Direct Construction of Recursive MDS Diffusion Layers using Shortened BCH Codes
This work addresses the need for compact and efficient diffusion layers in cryptography, particularly for constrained environments, though it is incremental as it builds on existing recursive MDS matrix approaches.
The paper tackles the problem of constructing recursive MDS matrices for efficient diffusion layers in block ciphers by proposing a new direct method using shortened BCH codes, which allows efficient construction for any parameters but may not always find the best matrices.
MDS matrices allow to build optimal linear diffusion layers in block ciphers. However, MDS matrices cannot be sparse and usually have a large description, inducing costly software/hardware implementations. Recursive MDS matrices allow to solve this problem by focusing on MDS matrices that can be computed as a power of a simple companion matrix, thus having a compact description suitable even for constrained environ- ments. However, up to now, finding recursive MDS matrices required to perform an exhaustive search on families of companion matrices, thus limiting the size of MDS matrices one could look for. In this article we propose a new direct construction based on shortened BCH codes, al- lowing to efficiently construct such matrices for whatever parameters. Unfortunately, not all recursive MDS matrices can be obtained from BCH codes, and our algorithm is not always guaranteed to find the best matrices for a given set of parameters.