Lightweight 4x4 MDS Matrices for HardwareOriented Cryptographic Primitives

Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4 × 4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number of XORs. Firstly, we mathematically characterize the MDS property of a class of matrices (derived from the product of binary matrices and companion matrices of σ-LFSRs aka recursive diffusion layers) whose implementation cost is 10m + 4 XORs for 4 ≤ m ≤ 8, where m is the bit length of inputs. Then, based on the mathematical investigation, we further extend the search space and propose new families of 4 × 4 MDS matrices with 8m + 4 and 8m + 3 XOR implementation cost. The lightest MDS matrices by our new approach have the same implementation cost as the lightest existent matrix.