I'm analysing how different components of AES influence its security. However, I cannot find a good explanation to what happens if the MixColumn step would use the identity matrix. Intuition tells me, that then AES won't be secure, but why?
Asked
Active
Viewed 300 times
1
-
1mixcolumns mixes the column diffusively through matrix multiplication, if you use the identity matrix, that is equivalent to not applying any multiplication, so it would not... mix – Richie Frame Oct 25 '18 at 03:24
-
A Stick Figure Guide to the Advanced Encryption Standard (AES) and look at ShiftRows and MixColumn. This will help you to see poncho's answer. – kelalaka Oct 25 '18 at 08:36
2 Answers
1
If you eliminate the MixColumn (or equivalently, replace it with an identity Matrix), then the resulting cipher will effectively be 4 independent 32 bit block ciphers. This happens because what happens in one 32 bit row no longer has any propagation to any of the other 3 32 bit rows.
This results in a much weaker cipher; not only would that bring up possible chosen plaintext/ciphertext attacks (where you modify one of the 32 bit blocks, but leave the other 3 the same), you would also have ciphertext only attacks with a birthday bound of circa 256k...
poncho
- 147,019
- 11
- 229
- 360
-
I would like to add that; ShiftRows and MixXomun are together the permutations of the AES to form the SPN network. – kelalaka Oct 25 '18 at 09:20
-
1wouldnt it be 16 independent 8-bit block ciphers? related: https://crypto.stackexchange.com/questions/34928/what-would-happen-to-aes-if-we-replaced-mixcolumns-with-shiftcolumns/34951#34951 – Richie Frame Oct 25 '18 at 09:31
-
@RichieFrame: hmmmm, good point; I had initially thought that the ShiftRows would do the intra-row propagation; obviously, it doesn't actually do that... – poncho Oct 25 '18 at 14:21
0
The identity matrix has a branch number of 2 which means there is no mixing. one active cell in the input column will produce the same active cell in the output column.
hardyrama
- 2,126
- 1
- 16
- 40