Cryptography Reference
In-Depth Information
The AES S-Box
For the sake of convenience, ease of presentation, and due to the highly
technical nature of the S-box in AES, the details are in Appendix D on page
527.
Round Function
Most block ciphers employ the Feistel structure in the round function. How-
ever, the round function used by
Rijndael
does
not
have the Feistel structure.
Instead, the round function in Rijndael is comprised of three distinct invertible
functions, the details of which we will learn in what follows.
First, we note that the
number of rounds
, denoted by
Nr
, is defined via
Table 3.1.
Nr
Nb
=4
Nb
=6
Nb
=8
Nk
=4
10
12
14
Table 3.1
Nk
=6
12
12
14
Nk
=8
14
14
14
In Table 3.1, we are including the final round, (described below), which
slightly differs from the other rounds in that step (3) below is eliminated.
The round function consists of four steps, each with its own name and its
own particular function.
(1) Bytesub (BSB)
: In this step, bytes are mapped by an invertible S-box,
and there is only one single S-box for the complete cipher. Thus, for
instance, the state (position) matrix,
(
a
i,j
)=(8
i
+
j
−
9) (for 1
≤
i
≤
32, 1
≤
j
≤
8)
would be mapped, elementwise, by the S-box to the state matrix (
b
i,j
) via
a
i,j
−−−−→
S-box
−−−−→
b
i,j
.
This guarantees a high degree of nonlinearity by operating on each of the
state bytes
a
i,j
independently.
(2) Shift Row (SR)
: In this step, depending upon the value of
Nb
,row
j
for
j
=2
,
3
,
4 of the state matrix is shifted
x
j
units to the right, where
x
j
is
defined by Table 3.2.
Nb
x
2
x
3
x
4
4
1
2
3
Table 3.2
6
1
2
3
8
1
3
4
Search WWH ::
Custom Search