19.8 Encryption of a Block as a Complete Process

Team-Fly

19.8 Encryption of a Block as a Complete Process

Encryption with Rijndael is encapsulated in the following pseudocode according to [DaRi], Sections 4.2–4.4. The arguments are passed as pointers to fields of bytes or 4-byte words. The interpretation of the fields, variables, and functions employed is provided in Tables 19.15-19.17.

Key generation for L_k < 8:

   KeyExpansion (byte CipherKey, word ExpandedKey)   {     for (i = 0; i < Nk; i++)       ExpandedKey[i] = (CipherKey[4*i], CipherKey[4*i + 1],          CipherKey[4*i + 2], CipherKey[4*i + 3]);     for (i = Nk; i < Nb * (Nr + 1); i++)     {       temp = ExpandedKey[i − 1];       if (i % Nk == 0)          temp = ByteSub (RotByte (temp))^ Rcon[i/Nk];       ExpandedKey[i] = ExpandedKey[i − Nk] ^ temp;     }   } 

Key generation for L_k = 8:

   KeyExpansion (byte CipherKey, word ExpandedKey)   {     for (i = 0; i < Nk; i++)       ExpandedKey[i] = (CipherKey[4*i], CipherKey[4*i + 1],               CipherKey[4*i + 2], CipherKey[4*i + 3]);     for (i = Nk; i < Nb * (Nr + 1); i++)     {       temp = ExpandedKey[i − 1];       if (i % Nk == 0)          temp = ByteSub (RotByte (temp)) ^ Rcon[i/Nk];       else if (itemp = ByteSub (temp);       ExpandedKey[i] = ExpandedKey[i − Nk] ^ temp;     }   } 

Round functions:

   Round (word State, word RoundKey)   {     ByteSub (State);     ShiftRow (State);     MixColumn (State);     AddRoundKey (State, RoundKey)   }   FinalRound (word State, word RoundKey)   {     ByteSub (State);     ShiftRow (State);     AddRoundKey (State, RoundKey)   } 

Entire operation for encrypting a block:

   Rijndael (byte State, byte CipherKey)   {     KeyExpansion (CipherKey, ExpandedKey);     AddRoundKey (State, ExpandedKey);     for (i = 1; i < Nr; i++)       Round (State, ExpandedKey + Nb*i);     FinalRound (State, ExpandedKey + Nb*Nr);   } 

There exists the possibility of preparing the round key outside of the function Rijndael and to pass the key schedule ExpandedKey instead of the user key CipherKey. This is advantageous when it is necessary in the encryption of texts that are longer than a block to make several calls to Rijndael with the same user key.

   Rijndael (byte State, byte ExpandedKey)   {     AddRoundKey (State, ExpandedKey);     for (i = 1; i < Nr; i++)       Round (State, ExpandedKey + Nb*i);     FinalRound (State, ExpandedKey + Nb*Nr);   } 

Especially for 32-bit processors it is advantageous to precompute the round transformation and to store the results in tables. By replacing the permutation and matrix operations by accesses to tables, a great deal of CPU time is saved, yielding improved results for encryption, and, as we shall see, for decryption as well. With the help of four tables each of 256 4-byte words of the form

(for w = 0,..., 255, S(w) denotes, as above, the S-box replacement), the transformation of a block b = (b_0,j, b_1,j, b_2,j, b_3,j), j = 0,..., L_b − 1, can be determined quickly by the substitution

with d(i, j) := j − mod L_b (cf. ShiftRow, Table 19.14) and k_j = (k_0,j, k_1,j, k_2,j, k_3,j) as the jth column of the round key.

For the derivation of this result, see [DaRi], Section 5.2.1. In the last round the MixColumn transformation is omitted, and thus the result is determined by

Clearly, it is possible to use a table of 256 4-byte words, in which

with a left rotation r(a, b, c, d) = (b, c, d, a) by one byte. For environments with limited memory this can be a useful compromise, the price being only a slightly increased calculation time for the three rotations.

Team-Fly