Cryptography Reference
In-Depth Information
Fig. 4.1
Global structure of
M
AES
K
0
K
1
Round
K
r
−
1
Round
K
r
Last round
C
Fig. 4.2
Representation of
S
0
S
4
S
8
S
12
S
1
S
5
S
9
S
13
S
2
S
6
S
10
S
14
S
3
S
7
S
11
S
15
the state
Table 4.1
Number of rounds
of AES depending on the key
length
Key length (in bits)
Number of rounds
r
AES-128
128
10
AES-192
192
12
AES-256
256
14
columns. Such a State
S
=
(
S
0
,...,
S
15
)
is represented by the array depicted in
Fig.
4.2
.
The AES is composed of
r
rounds (cf. Fig.
4.1
),
r
depending on the key length,
as shown in Table
4.1
.
Each round is composed of four transformations:
1.
SubBytes
(SB), which is a non-linear substitution function (i.e. an S-Box) and
applies independently to each byte of the State.
2.
ShiftRows
(SR), which performs a rotation on the last three rows of the State
array. The second row is rotated on position to the left, the third (or fourth) row
is rotated two (or three) positions to the left.
3.
MixColumns
(MC), in which the state array columns are considered as polyno-
mials with coefficients in
x
3
F
2
8
and multiplied with the polynomial
{
03
}·
+
x
2
modulo
x
4
{
01
}·
+{
01
}·
x
+{
02
}
+
1.
