**On Constructions of MDS Matrices from Companion Matrices for Lightweight Cryptography**

*Kishan Chand Gupta and Indranil Ghosh Ray*

**Abstract: **Maximum distance separable (MDS) matrices have applications not only in coding theory but also are
of great importance in the design of block ciphers and hash functions. It is highly nontrivial
to find MDS matrices which could be used in lightweight cryptography.
In a crypto 2011 paper, Guo et. al. proposed a new MDS matrix $Serial(1,2,1,4)^4$ over $\mathbb{F}_{2^8}$.
This representation has a compact hardware implementation of the AES MixColumn operation.
No general study of MDS properties of this newly introduced construction of the form
$Serial(z_0,\ldots,z_{d-1})^d$ over $\mathbb{F}_{2^n}$
for arbitrary $d$ and $n$ is available in the literature.
In this paper we study some properties of MDS matrices and provide an insight of
why $Serial(z_0,\ldots,z_{d-1})^d$ leads to an MDS matrix.
For efficient hardware implementation, we aim to restrict the values of $z_i$'s in
$\{1,\alpha,\alpha^2,\alpha+1\}$, such that $Serial(z_0,\ldots,z_{d-1})^d$ is MDS for $d = 4 \mbox{ and } 5$, where
$\alpha$ is the root of the constructing polynomial of $\mathbb{F}_{2^n}$.
We also propose more generic constructions of MDS matrices e.g.
we construct lightweight $4 \times 4$ and $5 \times 5$ MDS matrices over $\mathbb{F}_{2^n}$ for all $n \ge 4$.
An algorithm is presented to check if a given matrix is MDS. The algorithm
directly follows from the basic properties of MDS matrix and is easy to implement.

**Category / Keywords: **secret-key cryptography /

**Date: **received 4 Feb 2013

**Contact author: **kishan at isical ac in, indranil r@isical ac in

**Available format(s): **PDF | BibTeX Citation

**Version: **20130206:160942 (All versions of this report)

**Short URL: **ia.cr/2013/056

[ Cryptology ePrint archive ]