A Characterization of Semi-Involutory MDS Matrices
Tapas Chatterjee, Ayantika Laha
TL;DR
This work characterizes all $3 \times 3$ irreducible semi-involutory matrices over fields of characteristic $2$ and derives a diagonal-parameterized construction that yields $3 \times 3$ MDS semi-involutory matrices using only three diagonal entries and an associated diagonal matrix. A explicit parametrization expresses all non-diagonal entries in terms of $a_{11},a_{22},a_{33},d_1,d_2,d_3$ and nonzero field elements $x,y,z$, with $A^{-1}=cDA D$ implying $(DA)^2=c^{-1}I$. The authors prove a necessary and sufficient MDS condition: $a_{11}d_1+a_{22}d_2$, $a_{11}d_1+a_{33}d_3$, $a_{22}d_2+a_{33}d_3$, and $a_{11}d_1+a_{22}d_2+a_{33}d_3$ must be nonzero, and they provide a determinant and submatrix criteria to verify the MDS property. They then count the total number of such matrices over $\mathbb{F}_{2^m}$, obtaining $(2^m-1)^5(2^m-2)(2^m-4)$, with exact counts for small fields: none over $\mathbb{F}_{2^2}$, $403{,}368$ over $\mathbb{F}_{2^3}$, and $127{,}575{,}000$ over $\mathbb{F}_{2^4}$. The results yield a practical, efficient path to diffusion-layer MDS matrices in SPN-based ciphers and open avenues for extending the structure to larger sizes and other characteristics.
Abstract
In symmetric cryptography, maximum distance separable (MDS) matrices with computationally simple inverses have wide applications. Many block ciphers like AES, SQUARE, SHARK, and hash functions like PHOTON use an MDS matrix in the diffusion layer. In this article, we first characterize all $3 \times 3$ irreducible semi-involutory matrices over the finite field of characteristic $2$. Using this matrix characterization, we provide a necessary and sufficient condition to construct MDS semi-involutory matrices using only their diagonal entries and the entries of an associated diagonal matrix. Finally, we count the number of $3 \times 3$ semi-involutory MDS matrices over any finite field of characteristic $2$.