Cryptography Reference
In-Depth Information
in one round. AES, on the other hand, encrypts all 128 bits in one iteration. This is
one reason why it has a comparably small number of rounds.
AES consists of so-called
layers
. Each layer manipulates all 128 bits of the data
path. The data path is also referred to as the state of the algorithm. There are only
three different types of layers. Each round, with the exception of the first, consists
of all three layers as shown in Fig. 4.2: the plaintext is denoted as
x
, the ciphertext
as
y
and the number of rounds as
n
r
. Moreover, the last round
n
r
does not make
use of the MixColumn transformation, which makes the encryption and decryption
scheme symmetric.
We continue with a brief description of the layers:
Key Addition layer
A 128-bit round key, or subkey, which has been derived from
the main key in the key schedule, is XORed to the state.
Byte Substitution layer (S-Box)
Each element of the state is nonlinearly trans-
formed using lookup tables with special mathematical properties. This introduces
confusion
to the data, i.e., it assures that changes in individual state bits propagate
quickly across the data path.
Diffusion layer
It provides
diffusion
over all state bits. It consists of two sublayers,
both of which perform linear operations:
The
ShiftRows
layer permutes the data on a byte level.
The
MixColumn
layer is a matrix operation which combines (mixes) blocks of
four bytes.
Similar to DES, the key schedule computes round keys, or subkeys, (
k
0
,
k
1
,...,
k
n
r
)
from the original AES key.
Before we describe the internal functions of the layers in Sect. 4.4, we have to
introduce a new mathematical concept, namely
Galois fields
. Galois field computa-
tions are needed for all operations within the AES layers.
4.3 Some Mathematics: A Brief Introduction to Galois Fields
In AES, Galois field arithmetic is used in most layers, especially in the S-Box and
the MixColumn layer. Hence, for a deeper understanding of the internals of AES, we
provide an introduction to Galois fields as needed for this purpose before we con-
tinue with the algorithm in Sect. 4.4. A background on Galois fields is not required
for a basic understanding of AES, and the reader can skip this section.
4.3.1 Existence of Finite Fields
A
finite field
, sometimes also called
Galois field
, is a set with a finite number of
elements. Roughly speaking, a Galois field is a finite set of elements in which we
