On Oct 15, 2009, at 15:56, John Border wrote:
I have what I thought was a simple question about the properties of AES. But, I have not been able to find an answer. Possibly that means the question itself is flawed (but I haven’t been able to figure that out either)…With AES, does the order of the functions matter, i.e. does EK(DK(P)) = DK(EK(P))?
AES block encryption with a specific key is a permutation of 2^128 values -- a bijection from the set to itself. Decryption with the same key is just the inverse of that permutation. Both E(D(P)) and D(E(P)) perform some permutation and then reverse it, giving you back the starting value.
The same argument applies to block cipher modes of encryption that operate on multiple blocks, in cases that don't do any message expansion. They're still reversible permutations, just over larger sets. But, for example, if your encryption mode is "CBC encryption with padding", and P isn't a multiple of the block size, then D(E(P)) = P' where P' has padding added, and E(D(P)) just doesn't work because D requires its input to be a multiple of the block size.
Ken
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.