Documente Academic
Documente Profesional
Documente Cultură
Maths
Mathematics for Rijndael are done in GF(28 ), a nite eld.
0.1
Finite elds
Finite elds are elds with a nite number of elements. A eld is dened as an abelian (commutative) group that has a few axioms, such as closure, associativity, commutativity, the existence of inverses and identities under addition and multiplication, and distributivity of multiplication over addition.
0.2
Numbers are represented as polynomials of degree < 7. Each bit of the number is the corresponding coecient on the polynomial. For example, 8310 = 5316 = 010100112 = x6 + x4 + x + 1
0.3
Addition and subtraction are done (mod 2). This means that they are actually the same thing, a bitwise xor operation.
0.4
Multiplication
Multiplication is done modulo a xed irreducible polynomial, which for the Rijndael nite eld happens to be this: x8 + x4 + x3 + x + 1
Key Expansion
Rijndael has a key schedule for expanding out the 128-bit key into keys for each of the rounds. This key schedule is quite involved and doesnt really involve matrices at all, so Im skipping it.
Initial round
state: a0,3 a1,3 a2,3 a3,3
The block is a 4x4 matrix of bytes called the a0,0 a0,1 a0,2 a1,0 a1,1 a1,2 a2,0 a2,1 a2,2 a3,0 a3,1 a3,2
2.1
AddRoundKey
Rounds
For a 128-bit block and 128-bit key, there are 9 normal rounds and one nal round. Each of the 9 normal rounds consists of the following:
3.1
SubBytes
This is where the Rijndael S-box (substition box) is applied. This is usually implemented as a lookup table. For each byte (matrix entry), its inverse in GF (28 ) is found and then transformed like so: 1 0 0 0 1 1 1 1 x0 1 1 1 0 0 0 1 1 1 x1 1 1 1 1 0 0 0 1 1 x2 0 1 1 1 1 0 0 0 1 x3 0 1 1 1 1 1 0 0 0 x4 + 0 0 1 1 1 1 1 0 0 x5 1 0 0 1 1 1 1 1 0 x6 1 0 0 0 1 1 1 1 1 x7 0 (This is an ane transformation and is invertible.) The numbers in the transformation matrices are specically chosen so that the transformation has no xed points, and for resistance against linear and dierential cryptanalysis.
3.2
ShiftRows
Each row is cyclically shifted to the left. The rst row is shifted over by 0, the second by 1, the third by 2, and the fourth by 3: a0,0 a0,1 a0,2 a0,3 a1,1 a1,2 a1,3 a1,0 a2,2 a2,3 a2,0 a2,1 a3,3 a3,0 a3,1 a3,2
3.3
MixColumns
Each column is multiplied by a particular matrix like so: 2 3 1 1 a0 1 2 3 1 a1 1 1 2 3 a2 3 1 1 2 a3 (This matrix is a linear transformation and is also invertible. It also happens to have a fast computer implementation.)
3.4
AddRoundKey
Final round
The nal round is just like a normal round except MixColumns is left out. This is to make decryption more symmetrical to encryption (dont ask).
Security
SubBytes, ShiftRows and MixColumns are designed to provide diusion. This means the cipher (and each step) satises the strict avalanche criterion, the requirement that if a single input bit is changed, the probability of each output bit changing is 1/2.
Sources
In no particular order, Wikipedia articles Finite eld, Field (mathematics), Finite eld arithmetic, Advanced Encryption Standard, Rijndael S-box, and Rijndael mix columns. http://www.cs.utsa.edu/~wagner/laws/FFM.html http://www.quadibloc.com/crypto/co040401.htm