Why are the shiftrows in AES in a fixed order? Can the order be changed?

Question

It seems AES uses fixed shiftrows as follows:

B0  B4  B8  B12  No shift
B1  B5  B9  B13  Right-shift 3 places
B2  B6  B10 B14  Right-shift 2 places
B3  B7  B11 B15  Right-shift 1 place

Would it make a difference to security if the rows were shifted differently? Not to disturb the carefully selected shifts (0, 1, 2 and 3 shifts), but just the order of them: For example:

Right-shift 3 places
No shift
Right-shift 1 place
Right-shift 2 places

score 2 · Accepted Answer · answered Aug 01 '16 at 03:52

2

No it would not make a difference to security, but it will no longer be AES since it does not match the specification.

As long as all 4 rows have a different rotation count through 0-3 bytes, the permutation will fully mix the state after 2 rounds.

answered Aug 01 '16 at 03:52

Richie Frame

13,278
1
26
42

Why are the shiftrows in AES in a fixed order? Can the order be changed?

1 Answers1

Linked