Each round consists of several processing steps

• Test Prep
• avvi1975
• 30
• 50% (2) 1 out of 2 people found this document helpful

This preview shows page 7 - 10 out of 30 pages.

Each round consists of several processing steps, including one that depends on the encryptionkey itself. A set of reverse rounds are applied to transform ciphertext back into the originalplaintext using the same encryption key.High-level description of the algorithm1.KeyExpansionround keys are derived from the cipher key using Rijndael's keyschedule.2.Initial Round1.AddRoundKeyeach byte of the state is combined with the round keyusing bitwise xor.3.Rounds1.SubBytesa non-linear substitution step where each byte is replaced withanother according to a lookup table.2.ShiftRowsa transposition step where each row of the state is shiftedcyclically a certain number of steps.3.MixColumnsa mixing operation which operates on the columns of thestate, combining the four bytes in each column.4.AddRoundKey4.Final Round (no MixColumns)1.SubBytes2.ShiftRows3.AddRoundKeyThe Sub-Bytes step:-In the SubBytes step, each byte in thestatematrix is replaced with aSubByte using an 8-bit substitution box, the Rijndael S-box. This operation provides the non-linearity in the cipher. The S-box used is derived from the multiplicative inverse over GF(28),known to have good non-linearity properties. To avoid attacks based on simple algebraicproperties, the S-box is constructed by combining the inverse function with an invertible affinetransformation. The S-box is also chosen to avoid any fixed points (and so is a derangement),and also any opposite fixed points.
The ShiftRows step:-The ShiftRows step operates on the rows of the state; it cyclically shifts the bytes in each row bya certain offset. For AES, the first row is left unchanged. Each byte of the second row is shiftedone to the left. Similarly, the third and fourth rows are shifted by offsets of two and threerespectively. For blocks of sizes 128 bits and 192 bits, the shifting pattern is the same. Row n isshifted left circular by n-1 bytes. In this way, each column of the output state of the ShiftRowsstep is composed of bytes from each column of the input state. (Rijndael variants with a largerblock size have slightly different offsets). For a 256-bit block, the first row is unchanged and theshifting for the second, third and fourth row is 1 byte, 3 bytes and 4 bytes respectivelythischange only applies for the Rijndael cipher when used with a 256-bit block, as AES does not use256-bit blocks. The importance of this step is to make columns not linear independent If so, AESbecomes four independent block ciphers.The mixcolumn step:-In the MixColumns step, the four bytes of each column of the state are combined using aninvertible linear transformation. The MixColumns function takes four bytes as input and outputsfour bytes, where each input byte affects all four output bytes. Together with ShiftRows,MixColumns provides diffusion in the cipher.During this operation, each column is multiplied by the known matrix that for the 128-bit key is:
The multiplication operation is defined as: multiplication by 1 means no change, multiplication

Course Hero member to access this document

Course Hero member to access this document

End of preview. Want to read all 30 pages?