Applications of finite geometry in coding theory and cryptography

More documents

Recommendations

Info

Construction 1Let PG(V ) be an n-dimensional(space with basis e i (0 ≤ i ≤ n).(n+d+1 ) )Let PG(W) be and+1 − 1 -dimensional space with basis e i0,...,i d(0 ≤ i 0 ≤i 1 ≤ · · · ≤ i d ≤ n).To simplify notations, we will write e i0,...,i dwith 0 ≤ i 0 , . . .,i d ≤ n when we meanthe vector e iσ(0) ,...,i σ(d)where σ is a permutation with 0 ≤ i σ(0) ≤ i σ(1) ≤ · · · ≤ i σ(d) ≤n.Let θ : V d+1 → W be the multilinear mapping.θ : (n∑i 0=0x (0)i 0e i0 , . . .,n∑i d =0x (d)i de id ) ↦→∑0≤i 0,...,i d ≤nx (0)i 0· . . . · x (d)i de i0,...,i d. (4)For each point P = [x] of PG(V ), we define a subspace D(P) of PG(W) byD(P) = 〈θ(x, v 1 , . . .,v d ) | v 1 , . . . , v d ∈ V 〉 . (5)Theorem 15The set D = {D(P) | P ∈ PG(V )} is a generalised dual arc with dimensions d i =)− 1, i = 0, . . . , d + 1.( n+d+1−id+1−iProof. Since θ is a multilinear form, we getD(P 0 ) ∩ · · · ∩ D(P k−1 ) = 〈θ(x 0 , . . . , x k−1 , v k , . . .,v d ) | v k , . . . , v d ∈ V 〉and hence dim(D(P 0 ) ∩ · · · ∩ D(P k−1 )) = ( )n+d+1−kd+1−k − 1. (The −1 is because theprojective dimension is one less than the vector space dimension).□The link between dual arcs and MACs is:Theorem 16Let π be a hyperplane of PG(n + 1, q) and let D be a generalised dual arc of order l inπ with parameters (n, d 1 , . . . , d l+1 ).The elements of D are the messages and the points of PG(n + 1, q) not in π arethe keys. The authentication tag that belongs to a message and a key is the generated(d 1 + 1)-dimensional subspace.This defines a perfect MAC of order r = l + 1 with attack probabilitiesp i = q di+1−di .Proof. After i message tag pairs (m 1 , t 1 ), . . . , (m i , t i ) are sent, the attacker knows thatthe key must lie in the (d i + 1)-dimensional space π = t 1 ∩ · · · ∩ t i . This space containsq di+1 different keys. A message m i+1 intersects m 1 ∩ · · · ∩ m i in a d i+1 -dimensionalspace π ′ . Two keys K and ¯K generate the same authentication tag if and only if K and¯K generate together with π ′ the same (d i+1 +1)-dimensional space. Thus the keys formgroups of size q di+1+1 and keys from the same group give the same authentication tag.The attacker has to guess a group. The probability to guess the correct group isp i = q di+1+1 /q di+1 .□
3.3. AESIn 1997 the American National Institute of Standards and Technology started a competitionto design a successor for the old Data Encryption Standard DES. In 2000 the proposalof J. Daemen and V. Rijmen was selected as the new advanced encryption standardAES [4].AES works on 128 bit words which are interpreted as 4 × 4 matrices over the fieldF 256 .The non-linear part of the AES substitution replaces every matrix element by itsinverse in F 256 .An other part of the AES is the mix column step which has a link to coding theory.Purpose of this step is to spread a change in the input (Diffusion).The input of the mix column step is a vector of four bytes (a 1 , . . . , a 4 ) and its outputare four bytes (b 1 , . . . , b 4 ). It should have the following properties:• Implementation of the mix column step should be simple and fast.• It should have optimal diffusion (a difference in k input bytes (1 ≤ k ≤ 4) shouldresult in the difference of at least 5 − k output bytes).To satisfy the first condition the designers chose the mix column step to be a linearmapping, i.e. mix column is done by⎛ ⎞ ⎛⎞⎛⎞b 1 m 1,1 m 1,2 m 1,3 m 1,4 a 1⎜b 2⎟⎝b 3⎠ = ⎜m 2,1 m 2,2 m 2,3 m 2,4⎟⎜a 2⎟⎝m 3,1 m 3,2 m 3,3 m 3,4⎠⎝a 3⎠ .b 4 m 4,1 m 4,2 m 4,3 m 4,4 a 4To satisfy the second property, every square submatrix of M = (m i,j ) must benon-singular. This is equivalent to⎛⎞1 0 0 0 m 1,1 m 1,2 m 1,3 m 1,4⎜0 1 0 0 m 2,1 m 2,2 m 2,3 m 2,4⎟⎝0 0 1 0 m 3,1 m 3,2 m 3,3 m 3,4⎠0 0 0 1 m 4,1 m 4,2 m 4,3 m 4,4is the parity check matrix of a [8, 4, 5] MDS code over F 256 .Any MDS code would do the job. The designers of AES chose the following matrix:⎛ ⎞ ⎛b 1⎜b 2⎟⎝b 3⎠ = ⎜⎝b 4α α + 1 1 11 α α + 1 11 1 α α + 1α + 1 1 1 α⎞ ⎛ ⎞a 1⎟ ⎜a 2⎟⎠ ⎝a 3⎠a 4where α is a root of x 8 + x 4 + x 3 + x + 1.The simple structure of AES mix columns has some additional advantages for theimplementation.• We have b 1 = f(a 1 , a 2 , a 3 , a 4 ), b 2 = f(a 2 , a 3 , a 4 , a 1 ), b 3 = f(a 3 , a 4 , a 1 , a 2 )and b 4 = f(a 4 , a 1 , a 2 , a 3 ). Thus we must implement only one linear functionf : F 4 256 → F 256.
Page 1 and 2: Applications of finite geometry in
Page 3 and 4: £A 1¡A 2¦Each line 〈v, w〉 of
Page 5 and 6: As indicated in the abstract, proje
Page 7 and 8: ⎛⎞1 0 g 1,k+1 . . . g 1,n⎜G =
Page 9 and 10: Iterating Equation (1) gives:N q (k
Page 11 and 12: θ k+1 − θ k−s+1θ s+ θ k−s
Page 13 and 14: Take two skew planes π and ¯π. L
Page 15 and 16: for every B ⊃ A.Example 8 shows h
Page 17: 67 67 1 115

Applications of finite geometry in coding theory and cryptography

Create successful ePaper yourself

Delete template?

Save as template?