_{1}

^{*}

The first step in converting a plaintext to ciphertext by the famous Advanced Encryption Standard (AES), which is called Rijndael ByteSub Transformation, involves some operations: computing a multiplicative inverse, multiplying this multiplicative inverse by a specific matrix, and adding the result to a specific vector. The purpose of this research is to simplify these operations. This paper gives elegant techniques and presents the matrices multiplication as simple XOR operations, and the result is a simple, straightforward way find ing the transformation.

Rijndael ByteSub transformation (or AES substitution byte) [

1) Finding a multiplicative inverse of an input byte ( a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ) in the finite field GF (2^{8}).

2) Applying the following affine transform:

c i = b i + b ( i + 4 ) mod ( 8 ) + b ( i + 5 ) mod ( 8 ) + b ( i + 6 ) mod ( 8 ) + b ( i + 7 ) mod ( 8 ) + d i , 0 ≤ i ≤ 7 (1)

where ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) is resulting from the first operation, ( d 7 d 6 d 5 d 4 d 3 d 2 d 1 d 0 ) = 01100011 .

In general, the multiplicative inverse is found by using the extended Euclidean algorithm [

The transform of the second operation can be expressed in the matrix form as:

[ c 0 c 1 c 2 c 3 c 4 c 5 c 6 c 7 ] = [ 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ] [ b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 ] + [ 1 1 0 0 0 1 1 0 ] (2)

To solve this system, we use an unusual and more suitable technique which shows this multiplication of matrix (8 × 8) and matrix (8 × 1) as simple XOR operations, and we can find it directly from ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) .

For an input byte ( a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ) , we find its multiplicative inverse ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) , and find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) such that:

[ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] = [ 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ] [ b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 ] (3)

Then, we find the output ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) as:

[ c 0 c 1 c 2 c 3 c 4 c 5 c 6 c 7 ] = [ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] + [ 1 1 0 0 0 1 1 0 ] (4)

First, we find a multiplicative inverse of a 7 x 7 + a 6 x 6 + a 5 x 5 + a 4 x 4 + a 3 x 3 + a 2 x 2 + a 1 x + a 0 mod ( x 8 + x 4 + x 3 + x + 1 ) .

Let M 1 = a 7 x 7 + a 6 x 6 + a 5 x 5 + a 4 x 4 + a 3 x 3 + a 2 x 2 + a 1 x + a 0 , P = x 8 + x 4 + x 3 + x + 1 , and represent the multiplicative inverse by T.

We seek for q 1 and r 1 satisfying:

M 1 q 1 + r 1 = Q 1 (5)

where Q 1 = P + 1 [

If r 1 = 0 , then T = q 1 .

If r 1 ≠ 0 , we let M 2 = r 1 + 1 and seek for q i and r i satisfying:

M i q i + r i = Q i , 2 ≤ i ≤ 7 (6)

where Q i = M i − 1 , and M i + 1 = r i (look at

Whenever r i = 1 , then

T = T i = q i T i − 1 + T i − 2 (7)

where T 0 = 1 , and T 1 = q 1 .

Then, to find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) , we write the system (3), as follows:

[ e ] = [ X Y Y X ] [ b ] (8)

e i = X b i + Y b j (9)

e j = Y b i + X b j (10)

where 0 ≤ i ≤ 3 , 4 ≤ j ≤ 7 , and

X = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] (11)

Y = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] (12)

b i = [ b 0 b 1 b 2 b 3 ] , b j = [ b 4 b 5 b 6 b 7 ] (13)

i | M | q | r | Q |
---|---|---|---|---|

1 | M 1 | q 1 | r 1 | Q 1 = P + 1 |

i | M | q | r | Q |
---|---|---|---|---|

1 | M 1 | q 1 | r 1 | Q 1 = P + 1 |

2 | M 2 = r 1 + 1 | q 2 | r 2 | Q 2 = M 1 |

3 | M 3 = r 2 | q 3 | r 3 | Q 3 = M 2 |

4 | M 4 = r 3 | q 4 | r 4 | Q 4 = M 3 |

5 | M 5 = r 4 | q 5 | r 5 | Q 5 = M 4 |

6 | M 6 = r 5 | q 6 | r 6 | Q 6 = M 5 |

7 | M 7 = r 6 | q 7 | r 7 | Q 7 = M 6 |

Then we compute

X b i = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] [ b 0 b 1 b 2 b 3 ] = [ b 0 b 0 + b 1 b 0 + b 1 + b 2 b 0 + b 1 + b 2 + b 3 ] (14)

Y b j = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] [ b 4 b 5 b 6 b 7 ] = [ b 7 + b 6 + b 5 + b 4 b 7 + b 6 + b 5 b 7 + b 6 b 7 ] (15)

Y b i = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] [ b 0 b 1 b 2 b 3 ] = [ b 3 + b 2 + b 1 + b 0 b 3 + b 2 + b 1 b 3 + b 2 b 3 ] (16)

X b j = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] [ b 4 b 5 b 6 b 7 ] = [ b 4 b 4 + b 5 b 4 + b 5 + b 6 b 4 + b 5 + b 6 + b 7 ] (17)

X b i + Y b j = [ b 0 b 0 + b 1 b 0 + b 1 + b 2 b 0 + b 1 + b 2 + b 3 ] + [ b 7 + b 6 + b 5 + b 4 b 7 + b 6 + b 5 b 7 + b 6 b 7 ] = [ b 0 + b 7 + b 6 + b 5 + b 4 b 0 + b 1 + b 7 + b 6 + b 5 b 0 + b 1 + b 2 + b 7 + b 6 b 0 + b 1 + b 2 + b 3 + b 7 ] (18)

Y b i + X b j = [ b 3 + b 2 + b 1 + b 0 b 3 + b 2 + b 1 b 3 + b 2 b 3 ] + [ b 4 b 4 + b 5 b 4 + b 5 + b 6 b 4 + b 5 + b 6 + b 7 ] = [ b 3 + b 2 + b 1 + b 0 + b 4 b 3 + b 2 + b 1 + b 4 + b 5 b 3 + b 2 + b 4 + b 5 + b 6 b 3 + b 4 + b 5 + b 6 + b 7 ] (19)

The result is

[ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] = [ b 0 + b 7 + b 6 + b 5 + b 4 b 0 + b 1 + b 7 + b 6 + b 5 b 0 + b 1 + b 2 + b 7 + b 6 b 0 + b 1 + b 2 + b 3 + b 7 b 3 + b 2 + b 1 + b 0 + b 4 b 3 + b 2 + b 1 + b 4 + b 5 b 3 + b 2 + b 4 + b 5 + b 6 b 3 + b 4 + b 5 + b 6 + b 7 ] (20)

and this satisfies:

e i = b i + b ( i + 4 ) mod ( 8 ) + b ( i + 5 ) mod ( 8 ) + b ( i + 6 ) mod ( 8 ) + b ( i + 7 ) mod ( 8 ) , 0 ≤ i ≤ 7 (21)

At the last, to find ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) , we add ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) to 01100011 .

The matrices: X b i , Y b j , Y b i and X b j are just ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) with some XOR operations. When multiplying X by b i or b j , the result will be:

(first element, first + second, first + second + third, first + second + third+ fourth) of b i or b j , and when multiplying Y by b i or b j , starting from the fourth element, the result will be:

(First + second + third + fourth, second + third + fourth, third + fourth, fourth) of b i or b j .

So, we can find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) from ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) directly.

To encrypt:

Input: 32 43 F6 A8 88 5A 30 8D 31 31 98 A2 E0 37 07 34

Key: 2B 7E 15 16 28 AE D2 A6 AB F7 15 88 09 CF 4F 3C

using AES [

Let us do the first step (Rijndael ByteSub transformation).

[ 32 88 31 E 0 43 F 6 A 8 5 A 30 8 D 31 98 A 2 37 07 34 ] + [ 2 B 28 A B 09 7 E 15 16 A E D 2 A 6 F 7 15 88 C F 4 F 3 C ] = [ 19 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ]

We just transform the element {19},

19 = 00011001 = x 4 + x 3 + 1

Computing the multiplicative inverse, (look at

Since r 2 = 1 ,

T = T 2 = q 2 T 1 + T 0 = x ( x 4 + x 3 + x 2 + x + 1 ) + 1 = x 5 + x 4 + x 3 + x 2 + x + 1 = 00111111

Now, we take ( 00111111 ) , to do the second operation.

[ 1 1 1 1 1 1 0 0 ] → [ 1 0 1 0 ] + [ 0 1 0 0 ] [ 0 1 0 1 ] + [ 1 0 0 0 ] → [ 1 1 1 0 1 1 0 1 ]

Then we add the result to ( 01100011 )

i | M | q | r | Q |
---|---|---|---|---|

1 | x 4 + x 3 + 1 | x 4 + x 3 + x 2 + x + 1 | x 3 + x 2 + 1 | x 8 + x 4 + x 3 + x |

2 | x 3 + x 2 | x | 1 | x 4 + x 3 + 1 |

[ 1 1 1 0 1 1 0 1 ] + [ 1 1 0 0 0 1 1 0 ] = [ 0 0 1 0 1 0 1 1 ]

So,

19 → 11010100 = D 4

The modern technique proposed in this work equivalently finds the Rijndael byte substitute transformation without a need to compute multiplicative inverses and matrices multiplication by traditional methods.

The author declares no conflicts of interest regarding the publication of this paper.

Ahmed, W.E. (2019) On Rijndael ByteSub Transformation. Applied Mathematics, 10, 113-118. https://doi.org/10.4236/am.2019.103010