**Design of Lightweight Linear Diffusion Layers from Near-MDS Matrices**

*Chaoyun Li and Qingju Wang*

**Abstract: **Near-MDS matrices provide better trade-offs between security and efficiency compared to constructions based on MDS matrices, which are favored for hardware-oriented designs. We present new designs of lightweight linear diffusion layers by constructing lightweight near-MDS matrices.
Firstly generic $n\times n$ near-MDS circulant matrices are found for $5\leq n \leq 9$.
Secondly\,, the implementation cost of instantiations of the generic near-MDS matrices is examined.
Surprisingly, for $n=7,8$, it turns out that some proposed near-MDS circulant matrices of order $n$ have the lowest XOR count among all near-MDS matrices of the same order.
Further, for $n=5,6$, we present near-MDS matrices of order $n$ having the lowest XOR count as well. The proposed matrices, together with previous construction of order less than five, lead to
solutions of $n\times n$ near-MDS matrices with the lowest XOR count over finite fields $\mathbb{F}_{2^m}$ for $2\leq n \leq 8$ and $4\leq m \leq 2048$. Moreover, we present some involutory near-MDS matrices of order $8$ constructed from Hadamard matrices. Lastly, the security of the proposed linear layers is studied by calculating lower bounds on the number of active S-boxes. It is shown that our linear layers with a well-chosen nonlinear layer can provide sufficient security against differential and linear cryptanalysis.

**Category / Keywords: **lightweight cryptography, diffusion layer, near-MDS matrix, branch number

**Original Publication**** (in the same form): **IACR-TOSC-2017

**Date: **received 25 Feb 2017, last revised 1 Mar 2017

**Contact author: **chaoyun li at esat kuleuven be, quwg@dtu dk

**Available format(s): **PDF | BibTeX Citation

**Note: **Delete the redundant 'and' in the author names.

**Version: **20170301:183144 (All versions of this report)

**Short URL: **ia.cr/2017/195

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]