Re: AES operation order

Cryptic wrote:

MixColumns(state xor (A^(-1) * key)) =
A * (state xor A^(-1) * key) =
(A * state) xor (A * A^(-1) * key) =
(A * state) xor key = the original AES result.

But it does not work. Isn't the above correct in GF(2^8)? 

[3] * ((1) xor [170] * (4)) = [3] * ((1) xor (168))) = [3]*(169) = (251)
([3] * (1)) xor ([3]*[170] * (4)) = (3) xor (4) = (7)

I still wonder why you even assumed that '*' is distributive over XOR in any non-trivial field like GF(2^8). For much more fun, the same thing for GF(2^16) is an esential element of the security of IDEA.
.

Relevant Pages

  • Re: AES operation order
    ... I still wonder why you even assumed that '*' is distributive over XOR in any non-trivial field like GF. ... For much more fun, the same thing for GFis an esential element of the security of IDEA, and I bet this also holds for AES. ...
    (sci.crypt)
  • Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)
    ... Either way, the XOR is pointless. ... >> to improve security. ... Very small changes can make an analysis harder. ... changes, while popular with crypto novices, often do little or nothing ...
    (sci.crypt)
  • re:RFID tags and XOR
    ... everytime you start playing ... with messages it`s easily broken due to XOR, its security is crap. ...
    (sci.crypt)
  • Re: homomorphic encryption
    ... >I couldn't see how the requested property would contribute ... >to security instead of the opposite. ... here is a scheme that is homomorphic w.r.t. XOR and is ... The scheme can encrypt ...
    (sci.crypt)
  • XOR and ADD subtil difference ?
    ... I wonder if there is a "security" difference between XOR and ADD? ... let's take random-number generator using external entropy source. ...
    (sci.crypt)