Cryptography Reference
In-Depth Information
a 1
if a
=
0
g
(
a
) =
0if a
=
0
8
2
(where the a i are the coefficients of the corresponding polynomial, see Sect. 2.8.4 ) ,
is given by:
and the affine map f
: F 2 8
→ F 2 8 ,for a
∈ F 2 8 , viewed as an 8-bit vector of
F
a 0
a 1
a 2
a 3
a 4
a 5
a 6
a 7
10001111
11000111
11100011
11110001
11111000
01111100
00111110
00011111
a 0
a 1
a 2
a 3
a 4
a 5
a 6
a 7
1
1
0
0
0
1
1
0
a
=
f
(
a
) =
4.2.2.2 The SubBytes Operation in Maple
In AES implementations, the S-box (and hence the SubBytes transformation) is
always given by a lookup table for efficiency. Let us see how this table can be
constructed with Maple. We start by recalling the definition of
F 2 8 :
> F256 := GF(2, 8, xˆ8+xˆ4+xˆ3+x+1):
The permutation of
F 2 8 that maps each nonzero byte to its inverse (and the 0 byte
to itself) is then:
> invbyte := proc(byte::nonnegint)
if byte = 0 then
0
else
(F256:-output@F256:-inverse@F256:-input)(byte)
end if
end proc:
The affine map, that takes as input the 8-bit list corresponding to a byte, i.e., the
result of applying the function bytetobits (from Appendix A) to a byte in the
0
..
255 range, and produces as output another byte also given as an 8-bit list, is:
> affmap := proc(l::list)
local vect, M, v;
uses LinearAlgebra:-Modular;
vect := Mod(2,ListTools:-Reverse(l),integer);
M := Mod(2,Matrix([seq(ListTools:-Rotate([1,0,0,0,1,1,1,1],-i),i = 0..7)]),integer);
v := Mod(2,Vector([1,1,0,0,0,1,1,0]),integer);
vect := AddMultiple(2,Multiply(2,M,vect),v);
ListTools:-Reverse(convert(vect,list))
end proc:
With these ingredients we can build a function ByteSub that implements the per-
mutation of
F 2 8 underlying SubBytes . It consists simply of applying invbyte
followed by affmap . But we cannot compose these two functions directly because
Search WWH ::




Custom Search