AM  Vol.10 No.3 , March 2019
On Rijndael ByteSub Transformation
Author(s) W. Eltayeb Ahmed1,2
ABSTRACT
The first step in converting a plaintext to ciphertext by the famous Advanced Encryption Standard (AES), which is called Rijndael ByteSub Transformation, involves some operations: computing a multiplicative inverse, multiplying this multiplicative inverse by a specific matrix, and adding the result to a specific vector. The purpose of this research is to simplify these operations. This paper gives elegant techniques and presents the matrices multiplication as simple XOR operations, and the result is a simple, straightforward way finding the transformation.

1. Introduction

Rijndael ByteSub transformation (or AES substitution byte) [1] transforms an input byte into another byte by two operations:

1) Finding a multiplicative inverse of an input byte ( a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ) in the finite field GF (28).

2) Applying the following affine transform:

c i = b i + b ( i + 4 ) mod ( 8 ) + b ( i + 5 ) mod ( 8 ) + b ( i + 6 ) mod ( 8 ) + b ( i + 7 ) mod ( 8 ) + d i , 0 i 7 (1)

where ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) is resulting from the first operation, ( d 7 d 6 d 5 d 4 d 3 d 2 d 1 d 0 ) = 01100011 .

In general, the multiplicative inverse is found by using the extended Euclidean algorithm [2] , instead of using it, we use an elegant technique which finds the multiplicative inverse in clear steps.

The transform of the second operation can be expressed in the matrix form as:

[ c 0 c 1 c 2 c 3 c 4 c 5 c 6 c 7 ] = [ 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ] [ b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 ] + [ 1 1 0 0 0 1 1 0 ] (2)

To solve this system, we use an unusual and more suitable technique which shows this multiplication of matrix (8 × 8) and matrix (8 × 1) as simple XOR operations, and we can find it directly from ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) .

2. The Methodology

For an input byte ( a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ) , we find its multiplicative inverse ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) , and find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) such that:

[ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] = [ 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 ] [ b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 ] (3)

Then, we find the output ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) as:

[ c 0 c 1 c 2 c 3 c 4 c 5 c 6 c 7 ] = [ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] + [ 1 1 0 0 0 1 1 0 ] (4)

First, we find a multiplicative inverse of a 7 x 7 + a 6 x 6 + a 5 x 5 + a 4 x 4 + a 3 x 3 + a 2 x 2 + a 1 x + a 0 mod ( x 8 + x 4 + x 3 + x + 1 ) .

Let M 1 = a 7 x 7 + a 6 x 6 + a 5 x 5 + a 4 x 4 + a 3 x 3 + a 2 x 2 + a 1 x + a 0 , P = x 8 + x 4 + x 3 + x + 1 , and represent the multiplicative inverse by T.

We seek for q 1 and r 1 satisfying:

M 1 q 1 + r 1 = Q 1 (5)

where Q 1 = P + 1 [3] , (look at Table 1).

If r 1 = 0 , then T = q 1 .

If r 1 0 , we let M 2 = r 1 + 1 and seek for q i and r i satisfying:

M i q i + r i = Q i , 2 i 7 (6)

where Q i = M i 1 , and M i + 1 = r i (look at Table 2).

Whenever r i = 1 , then

T = T i = q i T i 1 + T i 2 (7)

where T 0 = 1 , and T 1 = q 1 .

Then, to find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) , we write the system (3), as follows:

[ e ] = [ X Y Y X ] [ b ] (8)

e i = X b i + Y b j (9)

e j = Y b i + X b j (10)

where 0 i 3 , 4 j 7 , and

X = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] (11)

Y = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] (12)

b i = [ b 0 b 1 b 2 b 3 ] , b j = [ b 4 b 5 b 6 b 7 ] (13)

Table 1. First step to find the multiplicative inverse.

Table 2. All steps to find the multiplicative inverse.

Then we compute

X b i = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] [ b 0 b 1 b 2 b 3 ] = [ b 0 b 0 + b 1 b 0 + b 1 + b 2 b 0 + b 1 + b 2 + b 3 ] (14)

Y b j = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] [ b 4 b 5 b 6 b 7 ] = [ b 7 + b 6 + b 5 + b 4 b 7 + b 6 + b 5 b 7 + b 6 b 7 ] (15)

Y b i = [ 1 1 0 1 1 1 1 1 0 0 0 0 1 1 0 1 ] [ b 0 b 1 b 2 b 3 ] = [ b 3 + b 2 + b 1 + b 0 b 3 + b 2 + b 1 b 3 + b 2 b 3 ] (16)

X b j = [ 1 0 0 0 1 1 1 1 1 1 0 1 1 0 0 1 ] [ b 4 b 5 b 6 b 7 ] = [ b 4 b 4 + b 5 b 4 + b 5 + b 6 b 4 + b 5 + b 6 + b 7 ] (17)

X b i + Y b j = [ b 0 b 0 + b 1 b 0 + b 1 + b 2 b 0 + b 1 + b 2 + b 3 ] + [ b 7 + b 6 + b 5 + b 4 b 7 + b 6 + b 5 b 7 + b 6 b 7 ] = [ b 0 + b 7 + b 6 + b 5 + b 4 b 0 + b 1 + b 7 + b 6 + b 5 b 0 + b 1 + b 2 + b 7 + b 6 b 0 + b 1 + b 2 + b 3 + b 7 ] (18)

Y b i + X b j = [ b 3 + b 2 + b 1 + b 0 b 3 + b 2 + b 1 b 3 + b 2 b 3 ] + [ b 4 b 4 + b 5 b 4 + b 5 + b 6 b 4 + b 5 + b 6 + b 7 ] = [ b 3 + b 2 + b 1 + b 0 + b 4 b 3 + b 2 + b 1 + b 4 + b 5 b 3 + b 2 + b 4 + b 5 + b 6 b 3 + b 4 + b 5 + b 6 + b 7 ] (19)

The result is

[ e 0 e 1 e 2 e 3 e 4 e 5 e 6 e 7 ] = [ b 0 + b 7 + b 6 + b 5 + b 4 b 0 + b 1 + b 7 + b 6 + b 5 b 0 + b 1 + b 2 + b 7 + b 6 b 0 + b 1 + b 2 + b 3 + b 7 b 3 + b 2 + b 1 + b 0 + b 4 b 3 + b 2 + b 1 + b 4 + b 5 b 3 + b 2 + b 4 + b 5 + b 6 b 3 + b 4 + b 5 + b 6 + b 7 ] (20)

and this satisfies:

e i = b i + b ( i + 4 ) mod ( 8 ) + b ( i + 5 ) mod ( 8 ) + b ( i + 6 ) mod ( 8 ) + b ( i + 7 ) mod ( 8 ) , 0 i 7 (21)

At the last, to find ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) , we add ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) to 01100011 .

3. Results

The matrices: X b i , Y b j , Y b i and X b j are just ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) with some XOR operations. When multiplying X by b i or b j , the result will be:

(first element, first + second, first + second + third, first + second + third+ fourth) of b i or b j , and when multiplying Y by b i or b j , starting from the fourth element, the result will be:

(First + second + third + fourth, second + third + fourth, third + fourth, fourth) of b i or b j .

So, we can find ( e 7 e 6 e 5 e 4 e 3 e 2 e 1 e 0 ) from ( b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) directly.

4. Example

To encrypt:

Input: 32 43 F6 A8 88 5A 30 8D 31 31 98 A2 E0 37 07 34

Key: 2B 7E 15 16 28 AE D2 A6 AB F7 15 88 09 CF 4F 3C

using AES [1] .

Let us do the first step (Rijndael ByteSub transformation).

[ 32 88 31 E 0 43 F 6 A 8 5 A 30 8 D 31 98 A 2 37 07 34 ] + [ 2 B 28 A B 09 7 E 15 16 A E D 2 A 6 F 7 15 88 C F 4 F 3 C ] = [ 19 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ]

We just transform the element {19},

19 = 00011001 = x 4 + x 3 + 1

Computing the multiplicative inverse, (look at Table 3).

Since r 2 = 1 ,

T = T 2 = q 2 T 1 + T 0 = x ( x 4 + x 3 + x 2 + x + 1 ) + 1 = x 5 + x 4 + x 3 + x 2 + x + 1 = 00111111

Now, we take ( 00111111 ) , to do the second operation.

[ 1 1 1 1 1 1 0 0 ] [ 1 0 1 0 ] + [ 0 1 0 0 ] [ 0 1 0 1 ] + [ 1 0 0 0 ] [ 1 1 1 0 1 1 0 1 ]

Then we add the result to ( 01100011 )

Table 3. Steps finish when r 2 = 1 .

[ 1 1 1 0 1 1 0 1 ] + [ 1 1 0 0 0 1 1 0 ] = [ 0 0 1 0 1 0 1 1 ]

So,

19 11010100 = D 4

5. Conclusion

The modern technique proposed in this work equivalently finds the Rijndael byte substitute transformation without a need to compute multiplicative inverses and matrices multiplication by traditional methods.

Cite this paper
Ahmed, W. (2019) On Rijndael ByteSub Transformation. Applied Mathematics, 10, 113-118. doi: 10.4236/am.2019.103010.
References
[1]   Advanced Encryption Standard (AES), FIPS Publication 197, National Institute of Standards and Technology (NIST), November 26, 2001.

[2]   Menezes, A., van Oorschot, P. and Vanstone, S. (1997) Handbook of Applied Cryptography. CRC Press, New York.

[3]   Ahmed, W. (2019) Some Techniques to Compute Multiplicative Inverses for Advanced Encryption Standard. Journal of Advances in Mathematics, 16, 8208-8212.
https://doi.org/10.24297/jam.v16i0.8016

 
 
Top