•
This first matrix of equation can be shown to be the
inverse of the first matrix in equation .
•
If we label these
A
and
A
−
1
respectively and we label
state before the mix columns operation as
S
and after as
S
′
, we can see that:
AS
=
S
′
•
Therefore
A
−
1
S
′
=
A
−
1
AS
=
S
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
46

Add Round Key Transformation
•
In this stage (known as AddRoundKey) the 128 bits of
state
are bitwise XORed with the 128 bits of the round
key.
•
The operation is viewed as a columnwise operation
between the 4 bytes of a
state
column and one word of
the round key.
•
This transformation is as simple as possible which helps
in efficiency but it also effects every bit of
state
.
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
47

•
The AES key expansion algorithm takes as input a
4-word key and produces a linear array of 44 words. Each
round uses 4 of these words as shown in figure 2.
•
Each word contains 32 bytes which means each subkey is
128 bits long. Figure 7 show pseudocode for generating
the expanded key from the actual key.
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
48

Add Round Key Transformation
Figure 7:
Key expansion pseudocode.
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
49

•
The key is copied into the first four words of the
expanded key.
•
The remainder of the expanded key is filled in four words
at a time.
•
Each added word
w
[
i
] depends on the immediately
preceding word,
w
[
i
−
1], and the word four positions
back
w
[
i
−
4].
•
In three out of four cases, a simple XOR is used.
•
For a word whose position in the
w
array is a multiple of
4, a more complex function is used.
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
50

Algorithm
KeyExpansion
(
key
)
external:
RotWord
,
SubWord
Rcon
[1]
←
01000000
Rcon
[2]
←
02000000
Rcon
[3]
←
04000000
Rcon
[4]
←
08000000
Rcon
[5]
←
10000000
Rcon
[6]
←
20000000
Rcon
[7]
←
40000000;
Rcon
[8]
←
80000000
Rcon
[9]
←
1
B
000000;
Rcon
[10]
←
36000000
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
51

for
i
←
0
to
3
do
w
[
i
]
←
(
key
[4
i
]
,key
[4
i
+ 1]
,key
[4
i
+ 2]
,key
[4
i
+ 3])
for
i
←
4
to
43
do
temp
←
w
[
i
−
1]
if
i
≡
0
(mod 4)
then
temp
←
SubWord
(
RotWord
(
temp
))
⊕
Rcon
[
i/
4]
w
[
i
]
←
w
[
i
−
4]
⊕
temp
end do
return
(
w
[0]
,w
[1]
,
···
,w
[43])
Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010)
52

•
Figure 8 illustrates the generation of the first eight words
of the expanded key using the symbol
g
to represent that
complex function.
•
The function
g
consists of the following subfunctions:
1.
RotWord
performs a one-byte circular left shift on
a word. This means that an input word [
b
0
,b
1
,b
2
,b
3
]
is transformed into [
b
1
,b
2
,b
3
,b
0
].

#### You've reached the end of your free preview.

Want to read all 80 pages?

- Summer '17
- Shivangi
- Algorithms, Cryptography, Advanced Encryption Standard, Block cipher, Sourav Mukhopadhyay