Substitute Bytes Transformation The forward substitute byte transformation is

# Substitute bytes transformation the forward

• 30
• 100% (1) 1 out of 1 people found this document helpful

This preview shows page 13 - 18 out of 30 pages.

The final round of both encryption and decryption consists of only three stages. Substitute Bytes Transformation The forward substitute byte transformation is called SubBytes. It is represented by 16x16 matrix called an S-box. For each individual byte of State the value is mapped into a new byte. The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value. These row and column values serve as indexes into the S-box to select a unique 8-bit output value. For example, the hexadecimal value {95} references row 9, column 5 of the S-box, which contains the value {2A}.
14 ShiftRows Transformation
15 MixColumns Transformation The forward mix column transformation, called MixColumns, operates on each column individually. Each byte of a column is mapped into a new value that is a function of all four bytes in that column. The transformation can be defined by the following matrix The following is an example for mixcolumns Multiplication of a value by x (i.e., by {02}) can be implemented as a 1-bit left shift followed by a conditional bitwise XOR with (0001 1011) if the leftmost bit of the original value (prior to the shift) is 1. Thus, to verify the MixColumns transformation on the first column, we need to show that AddRoundKey Transformation In the forward add round key transformation, called AddRoundKey, the 128 bits of State are bitwise XORed with the 128 bits of the round key.
16 Key Expansion Algorithm The input to this algorithm is 4 word key. The output is 44 words. The key is copied to the first 4-words of the expanded key. The remainder of the expanded key is filled in four words at a time. Each added word depends on the immediately preceding wordw(i-1) and the word four positions back, w(i-4). KeyExpansion ( byte key[16], word w[44]) { word temp for (i = 0; i < 4; i++) w[i] = (key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]); for (i = 4; i < 44; i++) { temp = w[i - 1]; if (i mod 4 = 0) temp = SubWord (RotWord (temp)) Rcon[i/4]; w[i] = w[i-4] temp } }
17 DOUBLE DES The simplest form of multiple encryption has two encryption stages and two keys. Given a plaintext P and two encryption keys K1 and K2, ciphertext C is generated as C = E(K 2 , E(K 1 , P)) Drawback Meet-in-the-middle attack Given a known pair, (P, C), the attack proceeds as follows. First, encrypt P for all 256 possible values of K 1 . Store these results in a table and then sort the table by the values of X. Next, decrypt C using all 256 possible values of K 2 . As each decryption is produced, check the result against the table for a match. If a match occurs, then test the two resulting keys against a new known plaintext-ciphertext pair. If the two keys produce the correct ciphertext, accept them as