Almost involutory recursive MDS diffusion layers

Article Type

Research Article

Publication Title

Designs, Codes, and Cryptography

Abstract

A recursive MDS matrix is an MDS matrix which can be expressed as a power of some companion matrix. The advantage of such a matrix is that it can be implemented by a single LFSR clocking several times. Such matrices are suitable for the design of diffusion layer in lightweight cryptographic applications. It is known that there do not exist involutory recursive MDS matrices. It means that if a recursive MDS matrix M is considered for the diffusion layer in encryption then the diffusion layer process in both encryption and decryption (if M - 1 needs to be computed) cannot be the same, requiring two different LFSR implementations. In this paper we look at some possibilities of making the implementation of the diffusion layer part in both encryption and decryption to use almost the same circuit (LFSR) by using some special recursive MDS matrices. The difference or the cost of the additional operations/control mechanism used is minimal. In this direction we first discuss two known structures: regular recursive MDS matrices, symmetric recursive MDS matrices. We then propose some other structures called almost involutory recursive MDS matrices which can use the same LFSR for realizing the diffusion layer part in both encryption and decryption. We then present a new method for the direct construction of recursive MDS matrices. Our method gives a new infinite class polynomials that yield recursive MDS matrices. We also present some experimental results and comparison results.

First Page

609

Last Page

626

DOI

10.1007/s10623-018-0582-2

Publication Date

3-15-2019

Share

COinS