报告时间：2017年11月19日，8:00-10:00

报告地点：数学与统计学院106报告厅

报告人：王丽萍

报告人单位：中国科学院信息工程研究所研究员

报告题目：On lattice-based algebraic feedback shift registers synthesis algorithms for multisequences

摘要：

In this paper we show that algebraic feedback shift registers synthesis problems over residue class rings, some quadratic integer rings and some ramified extensions for multisequences are reduced to the successive minima problem in lattice theory. Therefore they can be solved by polynomial-time algorithms when the number of multiple sequences is small and fixed.

报告人简介：王丽萍(wangliping@iie.ac.cn)，女，中科院信息工程研究所信息安全国家重点实验室研究员，硕士生导师。2002年获中国科技大学应用数学博士学位，2003―2006年在新加坡国立大学research fellow，2006年―2011年为清华大学高等研究院副研究员，2011年至今在中国科学院信息工程研究所工作。主要研究方向为：代数编码理论、密码学等，在《IEEE Transaction on Information Theory》、《Designs, Codes and Cryptography》、《Finite Fields and Their Applications》等国际学术期刊上发表论文40余篇，主持国家自然科学基金多项。

报告时间：2017.11.19，10:10-12:10

报告地点：数学与统计学院106

报告人：刘美成

报告人单位：中国科学院信息工程研究所研究员

报告题目：Lightweight MDS Generalized Circulant Matrices

摘要

In the designing of symmetric-key ciphers, there are two very important concepts required for the overall security of the cipher --- the confusion and diffusion properties described by Claude Shannon. The diffusion layer of a cipher is often described as a linear diffusion matrix that transforms an input vector of nibbles to some output vector through linear operations. The diffusion power of a matrix is often quantified by the branch number of the matrix and MDS matrices are matrices that achieve maximum branch number, also known as perfect diffusion property. MDS matrix is widely used in symmetric-key ciphers, e.g.AES.

In this report, we analyze the circulant structure of generalized circulant matrices to reduce the search space for finding lightweight MDS matrices. We first show that the implementation of circulant matrices can be serialized and can achieve similar area requirement and clock cycle performance as a serial-based implementation. By proving many new properties and equivalence classes for circulant matrices, we greatly reduce the search space for finding lightweight maximum distance separable (MDS) circulant matrices. We also generalize the circulant structure and propose a new class of matrices, calledcyclic matrices, which preserve the benefits of circulant matrices and, in addition, have the potential of being self-invertible.In this new class of matrices, we obtain not only the MDS matrices with the least XOR gates requirement, but also involutory MDS matrices which was proven to be non-existence in the class of circulant matrices. To the best of our knowledge, the latter matrices are the first of its kind, which have a similar matrix structure as circulant matrices and are involutory and MDS simultaneously. Compared to the existing best known lightweight matrices, our new candidates either outperform or match them in terms of XOR gates required for a hardware implementation. Notably, our work is generic and independent of the metric for lightweight. Hence, our work is applicable for improving the search for efficient circulant matrices under other metrics besides XOR gates.

报告人简介

刘美成，中国科学院信息工程研究所研究员，2013年于中国科学院信息工程研究所获博士学位，研究方向为密码算法设计与分析。近年来主要研究序列密码、分组密码和杂凑函数的安全性分析，同时致力于代数方法在密码学中的应用研究，曾在密码函数和SHA-3安全性分析等方面取得重要研究成果，在IEEE Trans. Inf. Theory、Information Sciences、Discrete Appl. Math.和CRYPTO、EUROCRYPT、ASIACRYPT、FSE等期刊和会议发表论文20余篇，曾获中科院院长优秀奖、中科院百篇优博、中国密码学会优秀青年奖。