Designs, Codes and Cryptography

, Volume 87, Issue 2–3, pp 609–626 | Cite as

Almost involutory recursive MDS diffusion layers

  • Kishan Chand Gupta
  • Sumit Kumar Pandey
  • Ayineedi VenkateswarluEmail author
Part of the following topical collections:
  1. Special Issue: Coding and Cryptography


A recursive MDS matrix is an MDS matrix which can be expressed as a power of some companion matrix. The advantage of such a matrix is that it can be implemented by a single LFSR clocking several times. Such matrices are suitable for the design of diffusion layer in lightweight cryptographic applications. It is known that there do not exist involutory recursive MDS matrices. It means that if a recursive MDS matrix M is considered for the diffusion layer in encryption then the diffusion layer process in both encryption and decryption (if \(M^{-1}\) needs to be computed) cannot be the same, requiring two different LFSR implementations. In this paper we look at some possibilities of making the implementation of the diffusion layer part in both encryption and decryption to use almost the same circuit (LFSR) by using some special recursive MDS matrices. The difference or the cost of the additional operations/control mechanism used is minimal. In this direction we first discuss two known structures: regular recursive MDS matrices, symmetric recursive MDS matrices. We then propose some other structures called almost involutory recursive MDS matrices which can use the same LFSR for realizing the diffusion layer part in both encryption and decryption. We then present a new method for the direct construction of recursive MDS matrices. Our method gives a new infinite class polynomials that yield recursive MDS matrices. We also present some experimental results and comparison results.


Block cipher Diffusion layer MDS matrix Involutory matrix Companion matrix Recursive MDS matrix 

Mathematics Subject Classification

94A60 94B15 14G50 11T71 



  1. 1.
    Augot D., Finiasz M.: Direct construction of recursive MDS diffusion layers using shortened BCH codes. In: FSE 2014, LNCS, vol. 8540, pp. 3–17. Springer (2015).Google Scholar
  2. 2.
    Barreto P., Rijmen V.: The Anubis Block Cipher. Submission to the NESSIE Project (2000).Google Scholar
  3. 3.
    Barreto P., Rijmen V.: The Khazad Legacy-Level Block Cipher. First Open NESSIE Workshop (2000).Google Scholar
  4. 4.
    Beierle C., Kranz T., Leander G.: Lightweight multiplication in \(GF(2^n)\) with applications to MDS matrices. In: CRYPTO 2016, LNCS, vol. 9814, pp. 625–653. Springer (2016).Google Scholar
  5. 5.
    Berger T.P.: Construction of recursive MDS diffusion layers from Gabidulin codes. In: INDOCRYPT 2013, LNCS, vol. 8250, pp. 274–285. Springer (2013).Google Scholar
  6. 6.
    Daemen J., Rijmen V.: The design of Rijndael: AES—the advanced encryption standard. In: Information Security and Cryptography. Springer (2002).Google Scholar
  7. 7.
    Guo J., Peyrin T., Poshmann A.: The PHOTON family of lightweight hash functions. In: CRYPTO 2011, LNCS, vol. 6841, pp. 222–239. Springer (2011).Google Scholar
  8. 8.
    Guo J., Peyrin T., Poshmann A., Robshaw M.J.B.: The LED block cipher. In: CHES 2011, LNCS, vol. 6917, pp. 326–341. Springer (2011).Google Scholar
  9. 9.
    Gupta K.C., Ray I.G.: On constructions of MDS matrices from companion matrices for lightweight cryptography. In: CD-ARES Workshops 2013, LNCS, vol. 8128, pp. 29–43. Springer (2013).Google Scholar
  10. 10.
    Gupta K.C., Ray I.G.: On constructions of involutory MDS matrices. In: AFRICACRYPT, LNCS, vol. 7918, pp. 43–60. Springer (2013).Google Scholar
  11. 11.
    Gupta K.C., Ray I.G.: Cryptographically significant MDS matrices based on circulant and circulant-like matrices for lightweight applications. Cryptogr. Commun. 7(2), 257–287 (2015).MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Gupta K.C., Pandey S.K., Venkateswarlu A.: On the direct construction of recursive MDS matrices. Des. Codes Cryptogr. 82(1–2), 77–94 (2017).MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Gupta K.C., Pandey S.K., Venkateswarlu A.: Towards a general construction of recursive MDS diffusion layers. Des. Codes Cryptogr. 82(1–2), 179–195 (2017).MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Junod P., Vaudenay S.: Perfect diffusion primitives for block ciphers. In: SAC 2004, LNCS, vol. 3357, pp. 84–99. Springer (2004).Google Scholar
  15. 15.
    Khoo K., Peyrin T., Poschmann A., Yap H.: FOAM: searching for hardware-optimal SPN Structures and components with a fair comparison. In: CHES 2014, LNCS, vol. 8731, pp. 433–450. Springer (2014).Google Scholar
  16. 16.
    Kolokotronis N., Limniotis K., Kalouptsidis N.: Factorization of determinants over finite fields and application in stream ciphers. Cryptogr. Commun. 1, 175–205 (2009).MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Lidl R., Niederreiter H.: Finite Fields, 2nd edn. Cambridge University Press, Cambridge (1997).zbMATHGoogle Scholar
  18. 18.
    MacWilliams F.J., Sloane N.J.A.: The Theory of Error-Correcting Codes. North Holland Publishing Co., New York (1977).zbMATHGoogle Scholar
  19. 19.
    Nakahara J., Abraho E.: A new involutory MDS matrix for the AES. J Netw. Secur. 9(2), 109–116 (2009).Google Scholar
  20. 20.
    Rijmen V., Daemen J., Preneel B., Bosselaers A., De Win E.: The cipher SHARK. In: FSE 1996, LNCS, vol. 1039, pp. 99–111. Springer (1996).Google Scholar
  21. 21.
    Sajadieh M., Dakhilalian M., Mala H., Sepehrdad P.: Recursive diffusion layers for block ciphers and hash functions. In: FSE 2012, LNCS, vol. 7549, pp. 385–401. Springer (2012).Google Scholar
  22. 22.
    Sarkar S., Syed H., Sadhukhan R., Mukhopadhyay D.: Lightweight design choices for LED-like block ciphers. In: INDOCRYPT 2017, LNCS, vol. 10698, pp. 267–281. Springer (2017).Google Scholar
  23. 23.
    Sim S.M., Khoo K., Oggier F., Peyrin T.: Lightweight MDS involution matrices. In: FSE 2015, LNCS, vol. 9054, pp. 471–493. Springer (2015).Google Scholar
  24. 24.
    Wu S., Wang M., Wu W.: Recursive diffusion layers for (lightweight) block ciphers and hash functions. In: SAC 2013, LNCS, vol. 7707, pp. 355–371. Springer (2013).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.Ashoka UniversitySonepatIndia
  3. 3.Computer Science UnitIndian Statistical Institute - Chennai CentreChennaiIndia

Personalised recommendations