© Heidi Brebels 2023
This is a very practical example of Simplified AES encryption.
S-AES is 2x2 in stead of 4x4 (AES). That'll be good to remember.
XOR has the following rules:
0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0
S-AES will contain the following to go from plaintext to ciphertext:
We will also need the S-box and the multiplication table of GF(16) (Galois Field) built with x4 (to the power 4) + x + 1.
The S-box is needed in Key expansion and Substitute bytes.
The multiplication table of GF(16) is needed for Key expansion and Mix columns.
S-box
|
|
00 |
01 |
10 |
11 |
|
00 |
9 |
4 |
A |
B |
|
01 |
D |
1 |
8 |
5 |
|
10 |
6 |
2 |
0 |
3 |
|
11 |
C |
E |
F |
7 |
Multiplication table of GF(16)
|
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
A |
B |
C |
D |
E |
F |
|
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
|
1 |
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
A |
B |
C |
D |
E |
F |
|
2 |
0 |
2 |
4 |
6 |
8 |
A |
C |
E |
3 |
1 |
7 |
5 |
B |
9 |
F |
D |
|
3 |
0 |
3 |
6 |
5 |
C |
F |
A |
9 |
B |
8 |
D |
E |
7 |
4 |
1 |
2 |
|
4 |
0 |
4 |
8 |
C |
3 |
7 |
B |
F |
6 |
2 |
E |
A |
5 |
1 |
D |
9 |
|
5 |
0 |
5 |
A |
F |
7 |
2 |
D |
8 |
E |
B |
4 |
1 |
9 |
C |
3 |
6 |
|
6 |
0 |
6 |
C |
A |
B |
D |
7 |
1 |
5 |
3 |
9 |
F |
E |
8 |
2 |
4 |
|
7 |
0 |
7 |
E |
9 |
F |
8 |
1 |
6 |
D |
A |
3 |
4 |
2 |
5 |
C |
B |
|
8 |
0 |
8 |
3 |
B |
6 |
E |
5 |
D |
C |
4 |
F |
7 |
A |
2 |
9 |
1 |
|
9 |
0 |
9 |
1 |
8 |
2 |
B |
3 |
A |
4 |
D |
5 |
C |
6 |
F |
7 |
E |
|
A |
0 |
A |
7 |
D |
E |
4 |
9 |
3 |
F |
5 |
8 |
2 |
1 |
B |
6 |
C |
|
B |
0 |
B |
5 |
E |
A |
1 |
F |
4 |
7 |
C |
2 |
9 |
D |
6 |
8 |
3 |
|
C |
0 |
C |
B |
7 |
5 |
9 |
E |
2 |
A |
6 |
1 |
D |
F |
3 |
4 |
8 |
|
D |
0 |
D |
9 |
4 |
1 |
C |
8 |
5 |
2 |
F |
B |
6 |
3 |
E |
A |
7 |
|
E |
0 |
E |
F |
1 |
D |
3 |
2 |
C |
9 |
7 |
6 |
8 |
4 |
A |
B |
5 |
|
F |
0 |
F |
D |
2 |
9 |
6 |
4 |
B |
1 |
E |
C |
3 |
8 |
7 |
5 |
A |
Now, let's start:
Plaintext = ok = 0110 1111 0110 1011
Key = 1010 0111 0011 1011
1) We have 3 times "Add round key" => we need 3 Keys, K0, K1 and K2, one for each time. We will obtain those keys with Key expansion.
K0 = w0 w1
K1 = w2 w3
K2 = w4 w5
K0 = w0 w1
w0 = first byte (8 bits) of the key = 1010 0111
w1 = second byte (8 bits) of the key = 0011 1011
=> K0 = w0 w1 = 1010 0111 0011 1011
K1 = w2 w3
w2 = w0 XOR RoundConstantj XOR S-box(Rotation(w1))
w2 = 1010 0111 XOR xj+2 XOR S-box(1011 0011) – x to the power of j+2, where j is the round = 1
w2 = 1010 0111 XOR x1+2 XOR S-box(1011 0011)
w2 = 1010 0111 XOR 23 XOR S-box(1011 0011) – 2 to the power of 3 = 8 = 1000 add with 0000
w2 = 1010 0111 XOR 1000 0000 XOR S-box(1011 0011) – S-box(10 11) = 3 = 0011; S-box(00 11) = B = 11 = 1011
w2 = 1010 0111 XOR 1000 0000 XOR 0011 1011
w2 = 0001 1100
w3 = w2 XOR w1
w3 = 0001 1100 XOR 0011 1011
w3 = 0010 0111
=> K1 = w2 w3 = 0001 1100 0010 0111
K2 = w4 w5
w4 = w2 XOR RoundConstantj XOR S-box(Rotate(w3))
w4 = 0001 1100 XOR xj+2 XOR S-box(0111 0010) – x to the power of j+2, where j is the round = 1
w4 = 0001 1100 XOR 24 XOR S-box(0111 0010) – 24 = 2 to the power 4 = 2 x 2 x 2 x 2 = 2 x 8 (16 does not fit in 4 bits, so we will have to multiply 2 x 8 in GF(16)) = 3 = 0011 add with 0000
w4 = 0001 1100 XOR 0011 0000 XOR 0101 1010
w4 = 0010 1100 XOR 0101 1010
w4 = 0111 0110
w5 = w4 XOR w3
w5 = 0111 0110 XOR 0010 0111
w5 = 0101 0001
=> K2 = w4 w5 = 0111 0110 0101 0001
2) (Starting Round) Add round key (K0) = XOR
0110 1111 0110 1011 XOR 1010 0111 0011 1011 = 1100 1000 0101 0000
3) Round 1
a) Substitute bytes = S-box
S-box(1100 1000 0101 0000) = 1100 0110 0001 1001
b) Shift rows (read/write from top to bottom)
1100 0001 -> leave the first row alone
0110 1001 -> circular left shift = 1001 0110
1100 1001 0001 0110
c) Mix columns (read/write from top to bottom)
1 4 XOR 1100 0001
4 1 1001 0110
= 1100 XOR (4 x 1001) 0001 XOR (4 x 0110)
(4 x 1100) XOR 1001 (4 x 0001) XOR 0110
= 1100 XOR (4 x 9 in multiplication table GF(16)) 0001 XOR (4 x 6 in mult. table GF(16))
(4 x 12 in mult. table GF(16)) XOR 1001 (4 x 1 in mult. table GF(16)) XOR 0110
= 1100 XOR 0010 0001 XOR 1011
0101 XOR 1001 0100 XOR 0110
= 1110 1010
1100 0010
= 1110 1100 1010 0010
d) Add round key (K1) = XOR
1110 1100 1010 0010 XOR 0001 1100 0010 0111 = 1111 0000 1000 0101
4) (End round)
a) Substitute bytes = S-box
S-box(1111 0000 1000 0101) = 0111 1001 0110 0001
b) Shift rows (like above, or just switch the 2nd and 4th nibble (4 bits))
= 0111 0001 0110 1001
c) Add round key (K3) = XOR
0111 0001 0110 1001 XOR 0111 0110 0101 0001 = 0000 0111 0011 1000 = ciphertext
Et voila :)
if you have comments, adjustments, hints, ... contact me on twitter.