In this paper, the uniqueness of the echelon form generator matrix of a linear code is considered. In addition, an algorithm for testing the existence of a Reed-Solomon (RS) code corresponding to a given MDS matrix is presented. These results show that the number of existing MDS matrices and MDS codes far more abundantly than the RS codes, which is the basis for other studies on the MDS matrices and the MDS codes.
Nghiên cứu khoa học công nghệ ON THE CORRESPONDENCE BETWEEN THE MDS MATRICES AND THE REED-SOLOMON CODES Tran Thi Luong, Pham Quoc Hoang, Nguyen Ngoc Cuong*, Nguyen Chung Tien Abstract: Maximum Distance Separable (MDS) code has been studied for a long time in the coding theory and has been applied widely in cryptography MDS matrices from MDS codes are commonly used Beyond the MDS codes, there are lots of methods for finding MDS matrices In fact, from a given Reed-Solomon code, it is always possible to extract a corresponding MDS matrix, however the opposite is uncertain In this paper, the uniqueness of the echelon form generator matrix of a linear code is considered In addition, an algorithm for testing the existence of a Reed-Solomon (RS) code corresponding to a given MDS matrix is presented These results show that the number of existing MDS matrices and MDS codes far more abundantly than the RS codes, which is the basis for other studies on the MDS matrices and the MDS codes Keywords: MDS matrice, MDS codes, RS codes INTRODUCTION MDS matrices play a very important role in the design of block ciphers, especially SPN (Subtitution – Permuatation Network) block cipher They are often used for the diffusion layer of block ciphers to provide the high diffusion They have been used for diffusion layer in many well-known block ciphers such as: AES [5, 6], SHARK [7], Square, Twofish [8], Anubis, Khazad, Manta, Hierocrypt and Camellia They are also used in stream ciphers like MUGI and cryptographic hash functions like WHIRLPOOL Thank to the usefulness of MDS matrices, there are lots of methods for constructing them such as building MDS matrices from MDS codes [3, 4, 6]; building MDS matrices from appropriate matrices, for example Cauchy matrices [6], Hadamard matrices [7, 8], Vandermonde matrices [9], Serial matrices [10], recursive MDS matrices and so on The RS code [11] is an MDS code class commonly used to build MDS matrices because of its simplicity and efficiency in building it Moreover, from RS codes arbitrary MDS matrices can be created on some finite field There are some studies on the construction of MDS matrices from the RS codes, for example in [3, 4] The methods of these authors is to construct a × MDS matrix over (2 ) by constructing a RS [2 , , + 1] code over (2 ) In fact, from a given RS code, it is always possible to extract a corresponding MDS matrix, however the contrast is uncertain There is currently no work outlining the existence or absence of an RS code corresponding to a given MDS matrix In this paper, the uniqueness of the echelon form generator matrix of a linear code is considered In addition, an algorithm for testing the existence of an RS code corresponding to a given MDS matrix is presented The paper is organized as follows In Section 2, the basic knowledge related to this paper is introduced Section describes the uniqueness of the echelon form generator matrix of a linear code, and then presents an algorithm for verifying the existence of an RS code corresponding to a given MDS matrix And conclusion of the paper is in Section PRELIMINARY 2.1 MDS matrices MDS matrices provide perfect diffusion so they are useful for block ciphers and hash functions The idea comes from coding theory, in particular from maximum distance Tạp chí Nghiên cứu KH&CN quân sự, Số 55, 06 - 2018 69 Kỹ thuật điều khiển & Điện tử separable code (MDS) There are some important theorems and corollary from coding theory as follows Theorem ([11, page 33]) If is a linear [ , , ] code then − ≥ − Codes with − = − (or = − + 1) are called maximum distance separable code, or MDS code for short Theorem 2([11, page 321]) A [ , , ] code C with generator matrix = [ | ] where is a × ( − ) matrix, is MDS if and only if every square submatrix (formed { , − }) of from any rows and any columns, for any = 1, 2, … , is nonsingular From there, MDS matrices can be defined as follows: A matrix is an MDS matrix if and only if every sub-matrix is non-singular Corollary ([11, tr 321]) Let be an [ , , − + 1] MDS code If ≥ 2, ≥ − + If ≤ − 2, ≥ + The MDS conjecture was first introduced by Beniamino Segre in the 1950s when the coding theory was still in its early stages The MDS conjecture may be recalled as follows[12]: For a linear MDS code of length and dimension ≤ over , ≤ +1 unless = or = − and is even, in which case ≤ + 2.2 code An code over ( )= ( ) is a BCH code of length = − A code of length = − designed with distance will have the corresponding generator polynomial of degree − as follow: ( )= − − …( − ) (1) where ∈ is a pre-selected value ( ≥ 1) and is a root element of the field ( ) It was proven that for the polynomial with the form in (1) the [ , , ] code generated from this polynomial will be an MDS code [11], i.e it satisfies the condition: = – + Suppose that ( ) = + + ⋯+ and the corresponding parity-check polynomial is ℎ( ) = ℎ + ℎ + ⋯ + ℎ Then the generator matrix and the parity check matrix have the following forms (see [13, Theorem 4.2.1, page 125] [13, Theorem 4.2.7, page 127]): 0…0 … 0…0 … (2) × = ⋰ ⋯ ⋱ … 0 … ( )× = ℎ … … ℎ ℎ ℎ … … ℎ ⋰ ⋯ ⋱ … ℎ … ℎ ℎ ℎ ℎ (3) 0 For the above generator matrix , we can convert it to the following echelon form: × = × | ×( ) Then the matrix ×( ) is called the MDS matrix and it corresponds to this MDS code 70 T T Luong, …, N C Tien, “On the correspondence … the Reed-Solomon codes.” Nghiên cứu khoa học công nghệ One interesting thing about the RS code is that it can generate extended RS codes, which also satisfy = – + In other words, an extended RS code is also an MDS code Indeed, let's be an RS [ = − 1, , ] code where = and the generator polynomial is ( ) = ( − )( − ) … ( − ) Then the extended RS code of will be [ + 1, , + 1], where each code word is = … for as = −∑ , and ( … ) is the code word of The values belong to = Then, the extended RS code of will have the generator polynomial as ′( ) = ( − 1) ( ); the generator matrix ′ and the parity check matrix ′ have the following forms [13, item 1.5.2, page 14]: … 0 … ∑ ⎡ ⎤ … ⎥ (4) ∑ ⋯ ′ ×( ) = ⎢⎢ ⎥ ⋰ ⋯ ⋱ ⎢ ⎥ ∑ 0 … … ⎣ ⎦ ′( )×( ) ⎡0 ⎢ = ⎢0 ⎢ ⎣ℎ 0 ℎ … … … ℎ ⋰ … ℎ ℎ ℎ ℎ ℎ … … … … … ⋱ … ℎ ℎ ℎ 0 0⎤ ⎥ 0⎥ ⎥ 0⎦ (5) RESULTS In this Section, the uniqueness of the echelon form generator matrix of a linear code is considered and an algorithm for testing the existence of a Reed-Solomon (RS) code corresponding to a given MDS matrix is presented 3.1 The uniqueness of the echelon form generator matrix of the linear code It is to have the following lemma Lemma There exists only one echelon form generator matrix corresponding to ( ) an any linear code over Proof ( ), where is the length, is the Denote [ , , ] is an any linear code over dimension, and is the minimum distance of the code In general, linear codes may have some generator matrices If is an arbitrary generator matrix of [ , , ], it can be converted from to the echelon form by some row and column transformations Assume that there are two different echelon form generator matrices producing the same code Denote these echelon form generator matrices as follows: = [ | ], =[ | ] Where is the identity matrix of size ; , are × ( − ) matrices; and ≠ We extract the same any row (1 ≤ ≤ ) of the two matrices and such that these two rows are different Denote these two lines are and ́ , ( is the row in ; ́ is the row in and ≠ ́ ) Then and ́ have the following forms: = (0, … 1, … ,0, , , … , ), (number in the th position) ́ = (0, … 1, … , 0, ́ , ́ , … , ́ ) (number in the th position) ( ), (1 ≤ ≤ − ) where , ́ ∈ Because and ́ are code words of the linear code , so − ́ is also a code word of It is to have: Tạp chí Nghiên cứu KH&CN quân sự, Số 55, 06 - 2018 71 Kỹ thuật điều khiển & Điện tử − ́ = (0, … , − ́ ,…, − ́ ) (6) ( ) where the values − ́ , … , − ́ are not simultaneously equal to ∈ On the other hand, since − ́ is the code word of , it is to have: − ́= =0 (7) It is clear that (6) and (7) are contradictory The Lemma is proven □ Since MDS codes are linear codes, Lemma can be also applied to MDS codes 3.2 The relationship between MDS matrices and RS codes In this section, an algorithm for testing the existence of an RS code corresponding to a given MDS matrix is presented There are many different ways to build MDS codes, but RS codes is a very common and widely used code today, and they are a special case of MDS codes Therefore in this section RS codes are used According to the MDS conjecture [12], it is to have that the length of the MDS codes over ( ) is at most + In Coding theory, codes over ( ) have length of − and they can be extended to have length of [11, chapter 10, page 294] However, to our knowledge, there is no way to build RS codes with code length greater than and no studies have given the way of building RS codes over ( ) with code length less than − Therefore, in this situation we mention the RS codes of length in [ − 1, ] Moreover, by the formula (1), it can be seen that the value ∈ is a pre-selected value On the other hand, = 1, it is to have: 1≤ ≤ −1 (8) By Lemma 1, for a given RS code, there always exists an unique echelon form generator matrix corresponding to it These echelon form generator matrices are used in the following testing algorithm (2 ) be a given MDS matrix So does there exist a Let = [ , ] × , , ∈ corresponding RS code to generate this matrix? The following Algorithm will show this Consider the existence or not of an RS [ , , ] code corresponding to the MDS matrix In which, the parameters , , are computed as follows: = + (9) = − +1= +1 Algorithm Testing the existence of a corresponding RS code (2 ) INPUT: An MDS matrix = , , , ∈ × OUTPUT: The output is a boolean value _ ; if it is true, there exists an RS [ , , ] code corresponding to the matrix , otherwise there doesn’t exist any corresponding RS code Details of steps as follows: Step 1: Compute = + , = + 1, = Set _ = Step 2: If < − or > , go to Step If otherwise ( − ≤ ≤ ), go to Step ( ) [14, Algorithm 8.5, page 7; Step 3: Factoring the polynomial − over using command Factors () in Maple] If there exists a factor of degree − , go to Step 4, otherwise go to Step Step 4: If = − 1: for = 1, … , − do: { ( ) with generator polynomial Constructing an RS [ , , ] code over 72 T T Luong, …, N C Tien, “On the correspondence … the Reed-Solomon codes.” Nghiên cứu khoa học công nghệ of the form shown in (1) Converting the generator matrix of this RS code to the echelon form = [ | ] If = , set _ = and go to Step } Step 5: Otherwise ( = ): for = 1, … , − do: { ( ) with generator Constructing an RS [ , , ] code over polynomial of the form shown in (1) where = − 1, = , = − Extending this RS code to RS [ , , ] Converting the generator matrix of the RS [ , , ] code to the echelon form = [ | ] If = , set _ = and go to Step } Step 6: Return value of _ Result of the Algorithm is the value of _ If _ = , there doesn’t exist any corresponding RS code to the given matrix , otherwise there exists an RS [ , , ] code corresponding to the given matrix Note that, in the steps involved the construction of the RS codes in Algorithm 1, these codes are constructed based on the generator polynomial by formula (1) and is a root element of the field ( ) with the same primitive polynomial of the ( ) for the given matrix Example Let be an MDS matrix over (2 ) with the primitive polynomial + + = Using Algorithm 1, we will check if any RS code corresponding to matrix exists Indeed, applying Algorithm 1, it is to have: = 8, = 5, = In this example = , so: Set _ = for = 1, 2, 3, do: { ( ) with the primitive polynomial Constructing an RS [7, 4, 4] code over + + and the generator polynomial by (1), i.e.: ( )= − − ( − ) Extending this RS code to RS [8,4,5] code Converting the generator polynomial of the RS [8,4,5] code to the echelon form = [ | ] Comparing with , if = set _ = and exit the loop } Tạp chí Nghiên cứu KH&CN quân sự, Số 55, 06 - 2018 73 Kỹ thuật điều khiển & Điện tử The result after doing on Maple with this example obtains: for = 4, the RS [7,4,4] code has the generator polynomial as: ( ) = ( − )( − )( − ) = + + + [8,4,5] Extending this code obtains RS code with the echelon form generator matrix = [ | ] satisfying = Consequently, there exists an RS [ , , ] code corresponding to the given matrix Example (2 ) with the primitive polynomial Let be an MDS matrix over + + = 74 82 70 10 50 + + 91 29 applying Algorithm 1, it is to have: = 8, = 5, = 256 Obviously, does not satisfy the condition = − or = , or = + Therefore, there doesn’t exist any corresponding RS code to the given matrix CONCLUSION In this paper, the uniqueness of the echelon form generator matrix of a linear code is considered In addition, an algorithm for testing the existence of a Reed-Solomon (RS) code corresponding to a given MDS matrix is presented These results show that the number of existing MDS matrices and MDS codes far more abundantly than the RS codes, which is the basis for other studies on the MDS matrices and the MDS codes REFERENCES [1] Daemen and V Rijmen, “AES Proposal: Rijndael (Version 2)” NIST AES [2] NIST, “Advanced Encryption Standard (AES)”, (FIP PUB 197), November 26, 2001 [3] V Rijmen, J Daemen, B Preneel, A Bosselaers, E De Win, “The cipher shark”, in Fast Software Encryption Springer, 1996, pp 99-111 [4] J Daemen, L Knudsen, and V Rijmen, “The block cipher square”, in Fast Software Encryption (FSE'97) Springer, 1997, pp 149-165 [5] B Schneier, J Kelsey, D Whiting, D Wagner, C Hall, and N Ferguson, “Twofish: A 128-bit block cipher”, In the first AES Candidate Conference National Journal of Network Security, Vol.9, No.2, PP.109–116, Sept 2009 Institute for Standards and Technology, 1998 [6] A Youssef, S Mister, and S Tavares, “On the design of linear transformation for substitution permutation encryption networks,” in Workshop on Selected Areas in Cryptography (SAC96): Workshop Record, 1997, pp 40-48 [7] R Elumalai, A R Reddy, “Improving diffusion power of AES rijndael with 8x8 MDS matrix,” International Journal of Scientific & Engineering Research, vol 2, pp 1-5, 2011 [8] S M T Sakallı , B Aslan, “Algebraic construction of 16 × 16 binary matrices of branch number with one fixed point”, Computer Engineering Department, Trakya University, Edirne, Turkey, 2012 74 T T Luong, …, N C Tien, “On the correspondence … the Reed-Solomon codes.” Nghiên cứu khoa học công nghệ [9] M Sajadieh, M Dakhilalian, H Mala, and B Omoomi, “On construction of involutory mds matrices from vandermonde matrices in gf (2q),” Design, Codes and Cryptography, vol 64, no 3, pp 287-308, 2012 [10] K C Gupta and I G Ray, “On constructions of mds matrices from companion matrices for lightweight cryptography,” in Security Engineering and Intlligence Informatics Springer, 2013, pp 29-43 [11] F.J MacWilliams, N.J.A Sloane, “The theory of error-correcting codes” Elsevier, 1977 [12] S Ball, “Mds codes” Departament de Matemàtica Aplicada IV Universitat Politècnica de Catalunya, March 2013 [13] W.C Huffman and V Pless, “Fundamentals of Error Correcting Codes”, Cambridge University Press, 2003 [14] C Richards, “Algorithms for Factoring Square-Free Polynomials over Finite Fields”, August 7, 2009 TÓM TẮT VỀ SỰ TƯƠNG ỨNG GIỮA MA TRẬN MDS VỚI MÃ REED-SOLOMON Mã tách có khoảng cách cực đại (mã MDS) nghiên cứu từ lâu lý thuyết mã sửa sai có ứng dụng quan trọng mật mã Trong đó, ma trận MDS từ mã MDS sử dụng phổ biến Tách khỏi mã MDS, nhiều phương pháp khác nghiên cứu để xây dựng ma trận MDS Thực tế, từ mã Reed-Solomon cho trước, ln rút ma trận MDS tương ứng, nhiên điều ngược lại chưa chắn Trong báo này, tính ma trận sinh dạng chuẩn tắc mã tuyến tính xem xét Sau đó, thuật tốn kiểm tra khả tồn mã Reed-Solomon (RS) tương ứng với ma trận MDS cho trước trình bày Các kết cho thấy số lượng ma trận MDS mã MDS tồn phong phú nhiều so với mã RS, sở cho nghiên cứu khác ma trận MDS mã MDS Từ khóa: Ma trận MDS; Mã MDS; Mã Reed-Solomon Received date, 13th April, 2018 Revised manuscript, 10th May, 2018 Published, 09th June, 2018 Author affiliations: Academy of Cryptographic Technique, email: hoang2268@gmail.com * Corresponding author: nguyenngoccuong189@gmail.com Tạp chí Nghiên cứu KH&CN quân sự, Số 55, 06 - 2018 75 ... existing MDS matrices and MDS codes far more abundantly than the RS codes, which is the basis for other studies on the MDS matrices and the MDS codes REFERENCES [1] Daemen and V Rijmen, “AES Proposal:... polynomial Constructing an RS [ , , ] code over 72 T T Luong, …, N C Tien, On the correspondence … the Reed- Solomon codes. ” Nghiên cứu khoa học công nghệ of the form shown in (1) Converting the generator... proven □ Since MDS codes are linear codes, Lemma can be also applied to MDS codes 3.2 The relationship between MDS matrices and RS codes In this section, an algorithm for testing the existence