Construction of higher-level MDS matrices in nested SPNs

Abstract

This paper presents a new construction of large-scale maximum distance separable (MDS) matrices which can be used in the design of block ciphers. We extend Cauchy matrices defined over a finite field and consider these matrices on a finite commutative ring. The resulting generalized Cauchy (GC) matrices retain the advantage of a maximum branch number. We investigate the properties of such matrices in this study. First, we provide a construction of GC matrices. The proposed construction guarantees that most of the (binary) entries in a GC matrix are zero, thereby reducing the search space for cheap GC matrices considerably. Second, we minimize the number of different sub-matrices in a GC matrix to make it more suitable for lookup table implementation, we call this a compact GC matrix. We then elaborate the structure of such compact GC matrices to consider all possible matrices and thus obtain the number of compact GC matrices. Finally, we consider the involutory potential of compact GC matrices. In particular, we prove that any compact GC matrix can be modified into an involutory one through a series of column-exchanging operations and a constant matrix multiplication. Through our experiment, we discover large-scale GC matrices, which can facilitate the future design of involutory component-based ciphers. Our best constructions can reduce the number of XOR gates in the higher-level diffusion layers in Hierocrypt-L1 and Hierocrypt-3 by 35.1% and 50%, respectively, while providing the same number of active S-boxes. Moreover, compared with the existing ones, the involutory nature of the new matrices allows for equally efficient diffusion in both encryption and decryption.