Four by four MDS matrices with the fewest XOR gates based on words

Abstract

<p style= text-indent:20px; >MDS matrices play an important role in the design of block ciphers, and constructing MDS matrices with fewer xor gates is of significant interest for lightweight ciphers. For this topic, Duval and Leurent proposed an approach to construct MDS matrices by using three linear operations in ToSC 2018. Taking words as elements, they found <inline-formula><tex-math id= M1 >\\begin{document}$ 16\\times16 $\\end{document}</tex-math></inline-formula> and <inline-formula><tex-math id= M2 >\\begin{document}$ 32\\times 32 $\\end{document}</tex-math></inline-formula> MDS matrices over <inline-formula><tex-math id= M3 >\\begin{document}$ \\mathbb{F}_2 $\\end{document}</tex-math></inline-formula> with only <inline-formula><tex-math id= M4 >\\begin{document}$ 35 $\\end{document}</tex-math></inline-formula> xor gates and <inline-formula><tex-math id= M5 >\\begin{document}$ 67 $\\end{document}</tex-math></inline-formula> xor gates respectively, which are also the best known implementations up to now. Based on the same observation as their work, we consider three linear operations as three kinds of elementary linear operations of matrices, and obtain more MDS matrices with <inline-formula><tex-math id= M6 >\\begin{document}$ 35 $\\end{document}</tex-math></inline-formula> and <inline-formula><tex-math id= M7 >\\begin{document}$ 67 $\\end{document}</tex-math></inline-formula> xor gates. In addition, some <inline-formula><tex-math id= M8 >\\begin{document}$ 16\\times16 $\\end{document}</tex-math></inline-formula> or <inline-formula><tex-math id= M9 >\\begin{document}$ 32\\times32 $\\end{document}</tex-math></inline-formula> involutory MDS matrices with only <inline-formula><tex-math id= M10 >\\begin{document}$ 36 $\\end{document}</tex-math></inline-formula> or <inline-formula><tex-math id= M11 >\\begin{document}$ 72 $\\end{document}</tex-math></inline-formula> xor gates over <inline-formula><tex-math id= M12 >\\begin{document}$ \\mathbb{F}_2 $\\end{document}</tex-math></inline-formula> are also proposed, which are better than previous results. Moreover, our method can be extended to general linear groups, and we prove that the lower bound of the sequential xor count based on words for <inline-formula><tex-math id= M13 >\\begin{document}$ 4 \\times 4 $\\end{document}</tex-math></inline-formula> MDS matrix over general linear groups is <inline-formula><tex-math id= M14 >\\begin{document}$ 8n+2 $\\end{document}</tex-math></inline-formula>.</p>