Galois to Rijmen

The math used in a modern cipher called AES was defined using Galois Fields (GF). A cryptographer named Rijmen used that math. Why is this polynomial stuff better than wire scrambling or multiplication to produce the avalanching diffusion effects in each single round?

The Advanced Encryption Standard (AES) was designed by Joan Daemen and Vincent Rijmen and it was once called Rijndael. In its basic form, it creates an Electronic Code Book (ECB), translating 128 bits of plaintext into 128 bits of ciphertext without any salt or initialization vectors being needed. A more complicated mode is Cipher Block Chaining (CBC). You can read about the AES description in FIPS-197. In that .pdf file, it says that the multiplications and additions of polynomials in x are done modulo(x^4 + 1).

Galois Field sizes can be defined with various field sizes like GF(16) or GF(256). AES is not the only cryptographic algorithm to use these finite fields. Quad also uses finite fields under a polynomial modulus.

In a math forum B. Ogilvie said, "This is by design in AES, which uses two GF(2^8) polynomials and other operations to generate the SBOX for the algorithm. The reason an irreducible but not primitive polynomial is used is that we are trying to make a non-linear permutation function that has diffusion, spreading input bits to output bits in an non-linear way. " (Excerpt from copyrighted forum by Drexel Univ).

From NIST AES Report in 2000:
"Rijndael: Rijndael is a byte-oriented cipher based on the design of Square. The submitters’ presentation of the Square attack served as a starting point for further analysis. The types of substitution and permutation operations used in Rijndael are standard. The S-box has a mathematical structure, based on the combination of inversion over a Galois field and an affine transformation. Although this mathematical structure might conceivably aid an attack, the structure is not hidden as would be the case for a trapdoor. The Rijndael specification asserts that if the S-box was suspected of containing a trapdoor, then the S-box could be replaced."


The Galois fields are used in AES for the S-Box because it is a concise description. The S-Box can be defined as a large lookup table with a thousand entries, but those entries would only be the same integers defined by the little Galois field equation. That is similar to the Mandelbrot set where a tiny equation produces a vast fractal shape.