By Adam Taylor

Previously, I introduced the four steps required to perform AES encryption. Each step is applied to what is called the state. Quite simply, the AES state starts out as the 16 bytes we wish to encrypt. Each new step updates the state. Before processing the state, we need to correctly format the input byte string into the initial state—a 4x4 matrix:

With the initial 16 bytes rearranged into the initial state as a 4x4 grid, we can now discuss how each step manipulates its input state.

Add Round Key: This is the only step that uses the encryption key. The AES encryption algorithm can use different key sizes of 128, 196, or 256 bits—which means the encryption algorithm requires a different number of rounds depending on key size. The encryption key must undergo key expansion to ensure that the bytes in the key are not reused during each round prior to use. Unsurprisingly, the expanded key length is different for each key size. The expanded key size will be:

Expanded Key Size (Bytes) = 16 * (Rounds +1)

The operation within this step is very simple. The input state bytes are exclusive ORed with 16 bytes of the expanded key. Each round uses a different section of the expanded key. Round 0 used bytes 0 to 15; round 1 uses bytes 16 to 31; and so on. For each round, byte one of the state is exclusive ORed with the least significant byte of the expanded key; byte two is exclusive ORed with least significant byte + 1; and so on.

Byte Substitution: A substitution box is used within this step to swap out state values with another value. The values within the substitution box are predefined and have been designed to have low correlation between input bits and output bits. The substitution box is a 16x16 matrix. We use the upper and lower nibbles of the byte being substituted to index into the substitution table. For example, using the S Box Encryption below, if the first initial state byte is 0x69, the substitution value 0xF9 will replace it. The upper nibble of the state byte selects the row and the lower nibble selects the column in the substitution box. Note that there are separate and different substitution boxes for encryption and decryption.

S Box for Encryption

S Box for Decryption

Shift Row: This step rearranges the input state matrix by performing a circular byte shift for each row. Each row is rotated right by a different factor. Row 1 is left unchanged, Row 2 is rotated by 1 byte; Row 3 by 2 bytes; and finally row 3 by 4 bytes. When we decrypt, we perform the same operation but we rotate left instead of right.

Mix Column: This is the most complicated step within a round. It requires 16 multiplications and 12 exclusive OR operations. These operations are performed column by column on the input state matrix, which is multiplied against a fixed matrix to create a new state column. Each entry in the column is multiplied by a row in the matrix. The results of each multiplication are XOR together to form the new state value. The first column and row to be multiplied are shown in yellow below.

Here are the Mix Column equations for the first column:

B1’ = (B1 * 2) XOR (B2 * 3) XOR (B3 * 1) XOR (B4 * 1)

B2’ = (B1 * 1) XOR (B2 * 2) XOR (B3 * 3) XOR (B4 * 1)

B3’ = (B1 * 1) XOR (B2 * 1) XOR (B3 * 2) XOR (B4 * 3)

B4’ = (B1 * 3) XOR (B2 * 1) XOR (B3 * 1) XOR (B4 * 2)

This process is then repeated against the same multiplication matrix for the next column in the input state until all of the input state columns have been addressed.

When it comes to decryption we perform the same operation however the constant multiplication matrix becomes.

Having explained these steps in detail, my next blog will explain the order in which these steps are to be conducted and how we perform key expansion.





Now, you can have convenient, low-cost Kindle access to the first year of Adam Taylor’s MicroZed Chronicles for a mere $7.50. Click here.

Please see the previous entries in this MicroZed Chronicles series by Adam Taylor:

Adam Taylor’s MicroZed Chronicles Part 94: SDSoC In depth Example Part 1

Adam Taylor’s MicroZed Chronicles Part 93: SDSoC Debugging with Linux Part 9

Adam Taylor’s MicroZed Chronicles Part 92: SDSoC Verification & Build Issues Part 8

Adam Taylor’s MicroZed Chronicles Part 91: More on High-Level Synthesis and SDSoC, Part 7

Adam Taylor’s MicroZed Chronicles Part 90: Introduction to High-Level Synthesis and SDSoC, Part 6

Adam Taylor’s MicroZed Chronicles Part 89: SDSoC Optimization, Part 5

Adam Taylor’s MicroZed Chronicles Part 88: SDSoC Part 4—a look under the hood

Adam Taylor’s MicroZed Chronicles Part 87: Getting SDSoC up and running Part 3

Adam Taylor’s MicroZed Chronicles Part 86: Getting SDSoC up and running

Adam Taylor’s MicroZed Chronicles Part 85: SDSoC—the first instalment

Adam Taylor’s MicroZed(ish) Chronicles Part 84: Simple Communication Interfaces Part 4

Adam Taylor’s MicroZed(ish) Chronicles Part 83: Simple Communication Interfaces Part 3

Adam Taylor’s MicroZed(ish) Chronicles Part 82: Simple Communication Interfaces Part 2

Adam Taylor’s MicroZed(ish) Chronicles Part 81: Simple Communication Interfaces

Adam Taylor’s MicroZed Chronicles Part 80: LWIP Stack Configuration

Adam Taylor’s MicroZed Chronicles Chronicles Part 79: Zynq SoC Ethernet Part III

Adam Taylor’s MicroZed Chronicles Chronicles Part 78: Zynq SoC Ethernet Part II

Adam Taylor’s MicroZed Chronicles Microzed Chronicles Part 77 – Introducing the Zynq SoC’s Ethernet

Adam Taylor’s MicroZed Chronicles Part 76: Constraints for Relatively Placed Macros

Adam Taylor’s MicroZed Chronicles, Part 75: Placement Constraints – Pblocks

Adam Taylor’s MicroZed Chronicles, Part 73: Physical Constraints

Adam Taylor’s MicroZed Chronicles, Part 73: Working with other Zynq-Based Boards

Adam Taylor’s MicroZed Chronicles, Part 72: Multi-cycle Constraints

Adam Taylor’s MicroZed Chronicles, Part 70: Constraints—Clock Relationships and Avoiding Metastability

Adam Taylor’s MicroZed Chronicles, Part 70: Constraints—Introduction to timing and defining a clock

Adam Taylor’s MicroZed Chronicles Part 69: Zynq SoC Constraints Overview

Adam Taylor’s MicroZed Chronicles Part 68: AXI DMA Part 3, the Software

Adam Taylor’s MicroZed Chronicles Part 67: AXI DMA II

Adam Taylor’s MicroZed Chronicles Part 66: AXI DMA

Adam Taylor’s MicroZed Chronicles Part 65: Profiling Zynq Applications II

Adam Taylor’s MicroZed Chronicles Part 64: Profiling Zynq Applications

Adam Taylor’s MicroZed Chronicles Part 63: Debugging Zynq Applications

Adam Taylor’s MicroZed Chronicles Part 62: Answers to a question on the Zynq XADC

Adam Taylor’s MicroZed Chronicles Part 61: PicoBlaze Part Six

Adam Taylor’s MicroZed Chronicles Part 60: The Zynq and the PicoBlaze Part 5—controlling a CCD

Adam Taylor’s MicroZed Chronicles Part 59: The Zynq and the PicoBlaze Part 4

Adam Taylor’s MicroZed Chronicles Part 58: The Zynq and the PicoBlaze Part 3

Adam Taylor’s MicroZed Chronicles Part 57: The Zynq and the PicoBlaze Part Two

Adam Taylor’s MicroZed Chronicles Part 56: The Zynq and the PicoBlaze

Adam Taylor’s MicroZed Chronicles Part 55: Linux on the Zynq SoC

Adam Taylor’s MicroZed Chronicles Part 54: Peta Linux SDK for the Zynq SoC

Adam Taylor’s MicroZed Chronicles Part 53: Linux and SMP

Adam Taylor’s MicroZed Chronicles Part 52: One year and 151,000 views later. Big, Big Bonus PDF!

Adam Taylor’s MicroZed Chronicles Part 51: Interrupts and AMP

Adam Taylor’s MicroZed Chronicles Part 50: AMP and the Zynq SoC’s OCM (On-Chip Memory)

Adam Taylor’s MicroZed Chronicles Part 49: Using the Zynq SoC’s On-Chip Memory for AMP Communications

Adam Taylor’s MicroZed Chronicles Part 48: Bare-Metal AMP (Asymmetric Multiprocessing)

Adam Taylor’s MicroZed Chronicles Part 47: AMP—Asymmetric Multiprocessing on the Zynq SoC

Adam Taylor’s MicroZed Chronicles Part 46: Using both of the Zynq SoC’s ARM Cortex-A9 Cores

Adam Taylor’s MicroZed Chronicles Part 44: MicroZed Operating Systems—FreeRTOS

Adam Taylor’s MicroZed Chronicles Part 43: XADC Alarms and Interrupts

Adam Taylor’s MicroZed Chronicles MicroZed Part 42: MicroZed Operating Systems Part 4

Adam Taylor’s MicroZed Chronicles MicroZed Part 41: MicroZed Operating Systems Part 3

Adam Taylor’s MicroZed Chronicles MicroZed Part 40: MicroZed Operating Systems Part Two

Adam Taylor’s MicroZed Chronicles MicroZed Part 39: MicroZed Operating Systems Part One

Adam Taylor’s MicroZed Chronicles MicroZed Part 38 – Answering a question on Interrupts

Adam Taylor’s MicroZed Chronicles Part 37: Driving Adafruit RGB NeoPixel LED arrays with MicroZed Part 8

Adam Taylor’s MicroZed Chronicles Part 36: Driving Adafruit RGB NeoPixel LED arrays with MicroZed Part 7

Adam Taylor’s MicroZed Chronicles Part 35: Driving Adafruit RGB NeoPixel LED arrays with MicroZed Part 6

Adam Taylor’s MicroZed Chronicles Part 34: Driving Adafruit RGB NeoPixel LED arrays with MicroZed Part 5

Adam Taylor’s MicroZed Chronicles Part 33: Driving Adafruit RGB NeoPixel LED arrays with the Zynq SoC

Adam Taylor’s MicroZed Chronicles Part 32: Driving Adafruit RGB NeoPixel LED arrays

Adam Taylor’s MicroZed Chronicles Part 31: Systems of Modules, Driving RGB NeoPixel LED arrays

Adam Taylor’s MicroZed Chronicles Part 30: The MicroZed I/O Carrier Card

Zynq DMA Part Two – Adam Taylor’s MicroZed Chronicles Part 29

The Zynq PS/PL, Part Eight: Zynq DMA – Adam Taylor’s MicroZed Chronicles Part 28

The Zynq PS/PL, Part Seven: Adam Taylor’s MicroZed Chronicles Part 27

The Zynq PS/PL, Part Six: Adam Taylor’s MicroZed Chronicles Part 26

The Zynq PS/PL, Part Five: Adam Taylor’s MicroZed Chronicles Part 25

The Zynq PS/PL, Part Four: Adam Taylor’s MicroZed Chronicles Part 24

The Zynq PS/PL, Part Three: Adam Taylor’s MicroZed Chronicles Part 23

The Zynq PS/PL, Part Two: Adam Taylor’s MicroZed Chronicles Part 22

The Zynq PS/PL, Part One: Adam Taylor’s MicroZed Chronicles Part 21

Introduction to the Zynq Triple Timer Counter Part Four: Adam Taylor’s MicroZed Chronicles Part 20

Introduction to the Zynq Triple Timer Counter Part Three: Adam Taylor’s MicroZed Chronicles Part 19

Introduction to the Zynq Triple Timer Counter Part Two: Adam Taylor’s MicroZed Chronicles Part 18

Introduction to the Zynq Triple Timer Counter Part One: Adam Taylor’s MicroZed Chronicles Part 17

The Zynq SoC’s Private Watchdog: Adam Taylor’s MicroZed Chronicles Part 16

Implementing the Zynq SoC’s Private Timer: Adam Taylor’s MicroZed Chronicles Part 15

MicroZed Timers, Clocks and Watchdogs: Adam Taylor’s MicroZed Chronicles Part 14

More About MicroZed Interrupts: Adam Taylor’s MicroZed Chronicles Part 13

MicroZed Interrupts: Adam Taylor’s MicroZed Chronicles Part 12

Using the MicroZed Button for Input: Adam Taylor’s MicroZed Chronicles Part 11

Driving the Zynq SoC's GPIO: Adam Taylor’s MicroZed Chronicles Part 10

Meet the Zynq MIO: Adam Taylor’s MicroZed Chronicles Part 9

MicroZed XADC Software: Adam Taylor’s MicroZed Chronicles Part 8

Getting the XADC Running on the MicroZed: Adam Taylor’s MicroZed Chronicles Part 7

A Boot Loader for MicroZed. Adam Taylor’s MicroZed Chronicles, Part 6

Figuring out the MicroZed Boot Loader – Adam Taylor’s MicroZed Chronicles, Part 5

Running your programs on the MicroZed – Adam Taylor’s MicroZed Chronicles, Part 4

Zynq and MicroZed say “Hello World”-- Adam Taylor’s MicroZed Chronicles, Part 3

Adam Taylor’s MicroZed Chronicles: Setting the SW Scene

Bringing up the Avnet MicroZed with Vivado