## Recommended Posts

On 7/11/2018 at 11:35 PM, SmashManiac said:

if abcdefgh is a non-null byte, then it's multiplicative inverse in GF(2^8) ABCDEFGH can be found by resolving the following set of equations (addition is the XOR operator, and multiplication is the AND operator):

(a+c+d+h)A+(b+c+g)B+(a+b+f)C+(a+e)D+dE+cF+bG+aH=0
(b+d+e)A+(a+c+d+h)B+(b+c+g)C+(a+b+f)D+(a+e)E+dF+cG+bH=0
(c+e+f)A+(b+d+e)B+(a+c+d+h)C+(b+c+g)D+(a+b+f)E+(a+e)F+dG+cH=0
(a+d+f+g)A+(c+e+f)B+(b+d+e)C+(a+c+d+h)D+(b+c+g)E+(a+b+f)F+(a+e)G+dH=0
(a+b+c+d+e+g)A+(a+b+c+d+f)B+(a+b+c+e)C+(a+b+d)D+(a+c+h)E+(b+g)F+(a+f)G+eH=0
(b+e+f)A+(a+d+e)B+(c+d)C+(b+c)D+(a+b)E+(a+h)F+gG+fH=0
(a+c+f+g)A+(b+e+f)B+(a+d+e)C+(c+d)D+(b+c)E+(a+b)F+(a+h)G+gH=0
(b+c+g)A+(a+b+f)B+(a+e)C+dD+cE+bF+aG+hH=1

It's possible to solve this system of linear equations using elimination of variables or Gaussian elimination, but doing so appears to cause formulas to blow up

I just realized I previously made a mistake, and that the last sentence isn't quite accurate. Gaussian elimination is not really possible for the general case because you can at best multiply by the negation of a coefficient, which automatically eliminates the variable. So it doesn't seem like there's anything better than just feeding in values and see what sticks to come up with formulas.

So the approach I would do then is to pick an output variable and make it equal to the logical disjunction of all 128 conjunctions for which it's equal to 1, then convert all disjunctions to XORs by using the equivalence x V y <=> x + y + xy and all negations to XORs by using the equivalence ¬x <=> x+1, and then finally simplify the formula, which can go up to 256 XOR-separated clauses of up to 8 conjunctions. Of course, that needs to be repeated for each of the 8 output variables.

So unless the result turns out to be relatively simple somehow, trying to mix in 256 boolean variables (the key) and a few constants through XORs and applying the 8 resulting formulas 14 times (the number of rounds) just doesn't seem like a realistic approach to me right now.

## Create an account or sign in to comment

You need to be a member in order to leave a comment

## Create an account

Sign up for a new account in our community. It's easy!

Register a new account

## Sign in

Already have an account? Sign in here.

Sign In Now