Share This Article:

On Rijndael ByteSub Transformation

Abstract Full-Text HTML XML Download Download as PDF (Size:306KB) PP. 113-118
DOI: 10.4236/am.2019.103010    205 Downloads   343 Views   Citations
Author(s)    Leave a comment

ABSTRACT

The first step in converting a plaintext to ciphertext by the famous Advanced Encryption Standard (AES), which is called Rijndael ByteSub Transformation, involves some operations: computing a multiplicative inverse, multiplying this multiplicative inverse by a specific matrix, and adding the result to a specific vector. The purpose of this research is to simplify these operations. This paper gives elegant techniques and presents the matrices multiplication as simple XOR operations, and the result is a simple, straightforward way finding the transformation.

1. Introduction

Rijndael ByteSub transformation (or AES substitution byte) [1] transforms an input byte into another byte by two operations:

1) Finding a multiplicative inverse of an input byte ( a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ) in the finite field GF (28).

2) Applying the following affine transform:

c i = b i + b ( i + 4 ) mod ( 8 ) + b ( i + 5 ) mod ( 8 ) + b ( i + 6 ) mod ( 8 ) + b ( i + 7 ) mod ( 8 ) + d i , 0 i 7 (1)

where ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) is resulting from the first operation, ( d 7 d 6 d 5 d 4 d 3 d 2 d 1 d 0 ) = 01100011 .

In general, the multiplicative inverse is found by using the extended Euclidean algorithm [2] , instead of using it, we use an elegant technique which finds the multiplicative inverse in clear steps.

The transform of the second operation can be expressed in the matrix form as:

[ c 0 c 1 c 2 c 3 c 4 c 5 c 6 c 7 ] = [ 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ] [ b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 ] + [ 1 1 0 0 0 1 1 0 ] (2)

To solve this system, we use an unusual and more suitable technique which shows this multiplication of matrix (8 × 8) and matrix (8 × 1) as simple XOR operations, and we can find it directly from ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) .

2. The Methodology

For an input byte ( a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ) , we find its multiplicative inverse ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) , and find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) such that:

[ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] = [ 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ] [ b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 ] (3)

Then, we find the output ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) as:

[ c 0 c 1 c 2 c 3 c 4 c 5 c 6 c 7 ] = [ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] + [ 1 1 0 0 0 1 1 0 ] (4)

First, we find a multiplicative inverse of a 7 x 7 + a 6 x 6 + a 5 x 5 + a 4 x 4 + a 3 x 3 + a 2 x 2 + a 1 x + a 0 mod ( x 8 + x 4 + x 3 + x + 1 ) .

Let M 1 = a 7 x 7 + a 6 x 6 + a 5 x 5 + a 4 x 4 + a 3 x 3 + a 2 x 2 + a 1 x + a 0 , P = x 8 + x 4 + x 3 + x + 1 , and represent the multiplicative inverse by T.

We seek for q 1 and r 1 satisfying:

M 1 q 1 + r 1 = Q 1 (5)

where Q 1 = P + 1 [3] , (look at Table 1).

If r 1 = 0 , then T = q 1 .

If r 1 0 , we let M 2 = r 1 + 1 and seek for q i and r i satisfying:

M i q i + r i = Q i , 2 i 7 (6)

where Q i = M i 1 , and M i + 1 = r i (look at Table 2).

Whenever r i = 1 , then

T = T i = q i T i 1 + T i 2 (7)

where T 0 = 1 , and T 1 = q 1 .

Then, to find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) , we write the system (3), as follows:

[ e ] = [ X Y Y X ] [ b ] (8)

e i = X b i + Y b j (9)

e j = Y b i + X b j (10)

where 0 i 3 , 4 j 7 , and

X = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] (11)

Y = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] (12)

b i = [ b 0 b 1 b 2 b 3 ] , b j = [ b 4 b 5 b 6 b 7 ] (13)

Table 1. First step to find the multiplicative inverse.

Table 2. All steps to find the multiplicative inverse.

Then we compute

X b i = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] [ b 0 b 1 b 2 b 3 ] = [ b 0 b 0 + b 1 b 0 + b 1 + b 2 b 0 + b 1 + b 2 + b 3 ] (14)

Y b j = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] [ b 4 b 5 b 6 b 7 ] = [ b 7 + b 6 + b 5 + b 4 b 7 + b 6 + b 5 b 7 + b 6 b 7 ] (15)

Y b i = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] [ b 0 b 1 b 2 b 3 ] = [ b 3 + b 2 + b 1 + b 0 b 3 + b 2 + b 1 b 3 + b 2 b 3 ] (16)

X b j = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] [ b 4 b 5 b 6 b 7 ] = [ b 4 b 4 + b 5 b 4 + b 5 + b 6 b 4 + b 5 + b 6 + b 7 ] (17)

X b i + Y b j = [ b 0 b 0 + b 1 b 0 + b 1 + b 2 b 0 + b 1 + b 2 + b 3 ] + [ b 7 + b 6 + b 5 + b 4 b 7 + b 6 + b 5 b 7 + b 6 b 7 ] = [ b 0 + b 7 + b 6 + b 5 + b 4 b 0 + b 1 + b 7 + b 6 + b 5 b 0 + b 1 + b 2 + b 7 + b 6 b 0 + b 1 + b 2 + b 3 + b 7 ] (18)

Y b i + X b j = [ b 3 + b 2 + b 1 + b 0 b 3 + b 2 + b 1 b 3 + b 2 b 3 ] + [ b 4 b 4 + b 5 b 4 + b 5 + b 6 b 4 + b 5 + b 6 + b 7 ] = [ b 3 + b 2 + b 1 + b 0 + b 4 b 3 + b 2 + b 1 + b 4 + b 5 b 3 + b 2 + b 4 + b 5 + b 6 b 3 + b 4 + b 5 + b 6 + b 7 ] (19)

The result is

[ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] = [ b 0 + b 7 + b 6 + b 5 + b 4 b 0 + b 1 + b 7 + b 6 + b 5 b 0 + b 1 + b 2 + b 7 + b 6 b 0 + b 1 + b 2 + b 3 + b 7 b 3 + b 2 + b 1 + b 0 + b 4 b 3 + b 2 + b 1 + b 4 + b 5 b 3 + b 2 + b 4 + b 5 + b 6 b 3 + b 4 + b 5 + b 6 + b 7 ] (20)

and this satisfies:

e i = b i + b ( i + 4 ) mod ( 8 ) + b ( i + 5 ) mod ( 8 ) + b ( i + 6 ) mod ( 8 ) + b ( i + 7 ) mod ( 8 ) , 0 i 7 (21)

At the last, to find ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) , we add ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) to 01100011 .

3. Results

The matrices: X b i , Y b j , Y b i and X b j are just ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) with some XOR operations. When multiplying X by b i or b j , the result will be:

(first element, first + second, first + second + third, first + second + third+ fourth) of b i or b j , and when multiplying Y by b i or b j , starting from the fourth element, the result will be:

(First + second + third + fourth, second + third + fourth, third + fourth, fourth) of b i or b j .

So, we can find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) from ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) directly.

4. Example

To encrypt:

Input: 32 43 F6 A8 88 5A 30 8D 31 31 98 A2 E0 37 07 34

Key: 2B 7E 15 16 28 AE D2 A6 AB F7 15 88 09 CF 4F 3C

using AES [1] .

Let us do the first step (Rijndael ByteSub transformation).

[ 32 88 31 E 0 43 F 6 A 8 5 A 30 8 D 31 98 A 2 37 07 34 ] + [ 2 B 28 A B 09 7 E 15 16 A E D 2 A 6 F 7 15 88 C F 4 F 3 C ] = [ 19 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ]

We just transform the element {19},

19 = 00011001 = x 4 + x 3 + 1

Computing the multiplicative inverse, (look at Table 3).

Since r 2 = 1 ,

T = T 2 = q 2 T 1 + T 0 = x ( x 4 + x 3 + x 2 + x + 1 ) + 1 = x 5 + x 4 + x 3 + x 2 + x + 1 = 00111111

Now, we take ( 00111111 ) , to do the second operation.

[ 1 1 1 1 1 1 0 0 ] [ 1 0 1 0 ] + [ 0 1 0 0 ] [ 0 1 0 1 ] + [ 1 0 0 0 ] [ 1 1 1 0 1 1 0 1 ]

Then we add the result to ( 01100011 )

Table 3. Steps finish when r 2 = 1 .

[ 1 1 1 0 1 1 0 1 ] + [ 1 1 0 0 0 1 1 0 ] = [ 0 0 1 0 1 0 1 1 ]

So,

19 11010100 = D 4

5. Conclusion

The modern technique proposed in this work equivalently finds the Rijndael byte substitute transformation without a need to compute multiplicative inverses and matrices multiplication by traditional methods.

Conflicts of Interest

The authors declare no conflicts of interest regarding the publication of this paper.

Cite this paper

Ahmed, W. (2019) On Rijndael ByteSub Transformation. Applied Mathematics, 10, 113-118. doi: 10.4236/am.2019.103010.

References

[1] Advanced Encryption Standard (AES), FIPS Publication 197, National Institute of Standards and Technology (NIST), November 26, 2001.
[2] Menezes, A., van Oorschot, P. and Vanstone, S. (1997) Handbook of Applied Cryptography. CRC Press, New York.
[3] Ahmed, W. (2019) Some Techniques to Compute Multiplicative Inverses for Advanced Encryption Standard. Journal of Advances in Mathematics, 16, 8208-8212.
https://doi.org/10.24297/jam.v16i0.8016

  
comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.