Rijndael AES

The Rijndael AES

Rijndael, the new Advance Encryption Standard (AES), was invented by Joan Deamen and Vincent Rijmen of Belgium. The name Rijndael is pronounced like “Rain Doll”.

Rijndael is a block cipher. The block size and key length can be chosen independently to be 128, 192 and 256 bits. It has 10, 12 or 14 steps called rounds, depending on the block and key lengths. It was designed to be simple, to be resistant against all known attacks and to have fast and compact code on many platforms. Each round is composes of four basic steps called layers, which operate either on eight-bit bytes or 32-bit words.

Structure of Rijndael AES:

The basic unit for processing in the AES is a byte, a sequence of eight bits treated as a single key entity. During the ciphering and deciphering process, the input, output and cipher key bit sequence are processed as bytes (eight continuous bits) in array from.

The AES algorithm’s operations are performed in a two dimensional array of bytes called the state. The array’s number of rows is always 4, so there are 32 bits per column. The number of column depends on the cipher key length. The cipher keys may have lengths of 128, 192 or 256, so the number of column is calculated as follows:

  • Cipher Key Length =128 bits,  column =128/32 = 4
  • Cipher Key Length =192 bits,  column =192/32 = 6
  • Cipher Key Length =256 bits,  column =256/32 = 8

The AES Encryption consists of the following:

  • Key Expansion
  • An initial round key addition
  • Several rounds of SubBytes, ShiftRows, MixColumns and AddRoundKey
  • Final round of SubBytes, ShiftRows and AddRoundKey

In Rijndeal algorithm, the number of standard round depends on the data block size and the cipher key length.  Because the AES algorithm currently only uses data blocks of 128 bits the number of standard rounds is 10 rounds for a 128 bit cipher key length, 12 rounds for a 192-bit cipher key length, or 14 rounds for a 256-bit cipher key length.


Rijndael Round Function:

The Standard Round Function is composed of four steps:

  1. SubBytes: Nonlinear byte substitution using a substitution table S-box, 8 X 8. The SubBytes step is the only non-linear transformation of the cipher. SubBytes is a bricklayer permutation consisting of an S-box applied to the bytes of the state.

Fig: SubBytes acts on the individual bytes of the state.

  1. ShiftRows: m bits of the State Array row are moved from the left to the right for intercolumn diffusion (linear mixing). The ShiftRows step is a byte transposition that cyclically shifts the rows of the state over different offsets. Row 0 is shifted over C0 bytes, row 1 over C1 bytes, row 2 over C2 bytes and row 3 over C3 bytes, so that the byte at position J in row moves to position (j-Ci) mod Nb. The shift offsets C0, C1, C2 and C3 depend on the value of

Fig: SubBytes acts on the individual bytes of the state.

  1. MixColumn: Every column in the State Array is transformed using a matrix multiplication for inter-byte diffusion within columns (Linear Mixing). In the last round, the column mixing is omitted.

Fig: Mix Columns

The Mix Columns transformation treats each column as a four term polynomial over GF (28) and is then multiplied modulo x4 + 1 with a fixed polynomial c(x) = 3x3 + x2 + x + 2; the inverse of this polynomial is c − 1(x) = 11x3 + 13x2 + 9x + 14.

Figure: Mix Column

  1. AddRoundKey: Subkey bytes are XORed into each byte of the array. In the AddRoundKey transformation, every entry in the state array is XORed with its corresponding entry in the cipher sub-key.

Figure: AddRoundKey Transformation.

Diagram: Rijndael Encryption and Decryption process.

AES Key Expansion:

The AES algorithm takes the cipher key, K(128, 192 or 256 bits), and performs a key expansion routine to generate a key schedule with a total number of sub-keys equal to the required number rounds.

First the cipher key is grouped into words. A word is a group of 32 bits that is treated either as a single entity or as an array of four bytes. For a 128 bit data block and cipher key, the key expansion generates 4 x (10+1)=44 words.  The cipher key becomes the first word. All other words are calculated using the following transformation:

Temp=SubWord ( RotWord (temp)) xor Rcon [i/nk])

In the case of a key length of 128, the cipher key, K, will be expanded to generate 44 words which are grouped into 11 sub-keys; k(0), K(1)…..K(10). Each sub-key has four words. K(0) is used in the first AddRoundKey, and the cipher sub-keys  K (1) to K (10) are used in each of the different rounds.

Diagram: Key Schedule of AES.

AES Decryption:


The algorithm for decryption can be found in a straightforward way by using the inverses of the steps InvSubBytes , InvShiftRows , InvMixColumns and AddRoundKey, and reversing their order.

We call the resulting algorithm the straightforward decryption algorithm. In this algorithm, not only so the steps themselves differ from those used in encryption, but also the sequence in which the steps occur is different.

For implementation reasons, it is often convenient that the only non-linear step (SubByt es) is the first step of the round transformation. This aspect has been anticipated in the design.

The structure of Rijndael is such that it is possible to define an equivalent algorithm for decryption in which the sequence of steps is equal to that for encryption, with the steps replaced by their inverses and a change in the key schedule.