sci.crypt archive
Re: AES operation order
From: Sebastian Gottschalk <seppi@seppig.de>
Date: Mon Dec 26 2005 - 22:34:10 CET
Date: Mon Dec 26 2005 - 22:34:10 CET
Cryptic wrote:
> MixColumns(state xor (A^(-1) * key)) =
> A * (state xor A^(-1) * key) =
> (A * state) xor (A * A^(-1) * key) =
> (A * state) xor key = the original AES result.
>
> But it does not work. Isn't the above correct in GF(2^8)?
[3] * ((1) xor [170] * (4)) = [3] * ((1) xor (168))) = [3]*(169) = (251)
([3] * (1)) xor ([3]*[170] * (4)) = (3) xor (4) = (7)
I still wonder why you even assumed that '*' is distributive over XOR in
any non-trivial field like GF(2^8). For much more fun, the same thing
for GF(2^16) is an esential element of the security of IDEA.
Received on Tue Jan 3 03:41:25 2006