How does changing one of AES encryption stages affect its security?

sadcat_1

5/19/24, 12:23 PM

With regard to AES encryption on blocks, the next diagram showcase how does a change in one cell in the block (every cell is a byte) creates a change in encryption for ALL cells:

Now I have the next question, from a network security course: Say we change the "Mix Columns" stage to be "Rotate Clockwise", that works as follows:

Is the new AES now more vulnerable to chosen-plaintext attacks? So far, I've noticed that a change in one cell leads to a change in encryption for only one cell, but not neceserally to same cell. So a change in cell 1,1 can change the encryption of cell 3,3. And this is where I got stuck. It seems that the answer is to save the mappings of all different cells, but how can I do that, when a change in one cell alters the encryption of a different cell?

0 + 9

aes

poncho

5/19/24, 2:31 PM

So, after one round, the value of cell 3,3 is a function of the keys and which input cells (and specifically, which input cells is it **not** a function of). Does this same behavior continue throughout the modified AES cipher? How does this behavior permit various attacks (they stated chosen-plaintexts; I would include known plaintext and ciphertext only in the list, although those attacks are slightly less straight-forward)

sadcat_1

5/20/24, 8:59 AM

@poncho I'm sorry, I don't think I understand. The value of encryption of cell 3,3 might be dependent on any other cell in the block. I already knows the answer is aiming for a table attack, but I'm not sure what mappings I should save.

forest

5/22/24, 5:05 AM

Are you wondering what happens when the MixColumns permutation stage is _completely replaced_ with a bytewise transposition instead?

sadcat_1

5/22/24, 9:29 PM

@forest Yes, or more importantly, what attack can be done on the modified AES

poncho

5/23/24, 8:36 AM

Let's try a simpler cipher: suppose we have a block cipher with a 16 bit block size; we consider the input as two cells of a byte each - the cipher swaps the cells, and then sends each cell through an unknown sbox. How would you attack this cipher?

sadcat_1

5/23/24, 1:02 PM

@poncho I could, in addition to the mappings of each cell that I meantioned in OP, save a function that gets a cell number, and returns the number of the cell that would be affected by a change in the given cell. In this instance, cell 1 maps to 2 and cell 2 maps to 1. Now I can attack with chosen plaintext. I understand that I can do the same thing here, but here - there's a lot of cells that can alter the encryption of a single cell. It's not a one on one map.

poncho

5/23/24, 1:27 PM

:It's not a one on one map." - it isn't???

sadcat_1

5/23/24, 2:12 PM

@poncho In regard to the function I've defined? yes, there are multiple cells that, if you change their message, the change in encryption will appear in the same cell.

poncho

5/23/24, 4:30 PM

At what step does that happen? In the new step (rotate clockwise)? Or, in one of the other three steps (addroundkey, subbytes, shiftrows)?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How does changing one of AES encryption stages affect its security?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.