Cryptography Reference
In-Depth Information
S-Box. The 16-byte output
B
0
,...,
B
15
is permuted byte-wise in the ShiftRows layer
and mixed by the MixColumn transformation
c
(
x
). Finally, the 128-bit subkey
k
i
is
XORed with the intermediate result. We note that AES is a byte-oriented cipher.
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
A
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
s
s
s
s
s
s
s
s
s
s
s
s
s
s
s
s
Byte Substitution
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
B
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
ShiftRows
MixColumn
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
C
10
11
12
13
14
15
k
i
Key Addition
Fig. 4.3
AES round function for rounds 1
,
2
,...,
n
r
−
1
This is in contrast to DES, which makes heavy use of bit permutation and can thus
be considered to have a bit-oriented structure.
In order to understand how the data moves through AES, we first imagine that the
state
A
(i.e., the 128-bit data path) consisting of 16 bytes
A
0
,
A
1
,...,
A
15
is arranged
in a four-by-four byte matrix:
A
0
A
4
A
8
A
12
A
1
A
5
A
9
A
13
A
2
A
6
A
10
A
14
A
3
A
7
A
11
A
15
As we will see in the following, AES operates on elements, columns or rows of
the current state matrix. Similarly, the key bytes are arranged into a matrix with four
rows and four (128-bit key), six (192-bit key) or eight (256-bit key) columns. Here
is, as an example, the state matrix of a 192-bit key: