On the Direct Construction of MDS and Near-MDS Matrices
Kishan Chand Gupta, Sumit Kumar Pandey, Susanta Samanta
TL;DR
This paper addresses the direct construction of diffusion layers in cryptography by focusing on both MDS and NMDS matrices. It introduces direct nonrecursive constructions using generalized Vandermonde matrices and demonstrates how to obtain MDS/NMDS generators via $G=[I|A]$ with $A=V_1^{-1}V_2$, including involutory variants. For recursive designs, it presents a novel direct approach based on companion matrices $C_g$ and a Vandermonde diagonalization $C_g=VDV^{-1}$, showing that $C_g^m$ is MDS/NMDS when the corresponding $G'=[V^T|D^mV^T]$ has all $n$ columns independent, and it provides explicit polynomial constructions yielding NMDS matrices under sum-zero criteria. Additional results include proofs of folklore NMDS properties and methods to obtain involutory MDS/NMDS matrices. Collectively, these techniques enable efficient, scalable diffusion layers for larger orders, with practical impact on block ciphers and hash functions, particularly in lightweight cryptography.
Abstract
The optimal branch number of MDS matrices makes them a preferred choice for designing diffusion layers in many block ciphers and hash functions. Consequently, various methods have been proposed for designing MDS matrices, including search and direct methods. While exhaustive search is suitable for small order MDS matrices, direct constructions are preferred for larger orders due to the vast search space involved. In the literature, there has been extensive research on the direct construction of MDS matrices using both recursive and nonrecursive methods. On the other hand, in lightweight cryptography, Near-MDS (NMDS) matrices with sub-optimal branch numbers offer a better balance between security and efficiency as a diffusion layer compared to MDS matrices. However, no direct construction method is available in the literature for constructing recursive NMDS matrices. This paper introduces some direct constructions of NMDS matrices in both nonrecursive and recursive settings. Additionally, it presents some direct constructions of nonrecursive MDS matrices from the generalized Vandermonde matrices. We propose a method for constructing involutory MDS and NMDS matrices using generalized Vandermonde matrices. Furthermore, we prove some folklore results that are used in the literature related to the NMDS code.