I'm analysing how different components of AES influence its security. However, I cannot find a good explanation to what happens if the MixColumn step would use the identity matrix. Intuition tells me, that then AES won't be secure, but why?
Asked
Active
Viewed 360 times
2 Answers
1
If you eliminate the MixColumn (or equivalently, replace it with an identity Matrix), then the resulting cipher will effectively be 4 independent 32 bit block ciphers. This happens because what happens in one 32 bit row no longer has any propagation to any of the other 3 32 bit rows.
This results in a much weaker cipher; not only would that bring up possible chosen plaintext/ciphertext attacks (where you modify one of the 32 bit blocks, but leave the other 3 the same), you would also have ciphertext only attacks with a birthday bound of circa 256k...
poncho
- 154,064
- 12
- 239
- 382
0
The identity matrix has a branch number of 2 which means there is no mixing. one active cell in the input column will produce the same active cell in the output column.
hardyrama
- 2,288
- 1
- 17
- 41