Suppose the key for round 0 in AES consists of 128 bits, each of which is 0.
Show that the key for the first round is , where
Show that (Hint: This can be done without computing explicitly).
Suppose the key for round 0 in AES consists of 128 bits, each of which is 1.
Show that the key for the first round is , where
Note that = the complement of (the complement can be obtained by ing with a string of all 1s).
Show that and that (Hints: is a string of all 1s. Also, the relation might be useful.)
Let be a function from binary strings (of a fixed length ) to binary strings. For the purposes of this problem, let’s say that has the equal difference property if the following is satisfied: Whenever are binary strings of length that satisfy , then
Show that if and for all , then has the equal difference property.
Show that the ShiftRows Transformation, the MixColumns Transformation, and the RoundKey Addition have the equal difference property.
Suppose we remove all SubBytes Transformation steps from the AES algorithm. Show that the resulting AES encryption would then have the equal difference property defined in Exercise 3.
Suppose we are in the situation of part (a), with all SubBytes Transformation steps removed. Let and be two 128-bit plaintext blocks and let and be their encryptions under this modified AES scheme. Show that equals the result of encrypting using only the ShiftRows and MixColumns Transformations (that is, both the RoundKey Addition and the SubBytes Transformation are missing). In particular, is independent of the key.
Suppose we are in the situation of part (a), and Eve knows and for some 128-bit string . Describe how she can decrypt any message (your solution should be much faster than using brute force or making a list of all encryptions). (Remark: This shows that the SubBytes transformation is needed to prevent the equal difference property. See also Exercise 5.)
Let , , , . Let denote the SubBytes Transformation of . Show that
Conclude that the SubBytes Transformation is not an affine map (that is, a map of the form ) from to . (Hint: See Exercise 3(a).)
Your friend builds a very powerful computer that uses brute force to find a 56-bit DES key in 1 hour, so you make an even better machine that can try AES keys in 1 second. How long will this machine take to try all AES keys?