On constructions of MDS matrices from companion matrices for lightweight cryptography

Abstract

Maximum distance separable (MDS) matrices have applications not only in coding theory but also are of great importance in the design of block ciphers and hash functions. It is highly nontrivial to find MDS matrices which could be used in lightweight cryptography. In a crypto 2011 paper, Guo et. al. proposed a new MDS matrix Serial(1, 2, 1, 4)4 over F 28. This representation has a compact hardware implementation of the AES MixColumn operation. No general study of MDS properties of this newly introduced construction of the form Serial(z0,. ., zd-1)d over F2n for arbitrary d and n is available in the literature. In this paper we study some properties of MDS matrices and provide an insight of why Serial(z0,. ., zd-1)d leads to an MDS matrix. For efficient hardware implementation, we aim to restrict the values of zi's in {1, α,α2, α + 1}, such that Serial(z0,. ., zd-1)d is MDS for d = 4 and 5, where α is the root of the constructing polynomial of F2n. We also propose more generic constructions of MDS matrices e.g. we construct lightweight 4 × 4 and 5 × 5 MDS matrices over F2n for all n ≥ 4. An algorithm is presented to check if a given matrix is MDS. The algorithm follows from the basic properties of MDS matrix and is easy to implement. © IFIP International Federation for Information Processing 2013.