Cryptography Reference
In-Depth Information
1
with
d
−
1
(
i, j
):=
j
for
j
=0
,...,L
b
−
−
c
L
b
,i
mod
L
b
(cf. page 250) and the
j
th column
k
−
j
the “inverse” round key.
Again in the last round the
MixColumns
transformation is omitted, and thus
the result of the last round is given by
S
−
1
(
b
0
,j
)
,S
−
1
b
1
,d
−
1
(1
,j
)
,S
−
1
b
2
,d
−
1
(2
,j
)
,S
−
1
b
3
,d
−
1
(3
,j
)
⊕ k
−
1
b
j
←
j
for
j
=0
,...,L
b
−
1
.
To save memory one can also make do in decryption with a table of only 256
4-byte words, in which
[
b
0
,j
]
⊕ r
T
−
0
b
1
,d
−
1
(1
,j
)
⊕ r
T
−
1
0
b
j
← T
−
1
0
b
2
,d
−
1
(2
,j
)
⊕ r
T
−
1
b
3
,d
−
1
(3
,j
)
⊕ k
−
1
j
,
0
with a right rotation
r
(
a, b, c, d
)=(
d, a, b, c
)
of one byte.
11.10 Performance
Implementations for various platforms have verified the superior performance
of Rijndael. The bandwidth suffices for realizations for small 8-bit controllers
with small amounts of memory and key generation on the fly up through current
32-bit processors. For purposes of comparison, Table 11-18 provides encryption
rates for the candidates RC6, Rijndael, and Twofish, as well as for the older 8051
controller and the Advanced Risc Machine (ARM) as a modern 32-bit chip card
controller.
Table 11-18. Comparative Rijndael performance in bytes per second, after [Koeu]
8051 (3.57 MHz)
ARM (28.56 MHz)
RC6
165
151 260
Rijndael
3005
311 492
Twofish
525
56 289