A question about the S-box of Rijndael!!!

dorothy · 2007-11-22, 04:51

This is my first time here!Nice to meet u all!

These days I read the disquisition “A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms", and find it quite useful for me. I decide to focus on the part 5.1-Rijndael, and I want to analyze the equivalent classes of the S-box in Rijndael. But there are some questions.
If the 2 S-boxes are equivalent,they will satisfy $A_2*S*A_1=S$.where $A_1,A_2$ are the affine transform.Special for Rijndael,we can express the universal equation above like this:$B(Ax+a)^-1+b=Px^-1+p.The reason is that the S transform in Rijndael is the affine transform of the inverse of element of the field.
When we fix the field polynomial, we can get 2040 different solutions, which confirms the output of the AE algorithm. In the AE algorithm, we let $A_1(x)=Ax+a; A_2=By+b$, that satisfy $A_2*S*A_1=S$. But you give another expression for all pairs of affine mappings $A_1,A_2$, that
$A_1(x)=[a]Q^ix$
$A_2(x)=A(Q^{-i}[a]A^{-1}(x))$, with $0\leqi<8$ and $a\inGF(2^8)\{0}$.
Obviously this expression of $A_1$ is more simple($A_1(x)=[a]Q^ix$) than it should be($A_1(x)=Ax+a$), but why it can be predigested like this?

If anyone can give me a piece of proof about this, it will be quite useful for my graduation.

jasonp · 2007-11-22, 15:10

Quote:

Originally Posted by dorothy

This is my first time here!Nice to meet u all!

These days I read the disquisition “A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms", and find it quite useful for me. I decide to focus on the part 5.1-Rijndael, and I want to analyze the equivalent classes of the S-box in Rijndael. But there are some questions.

You should take your questions to the usenet newsgroup sci.crypt, nobody really studies crypto here.

maxal · 2007-11-22, 23:32

A lot of info in algebraic attacks on AES is presented at: http://www.cryptosystem.net/aes/

nibble4bits · 2007-11-26, 04:04

Well I do, but yes, you should go to a news server and post your question there. They have a lot of combined experience with encryption, compared to us.

dorothy · 2007-12-02, 08:02

Thank all of you!

2007-11-22, 04:51	#1
dorothy Nov 2007 2 Posts	A question about the S-box of Rijndael!!! This is my first time here!Nice to meet u all! These days I read the disquisition “A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms", and find it quite useful for me. I decide to focus on the part 5.1-Rijndael, and I want to analyze the equivalent classes of the S-box in Rijndael. But there are some questions. If the 2 S-boxes are equivalent,they will satisfy $A_2SA_1=S$.where $A_1,A_2$ are the affine transform.Special for Rijndael,we can express the universal equation above like this:$B(Ax+a)^-1+b=Px^-1+p.The reason is that the S transform in Rijndael is the affine transform of the inverse of element of the field. When we fix the field polynomial, we can get 2040 different solutions, which confirms the output of the AE algorithm. In the AE algorithm, we let $A_1(x)=Ax+a; A_2=By+b$, that satisfy $A_2SA_1=S$. But you give another expression for all pairs of affine mappings $A_1,A_2$, that $A_1(x)=[a]Q^ix$ $A_2(x)=A(Q^{-i}[a]A^{-1}(x))$, with $0\leqi<8$ and $a\inGF(2^8)\{0}$. Obviously this expression of $A_1$ is more simple($A_1(x)=[a]Q^ix$) than it should be($A_1(x)=Ax+a$), but why it can be predigested like this? If anyone can give me a piece of proof about this, it will be quite useful for my graduation.

2007-11-22, 23:32	#3
maxal Feb 2005 11111100₂ Posts	A lot of info in algebraic attacks on AES is presented at: http://www.cryptosystem.net/aes/

2007-11-26, 04:04	#4
nibble4bits Nov 2005 2×7×13 Posts	Well I do, but yes, you should go to a news server and post your question there. They have a lot of combined experience with encryption, compared to us.

2007-12-02, 08:02	#5
dorothy Nov 2007 2 Posts	Thank all of you!