Cryptography Reference
In-Depth Information
With this is created the analogous structure to that for encryption. For reasons
of efficiency the application of
InvMixColumns
to the round key in
InvRound()
is postponed until the key expansion, where the first and last round keys of
InvMixColumns
are left untouched. The “inverse” round keys are generated with
InvKeyExpansion (byte CipherKey, word InvEpandedKey)
{
KeyExpansion (CipherKey, InvExpandedKey);
for (i = 1; i < Nr; i++)
InvMixColumns (InvExpandedKey + Nb*i);
}
The entire decryption operation of a block is now as follows:
InvRijndael (byte State, byte CipherKey)
{
InvKeyExpansion (CipherKey, InvExpandedKey);
AddRoundKey (State, InvExpandedKey + Nb*Nr);
for(i=Nr-1;i>0;i--)
InvRound (State, InvExpandedKey + Nb*i);
InvFinalRound (State, InvExpandedKey);
}
In analogy to encryption, tables can be precomputed for this form of
decryption. With
⎡
⎣
⎤
⎦
⎡
⎣
⎤
⎦
S
−
1
[
w
]
•
S
−
1
[
w
]
•
'0E'
'0B'
S
−
1
[
w
]
•
S
−
1
[
w
]
•
'09'
'0E'
T
0
−
1
[
w
]:=
T
1
−
1
[
w
]:=
,
,
S
−
1
[
w
]
S
−
1
[
w
]
•
•
'0D'
'09'
S
−
1
[
w
]
•
S
−
1
[
w
]
•
'0B'
'0D'
(11.6)
⎡
⎣
⎤
⎦
⎡
⎣
⎤
⎦
S
−
1
[
w
]
S
−
1
[
w
]
•
•
'0D'
'09'
S
−
1
[
w
]
•
S
−
1
[
w
]
•
'0B'
'0D'
T
2
−
1
[
w
]:=
T
3
−
1
[
w
]:=
,
S
−
1
[
w
]
S
−
1
[
w
]
•
•
'0E'
'0B'
S
−
1
[
w
]
•
S
−
1
[
w
]
•
'09'
'0E'
(for
w
=0
,...,
255
,
S
−
1
(
w
)
denotes the inverse S-box replacement) the
result of an inverse round operation on a block
b
= (
b
0
,j
,b
1
,j
,b
2
,j
,b
3
,j
)
,
j
=0
,...,L
b
−
1
, can be determined by
b
1
,d
−
1
(1
,j
)
⊕
T
−
1
b
2
,d
−
1
(2
,j
)
⊕
T
−
1
b
3
,d
−
1
(3
,j
)
b
j
←
T
−
1
[
b
0
,j
]
⊕
T
−
1
0
1
2
3
⊕ k
−
1
j
