Database Reference
In-Depth Information
4.5.8 The Advanced Encryption Standard (AES)
The AES is based on the Rijndael algorithm, which is an iterated
block cipher algorithm with a variable block size and a variable key
size. The block size and the key size can be independently 128, 192, or
256 bits. The intermediate resulting ciphertext is called a state and it
is in the form of a rectangular array of four rows and a number of col-
umns equal to the block size divided by 32. The cipher key is similarly
a rectangular array with four rows and a number of columns equal to
the key size divided by 32. The number of rounds performed on the
intermediate state is related to the key size. For key sizes of 128, 192,
and 256 bits, the number of rounds is 10, 12, and 14, respectively.
Each round consists of a fixed sequence of transformations, except the
first and the last round [36,37].
The AES consists of rounds. Any round, except the final one, con-
sists of subBytes, ShiftRows, MixColumns, and AddRoundKey oper-
ations. In the final round, no MixColumns operation is performed.
In the subBytes step, a linear substitution for each byte is performed
according to Figure 4.9. Each byte in the array is updated using an
8-bit S-box, which provides the nonlinearity in the cipher system.
The S-box is derived from the multiplicative inverse over the finite
Galois field GF(28), known to have good nonlinearity properties.
To avoid attacks based on simple algebraic properties, the S-box is
chosen to avoid any fixed points and also any opposite fixed points [37].
The ShiftRows is based on the rows of the state. It shifts the bytes
in each row. For the AES, the first row is left unchanged. Each
byte of the second row is shifted a single byte to the left. The third
d
1
d
2
d
3
d
4
b
1
b
2
b
3
b
4
SubBytes
d
5
d
6
d
7
d
8
b
5
b
6
b
7
b
8
d
9
d
11
b
9
b
10
b
11
b
12
d
10
d
12
d
13
d
14
d
16
b
13
b
14
b
15
b
16
d
15
S
Figure 4.9
SubBytes step.
Search WWH ::
Custom Search