Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Journal of Mathematical Cryptology

Managing Editor: Magliveras, Spyros S. / Steinwandt, Rainer / Trung, Tran

Editorial Board: Blackburn, Simon R. / Blundo, Carlo / Burmester, Mike / Cramer, Ronald / Gilman, Robert / Gonzalez Vasco, Maria Isabel / Grosek, Otokar / Helleseth, Tor / Kim, Kwangjo / Koblitz, Neal / Kurosawa, Kaoru / Lauter, Kristin / Lange, Tanja / Menezes, Alfred / Nguyen, Phong Q. / Pieprzyk, Josef / Rötteler, Martin / Safavi-Naini, Rei / Shparlinski, Igor E. / Stinson, Doug / Takagi, Tsuyoshi / Williams, Hugh C. / Yung, Moti

CiteScore 2017: 1.43

SCImago Journal Rank (SJR) 2017: 0.293
Source Normalized Impact per Paper (SNIP) 2017: 1.117

Mathematical Citation Quotient (MCQ) 2017: 0.51

See all formats and pricing
More options …
Volume 11, Issue 2


Applications of design theory for the constructions of MDS matrices for lightweight cryptography

Kishan Chand Gupta / Sumit Kumar Pandey
  • Corresponding author
  • School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore
  • Email
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
/ Indranil Ghosh Ray
Published Online: 2017-05-11 | DOI: https://doi.org/10.1515/jmc-2016-0013


In this paper, we observe simple yet subtle interconnections among design theory, coding theory and cryptography. Maximum distance separable (MDS) matrices have applications not only in coding theory but are also of great importance in the design of block ciphers and hash functions. It is nontrivial to find MDS matrices which could be used in lightweight cryptography. In the SAC 2004 paper [12], Junod and Vaudenay considered bi-regular matrices which are useful objects to build MDS matrices. Bi-regular matrices are those matrices all of whose entries are nonzero and all of whose 2×2 submatrices are nonsingular. Therefore MDS matrices are bi-regular matrices, but the converse is not true. They proposed the constructions of efficient MDS matrices by studying the two major aspects of a d×d bi-regular matrix M, namely v1(M), i.e. the number of occurrences of 1 in M, and c1(M), i.e. the number of distinct elements in M other than 1. They calculated the maximum number of ones that can occur in a d×d bi-regular matrices, i.e. v1d,d for d up to 8, but with their approach, finding v1d,d for d9 seems difficult.

In this paper, we explore the connection between the maximum number of ones in bi-regular matrices and the incidence matrices of Balanced Incomplete Block Design (BIBD). In this paper, tools are developed to compute v1d,d for arbitrary d. Using these results, we construct a restrictive version of d×d bi-regular matrices, introducing by calling almost-bi-regular matrices, having v1d,d ones for d21. Since, the number of ones in any d×d MDS matrix cannot exceed the maximum number of ones in a d×d bi-regular matrix, our results provide an upper bound on the number of ones in any d×d MDS matrix.

We observe an interesting connection between Latin squares and bi-regular matrices and study the conditions under which a Latin square becomes a bi-regular matrix and finally construct MDS matrices from Latin squares. Also a lower bound of c1(M) is computed for d×d bi-regular matrices M such that v1(M)=v1d,d, where d=q2+q+1 and q is any prime power. Finally, d×d efficient MDS matrices are constructed for d up to 8 from bi-regular matrices having maximum number of ones and minimum number of other distinct elements for lightweight applications.

Keywords: BIBD; bi-regular matrix; design; diffusion; Latin square; MDS matrix; mixColumn operation

MSC 2010: 68R05; 94B99


  • [1]

    D. Augot and M. Finiasz, Direct construction of recursive MDS diffusion layers using shortened BCH codes, Fast Software Encryption (FSE 2014), Lecture Notes in Comput. Sci. 8540, Springer, Berlin (2015), 3–17. Google Scholar

  • [2]

    P. Barreto and V. Rijmen, The Khazad legacy-level block cipher, submission to the NESSIE Project (2000), http://cryptonessie.org.

  • [3]

    P. S. L. M. Barreto and V. Rijmen, Whirlpool, Encyclopedia of Cryptography and Security. Second Edition, Springer, New York (2011), 1384–1385. Google Scholar

  • [4]

    J. Daemen, L. R. Knudsen and V. Rijmen, The block cipher square, Fast Software Encryption (FSE 1997), Lecture Notes in Comput. Sci. 1267, Springer, Berlin (1997), 149–165. Google Scholar

  • [5]

    J. Daemen and V. Rijmen, The Design of Rijndael: AES – The Advanced Encryption Standard, Springer, Berlin, 2002. Google Scholar

  • [6]

    G. D. Filho, P. Barreto and V. Rijmen, The Maelstrom-0 hash function, Proceedings of the 6th Brazilian Symposium on Information and Computer Systems Security (2006); available at http://www.lbd.dcc.ufmg.br/colecoes/sbseg/2006/0017.pdf.

  • [7]

    P. Gauravaram, L. R. Knudsen, K. Matusiewicz, F. Mendel, C. Rechberger, M. Schlaffer and S. Thomsen, Grøstl – A SHA-3 candidate, submission to NIST (2008), http://www.groestl.info.

  • [8]

    J. Guo, T. Peyrin and A. Poschmann, The PHOTON family of lightweight hash functions, Advances in Cryptology (CRYPTO 2011), Lecture Notes in Comput. Sci. 6841, Springer, Berlin (2011), 222–239. Google Scholar

  • [9]

    K. C. Gupta and I. G. Ray, On constructions of involutory MDS matrices, Progress in Cryptology (AFRICACRYPT 2013), Lecture Notes in Comput. Sci. 7918, Springer, Berlin (2013), 43–60. Google Scholar

  • [10]

    K. C. Gupta and I. G. Ray, On constructions of MDS matrices from companion matrices for lightweight cryptography, Security Engineering and Intelligence Informatics (CD-ARES 2013), Lecture Notes in Comput. Sci. 8128, Springer, Berlin (2013), 29–43. Google Scholar

  • [11]

    K. C. Gupta and I. G. Ray, On constructions of circulant MDS matrices for lightweight cryptography, Information Security Practice and Experience (ISPEC 2014), Lecture Notes in Comput. Sci. 8434, Springer, Berlin (2014), 564–576. Google Scholar

  • [12]

    P. Junod and S. Vaudenay, Perfect diffusion primitives for block ciphers building efficient MDS matrices, Selected Areas in Cryptography (Waterloo 2004), Lecture Notes in Comput. Sci. 3357, Springer, Berlin (2005), 84–99. Google Scholar

  • [13]

    J. Lacan and J. Fimes, Systematic MDS erasure codes based on Vandermonde matrices, IEEE Commun. Lett. 8 (2004), no. 9, 570–572. Google Scholar

  • [14]

    F. J. MacWilliams and N. J. A. Sloane, The Theory of Error Correcting Codes, North Holland, Amsterdam, 1986. Google Scholar

  • [15]

    J. Nakahara, Jr. and E. Abrahao, A new involutory MDS matrix for the AES, Int. J. Netw. Secur. 9 (2009), no. 2, 109–116. Google Scholar

  • [16]

    V. Rijmen, J. Daemen, B. Preneel, A. Bosselaers and E. D. Win, The cipher SHARK, Fast Software Encryption (FSE 1996), Lecture Notes in Comput. Sci. 1039, Springer, Berlin (1996), 99–112. Google Scholar

  • [17]

    M. Sajadieh, M. Dakhilalian, H. Mala and B. Omoomi, On construction of involutory MDS matrices from Vandermonde matrices in GF(2q), Des. Codes Cryptogr. 64 (2012), no. 3, 287–308. Google Scholar

  • [18]

    M. Sajadieh, M. Dakhilalian, H. Mala and P. Sepehrdad, Recursive diffusion layers for block ciphers and hash functions, Fast Software Encryption (FSE 2012), Lecture Notes in Comput. Sci. 7549, Springer, Berlin (2012), 385–401. Google Scholar

  • [19]

    B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, Twofish: A 128-bit block cipher, First Advanced Encryption Standard (AES) Candidate Conference, National Institute for Standards and Technology, Gaithersburg (1998); available at https://www.schneier.com/academic/paperfiles/paper-twofish-paper.pdf.

  • [20]

    B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, The Twofish Encryption Algorithm, John Wiley & Sons, New York, 1999. Google Scholar

  • [21]

    T. Shiraj and K. Shibutani, On the diffusion matrix employed in the Whirlpool hashing function, preprint (2003), https://www.cosic.esat.kuleuven.be/nessie/reports/phase2/whirlpool-20030311.pdf.

  • [22]

    D. R. Stinson, Cryptography: Theory and Practice, CRC Press, Boca Raton, 1995. Google Scholar

  • [23]

    D. R. Stinson, Combinatorial Designs: Constructions and Analysis, Springer, New York, 2003. Google Scholar

  • [24]

    D. Watanabe, S. Furuya, H. Yoshida, K. Takaragi and B. Preneel, A new keystream generator MUGI, Fast Software Encryption (FSE 2002), Lecture Notes in Comput. Sci. 2365, Springer, Berlin (2002), 179–194. Google Scholar

  • [25]

    S. Wu, M. Wang and W. Wu, Recursive diffusion layers for (lightweight) block ciphers and hash functions, Selected Areas in Cryptography (SAC 2012), Lecture Notes in Comput. Sci. 7707, Springer, Berlin (2013), 355–371. Google Scholar

  • [26]

    A. M. Youssef, S. Mister and S. E. Tavares, On the design of linear transformations for substitution permutation encryption networks, Workshop on Selected Areas in Cryptography (SAC 1997), Carleton University, Ottawa (1997), 40–48. Google Scholar

  • [27]

    Sony Corporation, The 128-bit block cipher CLEFIA Algorithm Specification (2007), http://www.sony.co.jp/Products/cryptography/clefia/download/data/clefia-spec-1.0.pdf.

About the article

Received: 2016-02-22

Revised: 2016-11-26

Accepted: 2017-03-23

Published Online: 2017-05-11

Published in Print: 2017-06-01

Citation Information: Journal of Mathematical Cryptology, Volume 11, Issue 2, Pages 85–116, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, DOI: https://doi.org/10.1515/jmc-2016-0013.

Export Citation

© 2017 Walter de Gruyter GmbH, Berlin/Boston.Get Permission

Comments (0)

Please log in or register to comment.
Log in