
Cryptologia, 30:55–67, 2006 Copyright Taylor & Francis Group, LLC ISSN: 0161-1194 print DOI: 10.1080/01611190500380090 The Whirlpool Secure Hash Function WILLIAM STALLINGS Abstract In this paper, we describe Whirlpool, which is a block-cipher-based secure hash function. Whirlpool produces a hash code of 512 bits for an input message of maximum length less than 2256 bits. The underlying block cipher, based on the Advanced Encryption Standard (AES), takes a 512-bit key and oper- ates on 512-bit blocks of plaintext. Whirlpool has been endorsed by NESSIE (New European Schemes for Signatures, Integrity, and Encryption), which is a European Union-sponsored effort to put forward a portfolio of strong crypto- graphic primitives of various types. Keywords advanced encryption standard, block cipher, hash function, sym- metric cipher, Whirlpool Introduction In this paper, we examine the hash function Whirlpool [1]. Whirlpool was developed by Vincent Rijmen, a Belgian who is co-inventor of Rijndael, adopted as the Advanced Encryption Standard (AES); and by Paulo Barreto, a Brazilian crypto- grapher. Whirlpool is one of only two hash functions endorsed by NESSIE (New European Schemes for Signatures, Integrity, and Encryption) [13].1 The NESSIE project is a European Union-sponsored effort to put forward a portfolio of strong cryptographic primitives of various types, including block ciphers, symmetric ciphers, hash functions, and message authentication codes. Background An essential element of most digital signature and message authentication schemes is a hash function. A hash function accepts a variable-size message M as input and pro- duces a fixed-size hash code HðMÞ, sometimes called a message digest, as output. -
On the Construction of Lightweight Circulant Involutory MDS Matrices⋆
On the Construction of Lightweight Circulant Involutory MDS Matrices? Yongqiang Lia;b, Mingsheng Wanga a. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China b. Science and Technology on Communication Security Laboratory, Chengdu, China [email protected] [email protected] Abstract. In the present paper, we investigate the problem of con- structing MDS matrices with as few bit XOR operations as possible. The key contribution of the present paper is constructing MDS matrices with entries in the set of m × m non-singular matrices over F2 directly, and the linear transformations we used to construct MDS matrices are not assumed pairwise commutative. With this method, it is shown that circulant involutory MDS matrices, which have been proved do not exist over the finite field F2m , can be constructed by using non-commutative entries. Some constructions of 4 × 4 and 5 × 5 circulant involutory MDS matrices are given when m = 4; 8. To the best of our knowledge, it is the first time that circulant involutory MDS matrices have been constructed. Furthermore, some lower bounds on XORs that required to evaluate one row of circulant and Hadamard MDS matrices of order 4 are given when m = 4; 8. Some constructions achieving the bound are also given, which have fewer XORs than previous constructions. Keywords: MDS matrix, circulant involutory matrix, Hadamard ma- trix, lightweight 1 Introduction Linear diffusion layer is an important component of symmetric cryptography which provides internal dependency for symmetric cryptography algorithms. The performance of a diffusion layer is measured by branch number. -
Lightweight Diffusion Layer from the Kth Root of the MDS Matrix
Lightweight Diffusion Layer from the kth root of the MDS Matrix Souvik Kolay1, Debdeep Mukhopadhyay1 1Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur, India fsouvik1809,[email protected] Abstract. The Maximum Distance Separable (MDS) mapping, used in cryptog- raphy deploys complex Galois field multiplications, which consume lots of area in hardware, making it a costly primitive for lightweight cryptography. Recently in lightweight hash function: PHOTON, a matrix denoted as ‘Serial’, which re- quired less area for multiplication, has been multiplied 4 times to achieve a lightweight MDS mapping. But no efficient method has been proposed so far to synthesize such a serial matrix or to find the required number of repetitive multiplications needed to be performed for a given MDS mapping. In this pa- per, first we provide an generic algorithm to find out a low-cost matrix, which can be multiplied k times to obtain a given MDS mapping. Further, we optimize the algorithm for using in cryptography and show an explicit case study on the MDS mapping of the hash function PHOTON to obtain the ‘Serial’. The work also presents quite a few results which may be interesting for lightweight imple- mentation. Keywords: MDS Matrix, kth Root of a Matrix, Lightweight Diffusion Layer 1 Introduction With several resource constrained devices requiring support for cryptographic algo- rithms, the need for lightweight cryptography is imperative. Several block ciphers, like Kasumi[19], mCrypton[24], HIGHT[20], DESL and DESXL[23], CLEFIA[34], Present[8], Puffin[11], MIBS[22], KATAN[9], Klein[14], TWINE[36], LED[16], Pic- colo [33] etc and hash functions like PHOTON[33], SPONGENT[7], Quark [3] etc. -
Equivalent Conditions for Singular and Nonsingular Matrices Let a Be an N × N Matrix
Equivalent Conditions for Singular and Nonsingular Matrices Let A be an n × n matrix. Any pair of statements in the same column are equivalent. A is singular (A−1 does not exist). A is nonsingular (A−1 exists). Rank(A) = n. Rank(A) = n. |A| = 0. |A| = 0. A is not row equivalent to In. A is row equivalent to In. AX = O has a nontrivial solution for X. AX = O has only the trivial solution for X. AX = B does not have a unique AX = B has a unique solution solution (no solutions or for X (namely, X = A−1B). infinitely many solutions). The rows of A do not form a The rows of A form a basis for Rn. basis for Rn. The columns of A do not form The columns of A form abasisforRn. abasisforRn. The linear operator L: Rn → Rn The linear operator L: Rn → Rn given by L(X) = AX is given by L(X) = AX not an isomorphism. is an isomorphism. Diagonalization Method To diagonalize (if possible) an n × n matrix A: Step 1: Calculate pA(x) = |xIn − A|. Step 2: Find all real roots of pA(x) (that is, all real solutions to pA(x) = 0). These are the eigenvalues λ1, λ2, λ3, ..., λk for A. Step 3: For each eigenvalue λm in turn: Row reduce the augmented matrix [λmIn − A | 0] . Use the result to obtain a set of particular solutions of the homogeneous system (λmIn − A)X = 0 by setting each independent variable in turn equal to 1 and all other independent variables equal to 0. -
Zero-Sum Triangles for Involutory, Idempotent, Nilpotent and Unipotent Matrices
Zero-Sum Triangles for Involutory, Idempotent, Nilpotent and Unipotent Matrices Pengwei Hao1, Chao Zhang2, Huahan Hao3 Abstract: In some matrix formations, factorizations and transformations, we need special matrices with some properties and we wish that such matrices should be easily and simply generated and of integers. In this paper, we propose a zero-sum rule for the recurrence relations to construct integer triangles as triangular matrices with involutory, idempotent, nilpotent and unipotent properties, especially nilpotent and unipotent matrices of index 2. With the zero-sum rule we also give the conditions for the special matrices and the generic methods for the generation of those special matrices. The generated integer triangles are mostly newly discovered, and more combinatorial identities can be found with them. Keywords: zero-sum rule, triangles of numbers, generation of special matrices, involutory, idempotent, nilpotent and unipotent matrices 1. Introduction Zero-sum was coined in early 1940s in the field of game theory and economic theory, and the term “zero-sum game” is used to describe a situation where the sum of gains made by one person or group is lost in equal amounts by another person or group, so that the net outcome is neutral, or the sum of losses and gains is zero [1]. It was later also frequently used in psychology and political science. In this work, we apply the zero-sum rule to three adjacent cells to construct integer triangles. Pascal's triangle is named after the French mathematician Blaise Pascal, but the history can be traced back in almost 2,000 years and is referred to as the Staircase of Mount Meru in India, the Khayyam triangle in Persia (Iran), Yang Hui's triangle in China, Apianus's Triangle in Germany, and Tartaglia's triangle in Italy [2]. -
Variations to the Cryptographic Algorithms Aes and Twofish
VARIATIONS TO THE CRYPTOGRAPHIC ALGORITHMS AES AND TWOFISH P. Freyre∗1, N. D´ıaz ∗ and O. Cuellar y2 ∗Faculty of Mathematics and Computer Science, University of Havana, Cuba. yFaculty of Mathematics, Physical and Computer Science, Central University of Las Villas, Cuba. 1e-mail: [email protected] 2e-mail: [email protected] Abstract The cryptographic algorithms AES and Twofish guarantee a high diffusion by the use of fixed 4×4 MDS matrices. In this article variations to the algorithms AES and Twofish are made. They allow that the process of cipher - decipher come true with MDS matrices selected randomly from the set of all MDS matrices with the use of proposed algorithm. A new key schedule with a high diffusion is designed for the algorithm AES. Besides proposed algorithm generate new S - box that depends of the key. Key words: Block Cipher, AES, Twofish, S - boxes, MDS matrix. 1 1 Introduction. The cryptographic algorithms Rijndael (see [DR99] and [DR02]) and Twofish (see [SKWHF98] and [GBS13]) were finalists of the contest to select the Advanced Encryption Standard (AES) convened by the National Institute of Standards and Technology from the United States (NIST). The contest finished in October 2000 with the selection of the algorithm Rijndael as the AES, stated algorithm was proposed by Joan Daemen and Vincent Rijmen from Belgium. In order to reach a high diffusion, the algorithms AES and Twofish, use a MDS (Maximal Distance Separable) matrices, selected a priori. In this article we will explain the variations of these algorithms, where the MDS matrices are selected randomly as function of the secret key. -
Matrix Algebra and Control
Appendix A Matrix Algebra and Control Boldface lower case letters, e.g., a or b, denote vectors, boldface capital letters, e.g., A, M, denote matrices. A vector is a column matrix. Containing m elements (entries) it is referred to as an m-vector. The number of rows and columns of a matrix A is nand m, respectively. Then, A is an (n, m)-matrix or n x m-matrix (dimension n x m). The matrix A is called positive or non-negative if A>, 0 or A :2:, 0 , respectively, i.e., if the elements are real, positive and non-negative, respectively. A.1 Matrix Multiplication Two matrices A and B may only be multiplied, C = AB , if they are conformable. A has size n x m, B m x r, C n x r. Two matrices are conformable for multiplication if the number m of columns of the first matrix A equals the number m of rows of the second matrix B. Kronecker matrix products do not require conformable multiplicands. The elements or entries of the matrices are related as follows Cij = 2::;;'=1 AivBvj 'Vi = 1 ... n, j = 1 ... r . The jth column vector C,j of the matrix C as denoted in Eq.(A.I3) can be calculated from the columns Av and the entries BVj by the following relation; the jth row C j ' from rows Bv. and Ajv: column C j = L A,vBvj , row Cj ' = (CT),j = LAjvBv, (A. 1) /1=1 11=1 A matrix product, e.g., AB = (c: c:) (~b ~b) = 0 , may be zero although neither multipli cand A nor multiplicator B is zero. -
Bidirected Graph from Wikipedia, the Free Encyclopedia Contents
Bidirected graph From Wikipedia, the free encyclopedia Contents 1 Bidirected graph 1 1.1 Other meanings ............................................ 1 1.2 See also ................................................ 2 1.3 References ............................................... 2 2 Bipartite double cover 3 2.1 Construction .............................................. 3 2.2 Examples ............................................... 3 2.3 Matrix interpretation ......................................... 4 2.4 Properties ............................................... 4 2.5 Other double covers .......................................... 4 2.6 See also ................................................ 5 2.7 Notes ................................................. 5 2.8 References ............................................... 5 2.9 External links ............................................. 6 3 Complex question 7 3.1 Implication by question ........................................ 7 3.2 Complex question fallacy ....................................... 7 3.2.1 Similar questions and fallacies ................................ 8 3.3 Notes ................................................. 8 4 Directed graph 10 4.1 Basic terminology ........................................... 11 4.2 Indegree and outdegree ........................................ 11 4.3 Degree sequence ............................................ 12 4.4 Digraph connectivity .......................................... 12 4.5 Classes of digraphs ......................................... -
About Circulant Involutory MDS Matrices Victor Cauchois, Pierre Loidreau
About Circulant Involutory MDS Matrices Victor Cauchois, Pierre Loidreau To cite this version: Victor Cauchois, Pierre Loidreau. About Circulant Involutory MDS Matrices. International Workshop on Coding and Cryptography, Sep 2017, Saint-Pétersbourg, Russia. hal-01673463 HAL Id: hal-01673463 https://hal.archives-ouvertes.fr/hal-01673463 Submitted on 29 Dec 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. About Circulant Involutory MDS Matrices Victor Cauchois ∗ Pierre Loidreau y DGA MI and Universit´ede Rennes 1 Abstract We give a new algebraic proof of the non-existence of circulant involutory MDS matrices with coefficients in fields of even characteristic. For odd characteristics we give parameters for the potential existence. If we relax circulancy to θ-circulancy, then there is no restriction to the existence of θ-circulant involutory MDS matrices even for fields of even characteristic. Finally, we relax further the involutory defi- nition and propose a new direct construction of almost involutory θ-circulant MDS matrices. We show that they can be interesting in hardware implementations. 1 Introduction MDS matrices offer the maximal diffusion of symbols for cryptographic applications. To reduce implementation costs, research focuses on circulant and recursive matri- ces, which need only a linear number of multipliers to compute the matrix-vector product.