Cryptography Reference
In-Depth Information
out
0
,
out
1
,...,
out
15
,
then we may generically represent state flow with the initial state, an intermediate
state, and the final state, which is the ciphertext block, as follows:
in
0
in
4
in
8
in
12
in
1
in
5
in
9
in
13
in
2
in
6
in
10
in
14
in
3
in
7
in
11
in
15
b
0
,
0
b
0
,
1
b
0
,
2
b
0
,
3
b
1
,
0
b
1
,
1
b
1
,
2
b
1
,
3
b
2
,
0
b
2
,
1
b
2
,
2
b
2
,
3
b
3
,
0
b
3
,
1
b
3
,
2
b
3
,
3
out
0
out
4
out
8
out
12
out
1
out
5
out
9
out
13
out
2
out
6
out
10
out
14
out
3
out
7
out
11
out
15
...
...
Similarly, the key is initialized in a two-dimensional array of bytes of size
4xNk
,
where
Nk
is the result of dividing the key length by 32. For example, a 192-bit key
whose sequence of bytes is
k
0
,
k
1
,...,
k
23
,
is initialized as an array of the form:
k
0
k
4
k
8
k
12
k
16
k
20
k
1
k
5
k
9
k
13
k
17
k
21
k
2
k
6
k
10
k
14
k
18
k
22
k
3
k
7
k
11
k
15
k
19
k
23
The number of AES rounds
Nr
, which depends on the key size, is given by the
following table:
Nk Nr
AES
−
128 4 10
AES
−
192 6 12
256 8 14
The key is expanded bymeans of the function
KeyExpansion
(described below)
which takes the key as input and produces an
expanded key
consisting of a sequence
of
round keys
K[0]
,
K[1]
,
AES
−
,
K[Nr]
each of which is a two-dimensional byte
array of size
4x4
. For this, the initial array of size
4xNk
containing the key is
expanded recursively to a two-dimensional array of bytes of size
4x4(Nr+1)
,by
adding columns each of which consists of a 4-byte word. Then
K[0]
consists of the
first four columns of this array,
K[1]
is given by the next four columns and so on,
until
K[Nr]
which is made up of the last four columns.
There are four basic AES
operations
or
transformations
that are repeated in each
round—with the exception of the last round in which one of these operations is
omitted. These operations are named
SubBytes
,
ShiftRows
,
MixColumns
,
and
AddRoundKey
. The first three of them take the state as input and produce as
output a modified state. The last one takes as input the state and a round key
K[i]
and
produces as output a modified state. The encryption process starts with an application
of
AddRoundKey
to the state and
K[0]
(thus this operation is sometimes called
...
