|
|
| Line 1: |
Line 1: |
| An '''MDS matrix (Maximum Distance Separable)''' is a [[matrix (mathematics)|matrix]] representing a function with certain [[diffusion (cryptography)|diffusion]] properties that have useful applications in [[cryptography]]. Technically, an m×n matrix A over a [[finite field]] K is an MDS matrix if it is the [[transformation matrix]]
| | Friends contact him Royal. She is presently a cashier but soon she'll be on her own. Years ago we moved to Kansas. The factor I adore most bottle tops collecting and now I have time to take on new issues.<br><br>Here is my web site; [http://www.Thelamda.com/index.php?mod=users&action=view&id=3598 extended auto warranty] |
| of a [[linear transformation]] f(x)=Ax from K<sup>n</sup> to K<sup>m</sup> such that no two different (m+n)-tuples of the form (x,f(x)) coincide in n or more components.
| |
| Equivalently, the set of all (m+n)-tuples (x,f(x)) is an [[Maximum distance separable code|MDS code]], i.e. a [[linear code]] that reaches the [[Singleton bound]].
| |
| | |
| Let <math>\tilde A = \left(\begin{array}{c}{\rm Id}_n\\ \hline{\rm A}\end{array}\right)</math> be the matrix obtained by joining the [[identity matrix]] Id<sub>n</sub> to A.
| |
| Then a necessary and sufficient condition for a matrix A to be MDS is that every possible n×n [[submatrix]] obtained by removing m rows from <math>\tilde A</math>
| |
| is [[non-singular matrix|non-singular]]. | |
| | |
| [[Reed-Solomon code]]s have the MDS property and are frequently used to obtain the MDS matrices used in cryptographic algorithms.
| |
| | |
| [[Serge Vaudenay]] suggested using MDS matrices in [[cryptographic primitive]]s to produce what he called ''multipermutations'', not-necessarily linear functions with this same property. These functions have what he called ''perfect diffusion'': changing t of the inputs changes at least m-t+1 of the outputs. He showed how to exploit imperfect diffusion to [[cryptanalysis|cryptanalyze]] functions that are not multipermutations.
| |
| | |
| MDS matrices are used for diffusion in such [[block cipher]]s as [[Advanced Encryption Standard|AES]], [[SHARK]], [[Square (cipher)|Square]], [[Twofish]], [[Anubis (cipher)|Anubis]], [[KHAZAD]], [[Manta (cipher)|Manta]], [[Hierocrypt]], and [[Camellia (cipher)|Camellia]], and in the [[stream cipher]] [[MUGI]] and the [[cryptographic hash function]] [[WHIRLPOOL]].
| |
| | |
| == References ==
| |
| | |
| * {{ cite conference
| |
| | |
| | author = Serge Vaudenay
| |
| | title = On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER
| |
| | conference = 2nd International Workshop on [[Fast Software Encryption]] (FSE '94)
| |
| | pages = 286–297
| |
| | publisher = [[Springer-Verlag]]
| |
| | date = November 16, 1994
| |
| | location = [[Leuven]]
| |
| | url = http://citeseer.ist.psu.edu/vaudenay94need.html
| |
| | format = [[PDF]]/[[PostScript]]
| |
| | accessdate = 2007-03-05 }}
| |
| | |
| * {{ cite conference
| |
| | |
| | author = [[Vincent Rijmen]], [[Joan Daemen]], [[Bart Preneel]], Anton Bosselaers, Erik De Win
| |
| | title = The Cipher SHARK
| |
| | conference = 3rd International Workshop on Fast Software Encryption (FSE '96)
| |
| | pages = 99–111
| |
| | publisher = Springer-Verlag
| |
| | date = February 1996
| |
| | location = [[Cambridge]]
| |
| | url = http://citeseer.ist.psu.edu/rijmen96cipher.html
| |
| | format = PDF/PostScript
| |
| | accessdate = 2007-03-06 }}
| |
| | |
| * {{ cite paper
| |
| | |
| | author = [[Bruce Schneier]], [[John Kelsey (cryptanalyst)|John Kelsey]], Doug Whiting, [[David A. Wagner|David Wagner]], Chris Hall, [[Niels Ferguson]]
| |
| | title = The Twofish Encryption Algorithm
| |
| | date = June 15, 1998
| |
| | url = http://www.schneier.com/paper-twofish-paper.html
| |
| | format = PDF/PostScript
| |
| | accessdate = 2007-03-04 }}
| |
| | |
| {{crypto-stub}}
| |
| | |
| [[Category:Cryptography]]
| |
Friends contact him Royal. She is presently a cashier but soon she'll be on her own. Years ago we moved to Kansas. The factor I adore most bottle tops collecting and now I have time to take on new issues.
Here is my web site; extended auto warranty