On the Construction of Lightweight Circulant Involutory MDS Matrices

  • Yongqiang Li
  • Mingsheng Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9783)


In the present paper, we investigate the problem of constructing MDS matrices with as few bit XOR operations as possible. The key contribution of the present paper is constructing MDS matrices with entries in the set of \(m\times m\) non-singular matrices over \(\mathbb {F}_2\) directly, and the linear transformations we used to construct MDS matrices are not assumed pairwise commutative. With this method, it is shown that circulant involutory MDS matrices, which have been proved do not exist over the finite field \(\mathbb {F}_{2^m}\), can be constructed by using non-commutative entries. Some constructions of \(4\times 4\) and \(5\times 5\) circulant involutory MDS matrices are given when \(m=4,8\). To the best of our knowledge, it is the first time that circulant involutory MDS matrices have been constructed. Furthermore, some lower bounds on XORs that required to evaluate one row of circulant and Hadamard MDS matrices of order 4 are given when \(m=4,8\). Some constructions achieving the bound are also given, which have fewer XORs than previous constructions.


MDS matrix Circulant involutory matrix Hadamard matrix Lightweight 



The authors are very grateful to the anonymous reviewers for their valuable comments. This work was supported by the 973 project under Grant (2013CB834203), by the National Science Foundation of China (No. 61303255, No. 61379142).


  1. 1.
    Augot, D., Finiasz, M.: Exhaustive search for small dimension recursive MDS diffusion layers for block ciphers and hash functions. In: Proceedings of 2013 IEEE International Symposium on Information Theory (ISIT), pp. 1551–1555. IEEE (2013)Google Scholar
  2. 2.
    Augot, D., Finiasz, M.: Direct construction of recursive MDS diffusion layers using shortened BCH codes. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 3–17. Springer, Heidelberg (2015)Google Scholar
  3. 3.
    Barreto, P., Rijmen, V.: The anubis block cipher. Submission to the NESSIE Project (2000)Google Scholar
  4. 4.
    Berger, T.P.: Construction of recursive MDS diffusion layers from Gabidulin codes. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 274–285. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  5. 5.
    Blaum, M., Roth, R.M.: On lowest density MDS codes. IEEE Trans. Inf. Theory 45(1), 46–59 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Choy, J., Yap, H., Khoo, K., Guo, J., Peyrin, T., Poschmann, A., Tan, C.H.: SPN-Hash: improving the provable resistance against differential collision attacks. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 270–286. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Cui, T., Jin, C.I., Kong, Z.: On compact Cauchy matrices for substitution permutation networks. IEEE Trans. Comput. 99, 1 (2014). PreprintMathSciNetGoogle Scholar
  8. 8.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  9. 9.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Chand Gupta, K., Ghosh Ray, I.: On constructions of involutory MDS matrices. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 43–60. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Gupta, K.C., Ray, I.G.: On constructions of MDS matrices from companion matrices for lightweight cryptography. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops 2013. LNCS, vol. 8128, pp. 29–43. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Gupta, K.C., Ray, I.G.: Cryptographically significant MDS matrices based on circulant and circulant-like matrices for lightweight applications. Crypt. Commun. 7, 257–287 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Li, Y., Wang, M.: On the construction of lightweight circulant involutory MDS matrices (Extend version). In: FSE 2016.
  15. 15.
    Jean, J., Nikolić, I., Peyrin, T.: Joltik v1.1. Submission to the CAESAR competition (2014).
  16. 16.
    Nakahara Jr., J., Abraho, I.: A new involutory MDS matrix for the AES. Int. J. Netw. Secur. 9(2), 109–116 (2009)Google Scholar
  17. 17.
    Junod, P., Vaudenay, S.: Perfect diffusion primitives for block ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 84–99. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalc, T.: Prøstv1.1. Submission to the CAESAR competition (2014).
  19. 19.
    Khoo, K., Peyrin, T., Poschmann, A.Y., Yap, H.: FOAM: searching for hardware-optimal SPN structures and components with a fair comparison. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 433–450. Springer, Heidelberg (2014)Google Scholar
  20. 20.
    Sajadieh, M., Dakhilalian, M., Mala, H., Sepehrdad, P.: Recursive diffusion layers for block ciphers and hash functions. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 385–401. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Sim, S.M., Khoo, K., Oggier, F., Peyrin, T.: Lightweight MDS involution matrices. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 471–493. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  22. 22.
    Vaudenay, S.: On the need for multipermutations: cryptanalysis of MD4 and SAFER. In: Preneel, Bart (ed.) FSE 1994. LNCS, vol. 1008, pp. 286–297. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  23. 23.
    Wu, S., Wang, M., Wu, W.: Recursive diffusion layers for (lightweight) block ciphers and hash functions. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 355–371. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of SciencesBeijingChina
  2. 2.Science and Technology on Communication Security LaboratoryChengduChina

Personalised recommendations