Content deleted Content added
Vandalism - Undid revision 1224350729 by 2600:1006:B112:6CC3:EAD1:AEF9:A9D7:3393 (talk) |
m removed redundant spaces #article-section-source-editor Tags: Mobile edit Mobile app edit iOS app edit |
||
Line 75:
## {{mono | AddRoundKey}}
=== The {{mono
{{Main|Rijndael S-box}}
[[Image:AES-SubBytes.svg|right|320px|thumbnail|In the {{mono | SubBytes}} step, each byte in the state is replaced with its entry in a fixed 8-bit lookup table, ''S''; ''b<sub>ij</sub>'' = ''S(a<sub>ij</sub>)''.]]
Line 81:
While performing the decryption, the {{mono | InvSubBytes}} step (the inverse of {{mono | SubBytes}}) is used, which requires first taking the inverse of the affine transformation and then finding the multiplicative inverse.
=== The {{mono
[[Image:AES-ShiftRows.svg|right|320px|thumbnail|In the {{mono | ShiftRows}} step, bytes in each row of the state are shifted cyclically to the left. The number of places each byte is shifted differs incrementally for each row.]]
The {{mono | ShiftRows}} step operates on the rows of the state; it cyclically shifts the bytes in each row by a certain [[Offset (computer science)|offset]]. For AES, the first row is left unchanged. Each byte of the second row is shifted one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three respectively.<ref group="note">Rijndael variants with a larger block size have slightly different offsets. For blocks of sizes 128 bits and 192 bits, the shifting pattern is the same. Row <math>n</math> is shifted left circular by <math>n-1</math> bytes. For a 256-bit block, the first row is unchanged and the shifting for the second, third and fourth row is 1 byte, 3 bytes and 4 bytes respectively—this change only applies for the Rijndael cipher when used with a 256-bit block, as AES does not use 256-bit blocks.</ref> In this way, each column of the output state of the {{mono | ShiftRows}} step is composed of bytes from each column of the input state. The importance of this step is to avoid the columns being encrypted independently, in which case AES would degenerate into four independent block ciphers.
=== The {{mono
{{main|Rijndael MixColumns}}
[[Image:AES-MixColumns.svg|right|320px|thumbnail|In the {{mono | MixColumns}} step, each column of the state is multiplied with a fixed polynomial <math>c(x)</math>.]]
Line 110:
In more general sense, each column is treated as a polynomial over <math>\operatorname{GF}(2^8)</math> and is then multiplied modulo <math>{01}_{16} \cdot z^4+{01}_{16}</math> with a fixed polynomial <math>c(z) = {03}_{16} \cdot z^3 + {01}_{16} \cdot z^2 +{01}_{16} \cdot z + {02}_{16}</math>. The coefficients are displayed in their [[hexadecimal]] equivalent of the binary representation of bit polynomials from <math>\operatorname{GF}(2)[x]</math>. The {{mono | MixColumns}} step can also be viewed as a multiplication by the shown particular [[MDS matrix]] in the [[finite field]] <math>\operatorname{GF}(2^8)</math>. This process is described further in the article [[Rijndael MixColumns]].
=== The {{mono
[[Image:AES-AddRoundKey.svg|right|320px|thumbnail|In the {{mono | AddRoundKey}} step, each byte of the state is combined with a byte of the round subkey using the [[Exclusive or|XOR]] operation (⊕).]]
In the {{mono | AddRoundKey}} step, the subkey is combined with the state. For each round, a subkey is derived from the main [[key (cryptography)|key]] using [[Rijndael key schedule|Rijndael's key schedule]]; each subkey is the same size as the state. The subkey is added by combining of the state with the corresponding byte of the subkey using bitwise [[Exclusive or|XOR]].
| |||