Journal of Physics: Conference Series

PAPER • OPEN ACCESS You may also like

- A model for differential leg joint function
A construction of MDS involutory matrices using during human running
Mu Qiao, James J Abbas and Devin L
MDS self-dual codes: a preliminary result Jindrich

- The Foundation Supernova Survey:

Measuring Cosmological Parameters with
To cite this article: Irwansyah et al 2021 J. Phys.: Conf. Ser. 1722 012030 Supernovae from a Single Telescope
D. O. Jones, D. M. Scolnic, R. J. Foley et
al.

- Time series classification based on

detrended partial cross-correlation
View the article online for updates and enhancements. Jianing Cao, Aijing Lin and Guancen Lin

This content was downloaded from IP address 105.101.180.215 on 21/05/2023 at 16:04

ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

A construction of MDS involutory matrices using

MDS self-dual codes: a preliminary result
Irwansyah1,∗ , I. Muchtadi-Alamsyah2 , and F. Yuliawan2
1
Department of Mathematics, Universitas Mataram, Mataram, Indonesia 83125
2
Algebra Research Group, Institut Teknologi Bandung, Bandung, Indonesia 40132
E-mail: ∗ irw@unram.ac.id

Abstract. The Maximum Distance Separable (MDS) matrices have an important application
in cryptography, for example see [1]. In order to reduce the implementation complexities, it is
important to consider MDS matrices which are involutory. Some constructions of involutory
MDS matrices can be found in [2, 3]. In this paper, we give some properties related to a
construction of involutory MDS matrices using orthogonal matrices derived from Euclidean
self-dual MDS codes. Then, we do a computer search to find involutory MDS matrices with
small sizes using classical simulated annealing algorithm. The proposed construction is different
compared to the ones in [2, 3].

1. Introduction
A maximum Distance Separable (MDS) matrix is a matrix with all its minors are non-zero.
Also, this matrix can be viewed as a redundant part of the generator matrix of an MDS code.
This type of matrices can be used as a diffusion layer between input and output in an associated
cipher in cryptosystem. For the implementation purpose, it is important to use a MDS matrix
which can reduce the complexities for encryption and decryption process. One way to achieve
lower complexities in those process is to use involutory or orthogonal MDS matrices, see [4].
Generally, the construction of involutory MDS matrices over finite fields is by using some
particular matrices such as Hadamard matrices and Cauchy matrices. Sajadieh et al. [5] proposed
a way to construct involutory MDS matrices by the multiplication of one Vandermonde matrix
and the inverse of another Vandermonde matrix. Gupta and Ray [3] used Cauchy matrices for the
construction of involutory MDS matrices. Recently, Jian et al. [2] described a new structures of
involutory MDS matrices. Moreover, they provided new approaches for constructing lightweight
involutory MDS matrices of size 4 × 4 over F2m . Some other constructions for general MDS
matrices can be found in [9, 10].
In this paper, we describe a different approach to search involutory MDS matrices over
F2m . First, we use the generator matrix of an Euclidean self-dual MDS code to construct an
orthogonal MDS matrix. Then, we use a classical simulated annealing algorithm to construct
an involutory MDS matrix from a given orthogonal MDS matrix. This paper is organized as
follows. Section 2 collects some basic definitions and concepts from coding theory and matrices.
Section 3 describes some properties related to Euclidean self-dual MDS codes, orthogonal MDS
matrices, and involutory MDS matrices. This section also discuss an algorithm for a search of

Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd 1
ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

an involutory MDS matrix from a given orthogonal MDS matrix. Section 4 gives a conclusion
and an open problem related to this research.

2. Method
Let F2m be the finite field of 2m elements, and Fn2m be the n-tuple of elements in F2m . Note that,
F2m is an n-dimensional vector space over F2m . A code C of length n over F2m is a subset of Fn2m .
Moreover, a code C is said to be a linear code if it is a subspace of Fn2m . For any c = (c1 , . . . , cn )
in Fn2m , define the Hamming weight of c as wH (c) = |{i|ci 6= 0}| . Moreover, for any linear code
C in Fn2m , define the Hamming distance of C as dH (C) = min c∈C wH (c). A linear code C of
c6=0
length n, dimension k, and Hamming distance d usually noted as [n, k, d] code. We have to note
that, the distance for any [n, k, d] linear code always satifies the Singleton bound as follows

d ≤ n − k + 1.
A linear code which satifies this bound is called Maximum Distance Separable (MDS) code
as described in the following definition.
Definition 1. Let C be an [n, k, d] linear code over F2m . Then C is an MDS code if d = n−k +1.

Let Mm,n (F2m ) be the set of matrices with m rows and n columns with entries in F2m . A
matrix G in Mk,n (F2m ) is called a generator matrix of a linear code C if its rows form a basis
for the code C.
Definition 2. [6] A matrix M in Mk,n−k (F2m ) is called MDS if and only if it satisfies one of
the following properties:
(i) All its minors are non-zero
(ii) It is the redundant part of the generator matrix of an MDS code C under systematic form
i.e. the generator matrix G of C is in the form G = (Ik |M ), where Ik is the identity matrix
of size k × k.

Note that, for application purpose, we only consider MDS matrices of size n × n. These
matrices are redundant part of generator matrices of MDS codes of length 2n and dimension n.
In the set Mn,n (F2m ), we have the following special classes of matrices.
Definition 3. A matrix B in Mn,n (F2m ) is called orthogonal if BB T = B T B = In , where B T
is the transpose of B.

Definition 4. A matrix B in Mn,n (F2m ) is called involutory if B 2 = In .

Let c1 = (c1,1 , . . . , c1,n ) and c2 = (c2,1 , . . . , c2,n ) be any two elements in Fn2m . Define a
Euclidean product between c1 and c2 as follows.
n
X
c1 · c2 = c1,i c2,i .
i=1
Moreover, for any linear code C in Fn2m , define the Euclidean dual of C as follows.

C ⊥ = {a ∈ Fn2m |a · c = 0, ∀c ∈ C}.
A linear code C is called Euclidean self-dual if C = C ⊥ .
In this paper, based on the above notions, we develop some conditions related to MDS
orthogonal matrices and MDS involutory. Moreover, we give a search algorithm for the
construction of MDS involutory matrices from a given orthogonal MDS matrices.

2
ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

3. Result and Discussion

3.1. Involutory MDS matrices from Euclidean self-dual MDS codes
In this subsection we will describe some conditions for the construction of involutory MDS
matrices from a given generator matrix of self-dual MDS code. Let G be a generator matrix of a
Euclidean self-dual MDS code over F2m of length 2n and dimension n. The following proposition
shows that the output of Gauss-Jordan elimination on G has orthogonal MDS matrix as its
redundant part.
Proposition 5. If G is a generator matrix of a Euclidean self-dual MDS code C over F2m of
length 2n and dimension n, and G0 = (In |M ) is obtained by Gauss-Jordan elimination on G,
then M is an orthogonal MDS matrix.

Proof. Since Gauss-Jordan elimination only use row operations, we have that G0 = (In |M ) is also
a generator matrix for C. Let gi0 be the ith -row of G0 . The row gi0 can be written as gi0 = (ei , Mi ),
where ei = (0, 0, . . . , 0, 1, 0 . . . , 0) ∈ Fn2m (the standard vector) and Mi is the ith -row of M. By
self-duality of C, for any i and j we have

T
gi0 · gj0 = gi0 gj0 = ei · ej + Mi · Mj = ei eTj + Mi MjT = 0
Note that, ei · ej = ei eTj = δij , where δij is the Kronecker’s delta function. So, we have that

Mi · Mj = Mi MjT = δij

for all i, j = 1, 2, . . . , n. This means, M M T = M T M = In . Furthermore, since C is a MDS code,

the matrix M is a MDS matrix by Definition 1.

We have to note that Euclidean self-dual MDS codes over F2m of length n, where n ≤ 2m ,
are always exist. A constructive proof of this fact can be found in [7]. So, we can always use
the given constructive proof in [7] to construct Euclidean self-dual MDS codes over F2m . This
means, by combining the constructive proof given in [7] and Proposition 5, we can construct
orthogonal MDS matrices in Mn,n (F2m ).
Let Pσ be a permutation matrix related to a permutation σ in the symmetric group Sn . Also,
let Mσ = DPσ be a monomial matrix, where Pσ is a permutation matrix and D is a diagonal
matrix. The following lemma shows that a MDS matrix is invariant under the multiplication
with a monomial matrix.
Proposition 6. If A is a MDS matrix and Mσ1 , . . . , Mσt , Mσ10 , . . . , Mσs0 are monomial matrices
in Mn,n (F2m ), then
B = Mσt · · · Mσ1 AMσ10 · · · Mσs0
is also a MDS matrix.

Proof. Apply [4, Corollary 1] and [4, Corollary 4].

Let A be a matrix in Mn,n (F2m ) and σ be a permutation in Sn . Also, let c Ai and Aj be the
ith -column
and j th -row of A respectively, for all i, j = 1, 2, . . . , n. Define actions of σ on c Ai and
Aj as
 
Aσ−1 (1),i
 Aσ−1 (2),i 
σ(c Ai ) = 
 
.. 
 . 
Aσ−1 (n),i

3
ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

and

σ(Aj ) = Aj,σ−1 (1) , . . . , Aj,σ−1 (n) .
Let A be an orthogonal MDS matrix and Mσ = DPσ , be a monomial matrix, where
D = diag(α1 , . . . , αn ). Let Bi = (bi,1 , . . . , bi,n ). We have the following proposition.
Proposition 7. The matrix B = Mσ A is an involutory MDS matrix if and only if ni=1 αi = 1
Q
and
αi Aσ−1 (i) Dσ(c Aj ) = δij
for all i, j = 1, 2, . . . , n.

Proof. Recall that, in general, det(B) = det(A) = ±1 andQdet(Mσ ) = ± ni=1 αi . Since

Q
n
char (F2m ) = 2, we have det(B) = det(A)
Qn = 1 and det(Mσ ) = i=1 αi . So, when B = Mσ A is
an involutory matrix, then det(Mσ ) = i=1 αi = 1.
Now, consider
Bi ·c Bj = δij
⇐⇒ αi Aσ−1 (i) Dσ(c Aj ) = δij
Using the above facts, we will have the desired conclusions.

Qn
Proposition 8. The matrix B = AMσ is an involutory MDS matrix if and only if i=1 αi =1
and
Dσ(Ai )αj c Aσ−1 (j) = δij
for all i, j = 1, 2, . . . , n.

Proof. Similar to the proof of Proposition 7.

As consequences, we have the following corollaries.

Corollary 9. If A is an orthogonal MDS matrix and σ(c Aj ) = ATσ−1 (j) , for all j = 1, . . . , n,
then B = Pσ A is an involutory MDS matrix.

Proof. Apply Proposition 7.

Corollary 10. If A is an orthogonal MDS matrix and σ(Ai ) = Aσ−1 (i) , for all i = 1, . . . , n,
then B = APσ is an involutory MDS matrix.

Proof. Apply Proposition 8.

3.2. A search for involutory MDS matrices

In this subsection, we describe a search for involutory MDS matrices using permutation matrices
and classical simulated annealing algorithm. This search is based on the results in the previous
subsection, especially Corollary 9 and Corollary 10. Let A be a matrix in Mn,n (F2m ). Also, let
W = A2 = (wi,j )1≤i,j≤n . Define a function on A as follows.
n
X n X
X n
fA = fi + fi,j ,
i=1 j=1 k=1
k6=j

where 
1, if wi,i 6= 1
fi =
0, otherwise

4
ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

and 
1, if wi,j 6= 0
fi,j =
0, otherwise
The following algorithm can be used to search an involutory MDS matrix.
Algorithm 11. Given an orthogonal MDS matrix A in Mn,n (F2m ). Then,
(1) Let T = 0, α ∈ (0, 1), β ∈ (0, 1)
(2) Let S = A and fS = fA .
(3) Generate a random number r ∈ {1, 2}
(4) Generate random numbers id1 and id2 in {1, . . . , n}, and let S 0 = S
(5) 0
If r = 1, then swap(Sind 0
, Sind 0
), or If r = 2, then swap(c Sind 0
, Sind )
1 2 1 c 2
(6) Calculate fS 0 and ∆ = fS − fS 0
(7) If ∆ > 0, then S = S 0 . Otherwise,
(a) Generate a random number r2 ∈ (0, 1)
∆
(b) Calculate E = e T
(c) If r2 < E, then S = S 0
(8) Calculate fS and T = αT
(9) Repeat steps (3)-(8) until T < β
Note that, at the end of iterations, if we have fS = 0, then the last S is a MDS involutory
matrix. Otherwise, S is not a MDS involutory matrix. In the following examples, we use
generator matrices of Euclidean self-dual MDS codes in [8].
Example 12. Let ω be a root of f (x) = x3 + x + 1 ∈ F2 [x]. The element ω is a primitive element
in F23 . Consider the following generator matrix of a Euclidean self-dual MDS code of length 6
over F23 .
0 1 ω2 ω ω4
 
1
G1 =  ω 2 ω 2 1 0 ω ω 3 
1 1 1 1 1 1
After Gauss-Jordan elimination process, we have that

0 ω5 ω6 ω3
 
1 0
G1 ∼  0 1 0 ω6 ω3 ω5  .
0 0 1 ω3 ω5 ω6

By Proposition 5, the matrix

ω5 ω6 ω3
 

M1 =  ω 6 ω 3 ω 5 
ω3 ω5 ω6
is an orthogonal MDS matrix. In fact, M1 is also an involutory MDS matrix, because M12 = I3 .
The following matrices are examples of outputs from Algorithm 11 implemented in python. We
use the matrix M1 as the input.
 3
ω ω5 ω6


M10 =  ω 5 ω 6 ω 3 
ω6 ω3 ω5

5
ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

and
ω5 ω3 ω6
 

M100 =  ω 3 ω 6 ω 5  .
ω6 ω5 ω3

We can check that (M10 )2 = (M100 )2 = I3 . Therefore, M10 and M100 are also involutory MDS
matrices.

Example 13. Let α be a root of f (x) = x4 + x + 1 ∈ F2 [x]. The element α is a primitive element
in F24 . Let G2 be the following matrix.

0 1 α4 α14 α9
 
1
G2 =  α13 α13 1 0 α α4 
1 1 1 1 1 1
The matrix G2 is a generator matrix of Euclidean self-dual MDS code of length 6 over F24 . By
Gauss-Jordan elimination, we have

1 0 0 α3 α8 α6
 

G2 ∼  0 1 0 α α 3 α 7  .
0 0 1 α7 α6 α5
So, the matrix

α3 α8 α6
 

M2 =  α α 3 α 7 
α7 α6 α5
is an orthogonal MDS matrix. We can check that M22 6= I3 . Using Algorithm 11 implemented
in python. We use the matrix M2 as an input, we get the following involutory MDS matrices,

α α3 α7
 

M20 =  α3 α8 α6 
α7 α6 α5
and
α8 α3 α6
 

M200 =  α3 α α7  .
α6 α7 α5

4. Conclusion
In this paper we show how to search for MDS involutory matrices using generator matrices
of Euclidean self-dual MDS codes and simulated annealing. However, the convergence of such
search not yet been guaranteed. Therefore, we need to prove whether the proposed search always
give MDS involutory matrices or not.

Acknowledgements
The authors thank to Ministry of Education and Culture Indonesia for the support through
Fundamental Research Funding 2019. Also, thanks to anonymous reviewers for their valuable
suggestions.

6
ICW-HDDA-X 2020 IOP Publishing
Journal of Physics: Conference Series 1722 (2021) 012030 doi:10.1088/1742-6596/1722/1/012030

References
[1] Chand Gupta K. and Ghosh Ray I. 2014. On constructions of circulant MDS matrices for lightweight
cryptography. In: Huang X., Zhou J. (eds) Information Security Practice and Experience (ISPEC). Lecture
Notes in Computer Science, vol 8434. Springer, Cham.
[2] Bai J., Sun Y. and Wang D.. 2020. On the construction of involutory MDS matrices over F2m . J Syst Sci
Complex 33, 836—848.
[3] Chand Gupta K., Ghosh Ray I.. 2013. On constructions of involutory MDS matrices. In: Youssef A., Nitaj A.,
Hassanien A.E. (eds) Progress in Cryptology – AFRICACRYPT 2013. Lecture Notes in Computer Science,
vol 7918. Springer, Berlin, Heidelberg.‘
[4] Chand Gupta K. et al. 2019. Cryptographically significant MDS matrices over finite fields: A brief survey and
some generalized results. Adv. in Math. Comm. 13 No. 4, 779–843.
[5] Sajadieh M., Dakhilalian M., Mala H. et al. 2012. On construction of involutory MDS matrices from
Vandermonde matrices in GF (2q ). Des. Codes Cryptogr. 64, 287—308. https://doi.org/10.1007/
s10623-011-9578-x
[6] Cauchois, V., and Loidreau, P.. 2019. On circulant involutory MDS matrices. Des. Codes Cryptogr. 87, 249—
260. https://doi.org/10.1007/s10623-018-0520-3
[7] Grassl M. and Gulliver T.A.. 2008. On self-dual MDS codes. IEEE International Symposium on Information
Theory, 1954-1957. Doi: 10.1109/ISIT.2008.4595330.
[8] Kim J.L. and Lee Y.. 2004. Euclidean and Hermitian self-dual MDS codes over large finite fields. J. Combin.
Theory, Series A 105 Issue 1, 79–95. Doi: 10.1016/j.jcta.2003.10.003.
[9] Rishakani A.M., Dehnavi S.M., Dabanloo Y.F., and Maimani H.. 2015. Construction of MDS matrices from
minors of an MDS matrix. Proceeding of 12th International Iranian Society of Cryptology Conference on
Information Security and Cryptology (ISCISC), 48–51. https://doi.org/10.1109/ISCISC.2015.7387897
[10] Yin D. and Gao Y.. 2017. A new construction of lightweight MDS matrices. Proceeding of 3rd IEEE
International Conference on Computer and Communications (ICCC), 2560–2563. https://doi.org/10.
1109/CompComm.2017.8322997