Four by four MDS matrices with the fewest XOR gates based on words

MDS matrices play an important role in the design of block ciphers, and constructing MDS matrices with fewer xor gates is of significant interest for lightweight ciphers. For this topic, Duval and Leurent proposed an approach to construct MDS matrices by using three linear operations in ToSC 2018. Taking words as elements, they found \begin{document}$ 16\times16 $\end{document} and \begin{document}$ 32\times 32 $\end{document} MDS matrices over \begin{document}$ \mathbb{F}_2 $\end{document} with only \begin{document}$ 35 $\end{document} xor gates and \begin{document}$ 67 $\end{document} xor gates respectively, which are also the best known implementations up to now. Based on the same observation as their work, we consider three linear operations as three kinds of elementary linear operations of matrices, and obtain more MDS matrices with \begin{document}$ 35 $\end{document} and \begin{document}$ 67 $\end{document} xor gates. In addition, some \begin{document}$ 16\times16 $\end{document} or \begin{document}$ 32\times32 $\end{document} involutory MDS matrices with only \begin{document}$ 36 $\end{document} or \begin{document}$ 72 $\end{document} xor gates over \begin{document}$ \mathbb{F}_2 $\end{document} are also proposed, which are better than previous results. Moreover, our method can be extended to general linear groups, and we prove that the lower bound of the sequential xor count based on words for \begin{document}$ 4 \times 4 $\end{document} MDS matrix over general linear groups is \begin{document}$ 8n+2 $\end{document} .