Cryptography Tutorials - Herong's Tutorial Examples - v5.40, by Dr. Herong Yang
AES Equivalent Decryption Algorithm
The equivalent decryption algorithm of the AES-128 encryption is provided. It follows the same sequence of applying transformation procedures as the encryption algorithm, but uses modified round keys.
The second type of AES decryption algorithms is called "Equivalent Inverse Cipher" in the FIPS publication, "Announcing the ADVANCED ENCRYPTION STANDARD (AES)" at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf in 2001.
The difference of equivalent decryption algorithms and standard decryption algorithms can be summarized as:
Here is the equivalent decryption algorithm for a single block of 128-bit ciphertext with a 128-bit cipher key:
Input: C: 128 bits of ciphertext K: 128 bits cipher key InvS: Inverse substitution box of 16x16 byte values InvKeyExpansion(): Inverse procedure to expand cipher key AddRoundKey(): Add round key procedure InvShiftRows(): Inverse shift rows procedure InvSubBytes(): Inverse substitution of bytes procedure InvMixColumns(): Inverse mix columns procedure Output: T: 128 bits of plaintext Algorithm: InvKeyExpansion(K,ik) # expanding K to 11 round keys: state = C # copying ciphertext to state AddRoundKey(State, ik) # adding last round key for i = 9 to 1 # loop to repeat 9 rounds backward InvSubBytes(state) # performing reverse substitution InvShiftRows(state) # performing reverse byte shifting InvMixColumns(state) # reversely mixing columns in state AddRoundKey(state, ik[i]) # adding next round key end for # end of loop InvSubBytes(state) # performing reverse substitution InvShiftRows(state) # performing reverse byte shifting AddRoundKey(state, ik) # adding first round key T = state # copying state to plaintext
All procedures used in this equivalent decryption algorithm are identical to the standard decryption algorithm except for the InvKeyExpansion() procedure. Comparing with the KeyExpansion procedure, the InvKeyExpansion() procedure only has 1 extra step at the end as shown below:
Procedure Name: InvKeyExpansion(K,ik) Input: K: 128 bits cipher key Rcon: Round constant array SubWord(): Word substitution procedure RotWord(): Word rotation procedure Output: ik: 11 round keys as 4x4 byte arrays Algorithm: w[4*11] # a word array holding 11 round keys w[0..3] = K # setting cipher key as the first round key for i = 4 to 43 # computing words of other round keys temp = w[i-1] # copying previous word to a temp variable if (i mod 4 = 0) temp = SubWord(RotWord(temp)) temp = temp XOR Rcon[i/4] end if w[i] = w[i-4] XOR temp end for for i = 0 to 10 # building 11 round keys as 4x4 byte arrays ik[i] = w[4*i..4*i+3] end for for r = 1 to 9 # extra step for the inverse round keys InvMixColumns(ik[r]) end for
Table of Contents