This paper investigates the construction of \({\text {MDS}}\) matrices with generalized Feistel structures (\({\text {GFS}}\)). The approach developed by this paper consists in deriving \({\text {MDS}}\) matrices from the product of several sparser matrices. This can be seen as a generalization to several matrices of the recursive construction which derives \({\text {MDS}}\) matrices as the powers of a single companion matrix. In other words, the idea of this paper is to explore a space of matrices with a \({\text {GFS}}\) structure, and then to search for instantiations of the binary linear functions so that the resulting matrix is both \({\text {MDS}}\) and efficient to implement with respect to the number of \({\text {XOR}}\) gates and the depth of the circuit. In this direction we first give some theoretical results on the iteration of \({\text {GFS}}\). We then using \({\text {GFS}}\) with minimal diffusion rounds, propose some types of sparse matrices that are called extended primitive \({\text {GFS}}\) (\({\text {EGFS}}\)) matrices. Next, by applying binary linear functions to several round of \({\text {EGFS}}\) matrices, we introduce lightweight \(4\times 4\), \(6\times 6\) and \(8\times 8\) \({\text {MDS}}\) matrices that are implemented with 67, 156 and 260 \({\text {XOR}}\) over 8-bit input, respectively. The results match the best known lightweight \(4\times 4\) \({\text {MDS}}\) matrix and improve the best known \(6\times 6\) and \(8\times 8\) \({\text {MDS}}\) matrices. Moreover, we propose \(8\times 8\) Near-\({\text {MDS}}\) matrices such that the implementation cost of the proposed matrices are 108 and 204 \({\text {XOR}}\) over 4-bit and 8-bit inputs, respectively. On the whole, the construction presented in this paper is relatively general and can be applied for other matrix dimensions and finite fields as well.

本文研究了具有广义Feistel结构（\（{\ text {GFS}} \））的\（{\ text {MDS}} \）矩阵的构造。本文开发的方法在于从几个稀疏矩阵的乘积中得出\（{\ text {MDS}} \）矩阵。这可以看作是对递归构造的几个矩阵的概括，该矩阵派生\（{\ text {MDS}} \）矩阵作为单个伴随矩阵的幂。换句话说，本文的想法是探索具有\（{\ text {GFS}} \）结构的矩阵空间，然后搜索二进制线性函数的实例化，从而使所得矩阵均为\ （{\ text {MDS}} \）相对于\（{\ text {XOR}} \\）门的数量和电路的深度而言，实现效率高。在这个方向上，我们首先对\（{\ text {GFS}} \）的迭代给出一些理论结果。然后，我们使用\（{\ text {GFS}} \）进行最小扩散回合，提出一些类型的稀疏矩阵，称为稀疏扩展\（{\ text {GFS}} \）（\（{\ text {EGFS} } \））矩阵。接下来，通过将二进制线性函数应用于几轮\（{\ text {EGFS}} \）矩阵，我们引入了轻量级\（4 \ times 4 \），\（6 \ times 6 \）和\（8 \ times 8 \） \（{\ text {MDS}} \）分别在8位输入上使用67、156和260 \（{\ text {XOR}} \}实现的矩阵。结果与最知名的轻量级\（4 \ times4 \） \（{\ text {MDS}} \）矩阵匹配，并改进了最知名的\（6 \ times 6 \）和\（8 \ times 8 \） \ （{\ text {MDS}} \）矩阵。此外，我们提出\（8 \ times8 \） Near- \（{\ text {MDS}} \）矩阵，使得所提出的矩阵的实现成本为108和204 \（{\ text {XOR}} \}分别超过4位和8位输入。总体而言，本文提出的构造是相对通用的，并且可以应用于其他矩阵尺寸和有限域。