Lightweight 4x4 MDS Matrices for Hardware-Oriented Cryptographic Primitives

Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4x4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number of XORs. Firstly, we mathematically characterize the MDS property of a class of matrices (derived from the product of binary matrices and companion matrices of $sigma$-LFSRs aka recursive diffusion layers) whose implementation cost is $10m+4$ XORs for 4 <= m <= 8, where $m$ is the bit length of inputs. Then, based on the mathematical investigation, we further extend the search space and propose new families of 4x 4 MDS matrices with 8m+4 and 8m+3 XOR implementation cost. The lightest MDS matrices by our new approach have the same implementation cost as the lightest existent matrix.