I am reading through this paper and in $\S$3.3 it describes how for $GF(2^{128})$ it is easy to show that squaring is linear, i.e. because the field is of characteristic 2 so the cross term vanishes. To make this clear, we have:
$(a + b)^2=a^2 + 2ab + b^2$,
but as the field is of characteristic 2 the middle term vanishes and we are left with:
$a^2 + b^2$.
If we were to consider cubing with the above 'high-school algebra' (sorry, I don't know a better description here) notation, then cubing clearly isn't linear because if we multiply in another factor we get:
$(a^2 + b^2) \cdot (a + b) = a^3 + a^2b + ab^2 + b^3$,
and the middle terms no longer vanish over a field of characteristic 2.
However, in the paper above the author generalises to a matrix represenation, and shows that (which makes sense, due to the linearity) squaring can be represented as a matrix, that is:
$\bar X^2 = \mathbf{M_S}\bar X$.
However, now I can write the cube as:
$\bar X^3 = \bar X^2 \cdot \bar X = \mathbf{M_S}\bar X \cdot \bar X = \mathbf{M_S}\bar X^2 = \mathbf{M_S}^2\bar X$.
I know that this can't be write, in particular because I know that it should be that:
$\bar X^4 = \mathbf{M_S}^2\bar X$.
However, I can't see what is wrong with the above manipulation. Can someone help point out my mistake, please?
How would you mathematically define $ \bar A \cdot \bar B$? For $GF(2^{128})$, inner product produces a single bit scalar, outer product produces a 128 by 128 bit matrix.
Although a matrix can be used to implement mapping, think of it as a function, and $map(a)⋅b≠map(a⋅b)$. If the mapping is linear, $map(a⋅b)=map(a)⋅map(b)$ . If the mapping is isomorphic, then also $map(a+b)=map(a)+map(b)$