Re: AES operation order

Cryptic wrote:

MixColumns(state xor (A^(-1) * key)) =
A * (state xor A^(-1) * key) =
(A * state) xor (A * A^(-1) * key) =
(A * state) xor key = the original AES result.

But it does not work. Isn't the above correct in GF(2^8)? 

[3] * ((1) xor [170] * (4)) = [3] * ((1) xor (168))) = [3]*(169) = (251)
([3] * (1)) xor ([3]*[170] * (4)) = (3) xor (4) = (7)

I still wonder why you even assumed that '*' is distributive over XOR in any non-trivial field like GF(2^8). For much more fun, the same thing for GF(2^16) is an esential element of the security of IDEA, and I bet this also holds for AES.
.

Relevant Pages

  • Re: AES operation order
    ... I still wonder why you even assumed that '*' is distributive over XOR in any non-trivial field like GF. ... the same thing for GFis an esential element of the security of IDEA. ...
    (sci.crypt)
  • Hand Waving vs. Rigorous Analysis... (was Security Engineering vs. Crypto Academics...)
    ... Either way, the XOR is pointless. ... >> to improve security. ... Very small changes can make an analysis harder. ... changes, while popular with crypto novices, often do little or nothing ...
    (sci.crypt)
  • re:RFID tags and XOR
    ... everytime you start playing ... with messages it`s easily broken due to XOR, its security is crap. ...
    (sci.crypt)
  • Re: XOR and ADD subtil difference ?
    ... For exemple AES+32 means AES ... reading "very few more secure" as "sligthly more secure"]. ... This is not necessarily true anymore if you replace XOR ... attacks since addition modulo 2^8 is non-linear in GF. ...
    (sci.crypt)
  • Re: Pelican MAC -> HASH
    ... Since four rounds of AES ... > For each plaintext block, xor plaintext p with the state s, ... Pelican is already on new ground as it is. ... hash specifically because it wasn't meant for offline attacks. ...
    (sci.crypt)