New Insights into Involutory and Orthogonal MDS Matrices

MDS matrices play a critical role in the design of diffusion layers for block ciphers and hash functions due to their optimal branch number. Involutory and orthogonal MDS matrices offer additional benefits by allowing identical or nearly identical circuitry for both encryption and decryption, leading to equivalent implementation costs for both processes. These properties have been further generalized through the notions of semi-involutory and semi-orthogonal matrices. While much of the existing literature focuses on identifying efficiently implementable MDS candidates or proposing new constructions for MDS matrices of various orders, this work takes a different direction. Rather than introducing novel constructions or prioritizing implementation efficiency, we investigate structural relationships between the generalized variants and their conventional counterparts. Specifically, we establish nontrivial interconnections between semi-involutory and involutory matrices, as well as between semi-orthogonal and orthogonal matrices. Exploiting these relationships, we show that the number of semi-involutory MDS matrices can be directly derived from the number of involutory MDS matrices, and vice versa. A similar correspondence holds for semi-orthogonal and orthogonal MDS matrices. We also examine the intersection of these classes and show that the number of $3 \times 3$ MDS matrices that are both semi-involutory and semi-orthogonal coincides with the number of semi-involutory MDS matrices over $\mathbb{F}_{2^m}$. Furthermore, we derive the general structure of orthogonal matrices of arbitrary order $n$ over $\mathbb{F}_{2^m}$. Finally, leveraging the aforementioned interconnections, we present an alternative and direct derivation of the explicit formulae for counting $3 \times 3$ semi-involutory MDS matrices and $3 \times 3$ semi-orthogonal MDS matrices.