Cryptography Reference
In-Depth Information
Algorithm 10.2
The AES encryption algorithm.
(
in
)
s ← in
s ←
AddRoundKey(
s, w
[0
,N
b
−
1])
for
r
=1to (
N
r
−
1) do
s ←
SubBytes(
s
)
s ←
ShiftRows(
s
)
s ←
MixColumns(
s
)
s ←
AddRoundKey(
s, w
[
rN
b
,
(
r
+1)
N
b
−
1])
s ←
SubBytes(
s
)
s ←
ShiftRows(
s
)
s ←
AddRoundKey(
s, w
[
N
r
N
b
,
(
N
r
+1)
N
b
−
1])
out ← s
(
out
)
Table 10.10
The S-Box of the AES Encryption Algorithm
0
1
2
3
4
5
6
7
8
9
A
B
C
D
E
F
0
63
7C
77
7B
F2
6B
6F
C5
30
01
67
2B
FE
D7
AB
76
1
CA
82
C9
7D
FA
59
47
F0
AD
D4
A2
AF
9C
A4
72
C0
2
B7
FD
93
26
36
3F
F7
CC
34
A5
E5
F1
71
D8
31
15
3
04
C7
23
C3
18
96
05
9A
07
12
80
E2
EB
27
B2
75
4
09
83
2C
1A
1B
6E
5A
A0
52
3B
D6
B3
29
E3
2F
84
5
53
D1
00
ED
20
FC
B1
5B
6A
CB
BE
39
4A
4C
58
CF
6
D0
EF
AA
FB
43
4D
33
85
45
F9
02
7F
50
3C
9F
A8
7
51
A3
40
8F
92
9D
38
F5
BC
B6
DA
21
10
FF
F3
D2
8
CD
0C
13
EC
5F
97
44
17
C4
A7
7E
3D
64
5D
19
73
9
60
81
4F
DC
22
2A
90
88
46
EE
B8
14
DE
5E
0B
DB
A
E0
32
3A
0A
49
06
24
5C
C2
D3
AC
62
91
95
E4
79
B
E7
C8
37
6D
8D
D5
4E
A9
6C
56
F4
EA
65
7A
AE
08
C
BA
78
25
2E
1C
A6
B4
C6
E8
DD
74
1F
4B
BD
8B
8A
D
70
3E
B5
66
48
03
F6
0E
61
35
57
B9
86
C1
1D
9E
E
E1
F8
98
11
69
D9
8E
94
9B
1E
87
E9
CE
55
28
DF
F
8C
A1
89
0D
BF
E6
42
68
41
99
2D
0F
B0
54
BB
16
SubBytes() Transformation
The SubBytes() transformation implements a nonlinear substitution cipher. Each
byte
s
r,c
of the State is substituted with another byte
s
r,c
according to the sub-
stitution table (called
S-box
) illustrated in Table 10.10. For input byte
0xXY
,the
high-order byte (i.e.,
0xX
) refers to the vertical axis, and the low-order byte (i.e.,
0xY
) refers to the horizontal axis. The output byte is the one found in the S-box in
row
0xX
and column
0xY
. For example, the input byte
0x52
(i.e.,
01010010
)is
mapped to the output byte
0x00
(i.e.,
00000000
).
Contrary to many other symmetric encryption systems (inlcuding, for exam-
ple, the DES), the S-box of the AES has a well-documented design. It is constructed
by composing the following two transformations: