On the construction of ultra-light MDS matrices
Yu Tian, Xiutao Feng, Guangrong Li
TL;DR
This paper begins implementation trees of MDS matrices, which is a vital tool for understanding and manipulating their implementations, and presents an algorithm that efficiently enumerates all the lightest MDS matrices based on the word representation.
Abstract
In recent years, the Substitution-Permutation Network has emerged as a crucial structure for constructing symmetric key ciphers. Composed primarily of linear matrices and nonlinear S-boxes, it offers a robust foundation for cryptographic security. Among the various metrics used to assess the cryptographic properties of linear matrices, the branch number stands out as a particularly important index. Matrices with an optimal branch number are referred to as MDS matrices and are highly prized in the field of cryptography. In this paper we delve into the construction of lightweight MDS matrices. We commence implementation trees of MDS matrices, which is a vital tool for understanding and manipulating their implementations, and then present an algorithm that efficiently enumerates all the lightest MDS matrices based on the word representation. As results, we obtain a series of ultra-lightweight $4\times 4$ MDS matrices, remarkably, 4-bit input MDS matrices with 35 XOR operations and 8-bit input ones with 67 XOR operations . These matrices represent the most comprehensive lightweight MDS matrices available to date. Furthermore, we craft some involution $4\times 4$ MDS matrices with a mere 68 XOR gates.To our best knowledge, they are the best up to date. In the realm of higher-order MDS matrices, we have successfully constructed $5\times 5$ and $6\times 6$ matrices with 114 and 148 XOR gates respectively. These findings outperform the current state-of-the-art.