Cryptography Reference
In-Depth Information
with a right rotation
r
(
a, b, c, d
)=(
d, a, b, c
)
by one byte. For environments with
limited memory this can be a useful compromise, the price being only a slightly
increased calculation time for the three rotations.
11.9 Decryption
For Rijndael decryption one runs the encryption process in reverse order with
the inverse transformations. We have already considered the inverses of the
transformations
SubBytes
,
ShiftRows
,and
MixColumns
, which in the following
are represented in pseudocode by the functions
InvSubBytes
,
InvShiftRows
, and
InvMixColumns
. The inverted S-box, the distances for inversion, the
ShiftRows
transformation, and the inverted matrix for the inversion of the
MixColumns
transformation are given on pages 251-252. The inverse round functions are the
following:
InvFinalRound (word State, word RoundKey)
{
AddRoundKey (State, RoundKey);
InvShiftRows (State);
InvSubBytes (State);
}
InvRound (word State, word RoundKey)
{
AddRoundKey (State, RoundKey);
InvMixColumns (State);
InvShiftRows (State);
InvSubBytes (State);
}
The entire operation for decryption of a block is as follows:
InvRijndael (byte State, byte CipherKey)
{
KeyExpansion (CipherKey, ExpandedKey);
InvFinalRound (State, ExpandedKey + Nb*Nr);
for(i=Nr-1;i>0;i--)
InvRound (State, ExpandedKey + Nb*i);
AddRoundKey (State, ExpandedKey);
}
