On the construction of ultra-light MDS matrices

TL;DR

This paper presents the construction of ultra-lightweight MDS matrices for cryptography, including algorithms and implementations that yield the most efficient matrices to date, significantly reducing XOR operations needed.

Contribution

It introduces a novel algorithm for enumerating lightweight MDS matrices and provides the most efficient known constructions for various sizes, advancing cryptographic matrix design.

Findings

4-bit MDS matrices with 35 XOR operations

8-bit MDS matrices with 67 XOR operations

Constructed 5x5 and 6x6 MDS matrices with 114 and 148 XOR gates

Abstract

In recent years, the Substitution-Permutation Network has emerged as a crucial structure for constructing symmetric key ciphers. Composed primarily of linear matrices and nonlinear S-boxes, it offers a robust foundation for cryptographic security. Among the various metrics used to assess the cryptographic properties of linear matrices, the branch number stands out as a particularly important index. Matrices with an optimal branch number are referred to as MDS matrices and are highly prized in the field of cryptography. In this paper we delve into the construction of lightweight MDS matrices. We commence implementation trees of MDS matrices, which is a vital tool for understanding and manipulating their implementations, and then present an algorithm that efficiently enumerates all the lightest MDS matrices based on the word representation. As results, we obtain a series of ultra-lightweight $4\times 4$ MDS matrices, remarkably, 4-bit input MDS matrices with 35 XOR operations and 8-bit input ones with 67 XOR operations . These matrices represent the most comprehensive lightweight MDS matrices available to date. Furthermore, we craft some involution $4\times 4$ MDS matrices with a mere 68 XOR gates.To our best knowledge, they are the best up to date. In the realm of higher-order MDS matrices, we have successfully constructed $5\times 5$ and $6\times 6$ matrices with 114 and 148 XOR gates respectively. These findings outperform the current state-of-the-art.