Cryptography: THE FOUR STEPS IN EACH ROUND OF AES PROCESSING

STEP 1: (called SubBytes for byte-by-byte substitution during the forward process) (The corresponding substitution step used during decryption is called InvSubBytes.)

    This step consists of using a 16 × 16 lookup table to find a replacement byte for a given byte in the input state array.

    The entries in the lookup table are created by using the notions of multiplicative inverses in GF(2^8) and bit scrambling to destroy the bit-level correlations inside each byte.

STEP 2: (called ShiftRows for shifting the rows of the state array during the forward process) (The corresponding transformation during decryption is denoted InvShiftRows for Inverse Shift- Row Transformation.)

The goal of this transformation is to scramble the byte order inside each 128-bit block.

STEP 3: (called MixColumns for mixing up of the bytes in each column separately during the forward process) (The corresponding transformation during decryption is denoted InvMixColumns and stands for inverse mix column transformation.) The goal is here is to further scramble up the 128-bit input block.

The shift-rows step along with the mix-column step causes each bit of the ciphertext to depend on every bit of the plain- text after 10 rounds of processing.

NOTE: The avalanche effect from our discussion on DES in Lecture 3. In DES, one bit of plaintext affected roughly 31 bits of ciphertext. But now we want each bit of the plaintext to affect every bit position of the ciphertext block of 128 bits. [The sentence does NOT say that if you change one bit of the plaintext, the algorithm is guaranteed to change every bit of the ciphertext. (Changing every bit of the ciphertext would amount to reversing every bit of the block.) Since a bit can take on only two values, on the average there will be many bits of the ciphertext that will be identical to the plaintext bits in the same positions after you have changed one bit of the plaintext. However, again on the average, when you change one bit of the plaintext, you will see its effect spanning all of the 128 bits of the ciphertext block. On the other hand, with DES, changing one bit of the plaintext affects only 31 bit positions on the average.]

STEP 4: (called AddRoundKey for adding the round key to the output of the previous step during the forward process) (The corresponding step during decryption is denoted InvAddRound-Key for inverse add round key transformation.)