Designing efficient and secure diffusion layers for lightweight cryptography necessitates constructing MDS matrices with low hardware implementation cost (e.g., minimal XOR count) while preserving strong algebraic security. Method: This paper constructs quasi-recursive MDS matrices over the noncommutative Galois ring GR(pˢ, pˢᵐ). It innovatively integrates skew polynomial rings GR(pˢ, pˢᵐ)[X; σ] with Wedderburn’s right-root theory, extending recursive MDS construction—previously limited to commutative settings—to noncommutative rings. By analyzing recursive structures, establishing a right-root existence criterion, and designing companion matrices over the ring, it systematically generates families of strictly MDS matrices. Contribution/Results: The method applies directly to practical finite fields such as F₂ₘ, significantly enlarging the feasible size range of constructible quasi-recursive MDS matrices. It yields diffusion layers that simultaneously achieve provable MDS security and high implementation efficiency—particularly low XOR complexity—thereby providing a novel, algebraically robust foundation for high-performance cryptographic primitives.

Let $p$ be a prime and $s,m,n$ be positive integers. This paper studies quasi-recursive MDS matrices over Galois rings $GR(p^{s}, p^{sm})$ and proposes various direct construction methods for such matrices. The construction is based on skew polynomial rings $GR(p^{s}, p^{sm})[X;σ]$, whose rich factorization properties and enlarged class of polynomials are used to define companion matrices generating quasi-recursive MDS matrices. First, two criteria are established for characterizing polynomials that yield recursive MDS matrices, generalizing existing results, and then an additional criterion is derived in terms of the right roots of the associated Wedderburn polynomial. Using these criteria, methods are developed to construct skew polynomials that give rise to quasi-recursive MDS matrices over Galois rings. This framework extends known constructions to the non-commutative setting and significantly enlarges the family of available matrices, with potential applications to efficient diffusion layers in cryptographic primitives. The results are particularly relevant for practical implementations when $s = 1$ and $p = 2$, i.e., over the finite field $mathbb{F}_{2^m}$, which is of central interest in real-world cryptographic applications.