Cryptography Reference
In-Depth Information
a
−
1
if
a
=
0
g
(
a
)
=
0if
a
=
0
8
2
is given by:
and the affine map
f
: F
2
8
→ F
2
8
,for
a
∈ F
2
8
, viewed as an 8-bit vector of
F
⎡
⎣
⎤
⎦
⎡
⎣
⎤
⎦
⎡
⎣
⎤
⎦
⎡
⎣
⎤
⎦
a
0
a
1
a
2
a
3
a
4
a
5
a
6
a
7
10001111
11000111
11100011
11110001
11111000
01111100
00111110
00011111
a
0
a
1
a
2
a
3
a
4
a
5
a
6
a
7
1
1
0
0
0
1
1
0
a
=
→
f
(
a
)
=
⊕
4.2.2.2 The
SubBytes
Operation in Maple
In AES implementations, the S-box (and hence the
SubBytes
transformation) is
always given by a lookup table for efficiency. Let us see how this table can be
constructed with Maple. We start by recalling the definition of
F
2
8
:
> F256 := GF(2, 8, xˆ8+xˆ4+xˆ3+x+1):
The permutation of
F
2
8
that maps each nonzero byte to its inverse (and the 0 byte
to itself) is then:
> invbyte := proc(byte::nonnegint)
if byte = 0 then
0
else
(F256:-output@F256:-inverse@F256:-input)(byte)
end if
end proc:
The affine map, that takes as input the 8-bit list corresponding to a byte, i.e., the
result of applying the function
bytetobits
(from Appendix A) to a byte in the
0
..
255 range, and produces as output another byte also given as an 8-bit list, is:
> affmap := proc(l::list)
local vect, M, v;
uses LinearAlgebra:-Modular;
vect := Mod(2,ListTools:-Reverse(l),integer);
M := Mod(2,Matrix([seq(ListTools:-Rotate([1,0,0,0,1,1,1,1],-i),i = 0..7)]),integer);
v := Mod(2,Vector([1,1,0,0,0,1,1,0]),integer);
vect := AddMultiple(2,Multiply(2,M,vect),v);
ListTools:-Reverse(convert(vect,list))
end proc:
With these ingredients we can build a function
ByteSub
that implements the per-
mutation of
F
2
8
underlying
SubBytes
. It consists simply of applying
invbyte
followed by
affmap
. But we cannot compose these two functions directly because