Rijndael: A Successor to the Data Encryption Standard - Cryptography in C and C++

Cryptography Reference

In-Depth Information

There exists the possibility of preparing the round key outside of the function

Rijndael and to pass the key schedule ExpandedKey instead of the user key

CipherKey . This is advantageous when it is necessary in the encryption of texts

that are longer than a block to make several calls to Rijndael with the same user

key.

Rijndael (byte State, byte ExpandedKey)

{

AddRoundKey (State, ExpandedKey);

for (i = 1; i < Nr; i++)

Round (State, ExpandedKey + Nb*i);

FinalRound (State, ExpandedKey + Nb*Nr);

}

Especially for 32-bit processors it is advantageous to precompute the round

transformation and to store the results in tables. By replacing the permutation

and matrix operations by accesses to tables, a great deal of CPU time is saved,

yielding improved results for encryption, and, as we shall see, for decryption as

well. With the help of four tables each of 256 4-byte words of the form

⎡

⎣

⎤

⎦

⎡

⎣

⎤

⎦

S [ w ]

•

S [ w ]

•

'02'

S [ w ]

S [ w ] •

'03'

S [ w ] •

'02'

S [ w ]

T 0 [ w ]:=

T 1 [ w ]:=

'03'

(11.5)

⎡

⎣

⎤

⎦

⎡

⎣

⎤

⎦

S [ w ]

S [ w ] •

S [ w ]

S [ w ] •

'03'

T 2 [ w ]:=

T 3 [ w ]:=

S [ w ] •

'02'

S [ w ]

'03'

S [ w ]

•

'02'

(for w =0 ,..., 255 , S ( w ) denotes, as above, the S-box replacement), the

transformation of a block b =( b 0 ,j ,b 1 ,j ,b 2 ,j ,b 3 ,j ) , j =0 ,...,L b

−

1 , can be

determined quickly for each round by the substitution

b j := ( b 0 ,j ,b 1 ,j ,b 2 ,j ,b 3 ,j ) ←T 0 [ b 0 ,j ] ⊕ T 1 b 1 ,d (1 ,j ) ⊕ T 2 b 2 ,d (2 ,j )

⊕

T 3 b 3 ,d (3 ,j ) ⊕

k j ,

with d ( i, j ):= j + c L b ,i mod L b (cf. ShiftRows , Table 11-14) and k j =

( k 0 ,j ,k 1 ,j ,k 2 ,j ,k 3 ,j ) as the j th column of the round key.

For the derivation of this result, see [DaRi], Section 5.2.1. In the last round the

MixColumns transformation is omitted, and thus the result is determined by

b j ← S ( b 0 ,j ) ,S b 1 ,d (1 ,j ) ,S b 2 ,d (2 ,j ) ,S b 3 ,d (3 ,j ) ⊕ k j .

Clearly, it is also possible to use a table of 256 4-byte words, in which

b j ← T 0 [ b 0 ,j ] ⊕ r T 0 b 1 ,d (1 ,j ) ⊕ r T 0 b 2 ,d (2 ,j ) ⊕ r T 0 b 3 ,d (3 ,j ) ⊕ k j ,

Cryptography in C and C++

Search WWH ::

Custom Search

Home