1

Considering a design where the MixColumns operation of AES is replaced by a lighter MDS matrix where by the term lighter we mean the number of required XOR to implement an MDS matrix.

As you know the most relevant property of an MDS matrix in an AES-like design beyond its branch number is the so-called related differential.

My question: Is there any security escalation or degeneration due to the differences of the bit-level representations of the MDS matrices? (For more details please see Remark section of [1]).

kelalaka
  • 49,797
  • 12
  • 123
  • 211
user0410
  • 253
  • 3
  • 13

1 Answers1

1

The current research aims to lighter MDS for implementation in constrained resource environment. The lighter MDS require less number of xors in the binary form (AES MDS). In term of security effect, this paper took the advantage of zero XOR-sum of more than two coefficients of each row of the MixColumns matrix to mound an (theoritical) attack on AES up to 4.5-5 rounds.

to conclude this , zero XOR-sum of more than two coefficients of each row of the MDS matrix could be degradation to the security of the cipher , it is good to find MDS with no zero XOR-sum but this could a tradeoff for finding lighter MDS.

hardyrama
  • 2,288
  • 1
  • 17
  • 41