Nhập môn mật mã - mã hóa Nguyễn Như Huân

Advanced Encryption Standard

Mathematical Preliminaries

All bytes in the AES algorithm are interpreted as finite field elements.
-------------------------------------------
Hexadecimal {63}
Binary {01100011}
Polynomial 𝑥6 + 𝑥5 + 𝑥 + 1
-------------------------------------------

1. Addition

The addition is performed with XOR operation (denoted by ⨁)

one-byte 𝑎 = {𝑎7 𝑎6 𝑎5 𝑎4 𝑎3 𝑎2 𝑎1 𝑎0 }
one-byte 𝑏 = {𝑏7 𝑏6 𝑏5 𝑏4 𝑏3 𝑏2 𝑏1 𝑏0 }
one-byte 𝑐 = 𝑎⨁𝑏 = {𝑐7 𝑐6 𝑐5 𝑐4 𝑐3 𝑐2 𝑐1 𝑐0 } where 𝑐𝑖 = 𝑎𝑖 ⨁𝑏𝑖
Example:
Hexadecimal {57}⨁{83} = {𝑑4}
Binary {01010111}⨁{10000011} = {11010100}
Polynomial (𝑥 6 + 𝑥 4 + 𝑥 2 + 𝑥 + 1)⨁(𝑥 7 + 𝑥 + 1) = {𝑥 7 + 𝑥 6 + 𝑥 4 + 𝑥 2 }

2. Multiplication

In the polynomial representation, the multiplication in 𝐺𝐹(28 ) (denoted by •) is the

multiplication of polynomials modulo an irreducible polynomial of degree 8. Specifically, for
the AES algorithm, this irreducible is
Hexadecimal {01}{1𝑏}
Polynomial 𝑚(𝑥) = 𝑥 8 + 𝑥 4 + 𝑥 3 + 𝑥 + 1
Nhập môn mật mã - mã hóa Nguyễn Như Huân

Example:
Hexadecimal {57} • {83} = {𝑐1}
(𝑥 6 + 𝑥 4 + 𝑥 2 + 𝑥 + 1)(𝑥 7 + 𝑥 + 1) = 𝑥13 + 𝑥11 + 𝑥 9 + 𝑥 8 + 𝑥 6 + 𝑥 5 + 𝑥 4 + 𝑥 3 + 1

𝑥13 + 𝑥11 + 𝑥 9 + 𝑥 8 + 𝑥 6 + 𝑥 5 + 𝑥 4 + 𝑥 3 + 1 ≡ 𝑥 7 + 𝑥 6 + 1 (mod 𝑥 8 + 𝑥 4 + 𝑥 3 + 𝑥 + 1)

 Why the operation • is defined on the structure of finite field 𝐺𝐹(28 )?

Assume 𝑏(𝑥) ≠ 0 is a binary polynomial whose degree less than 8. Because 𝑚(𝑥) is
an irreducible polynomial, we have 𝑏 −1 (𝑥).

We also have 𝑎(𝑥) • (𝑏(𝑥)⨁𝑐(𝑥)) = (𝑎(𝑥) • 𝑏(𝑥))⨁(𝑎(𝑥) • 𝑐(𝑥))

Multiplication by 𝒙
𝑥 • 𝑎(𝑥) means shift-left.
Example:
{57} • {02} = {57} • 𝑥 = {𝑎𝑒}
{57} • {04} = {𝑎𝑒} • 𝑥 = {47}
{57} • {08} = {47} • 𝑥 = {8𝑒}
{57} • {10} = {8𝑒} • 𝑥 = {07}
⟹ {57} • ({01}⨁{02}⨁{10}) = {57}⨁{𝑎𝑒}⨁{07} = {𝑓𝑒}

3. Polynomials with Coefficients in 𝑮𝑭(𝟐𝟖 )

Definition: Four-term polynomial:

𝑎(𝑥) = 𝑎3 𝑥 3 + 𝑎2 𝑥 2 + 𝑎1 𝑥 + 𝑎0 where 𝑎𝑖 ∈ 𝐺𝐹(28 )
Given two four-term polynomials:
𝑎(𝑥) = 𝑎3 𝑥 3 + 𝑎2 𝑥 2 + 𝑎1 𝑥 + 𝑎0
𝑏(𝑥) = 𝑏3 𝑥 3 + 𝑏2 𝑥 2 + 𝑏1 𝑥 + 𝑏0
Addition:
𝑐(𝑥) = 𝑎(𝑥) + 𝑏(𝑥) = (𝑎3 ⨁𝑏3 )𝑥 3 + (𝑎2 ⨁𝑏2 )𝑥 2 + (𝑎1 ⨁𝑏1 )𝑥 + (𝑎0 ⨁𝑏0 )
Nhập môn mật mã - mã hóa Nguyễn Như Huân

Multiplication:
Step 1: 𝑐(𝑥) = 𝑎(𝑥) • 𝑏(𝑥) = 𝑐6 𝑥 6 + 𝑐5 𝑥 5 + 𝑐4 𝑥 4 + 𝑐3 𝑥 3 + 𝑐2 𝑥 2 + 𝑐1 𝑥 + 𝑐0
𝑖

where 𝑐𝑖 = ∑ 𝑎𝑗 • 𝑏𝑖−𝑗
𝑗=0

Step 2: Reduce 𝑐(𝑥) modulo a polynomial of degree 4. Specifically, for the AES algorithm,
this irreducible is 𝑥 4 + 1. Therefore the multiplication of 𝑎(𝑥) and 𝑏(𝑥) is
𝑑(𝑥) = 𝑑3 𝑥 3 + 𝑑2 𝑥 2 + 𝑑1 𝑥 + 𝑑0

where 𝑑𝑖 = ∑ (𝑎𝑗 • 𝑏𝑘 )
0≤𝑗≤3
0≤𝑘≤3
𝑖 = (𝑗+𝑘) mod 4

The operations can be written in matrix form as:

𝑑0 𝑎0 𝑎3 𝑎2 𝑎1 𝑏0
𝑑 𝑎1 𝑎0 𝑎3 𝑎2 𝑏1
[ 1 ] = [𝑎 𝑎1 𝑎0 𝑎3 ] ∙ [𝑏2 ]
𝑑2 2
𝑑3 𝑎3 𝑎2 𝑎1 𝑎0 𝑏3
Because 𝑥 4 + 1 is not irreducible polynomials, not all four-term polynomial works like on a
finite field because of not having an inverse. However, the AES algorithm specifies a fixed
four-term polynomial which has an inverse.
𝑎(𝑥) = {03}𝑥 3 + {01}𝑥 2 + {01}𝑥 + {02}
𝑎−1 (𝑥) = {0𝑏}𝑥 3 + {0𝑑}𝑥 2 + {09}𝑥 + {0𝑒}

REFERENCE:
[1] Announcing the Advanced Encryption Standard (AES)