Algorithm%20Scheme

1
Algorithm Scheme
2
AddRoundKey

• Each round uses four different words from the
  expanded key array.
• Each column in the state matrix is XORed with a
  different word.
• The heart of the encryption. All other functions
  properties are permanent and known to all.

3
AddRoundKey, Scheme
4
InvAddRoundKey

• (A XOR B) XOR B A
• InvAddRoundKey is AddRoundKey itself
• Key is used in reverse order in decryption

5
Mathematical Review

• Performing arithmetic operations on bytes
  need to work in a finite field and treat each
  byte as an element.
• GF(28) - Finite field containing 256 elements.
• Each element is a polynomial of degree 7 over Z2,
  hence an element is defined by 8 binary values
  a byte.
• Order is such that MSB is the highest degrees
  coefficient.
• Addition polynomial addition, over Z2. May be
  implemented using XOR.
• Multiplication polynomial multiplication , over
  Z2, modulo irreducible polynomial
  
• X8 X4 X3
  X 1
• May be implemented using repeat use of left
  shift and XOR.

6
SubBytes

• Each byte is considered an element in GF(28)
• A 16 X 16 table, called S-Box, contains all
  possible 256 elements.
• Bytes four leftmost bits are used as a row
  index, and rightmost ones as a column index.
• Together, the S-Box and above mapping define a 1
  to 1 function f GF(28) GF(28)
• Each byte B in the state matrix is substituted
  with f(B)

7
SubBytes, Scheme
8
S-Box
9
SubBytes, S-Box contents

• Computing S-Box cells is done in three stages
• 1) The cells are numbered in ascending order,
  row by row.
• 2) Each cells number is substituted with
  its multiplicative inverse over GF(28).
• 3) The cells bits go through the following
  transformation
• bi b(i4)mod8 b(i5)mod8
  b(i6)mod8 b(i7)mod8 ci
• bi new bit value, ci the Ith bit
  of 11000110.

10
SubBytes, S-Box computation
11
SubBytes, cryptographic properties

• S-Box design makes it resistant to cryptanalitic
  attacks.
• No fixed points S(a)a , no opposite fixed
  points S(a) a complement.
• Not self invertible S(a) InvS(a)

12
InvSubBytes

• Same routine as SubBytes, but uses the inverse
  S-Box.
• Inverse S-box is computed by applying the inverse
  affine transformation and then substituting with
  the multiplicative inverse, of the cells value
  in the S-Box.
• The Inverse transformation
• bi b(i2)mod8 b(i5)mod8
  b(i7)mod8 di
• bi new bit value, di the Ith bit of
  00000101.

13
InvS-Box
14
InvSubBytes, S-Box computation
15
ShiftRows

• Rows 2-4 in the state matrix are left shifted by
  different offsets of 1-3 bytes respectively.
• Strong diffusion effect. Separation of each four,
  originally consecutive, bytes.

16
InvShiftRows

• Like ShiftRows, only instead of left shift right
  shift is performed.

17
MixColumn

• A transformation which operates on individual
  columns 32 bits/4 bytes.
• Each column is treated as a 3 degree polynomial
  over GF(28).
• Multiplied by the fixed polynomial
• a(x)03x301x201x02
• modulo x41
• a(x) was chosen so the multiplication/transformati
  on is invertible. Generally, multiplication in
  the above group
• modulo X41 doesnt provide inverse for
  each element.
• coefficients multiplication is the GF(28)
  multiplication mentioned earlier.

18
MixColumn, Scheme
19
MixColumn
20
MixColumn, cryptographic properties

• The transformation is a linear code with a
  maximal distance between code words.
• Combined with ShiftRows, after several rounds all
  output bits depend on all input bits.

21
InvMixColumn

• Same routine as MixColumn, only instead of a(x)
  the inverse of a(x) is used
• a-1(x)0bx30dx209x0e

22
InvMixColumn