On Constructions of Involutory MDS Matrices

TLDR: An algorithm to construct involutory MDS matrices with low Hamming weight elements to minimize primitive operations such as exclusive-or, table look-ups and xtime operations is provided.

Abstract: Maximum distance separable (MDS) matrices have applications not only in coding theory but also are of great importance in the design of block ciphers and hash functions. It is highly nontrivial to find MDS matrices which is involutory and efficient. In a paper in 1997, Youssef et. al. proposed an involutory MDS matrix construction using Cauchy matrix. In this paper we study properties of Cauchy matrices and propose generic constructions of low implementation cost MDS matrices based on Cauchy matrices. In a 2009 paper, Nakahara and Abrahao proposed a 16 ×16 involutory MDS matrix over \(\mathbb{F}_{2^8}\) by using a Cauchy matrix which was used in MDS-AES design. Authors claimed that their construction by itself guarantees that the resulting matrix is MDS and involutory. But the authors didn’t justify their claim. In this paper we study and prove that this proposed matrix is not an MDS matrix. Note that this matrix has been designed to be used in the block cipher MDS-AES, which may now have severe weaknesses. We provide an algorithm to construct involutory MDS matrices with low Hamming weight elements to minimize primitive operations such as exclusive-or, table look-ups and xtime operations. In a 2012 paper, Sajadieh et. al. provably constructed involutory MDS matrices which were also Hadamard in a finite field by using two Vandermonde matrices. We show that the same matrices can be constructed by using Cauchy matrices and provide a much simpler proof of their construction.