direct construction of quasi involutory recursive like
play

Direct construction of quasi-involutory recursive-like MDS matrices - PowerPoint PPT Presentation

Aug 08, 2023 •272 likes •540 views

Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Direct construction of quasi-involutory recursive-like MDS matrices from 2 -cyclic codes Cauchois Victor 1 Loidreau Pierre 1 Merkiche Nabil 23 1 DGA-MI

  1. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Direct construction of quasi-involutory recursive-like MDS matrices from 2 -cyclic codes Cauchois Victor 1 Loidreau Pierre 1 Merkiche Nabil 23 1 DGA-MI / IRMAR 2 DGA-IP 3 Sorbonnes Universit´ e, UPMC, LIP6 FSE 2017 March 6, 2017 Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 1 / 22

  2. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Motivations Definition MDS matrices are matrices such that any minor is non singular. MDS matrices are widely used in Blockciphers and Hash functions. Lightweight designs ⇒ circulant or recursive matrices. Involutory matrices ⇒ Both encryption and decryption with the same structure. No circulant involutory MDS matrix [GR14]. Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 2 / 22

  3. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Agenda Recursive involutory MDS matrix ? We propose a new direct construction of MDS matrices that are recursive-like and quasi-involutory. Implementations and results Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 3 / 22

  4. Plan Involutory recursive MDS matrices 1 Quasi-involutory recursive-like MDS matrices 2 Implementations 3

  5. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Recursive matrices m − 1 From g ( X ) = X m + g i X i ∈ F 2 n [ X ] , we build the matrix : � i =0   0 1 0 . . . 0 . . ... ... ... . .   . . C g =     0 0 1 . . . . . .   g 0 g 1 . . . g m − 2 g m − 1 Definition M is a recursive matrix ⇔ ∃ g ∈ F 2 n [ X ] monic of degree m such that M = C m g Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 4 / 22

  6. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Companion matrices   X mod g ( X ) X 2 mod g ( X )   C g =  .  .   .   X m mod g ( X ) Successive powers of companion matrices have a similar description :  X i  mod g ( X ) X i +1 mod g ( X )   C i g =  , ∀ i ∈ N  .  .   .  X i + m − 1 mod g ( X ) Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 5 / 22

  7. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Redundancy matrices of cyclic codes Let C be a [2 m, m ] 2 n cyclic code. It has a circulant generator matrix :   0 0 g 0 g 1 . . . g m . . . 0 0 g 0 g 1 . . . g m . . .   G =  . .  ... ... ... ... ... . .   . .   0 0 . . . g 0 g 1 . . . g m Assume g m = 1 , this code has a systematic generator matrix shaped as : X m  mod g ( X ) 1 0 0  . . . ...  X m +1  mod g ( X ) 0 1 0 ˜   G =  . . .  ... ... . . .   . . .   X 2 m − 1 mod g ( X ) 0 . . . 0 1 Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 6 / 22

  8. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Involutory recursive MDS matrices ? A recursive matrix C m g is an involutory matrix if C 2 m = I m g Construct MDS cyclic codes ⇒ BCH codes. No element of even order in F 2 n ⇒ No BCH code yielding involutory recursive MDS matrix. Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 7 / 22

  9. Plan Involutory recursive MDS matrices 1 Quasi-involutory recursive-like MDS matrices 2 Implementations 3

  10. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Skewing polynomial rings Let θ : x �→ x [1] the squaring in F 2 2 m . Definition The ring of 2 -polynomials, F 2 2 m [ X, θ ] , is defined as the set { � i a i X i , a i ∈ F 2 2 m } together with : Addition : usual polynomial addition. Multiplication : X ∗ a = θ ( a ) ∗ X = a [1] ∗ X . Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 8 / 22

  11. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Skewing powers of companion matrices Let g � X � = X m + � m − 1 i =0 g i X i ∈ F 2 2 m [ X, θ ] . Theorem X i   mod ∗ g � X � X i +1 mod ∗ g � X �   C [ i − 1] C [ i − 2] . . . C [1] g C g =  .  g g .   .   X i + m − 1 mod ∗ g � X � Definition M is a recursive-like matrix ⇔ ∃ g ∈ F 2 2 m [ X, θ ] monic of degree m such that M = C [ m − 1] C [ m − 2] . . . C [1] g C g g g Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 9 / 22

  12. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Redundancy matrices of 2 -cyclic codes Let C be a [2 m, m ] 2 2 m 2 -cyclic code. It has a circulant generator matrix : g 0 g 1 . . . g m 0 . . . 0   g [1] g [1] g [1] 0 . . . . . . 0 m  0 1  G =  . .  ... ... ... ... ... . .   . .   g [ m − 1] g [ m − 1] g [ m − 1] 0 . . . 0 . . . m 0 1 Assume g m = 1 , this code has a systematic generator matrix shaped as :  X m  mod ∗ g � X � 1 0 . . . 0 ...  X m +1  mod ∗ g � X � 0 1 0 ˜   G = . . .  ... ...  . . .   . . .   X 2 m − 1 mod ∗ g � X � 0 0 1 . . . Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 10 / 22

  13. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Quasi-involutory Recursive-like MDS matrices A recursive-like matrix is a quasi-involutory matrix if C [2 m − 1] C [2 m − 2] . . . C [1] g C g = I m g g � [ m ] � C [ m − 1] C [ m − 2] . . . C [1] ( C [ m − 1] C [ m − 2] . . . C [1] g C g ) = I m g C g g g g g g yields a quasi-involutory recursive-like matrix if X 2 m − 1 mod ∗ g � X � = 0 There exist [2 m, m ] 2 2 m 2 -cyclic MDS matrix whose a redundancy matrix of a systematic generator matrix is quasi-involutory. Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 11 / 22

  14. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations 2 -cyclic Gabidulin codes Let λ be a normal element in F 2 2 m . The following matrix is the parity-check matrix of a Maximum Rank Distance (thus MDS) 2 -cyclic code, C :  λ [0] λ [1] λ [2 m − 1]  . . . λ [1] λ [2] λ [0] . . .   H λ =  . .  ... ... . .   . .   λ [ m − 1] λ [ m ] λ [ m − 2] . . . All roots of g unique monic polynomial generating C are roots of X 2 m − 1 ⇒ X 2 m − 1 mod ∗ g � X � = 0 . Thus g yields a quasi-involutory recursive-like matrix. Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 12 / 22

  15. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations Direct Construction Choose a normal element λ ∈ F 2 2 m . 1 Define 2  λ [0] λ [ m − 1]   λ [ m ] λ [2 m − 1]  . . . . . . . . . . ... ... H λ, 1 = . .  and H λ, 2 = . .     . . . .    λ [ m − 1] λ [2 m − 2] λ [2 m − 1] λ [ m − 2] . . . . . . Compute H λ = ( H λ, 1 | H λ, 2 ) 3 Compute M = H λ, 2 H − 1 λ, 1 . The inverse matrix is N = M [ m ] . 4 Compute C g from the first line of M . 5 M is then a quasi-involutory recursive-like MDS matrix, recursively generated by C g . Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 13 / 22

  16. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations An example with small parameters m = 4 Let β be a a root of the irreducible polynomial x 8 + x 4 + x 3 + x 2 + 1 ( 0x11c ) . β is a generator of the multiplication group of F 2 8 . We chose to consider the normal element λ = β 21 . We compute H β 21 :  β 21 β 42 β 84 β 168 β 81 β 162 β 69 β 138  β 42 β 84 β 168 β 81 β 162 β 69 β 138 β 21    β 84 β 168 β 81 β 162 β 69 β 138 β 21 β 42    β 168 β 81 β 162 β 69 β 138 β 21 β 42 β 84 Hence the MDS matrix M is written :  β 199 β 96 β 52 β 123  β 190 β 218 β 231 β 125   M =  β 194 β 227 β 224 β 66    β 76 β 54 β 217 β 28 Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 14 / 22

  17. Involutory recursive MDS matrices Quasi-involutory recursive-like MDS matrices Implementations An example with small parameters m = 4 Its inverse matrix is N = M [4] and is written :  β 124 β 6 β 67 β 183  β 235 β 173 β 126 β 215   N =  β 44 β 62 β 14 β 36    β 196 β 99 β 157 β 193 The companion matrix which recursively generates M is associated with g � X � = β 199 + β 96 X + β 52 X 2 + β 123 X 3 + X 4 and is written :   0 1 0 0 0 0 1 0   C g =   0 0 0 1   β 199 β 96 β 52 β 123 Cauchois, Loidreau, Merkiche Involutory recursive diffusion layers 15 / 22

  18. Plan Involutory recursive MDS matrices 1 Quasi-involutory recursive-like MDS matrices 2 Implementations 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V.

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V.

Weighted Quasi-optimal and Recursive Quasi-optimal Satellite Selection Techniques for GNSS V. Satya Srinivas 1 , A.D. Sarma 2 and A. Supraja Reddy 2 1 Geethanj ali College of Engineering and Technology, Cheeryal (V), Telangana 501301 India 2

466 views • 35 slides
Direct Construction of Recursive MDS Diffusion Layers using Shortened BCH Codes Daniel Augot and

Direct Construction of Recursive MDS Diffusion Layers using Shortened BCH Codes Daniel Augot and

Direct Construction of Recursive MDS Diffusion Layers using Shortened BCH Codes Daniel Augot and Matthieu Finiasz Context Diffusion layers in a block cipher/SPN should: obviously, offer good diffusion, have a large branch number , be

381 views • 21 slides
Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun,

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun,

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu FSE 2019 @ Paris, France Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE

782 views • 44 slides
Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems

Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems

Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems that are naturally solved by recursion Examples: Recursive function: Fibonacci numbers Recursive graphics: Fractals Mutual recursion:

796 views • 61 slides
Involutory Turing Machines Keisuke Nakano RIEC, Tohoku University RC 2020 @ Online Involution f

Involutory Turing Machines Keisuke Nakano RIEC, Tohoku University RC 2020 @ Online Involution f

Involutory Turing Machines Keisuke Nakano RIEC, Tohoku University RC 2020 @ Online Involution f x dom ( f ). f ( f (x) ) = x Involution (a.k.a. involutory function) A function that is own inverse I.e., f(x) = y if and only if f(y)

1.21k views • 18 slides
A recursive construction of joint eigenfunctions for the commuting hyperbolic Calogero-Moser

A recursive construction of joint eigenfunctions for the commuting hyperbolic Calogero-Moser

A recursive construction of joint eigenfunctions for the commuting hyperbolic Calogero-Moser Hamiltonians (Joint work with M. Hallns) Simon Ruijsenaars School of of Mathematics University of Leeds, UK Budapest, 4 April 2014 Introduction

258 views • 22 slides
A Phrase Mining Framework for Recursive Construction of a Topical Hierarchy Akshat Pandey

A Phrase Mining Framework for Recursive Construction of a Topical Hierarchy Akshat Pandey

A Phrase Mining Framework for Recursive Construction of a Topical Hierarchy Akshat Pandey Dipshil Agrawal Shrirag Kodoor March 27th, 2018. 1. Introduction 1.1. Aim: Creation of a high quality hierarchical organization of the concepts in a

494 views • 22 slides
On a recursive construction of Dirichlet form on the Sierpi nski gasket Qingsong Gu (Joint

On a recursive construction of Dirichlet form on the Sierpi nski gasket Qingsong Gu (Joint

Main results Other examples On a recursive construction of Dirichlet form on the Sierpi nski gasket Qingsong Gu (Joint work with Ka-Sing Lau and Hua Qiu) The Chinese University of Hong Kong qsgu@math.cuhk.edu.hk June 2017 Qingsong Gu

354 views • 24 slides
Quasi equilibrium construction for long time glassy dynamics Pierfrancesco Urbani Dipartimento

Quasi equilibrium construction for long time glassy dynamics Pierfrancesco Urbani Dipartimento

Quasi equilibrium construction for long time glassy dynamics Pierfrancesco Urbani Dipartimento di Fisica Universit di Roma, La Sapienza Laboratoire de Physique Thorique et Modles Statistiques Universit Paris-Sud

481 views • 16 slides
Models and refined models for involutory reflection groups and classical Weyl groups FABRIZIO

Models and refined models for involutory reflection groups and classical Weyl groups FABRIZIO

Models and refined models for involutory reflection groups and classical Weyl groups Models and refined models for involutory reflection groups and classical Weyl groups FABRIZIO CASELLI AND ROBERTA FULCI FPSAC10 - San Francisco Models and

1.25k views • 91 slides
1 Recursive Definitions Infinite Recursion The recursive part of the LIST definition is used

1 Recursive Definitions Infinite Recursion The recursive part of the LIST definition is used

CSC 2014 Java Bootcamp Lecture 9 Recursion 2 Recursion Recursion is a fundamental programming technique that can provide an elegant solution certain kinds of problems RECURSIVE THINKING 3 4 Recursive Thinking Recursive Definitions

148 views • 4 slides
Recursive Methods Recursive problem solution Problems that are naturally solved by

Recursive Methods Recursive problem solution Problems that are naturally solved by

Recursive Methods Recursive problem solution Problems that are naturally solved by recursion Derivative of rational function Recursive Methods Examples: Recursive function: Fibonacci numbers Recursive graphics:

284 views • 5 slides
61A Lecture 6 Announcements Recursive Functions Recursive Functions 4 Recursive Functions

61A Lecture 6 Announcements Recursive Functions Recursive Functions 4 Recursive Functions

61A Lecture 6 Announcements Recursive Functions Recursive Functions 4 Recursive Functions Definition: A function is called recursive if the body of that function calls itself, either directly or indirectly 4 Recursive Functions Definition:

1.08k views • 88 slides
Recursion Announcements Recursive Functions Recursive Functions 4 Recursive Functions

Recursion Announcements Recursive Functions Recursive Functions 4 Recursive Functions

Recursion Announcements Recursive Functions Recursive Functions 4 Recursive Functions Definition : A function is called recursive if the body of that function calls itself, either directly or indirectly 4 Recursive Functions Definition

1.11k views • 89 slides
A recursive algorithmic construction for spherical codes in dimensions R 2 k Henrique K. Miyamoto

A recursive algorithmic construction for spherical codes in dimensions R 2 k Henrique K. Miyamoto

A recursive algorithmic construction for spherical codes in dimensions R 2 k Henrique K. Miyamoto Henrique S a Earp e Sueli Costa Unicamp - University of Campinas miyamotohk@gmail.com July 9, 2018 Henrique K. Miyamoto LAWCI July 9, 2018

277 views • 6 slides
Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

Quasi-Experimental Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack experimental control lack of random assignment is the key point of distinction between quasi- experiments and true

888 views • 31 slides
Iterative Decoding of Non-Binary Cyclic Codes Using Minimum- Weight Dual Codewords Jiongyue Xing

Iterative Decoding of Non-Binary Cyclic Codes Using Minimum- Weight Dual Codewords Jiongyue Xing

Iterative Decoding of Non-Binary Cyclic Codes Using Minimum- Weight Dual Codewords Jiongyue Xing , Li Chen n School of EIT, Sun Yat-sen University , Guangzhou, China Martin Bossert, Sebastian Bitzer n Institute of CE, Ulm University , Ulm,

349 views • 21 slides
A study of cyclic codes BCH and Reed-Solomon code Welington Santos UFPR January 2015 Cyclic

A study of cyclic codes BCH and Reed-Solomon code Welington Santos UFPR January 2015 Cyclic

A study of cyclic codes BCH and Reed-Solomon code Welington Santos UFPR January 2015 Cyclic Codes Definition A linear ( n, k ) code C over F q is called cyclic if ( a 0 , a 1 , . . . , a n 1 ) C implies ( a n 1 , a 0 , . . . , a n

85 views • 6 slides
Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and

Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and

Information Theory Lecture 8 BCH codes BCH codes: R8.45 (R5.6) Decoding BCH (and RS) codes: R6 Reed-Solomon codes RS codes: R5.13 Mikael Skoglund, Information Theory 1/15 The BCH Bound Theorem : Let C be cyclic of

276 views • 8 slides
BCH Codes Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering

BCH Codes Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering

BCH Codes Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay October 14, 2014 1 / 13 BCH Codes Discovered by Hocquenghem in 1959 and independently by Bose and Chaudhari

451 views • 13 slides
Reed-Muller testing and approximating small set expansion & hypergraph coloring Venkatesan

Reed-Muller testing and approximating small set expansion & hypergraph coloring Venkatesan

Reed-Muller testing and approximating small set expansion & hypergraph coloring Venkatesan Guruswami Carnegie Mellon University (Spring14 @ Microsoft Research New England) 2014 Bertinoro Workshop on Sublinear Algorithms May 27, 2014

606 views • 47 slides
Non-Cryptographic Fault-Tolerant Distributed Computation Marek Hamerlik December 6, 2007 Marek

Non-Cryptographic Fault-Tolerant Distributed Computation Marek Hamerlik December 6, 2007 Marek

Introduction t-privacy Tools t-resilience Advanced Non-Cryptographic Fault-Tolerant Distributed Computation Marek Hamerlik December 6, 2007 Marek Hamerlik Non-Cryptographic Fault-Tolerant Distributed Computation Introduction t-privacy

866 views • 67 slides
Cyclic Codes and Cellular Automata Journes Calculabilits 2016 Luca Mariot 1 , 2 1 Dipartimento

Cyclic Codes and Cellular Automata Journes Calculabilits 2016 Luca Mariot 1 , 2 1 Dipartimento

Cyclic Codes and Cellular Automata Journes Calculabilits 2016 Luca Mariot 1 , 2 1 Dipartimento di Informatica, Sistemistica e Comunicazione (DISCo) Universit degli Studi Milano - Bicocca 2 Laboratoire dInformatique, Signaux et Systmes

794 views • 61 slides
Cryptography for the paranoid Daniel J. Bernstein (University of Illinois at Chicago, Technische

Cryptography for the paranoid Daniel J. Bernstein (University of Illinois at Chicago, Technische

Cryptography for the paranoid Daniel J. Bernstein (University of Illinois at Chicago, Technische Universiteit Eindhoven) Based on joint work with: Tanja Lange (Technische Universiteit Eindhoven) Christiane Peters (Danmarks Tekniske

1.12k views • 89 slides

More recommend