Join Log in
Score:2
avatar Crypto

How do I find an equivalent permutation of AES S-box which sends $0$ in $0$?

de flag
greenlight

I am testing the quality of AES S-box and using the lookup table I built a function from GF($2^8$) to GF($2^8$) seen as vector spaces. I was wondering if there is a transformation that I can use to find an equivalent permutation of AES S-box that sends $0$ in $0$ without modifying the properties of the S-box such as linearity, differential uniformity and so on.

61
0 + 0
aes
Score:2
Daniel S avatar Crypto
ru flag
Daniel S

If you use $\tilde S(X)=S(X)\oplus 0x63$ (i.e. if you XOR 0x63 onto every S-box output, you will have the desired function.

This is because the AES S-box is defined as the composition of the $GF(256)$ pseudo-inverse (interpreting input bytes as elements of $GF(256)$ in the standard way) with a linear map given by an 8x8 matrix and the addition of the constant 0x63.

This will not change many of the cryptanalytic statistics of the S-box such as linear approximators nor differential properties nor linear differential properties (however, for example, statistics taking the Hamming weight of outputs into account will change).

Note that one can also change the 8x8 matrix to any invertible $GF(2)$ matrix and remove the constant addition for a wide family of similarly equivalent S-boxes.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.