Cryptography Reference
In-Depth Information
⎛
⎝
⎞
⎠
⎛
⎝
⎞
⎠
.
p
0
p
4
p
8
p
12
p
1
p
5
p
9
p
13
p
2
p
6
p
10
p
14
p
3
p
7
p
11
p
15
c
0
c
4
c
8
c
12
c
1
c
5
c
9
c
13
c
2
c
6
c
10
c
14
c
3
c
7
c
11
c
15
and
Algorithm 1.2:
The AES-128 encryption function
Input
: The 128-bit plaintext block
P
and key
K
Output
: The 128-bit ciphertext block
C
1
X
←
AddRoundKey
(
P
,
K
)
2
for
i
←
1
to
10
do
X
←
SubBytes
(
X
)
3
X
←
ShiftRows
(
X
)
4
if
i
=
10
then
5
X
←
MixColumns
(
X
)
6
end
7
K
←
KeySchedule
(
K
)
8
X
←
AddRoundKey
(
X
,
K
)
9
10
end
11
C
X
12
return
C
←
The encryption itself is conducted by the repeated use of a number of round functions:
•
The
SubBytes
function is the only nonlinear step of the block cipher. It is a
bricklayer permutation consisting of an S-box applied to the bytes of the state.
Each byte of the state matrix is replaced by its multiplicative inverse, followed by
an affine mapping. Thus the input byte
x
is related to the output
y
of the S-Box
by the relation,
y
Ax
−
1
B
, where A and B are constant matrices. In the
remainder of this paper we will refer to the function
S
as the SubBytes function
and to
S
−
1
as the inverse of the SubBytes function.
=
+
•
The
ShiftRows
function is a byte-wise permutation of the state.
•
The
KeySchedule
function generates the next round key from the previous
one. The first round key is the input key with no changes; subsequent round keys
are generated using the
SubBytes
function and XOR operations. Algorithm 1.3
shows how the
r
th round key is computed from the
(
r
−
1
)
th round key. The value
h
r
is a constant defined for the
r
th round, and
<<
is used to denote a bit-wise left
shift.
•
The
MixColumns
function is a bricklayer permutation operating on the state
column by column. Each column of the state matrix is considered as a vector
where each element belongs to
2
8
F
(
)
.A4
×
4matrix