Cryptology ePrint Archive: Report 2002/111

On Linear Redundancy in the AES S-Box

Joanne Fuller and William Millan

Abstract: We show the existence of a previously unknown linear redundancy property of the only nonlinear component of the AES block cipher. It is demonstrated that the outputs of the 8*8 Rijndael s-box (based on inversion in a finite field) are all equivalent under affine transformation. The method used to discover these affine relations is novel and exploits a new fundamental result on the invariance properties of local connection structure of affine equivalence classes. As well as increasing existing concerns about the security of the AES, these results may also have serious consequences for many other ciphers recently proposed for standardisation.

Category / Keywords: boolean functions, AES

Date: received 5 Aug 2002

Contact author: fuller at isrc qut edu au

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20020805:220232 (All versions of this report)

Short URL: ia.cr/2002/111