State State 1 2 3 in0 in4 in8 in12 1 in1 in5 in9 in13 2 in2 in6 in10 in14 3 in3

# State state 1 2 3 in0 in4 in8 in12 1 in1 in5 in9 in13

This preview shows page 41 - 48 out of 51 pages.

State State 0 1 2 3 0 in in in in 1 in in in in 2 in in in in 3 in in in in State is a 4 by 4 array of bytes, initialised (col-by-col) with the 16-byte plaintext block (see below) Final value of state is returned as ciphertext Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.42) AffineTransformation is a function that performs a matrix multiplication followed by a vector addition. See Stallings or Huth for specifics of matrix and vector used in AES. SubBytes Transformation Change each byte of State with corresponding byte from SBOX matrix: State [Row, Col] = SBOX [X, Y] where X = State[Row, Col] div 16, Y = State [Row, Col] mod 16 For example if State [3,6]= 4F we would lookup SBOX[4,F] SBOX is 16x16 byte array (indexed by hex digits 0..F, 0..F) defined as follows: SBOX [X, Y] = AffineTransformation ( {XY} -1 ) For example: if {95} -1 = 8A then SBOX[9,5] = AffineTransformation (8A) = 2A Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.43) ShiftRows Transformation Cyclically rotate LEFT last 3 ROWS of state matrix by 1, 2 and 3 bytes resp. a b c d a b c d e f g h Rotate left 1 Byte f g h e i j k l Rotate left 2 Bytes k l i j m n o p Rotate left 3 Bytes p m n o Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.44) m {02} m {03} n p q n m {02} n {03} p q p m n {02} p {03} q q {03} m n p {02} q MixColumns Transformation Multiply each column by {03}x 3 + {01}x 2 + {01}x + {02} mod (x 4 + 1) i.e. columns are word-polynomials This is equivalent to replacing the 4 bytes (m,n,p,q) in a column as follows: Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.45) 128  AddRoundKey Transformation XOR round key with state. The cipher key (either 128/192/256 bits) is “expanded” into round keys (1 for each round, plus 1 for the initial AddRoundKey transformation). Note: each Round key is, say, 128-bit treated as a 2-dim. byte array. The cipher key words occupy the start of these round key words, the remaining ones are calculated from it. See Stallings or Huth for details of the key “expansion” function used. 128  128  AES-128 128  AES-192 128  128  128  128  AES-256 128  128  128  11 round keys 13 round keys 15 round keys Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.46) decrypt (ciphertext, roundkey) state = ciphertext // note cipher is 1-dim., state 2-dim. state = AddRoundKey (state, roundkey[ROUNDS]) for round = ROUNDS-1 to 0 state = InvShiftRows (state) // ShiftRows inverse mode state = InvSubBytes (state) // SubBytes inverse mode state = AddRoundKey (state, roundkey[round]) if round > 0 then state = InvMixColumns (state) end return state // convert to 1D and return as plaintext Decrypt Block (Inverse Cipher) // simpl. Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.47) Inverse Transformations InvShiftRows Rotate Right last 3 rows of state InvSubBytes Inverse SBOX uses inverse of AffineTranformation & then takes multiplicative inverse in GF(2 8 ) InvMixColumns Multiply columns by inverse of a(x), i.e by a -1 (x) = {0B}x 3 + {0D}x 2 + {09}x + {0E} AddKeyRound Is its own inverse!  #### You've reached the end of your free preview.

Want to read all 51 pages?

• • • 