Constructing Lightweight Optimal Diffusion Primitives with Feistel Structure.

As one of the core components in any SPN block cipher and hash function, diffusion layers are mainly introduced by matrices with maximal branch number. Surprisingly, the research on optimal binary matrices is rather limited compared with that on MDS matrices. Especially, not many general constructions for binary matrices are known that give the best possible branch number and guarantee the efficient software/hardware implementations as well. In this paper, we propose a new class of binary matrices constructed by Feistel structure with bit permutation as round functions. Through investigating bounds on the branch number our structure can achieve, we construct optimal binary matrices for a series of parameters with the lowest hardware cost up﾿to now. Compared to the best known results, our optimal solutions for size $$16 \\times 16$$16×16 and $$32 \\times 32$$32×32 can save about $$20\\,\\%$$20% and $$33.3\\,\\%$$33.3% gate equivalents respectively. Without loss of hardware efficiency, a list of software-friendly optimal binary matrices can be constructed by Feistel structure with cyclic shift as round functions. The characteristics of this class of matrices are summarized and involutory optimal instances with commonly used dimensions are also provided. In the case of $$8 \\times 8$$8×8, we prove that optimal matrices from our structure can not be involutory. Finally, we extend the strategy to Generalized Feistel Structure and present some typical experimental results.