Professional Documents
Culture Documents
1. Encryption
The AES algorithm’s operations are on a matrix of bytes called the State. The State has 4 rows
and 𝑁𝑏 columns.
Input bytes State array Output bytes
𝑖𝑛0 𝑖𝑛4 𝑖𝑛8 𝑖𝑛12 𝑠0,0 𝑠0,1 𝑠0,2 𝑠0,3 𝑜𝑢𝑡0 𝑜𝑢𝑡4 𝑜𝑢𝑡8 𝑜𝑢𝑡12
𝑖𝑛1 𝑖𝑛5 𝑖𝑛9 𝑖𝑛13 𝑠1,0 𝑠1,1 𝑠1,2 𝑠1,3 𝑜𝑢𝑡1 𝑜𝑢𝑡5 𝑜𝑢𝑡9 𝑜𝑢𝑡13
𝑖𝑛2 𝑖𝑛6 𝑖𝑛10 𝑖𝑛14 𝑠2,0 𝑠2,1 𝑠2,2 𝑠2,3 𝑜𝑢𝑡2 𝑜𝑢𝑡6 𝑜𝑢𝑡10 𝑜𝑢𝑡14
𝑖𝑛3 𝑖𝑛7 𝑖𝑛11 𝑖𝑛15 𝑠3,0 𝑠3,1 𝑠3,2 𝑠3,3 𝑜𝑢𝑡3 𝑜𝑢𝑡7 𝑜𝑢𝑡11 𝑜𝑢𝑡15
SubBytes
The SubBytes transformation is a non-linear byte substitution using S-box. The S-box is
constructed as the following:
- Let {𝑎0 𝑏0 } be the input byte. We compute {𝑎1 𝑏1 } which is the inverse in 𝐺𝐹(28 ):
{𝑎0 𝑏0 }−1 ≡ {𝑎1 𝑏1 } mod (𝑥 8 + 𝑥 4 + 𝑥 3 + 𝑥 + 1)
- Let 𝛼 = {𝑎1 𝑏1 } Applying the following affine transformation over 𝐺𝐹(2):
𝛽𝑖 = 𝛼𝑖 ⨁𝛼(𝑖+4) mod 8 ⨁𝛼(𝑖+5) mod 8 ⨁𝛼(𝑖+6) mod 8 ⨁𝛼(𝑖+7) mod 8 ⨁𝑐𝑖
Nhập môn mật mã - mã hóa Nguyễn Như Huân
where 𝑐 is a byte with the value {63}. To express this transformation in the matrix form:
𝛽0 1 0 0 0 1 1 1 1 𝛼0 1
𝛽1 1 1 0 0 0 1 1 1 𝛼1 1
𝛽2 1 1 1 0 0 0 1 1 𝛼 2 0
𝛽3 1 1 1 1 0 0 0 1 𝛼3 0
= ∙ 𝛼 +
𝛽4 1 1 1 1 1 0 0 0 4 0
𝛽5 0 1 1 1 1 1 0 0 𝛼5 1
𝛽6 0 0 1 1 1 1 1 0 𝛼 6 1
[𝛽7 ] [ 0 0 0 1 1 1 1 1] [𝛼7 ] [0]
{𝑥𝑦} = [𝛽7 𝛽6 𝛽5 𝛽4 𝛽3 𝛽2 𝛽1 𝛽0 ] is the output of S-box.
We have {𝑎0 𝑏0 } = [00000111] ⟶ {𝑎1 𝑏1 } ≡ {𝑎0 𝑏0 }−1 (mod 𝑚(𝑥)) = {𝑑1} = [11010001]
S-box table
Nhập môn mật mã - mã hóa Nguyễn Như Huân
ShiftRows
Now the State will be transformed by cyclically shifting row 𝑖 in 𝑖 times.
MixColumns
This treats each column of the State as a four-term polynomial. As mentioned, the AES
algorithm considers the columns as polynomials over 𝐺𝐹(28 ) and multiplied modulo 𝑥 4 + 1 with
a fixed polynomials 𝑎(𝑥) = {03}𝑥 3 + {01}𝑥 2 + {01}𝑥 + {02}.
We compute 𝑠 ′ (𝑥) = 𝑎(𝑥)⨂𝑠(𝑥)
′
𝑠0,𝑐 02 03 01 01 𝑠0,𝑐
′
𝑠1,𝑐 01 02 03 01 𝑠1,𝑐
′ =[ ] ∙ [𝑠 ] 0 ≤ 𝑐 < 𝑁𝑏
𝑠2,𝑐 01 01 02 03 2,𝑐
′ 03 01 01 02 𝑠3,𝑐
[𝑠3,𝑐 ]
AddRoundKey
In this step, the State is XOR with a Round Key. Each Round Key consists of 𝑁𝑏 4-byte words
from the Key Schedule.
′ ′ ′ ′
[𝑠0,𝑐 𝑠1,𝑐 𝑠2,𝑐 𝑠3,𝑐 ] = [𝑠0,𝑐 𝑠1,𝑐 𝑠2,𝑐 𝑠3,𝑐 ]⨁[𝑤round×𝑁𝑏+𝑐 ]
In the Encryption, the initial Round Key addition occurs when round = 0, and the
AddRoundKey transformation is applied when 1 ≤ round < 𝑁𝑟.
Nhập môn mật mã - mã hóa Nguyễn Như Huân
Illustration of AddRoundKey
2. Key Expansion
We need RoundKey to perform AddRoundKey transformation, and the Key Expansion is to
generate that Key Schedule. This routine generates a total of 𝑁𝑏. (𝑁𝑟 + 1) 4-byte words: an initial
RoundKey 𝑁𝑏 words, 𝑁𝑟 other rounds with RoundKey 𝑁𝑏 words each.
First, we get array of 𝑁𝑘 words 𝒘. We keep the value of first 𝑁𝑘 elements of 𝒘.
We generate 𝒘[𝒊] with the following pseudo codes:
SubWord is a function that takes a 4-byte word as input, applies S-box to each byte to
produce an output 4-byte word.
RotWord is a function that inputs a word [𝑎0 , 𝑎1 , 𝑎2 , 𝑎3 ], performs a permutation and outputs
the word [𝑎1 , 𝑎2 , 𝑎3 , 𝑎0 ].
Rcon is an array of round constant word. Rcon[i] = [{02}𝑖−1 , {00}, {00}, {00}] over 𝐺𝐹(28 ).
Nhập môn mật mã - mã hóa Nguyễn Như Huân
SubBytes(state);
ShiftRows(state);
AddRoundKey(state, w[(Nr*Nb)..(Nr*Nb + Nb-1)]);
output = state;
}
3. Decryption
InvShiftRows
This is so simple, just cyclically shifting in the reverse direction.
Nhập môn mật mã - mã hóa Nguyễn Như Huân
Illustration of InvShiftRows
InvSubBytes
This is also simple, because S-box is constructed on reverse-ability transformation and
operation. We have the S-box table to look up, then we can use it to create an Inverse S-box.
InvMixColumns
Because of the special fixed polynomial 𝑎(𝑥), the matrix is reverse.
𝑎−1 (𝑥) = {0𝑏}𝑥 3 + {0𝑑}𝑥 2 + {09}𝑥 + {0𝑒}.
We compute 𝑠 ′ (𝑥) = 𝑎−1 (𝑥)⨂𝑠(𝑥)
Nhập môn mật mã - mã hóa Nguyễn Như Huân
′
𝑠0,𝑐 0𝑒 0𝑏 0𝑑 09 𝑠0,𝑐
′
𝑠1,𝑐 09 0𝑒 0𝑏 0𝑑 𝑠1,𝑐
′ =[ ] ∙ [𝑠 ] 0 ≤ 𝑐 < 𝑁𝑏
𝑠2,𝑐 0𝑑 09 0𝑒 0𝑏 2,𝑐
′ 0𝑏 0𝑑 09 0𝑒 𝑠3,𝑐
[𝑠3,𝑐 ]
AddRoundKey
Because there is only XOR operation, and 𝒘 can be generated the same by Key Expansion
algorithm, AddRoundKey is also InvAddRoundKey transformation.
REFERENCE:
[1] Announcing the Advanced Encryption Standard (AES)