Rijndael: A Successor to the Data Encryption Standard - Cryptography in C and C++

Cryptography Reference

In-Depth Information

where the bytes of plain text are sorted according to the following ordering:

m 0 → b 0 , 0 ,

m 1 → b 1 , 0 ,

m 2 → b 2 , 0 ,

m 3 → b 3 , 0 ,

m 4 → b 0 , 1 ,

m 5 → b 1 , 1 ,

. . .

m n → b i,j ,

. . .

with i = n mod 4 and j =

n/ 4

Access to B within the Rijndael functions takes place in different ways

according to the operation. The S-box transformation operates bytewise,

ShiftRows operates on rows b i, 0 ,b i, 1 ,b i, 2 ,...,b i,L b − 1 of B , and the functions

AddRoundKey and MixColumns operate on 4-byte words and access the values of B

by columns ( b 0 ,j ,b 1 ,j ,b 2 ,j ,b 3 ,j ) .

11.3 Calculating the Round Key

Encryption and decryption each require the generation of L r round keys, called

collectively the key schedule . This occurs through expansion of the secret user key

by attaching recursively derived 4-byte words k i = ( k 0 ,i ,k 1 ,i ,k 2 ,i ,k 3 ,i ) to the

user key.

The first L k words k 0 ,...,k L k − 1 of the key schedule are formed from the

secret user key itself. For L k

the next 4-byte word k i is determined by

XOR-ing the preceding word k i − 1 with k i − L k . If i ≡ 0mod L k , then a function

F L k ( k, i ) is applied before the XOR operation, which is composed of a cyclic left

shift (left rotation) r ( k ) of k bytes, a substitution S ( r ( k )) from the Rijndael S-box

(we shall return to this later), and an XOR with a constant c ( i/L k ) , so that

altogether the function F is given by F L k ( k, i ):= S ( r ( k ))

∈ {

4 , 6

}

) .

The constants c ( j ) are defined by c ( j ) := (rc( j ) , 0 , 0 , 0) , where rc( j ) are

recursively determined elements from

⊕

c (

i/L k

F 2 8 : rc(1) := 1 , rc( j ) := rc( j

−

x =

x j − 1 . Expressed in numerical values, this is equivalent to rc(1) := ' 01 ',

rc( j ) := rc( j

' 02 '. From the standpoint of programming, rc( j ) is computed

by a ( j − 1) -fold execution of the function xtime described above, beginning with

the argument 1 , or more rapidly by access to a table (Tables 11-6 and 11-7).

−

•

Table 11-6. rc( j ) constants (hexadecimal)

'01'

'02'

'04'

'08'

'10'

'20'

'40'

'80'

'1B'

'36'

'6C'

'D8'

'AB'

'4D'

'9A'

'2F'

'5E'

'BC'

'63'

'C6'

'97'

'35'

'6A'

'D4'

'B3'

'7D'

'FA'

'EF'

'C5'

'91'

For keys of length 256 bits (that is, L k =8 ) an additional S-box operation is

inserted: If i ≡ 4mod L k , then before the XOR operation k i − 1 is replaced by

S ( k i − 1 ) .

Cryptography in C and C++

Search WWH ::

Custom Search

Home