CC BY
6
2022 Теоретические основы прикладной дискретной математики № 56
УДК 512.643 DOI 10.17223/20710410/56/2
THE CONSTRUCTION OF CIRCULANT MATRICES RELATED TO MDS MATRICES
S. S. Malakhov, M. I. Rozhkov
HSE University, Moscow, Russia
E-mail: ssmalakhov@edu.hse.ru, mirozhkov@hse.ru
The objective of this paper is to suggest a method of the construction of circulant matrices, which are appropriate for being MDS (Maximum Distance Separable) matrices utilising in cryptography. Thus, we focus on designing so-called bi-regular circulant matrices, and furthermore, impose additional restraints on matrices in order that they have the maximal number of some element occurrences and the minimal number of distinct elements. The reason to construct bi-regular matrices is that any MDS matrix is necessarily the bi-regular one, and two additional restraints on matrix elements grant that matrix-vector multiplication for the samples constructed may be performed efficiently. The results obtained include an upper bound on the number of some element occurrences for which the circulant matrix is bi-regular. Furthermore, necessary and sufficient conditions for the circulant matrix bi-regularity are derived. On the basis of these conditions, we developed an efficient bi-regularity verification procedure. Additionally, several bi-regular circulant matrix layouts of order up to 31 with the maximal number of some element occurrences are listed. In particular, it appeared that there are no layouts of order 32 with more than 5 occurrences of any element which yield a bi-regular matrix (and hence an MDS matrix).
Keywords: circulant matrix, MDS code, MDS matrix.
О ПОСТРОЕНИИ ЦИРКУЛЯНТНЫХ МАТРИЦ, СВЯЗАННЫХ С MDS-МАТРИЦАМИ
С. С. Малахов, М. И. Рожков
Национальный исследовательский университет «Высшая школа экономики»,
г. Москва, Россия
Цель данной работы — предложить метод построения таких циркулянтных матриц, которые могут быть MDS-матрицами, используемыми в криптографии. Мы рассматриваем так называемые би-регулярные циркулянтные матрицы и, кроме того, налагаем на них дополнительные ограничения с тем, чтобы они имели максимальное число вхождений некоторого элемента и минимальное количество различных элементов. Интерес к би-регулярным матрицам обусловлен тем, что любая MDS-матрица обязательно является би-регулярной, а дополнительные ограничения на элементы матриц позволяют эффективнее реализовывать матрично-векторные операции с использованием таких матриц. Полученные результаты включают верхнюю границу числа вхождений некоторого элемента, при котором циркулянтная матрица остаётся би-регулярной, а также необходимые и достаточные условия би-регулярности циркулянтной матрицы. Кроме того, описан эффективный алгоритм проверки би-регулярности циркулянтной матрицы.
С его помощью построены шаблоны би-регулярных циркулянтных матриц порядка до 31 с максимальным числом вхождений некоторого элемента и установлено отсутствие би-регулярных циркулянтных матриц (и следовательно, MDS-матриц) порядка 32 с более чем пятью вхождениями одного элемента.
Ключевые слова: циркулянтная матрица, МДР-код, MDS-код, MDS-матрица.
1. Introduction
Suppose that M is a k x m matrix over a finite field Fq. Then a set
{(x,x ■ M) : x e (Fq)fc}
is a linear [n, k, d] code of the length n = k + m and the dimension k with the minimum Hamming distance d between any two code words. For a linear [n, k, d] code the Singleton bound holds [1]:
d ^ n — k + 1 = m +1.
A code with d = m +1 is called the MDS code (Maximum Distance Separable code), and the corresponding matrix M is referred to as the MDS matrix.
The problem of MDS code existence relates to Segre's MDS conjecture proposed in [2]. It suggests that a set S of vectors of the vector space (Fq)k such that every subset of S of size k ^ q is a basis, comprises at most q +1 elements, unless q is even and k = 3 or k = q — 1, in which case it comprises at most q + 2 elements. S. Ball has shown in [3] that S generates an MDS code and proved that a linear MDS code with the dimension k ^ q has the length at most q + k + 1 — min{k, char Fq}.
Furthermore, it is shown in [1, p. 321] that a linear code is MDS if and only if every square submatrix of M is non-singular. Therefore, we will define the MDS matrix as follows.
Definition 1. A matrix M is the MDS matrix if every square submatrix of M is non-singular.
MDS matrices are demanded for block cryptographic algorithms, where they are responsible for the input diffusion. An MDS matrix performs a linear transformation of an input block x of the following property: if i, 1 ^ i ^ k, elements of x are altered, then at least m — i + 1 elements of the output block x ■ M alter, where both the input and the output blocks can be interpreted as vectors of a k-dimensional vector space over a finite field Fq. In this sense, MDS matrices provide perfect diffusion [4]. Several algorithms utilize MDS matrices including block ciphers Rijndael, GOST R 34.12-2015, IDEA NXT and hash functions GOST R 34.11-2012 and Whirlpool.
Although construction of MDS matrices is a computationally hard problem in general case, there are plenty of different particular techniques. One approach presumes that a specific matrix layout comprising variables is set. Then, variables are initialized with concrete values, and the resulting matrix is tested for being the MDS matrix. The approach described was proposed in [4] and performed in [5]. Not every matrix layout may produce MDS matrices, and therefore, it is of an interest to filter those layouts which never produce any. A method to filter matrix layouts is to verify their bi-regularity. The definition of the bi-regularity is given below.
Definition 2. Let K be a subset of a multiplicative group. The 2 x 2 matrix over K is bi-regular if at least in one row and one column there are two distinct entries. An arbitrary k x m matrix over K is bi-regular if every its 2 x 2 submatrix is bi-regular.
Remark 1. One may distinguish two particular cases, when K is exactly a multiplicative subgroup of a finite field, and when K represents a set of variables that cannot take nought values.
It is obvious that an MDS matrix is necessarily bi-regular, and so is a matrix layout that produces MDS matrices.
This paper focuses on the construction of bi-regular circulant matrix layouts which yield bi-regular matrices and hence may produce MDS matrices.
Definition 3. A circulant matrix denoted by its zeroth row (a0,..., am-i) is a matrix of the form
( ao ai • • • am-2 am-{\ ai a2 • • • am-i ao
am-2 am- i a0 • • • am-3 \am- i a0 ••• am-3 am-2)
Remark 2. Speaking more generally, as rows of a matrix may be circularly shifted to the left or to the right, there exist two types of circulant matrices. Although this paper takes a left shift case as a basis for description, all the techniques presented are essentially applicable to both circulant matrix types.
Previously, circulant matrices were studied in several papers, for instance, in [6-9]. It was proved in [6] that circulant MDS matrices over a finite field of characteristic 2 are neither involutary nor orthogonal. However, [7] reveals that involutory circulant MDS matrices over the ring of matrices whose entries lie in characteristic 2 field do exist. The authors of [9] managed to construct circulant MDS matrices over the general linear group over the two-element field, and in [8] the authors studied circulant-like MDS matrices.
The objective of this paper is to suggest a method for the construction of bi-regular circulant matrices with the maximal number of some element occurrences and the minimal number of distinct elements. These two additional restraints on matrix elements allow performing matrix-vector multiplication more efficiently. The results obtained include the upper bound of the number of some element occurrences for which the circulant matrix bi-regularity preserves. Furthermore, necessary and sufficient conditions for the circulant matrix bi-regularity are derived. On the basis of these conditions, we developed an efficient bi-regularity verification procedure. Additionally, several bi-regular circulant matrix layouts of order up to 31 with the maximal number of some element occurrences are listed. In particular, it appeared that there are no layouts of order 32 with more than 5 occurrences of any element which yield a bi-regular matrix (and hence an MDS matrix).
This paper follows the report On the construction of bi-regular circulant matrices, relating to MDS matrices [10] made at the conference Engineering Technologies and Informatics: Innovations and Applications (En&T-2021).
The paper consists of two parts, not taking the introduction and the conclusion into account. The first part carries proofs for the upper bound of the number of arbitrary element occurrences together with the proof of necessary and sufficient conditions for the circulant matrix be-regularity. The second part contains instances of bi-regular circulant matrix layouts of an order up to 31 with maximum number of a given element occurrences.
2. Necessary and sufficient conditions for the circulant matrix bi-regularity
The following Lemma 1 provides one of the necessary conditions for the circulant matrix bi-regularity.
Lemma 1. Let M be a bi-regular circulant matrix over a subset K of some multiplicative group, denoted by its zeroth row (a0,..., am-1). Suppose that an element a is in the positions with indices i0,..., it-1, t > 1. Then the set of differences between two distinct indices
Da = {(i - i') mod m : i G {¿o, . . . , it-1} 3 i', i = i'}
comprises t (t — 1) elements.
Proof. Suppose that there exist indices ir < is and iu < iv of the positions occupied by an element a such that is — ir = iv — iu or is — ir = m — iv + iu. The following three cases are possible.
I. If is — ir = iv — iu, while ir < is ^ iu < iv, then in the zeroth row and in the row obtained from it by the (iu — ir)-position left circular shift there is an element a in the columns ir and is. Hence, M is not bi-regular:
ir is iu iv
a ••• a ••• a ••• a • • • \ a • • • a • • • )
II. If is — ir = iv — iu, while ir < iu < is < iv, then in the zeroth row and in the row obtained from it by the (iu — ir)-position left circular shift there is an element a in the columns ir and is. Hence, M is not bi-regular:
ir iu is iv
a ••• a ••• a ••• a "A
a • • • a • • • )
III. If is — ir = (iu — iv) mod m, while ir ^ iu < iv ^ is, then in the zeroth row and in the row obtained from it by the (iv — ir)-positions left circular shift there is an element a in the columns ir and is. Hence, M is not bi-regular:
ir iu iv is
a ••• a ••• a ••• a "A a • • • a • • • /
Thus, all the cases possible contradict to the matrix M bi-regularity. ■
Now we derive the upper bound of the number of arbitrary element occurrences in the bi-regular circulant matrix. Note that K. Zarankiewicz in [11] addressed the problem equivalent to finding the largest positive integer z(k, m,p, q) such that a binary k x m matrix containing z(k,m,p,q) ones may not have a p x q submatrix consisting entirely of ones. If we now take p = q = 2, then Zarankiewicz's problem is to find the largest number of arbitrary element occurrences at which the matrix bi-regularity preserves. I. Reiman proved in [12] that
z(k, m, 2, 2) ^ 1 /2 (k + (k2 + 4km(m — 1))1/2) , z(t2 — t + 1,t2 — t + 1, 2, 2) = t3 — t2 + t.
It is an immediate corollary to Lemma 1 that for a circulant matrix of order m = t(t — 1) +1 the maximal number of element occurrences, at which the matrix still can be bi-regular, meets the upper bound proved by Reiman, i.e., z(m, m, 2, 2) = t3 — t2 +1. Besides, the next corollary shows that Reiman's inequality remains strong enough for circulant matrices.
Corollary 1. Under conditions of the Lemma 1, the following inequality holds:
m ^ mt ^ 1/2 ^m + (m2 + 4m2(m — 1))1/2^ .
Proof. On the one hand, Lemma 1 asserts that the set Da of differences of two distinct indices comprises t (t — 1) elements. On the other hand, the aggregate number of differences between two distinct indices does not exceed m — 1. Therefore,
ji
t (t — 1) ^ m — 1,
and hence,
1 ^ t ^ 1/2 + (m — 3/4)1/2 ^ m ^ mt ^ 1/2 (m + (m2 + 4m2(m — 1))1/2) .
The Corollary 1 is proved. ■
Remark 3. It is noteworthy that Da is a difference set in case t (t — 1) = m — 1. The next Lemma introduces an interrelationship between numbers of different element occurrences in a bi-regular matrix.
Lemma 2. Let M be a bi-regular circulant matrix over a subset K of some multiplicative group denoted by its zeroth row (a0,... ,am-1). Suppose that an element a is in the positions with the indices i0,... ,ita-1, ta > 1, and an element 3 is in the positions with the indices j0,...,jtp-1, tp > 1. Then the sets of differences between two distinct indices of a and 3
Da = {(i — i') mod m : i e {io, . . . , iia-1> 3 i',i = i'} DP = {(j — j') mod m : j e . . . dtp-1} 3 j 'J = j'}
are disjoint.
Proof. Suppose that there exist indices ir < is and ju < jv of positions occupied by an element a and an element 3 respectively. The following three cases are possible. I. If is — ir = jv — ju, while ir < is < ju < jv, then in the columns ir and is there are the element a in the zeroth row and the element 3 in the row obtained from the zeroth one by the (ju — ir)-position left circular shift. Hence, M is not bi-regular:
i r i s j u j v
0 /••• a ••• a ••• 3 ■■■ 3 ■■
ju — ir V-■ ■ 3 ■ ■■ 3 ■■■
II. If is — ir = jv — ju, while ir < ju < is < jv, then in the columns ir and is there are the element a in the zeroth row and the element 3 in the row obtained from the zeroth one by the (ju — ir)-positions left circular shift. Hence, M is not bi-regular:
i r j u i s jv
0 /■■■ a ■■■ 3 ■■■ a ■■■ 3 ■■
ju — ir v ■ ■ 3 ■ ■■ 3 ■■■
III. If is — ir = m — (jv — ju), while ir < ju < jv < is, then in the columns ir and is there are the element a in the zeroth row and the element P in the row obtained from the zeroth one by the (jv — ir)-positions left circular shift. Hence, M is not bi-regular:
a ••• P ••• P ••• a
jv — ir V- ■ ■ P ■ ■ ■ P
Thus, all the cases possible contradict to the matrix M bi-regularity. ■
The following Theorem provides the necessary and sufficient conditions for the circulant matrix bi-regularity.
Theorem 1. Let M be an m x m circulant matrix over a subset K of some multiplicative group, denoted by its zeroth row (a0,..., am-1). Suppose that an element a is in the positions with the indices i0,..., ita-1, ta > 1, and an element P is in the positions with the indices jo,..., jt«-1,
ts > 1. Let
Da = {(i — i') mod m : i G {io, . . . , ita-l} 9 i', i = i'} DS = {(j — j') mod m : j G . . . j-1} 9 j', j = j'}
be the sets of differences between two distinct indices of the positions occupied by a and P respectively. Then the matrix M is bi-regular if and only if for each such a and P:
1) the set Da comprises ta (ta — 1) elements, while D^ comprises t^ (t^ — 1) elements;
2) the sets Da and D^ are disjoint.
Proof. The necessity immediately follows from Lemmas 1 and 2. To prove sufficiency, suppose the matrix M is not bi-regular. The following three cases are possible.
I. Consider a design where ir and is, ir < is, are the indices of the positions occupied by the element a in the zeroth row and in the row (iu — ir) mod m, while iu = ir:
ir is
■ a ■ ■ ■ a ■ ■
(iu — ir) mod m V" a ■■■ a ■■
Then in the zeroth row there is an element a in the positions ir, is,iu and (iu + is — ir) mod m. Note that
((iu + is — ir) mod m — iu) mod m = is — ir,
and hence the set Da consists of less than ta (ta — 1) elements.
Similarly, one may verify that if the matrix M is not bi-regular against the element P then the set D^ consists of less than t^ (t^ — 1) elements. II. Consider a design where ir and is, ir < is, are the indices of the positions occupied by the element a in the zeroth row and by the element P in the row (ju — ir) mod m,
while ju = ir :
a
is
a
{ju ir )
u r ' mod m
ß
ß
Then in the zeroth row there is the element 3 in the positions ju and (ju + is — ir) mod m. Note that
((ju + is — ir) mod m — ju) mod m = is — ir '
and hence the sets Da and Dp have a common element is — ir. III. Consider a design where in the zeroth row and in the row (is — ir) mod m in the columns ir and ju, ir < ju, there are the element a and the element 3 respectively, while is = ir:
a
ju
ß
(is ir)
s - r mod m
a
ß
Then in the zeroth row there is the element a in the positions ir and is and the element 3 in the positions ju and ((is — ir) mod m + ju) mod m. Note that
is ir ) mod m + ju)
u) mod m - ju mod m
(is ir)
r mod m
and hence the sets Da and Dp have a common element (is — ir)
r mod m
The Theorem 1 is proved.
Corollary 2. Note the following particular case. An m x m circulant matrix with ta > 1 occurrences of an element a and m — ta unique entries per row is bi-regular if and only if the set Da comprises ta (ta — 1) elements.
The next Lemma states that reducing the number of some element occurrences may result in a non-linear increase in the number of another element occurrences.
Lemma 3. Let M be a bi-regular circulant matrix over a subset K of some multiplicative group denoted by its zeroth row (a0,..., am-\). Suppose that there are ta > 1 and tp ^ 1 positions occupied by an element a and an element 3 respectively. Then the decrease in the number ta of element a occurrences by k E {1,... ,ta — 1} allows increase in the number tp of element 3 occurrences by at most At/3,
1 + Q + ta i1» - !) - (ta - Q (ta - k - 1) + tp {tp - 1)^
1/2
~tr-
Proof. Gi™ ta > 1, there exist ( 2 ) ways to select a pair of distinct indices of the
positions occupied by the element a. A decrease in the number ta by k e {1,... ,ta — 1} releases ( t | — \ ) differences between two distinct indices that might be distributed
\2J V 2 /
to elements other than a. We now estimate Atg by which the number tp of element 3
0
0
occurrences might be increased while preserving the matrix M bi-regularity property. To achieve this objective, the following equation should be solved in integers for At«:
ts + AtA /ts\ it a \ (ta k
— i i _ i i —
Hence,
At«
1 /1 ^1/2 2 + ( 4 + ta (ta - 1) - (ta - k) (ta - k - 1) + ^ (t^ - 1)
-is
The Lemma 3 is proved. ■
Example 1. For t = 4 and m = t(t - 1) + 1 = 13 consider a vector
(a, a, P, y, a, a, e, Z, n, 0, i, k)
over a subset K of some multiplicative group. Note that distinct characters denote different group elements, and there are 10 distinct entries. One may verify that according to Theorem 1, this vector represents a bi-regular circulant matrix. If one element a is replaced by P, then there is a space for one more occurrence of P due to the fact that At« = 2. As an instance, we can take a vector
(a, a, P, y, a, i, e, P, Z, P, n, i).
It can be verified that the new vector also represents a bi-regular circulant matrix.
3. Bi-regular circulant matrix layouts
Theorem 1 provides an efficient method of validation whether a circulant matrix is a bi-regular one. This method may be reduced to Algorithm 1.
Algorithm 1. Matrix bi-regularity validation algorithm
1: Require: circulant matrix M = Mmxm. 2: Ensure: matrix M bi-regularity validation result. 3: D := 0.
4: Reconstruct the set K of the elements of M. 5: For all e e K:
6: Find the indices i0,..., ite-1 of the positions occupied by an element e in one row,
and count the number te. 7: If te > 1, then construct the set De:
De = {(i - ¿') mod m : M' e (¿0, . . . ,ite-l},i = i'} .
8: If |De | < te (te - 1), then return «M is not bi-regular», 9: else if D n De = 0, then return «M is not bi-regular»,
10: else D := D U De.
11: Return «M is bi-regular».
The computational complexity of the algorithm 1 depends on the number |K| of different matrix elements and the number te of every distinct element e occurrences.
2
2
2
In essence, to positively validate the circulant matrix bi-regularity, algorithm 1 observes all the ordered pairs (г, г') for each element e, and the overall number of those pairs equals
2 E (I6) = E (¿2 - te).
e£K V2/ e€K
Note that, in contrast, negative validation result is obtained immediately after processing the first inappropriate matrix element. Thus, obtaining the negative validation result does not require observation of every ordered pair (г, г') for each element e, in general case.
Example 2. Consider a circulant m x m matrix with occurrences of some element а per row, where ta(ia — 1) = m — 1. Other elements in each row occur only once. Then to positively validate such a matrix's bi-regularity, algorithm 1 must observe m — 1 ordered pairs of the distinct indices of the positions occupied by а.
As far as a general algorithm of the matrix bi-regularity validation is concerned, it takes to process all
(m\ 2 m4 — 2m3 + m2 Ы = 4 2 x 2 submatrices to ensure that a circulant matrix is bi-regular.
Now, an efficient method of the bi-regularity validation makes feasible the exhaustive search of arrays of variables that define bi-regular matrix layouts. Further, those layouts may be initialized by non-zero finite field elements. Following Table 1 gives a list of all non-equivalent arrays of the length m = ta (ta — 1) + 1 with ta e {2, 3, 4,5, 6} entries of some variable a which define bi-regular circulant matrix layouts. Here, two arrays are said to be non-equivalent if one is not a cyclic shifted representation of the other. These arrays are denoted by vectors (г0,..., ita-1) of indices of the variable a entries with г0 = 0.
Table 1
ta m Arrays of variables
2 3 (0,1)
3 7 (0,1, 3) (0, 2, 3)
4 13 (0,1, 3, 9) (0,1, 4, б) (0,1, 5,11) (0,1, 8,10)
5 21 (0,1, 4,14,16) (0,1, 6, 8,18)
6 31 (0,1, 3, 8,12,18) (0,1, 3,10,14, 26) (0,1, 4, 6,13, 21) (0,1, 4,10,12,17) (0,1, 6,18, 22, 29) (0,1, 8,11,13,17) (0,1,11,19, 26, 28) (0,1,14, 20, 24, 29) (0,1,15,19, 21, 24) (0,1,15, 20, 22, 28)
Remark 4. There are no arrays for ia = 7 and m = 43 that denote bi-regular matrices. Remark 5. Since for each array from Table 1 there are ta occurrences of variable a and m = ta (ta — 1) + 1, all the variables different from a must occur only once conforming to Lemmas 1 and 2.
For software or hardware implementation arrays of the length m e {8,16, 32} are preferable. Table 2 comprises a list of all non-equivalent arrays of the length m e {8,16} with the maximal number ta of the entries of some variable a for which the bi-regularity preserves. As in Table 1, these arrays are denoted by vectors (i0,..., ita-1) of indices of the variable a entries with i0 = 0.
Table 2
3
Arrays of variables
(0,1 (0,1
3) 6)
16
(0,1 (0,1 (0,1 (0,1 (0,1 (0,1 (0,1 (0,1 (0,1 (0, 2 (0, 2
3, 7)
3, 12)
4, 6) 4,11)
5, 7) 5,14)
6, 13) 10,14) 11,13)
5, 12)
6, 13)
m
8
4
Remark 6. There are no arrays for ta = 6 and m =32 producing bi-regular matrices.
4. Conclusion
The conducted survey of the circulant matrices comprises the following results. The upper bound of the number of some element occurrences for which the bi-regularity of a circulant matrix preserves was derived. Furthermore, necessary and sufficient conditions for the circulant matrix bi-regularity were proved, which made it possible to develop the efficient procedure of bi-regularity verification. We then managed to construct several bi-regular circulant matrix layouts of order up to 31 with the maximal number of some element occurrences. Besides, it was revealed that there are no layouts of order 32 with more than 5 occurrences of any element which yield a bi-regular matrix (and hence an MDS matrix).
Acknowledgement
The authors are grateful to the anonymous reviewer for the interest in the paper and the help in its improvement.
REFERENCES
1. MacWiUiams F. J. and Sloane N. J. The Theory of Error-Correcting Codes, vol. 16. Elsevier, 1977.
2. Segre B. Curve razionali normali ek-archi negli spazi finiti. Ann. Matem. Pura Appl., 1955, vol.39, no. 1, pp. 357-379.
3. Ball S. On sets of vectors of a finite vector space in which every subset of basis size is a basis. J. Europ. Math. Soc., 2012, vol. 14, no.3, pp. 733-748.
4. Junod P. and Vaudenay S. Perfect diffusion primitives for block ciphers. LNCS, 2004, vol. 3357, pp. 84-99.
5. Rozhkov M. I. and Malakhov S. S. Experimental methods for constructing MDS matrices of a special form. J. Appl. Industr. Math., 2019, vol.13, no. 2, pp. 302-309.
6. Gupta K. C. and Ray I. G. On constructions of circulant MDS matrices for lightweight cryptography. LNCS, 2014, vol.8434, pp. 564-576.
7. Li Y. and Wang M. On the construction of lightweight circulant involutory MDS matrices. Intern. Conf. FSE, LNCS, 2016, vol.9783, pp. 121-139.
8. Cauchois V. and Loidreau P. On circulant involutory MDS matrices. Designs, Codes and Cryptography, 2019, vol. 87, pp. 249-260.
9. Kesarwani A., Sarkar S., and Venkateswarlu A. Exhaustive search for various types of MDS matrices. IACR Trans. Symmetric Cryptology, 2019, pp. 231-256.
10. Malakhov S. S. and Rozhkov M. I. On construction of bi-regular circulant matrices, relating to MDS matrices. 2021 Intern. Conf. Engineering Technologies and Computer Science (EnT), IEEE, 2021, pp. 56-58.
11. Zarankiewicz K. Problem P 101. Colloq. Math., 1951, vol.2, p. 131.
12. Reiman I. Über ein problem von K. Zarankiewicz. Acta Mathematica Academiae Scientiarum Hungarica, 1958, vol. 9, no. 3-4, pp. 269-273.
