On the Construction of Lightweight Circulant Involutory MDS Matrices

In the present paper, we investigate the problem of constructing MDS matrices with as few bit XOR operations as possible. The key contribution of the present paper is constructing MDS matrices with entries in the set of m x m non-singular matrices over F-2 directly, and the linear transformations we used to construct MDS matrices are not assumed pairwise commutative. With this method, it is shown that circulant involutory MDS matrices, which have been proved do not exist over the finite field F(2)m, can be constructed by using non-commutative entries. Some constructions of 4 x 4 and 5 x 5 circulant involutory MDS matrices are given when m = 4, 8. To the best of our knowledge, it is the first time that circulant involutory MDS matrices have been constructed. Furthermore, some lower bounds on XORs that required to evaluate one row of circulant and Hadamard MDS matrices of order 4 are given when m = 4, 8. Some constructions achieving the bound are also given, which have fewer XORs than previous constructions.