The AES algorithm generates block
ciphers. The AES block size is 16 bytes. The AES keys can be coded on 128, 192, or
256 bits. The larger key sizes provide a higher level of security, but at the cost
of a moderate decrease in throughput.
For the AES algorithm:
- The length of the input and
output blocks is 128 bits. The block length is represented by Nb = 4, which
reflects the number of 32-bit words.
- The length of the cipher key
(K) is 128, 192, or 256 bits. The key length is represented by Nk = 4, 6, or
8, which reflects the number of 32-bit words in the cipher key.
- The number of rounds to be
performed during the execution of the algorithm depends on the key size. The
number of rounds is represented by Nr, where Nr = 10 when Nk = 4 (128-bit
key); Nr = 12 when Nk = 6 (192-bit key); and Nr = 14 when Nk = 8 (256-bit
key).
Table 31-2 lists the combinations of keys, blocks, and rounds.
Table 31-2 Key-Block-Round
Combinations
Key |
Key Length (Nk) |
Block Size (Nb) |
Number of Rounds (Nr) |
128 bits |
4 |
4 |
10 |
192 bits |
6 |
4 |
12 |
256 bits |
8 |
4 |
14 |
The AES algorithm for cipher and
inverse cipher uses a round function composed of four different byte-oriented
transformations:
- Byte substitution using a
substitution table (S-Box): This transformation is a nonlinear byte
substitution that operates independently on each byte of the state (the
state is an intermediate processed block of 128 bits inside the AES; the
state is arranged as an array of [4 × Nk] bytes) using an S-Box. This S-Box
transformation is reversible.
- Shifting rows of the state
array by different offsets: In this transformation, the bytes in the last
three rows of the state are cyclically shifted over different numbers of
bytes (offsets). The first row ® = 0) is not shifted.
- Mixing the data within each
column of the state array: This transformation operates on the state
column-by-column, treating each column as a 4-term polynomial. The columns
are considered polynomials over GF(28) and multiplied modulo
x4 + 1 with a fixed polynomial a(x).
- Adding a round key to the
state: In this transformation, a round key is added to the state by a simple
bitwise XOR operation. Each round key consists of Nb words from the key
schedule.
The AES algorithm takes the cipher key
(K) and performs a key expansion routine to generate a key schedule. The key
expansion generates a total of Nb × (Nr + 1) words: The algorithm requires an
initial set of Nb words, and each Nr round requires Nb words of key data. The
resulting key schedule consists of a linear array of 4-byte words, denoted
[wI], with I in the range 0 ≤ I ≤ Nb × (Nr + 1).