Provable one-XOR matrices for construction of 4 × 4 hardware-oriented MDS diffusion layers

Abstract

MDS diffusion layers are critical in the design of modern symmetric ciphers. Lightweight MDS matrices are studied for designing ciphers targeting hardware-oriented applications. In 2016, Beierle, Kranz, and Leander studied elements for which x → ax could be implemented with only one XOR in hardware. Then, they searched for such a’s satisfying the desired conditions for MDS-ness of some constructions. We adopt an opposite approach: we fix the conditions that A, A 3⊕ I and A 7 ⊕ I are n × n invertible binary matrices and then give provable binary n × n one-XOR matrices for which the mentioned conditions hold. Note that these conditions are sufficient ones for MDS-ness of many well-known constructions of 4 × 4 MDS matrices over n-bit words such as some recursive MDS diffusion layers as well as circulant AES-like MDS matrices.