Cryptography Reference
In-Depth Information
{ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef },
{ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 },
{ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d },
};
static void inv_sub_bytes( unsigned char state[ ][ 4 ] )
{
int r, c;
for ( r = 0; r < 4; r++ )
{
for ( c = 0; c < 4; c++ )
{
state[ r ][ c ] = inv_sbox[ ( state[ r ][ c ] & 0xF0 ) >> 4 ]
[ state[ r ][ c ] & 0x0F ];
}
}
}
inv_shift_rows and inv_sub_bytes are fairly straightforward; notice that
the s-boxes that AES uses are not invertible like DES's were. You need two
sets of s-boxes to encrypt and decrypt. There's no computation involved in the
inverted s-box. If you turn back to the “forward” s-box, you see that, for example,
substitution(0x75) = sbox[7][5] = 0x9d . Conversely, inv_substitution(0x9d)
= inv_sbox[9][d] = 0x75 .
Inverting column mixing involves performing a matrix multiplication of each
column by the inversion of the matrix that the encryption operation multiplied
it by. Of course, this isn't just any matrix multiplication, and it's not just any
matrix inversion. It's the matrix multiplication and inversion “considered as
polynomials over GF(2 8 ) and multiplied modulo x 4 + 1 with a fi xed polynomial
a -1 (x), given by a -1 (x) = {0b}x 3 + {0d}x 2 + {09}x + {0e}”. This dense phrase means
performing another “matrix multiplication” against the matrix:
0e
0b
0d
09
09
0e
0b
0d
0d
09
0e
0b
0b
0d
09
0e
which is the inversion, after redefi ning addition and multiplication as described
earlier, of the forward matrix. In code, this is shown in Listing 2-41.
Listing 2-41: “aes.c” inv_mix_columns
static void inv_mix_columns( unsigned char s[ ][ 4 ] )
{
int c;
 
Search WWH ::




Custom Search