This is https://github.com/kokke/tiny-AES-c The column mixing function in the AES algorithm implemented.
static uint8_t xtime(uint8_t x)
{
return ((x << 1) ^ (((x >> 7) & 1) * 0x1b));
}
// MixColumns function mixes the columns of the state matrix
static void MixColumns(state_t *state)
{
uint8_t i;
uint8_t Tmp, Tm, t;
for (i = 0; i < 4; ++i) {
t = (*state)[i][0];
Tmp = (*state)[i][0] ^ (*state)[i][1] ^ (*state)[i][2] ^ (*state)[i][3];
Tm = (*state)[i][0] ^ (*state)[i][1];
Tm = xtime(Tm);
(*state)[i][0] ^= Tm ^ Tmp;
Tm = (*state)[i][1] ^ (*state)[i][2];
Tm = xtime(Tm);
(*state)[i][1] ^= Tm ^ Tmp;
Tm = (*state)[i][2] ^ (*state)[i][3];
Tm = xtime(Tm);
(*state)[i][2] ^= Tm ^ Tmp;
Tm = (*state)[i][3] ^ t;
Tm = xtime(Tm);
(*state)[i][3] ^= Tm ^ Tmp;
}
}
If I simplify this step to only perform XOR and subtraction operations, is it safe enough?
like this:
#define AES_NB 4
// P is a prime number
#define MIX(x, y, z, p) (x = ((x ^ y) - z) ^ p)
static void MixColumns(state_t *state)
{
uint32_t i;
for(i = 0; i < AES_NB; ++i) {
MIX((*state)[i][0], (*state)[i][3], (*state)[i][1], 0x07);
MIX((*state)[i][1], (*state)[i][0], (*state)[i][2], 0x0d);
MIX((*state)[i][2], (*state)[i][1], (*state)[i][3], 0x17);
MIX((*state)[i][3], (*state)[i][2], (*state)[i][0], 0x29);
}
}
Will this lead to a decrease in the security of ciphertext?
My personal understanding is:
It will not lead to a decrease in security (even if it does, it should not reach the point where ciphertext becomes unsafe).
Because this operation uses multiple plaintext bytes for mixing, the attacker must first determine the data of at least two plaintext bytes in the blocks, right?
