Mini AES Example

Example Mini-AES Encryption

The application of the four components NibbleSub, ShiftRow, MixColumn and KeyAddition in sequence constitutes one round. The full Mini-AES encryption consists of two such rounds, with the exclusion of MixColumn from the last round and the inclusion of an extra KeyAddition prior to the first round.  Hence, Mini-AES encryption can be denoted by:

Mini-AESEncrypt = sK2 o p o g o sK1 o q o p o g o sK0

Note that the symbol o refers to the composition of functions and the order of execution is from right to left, which means that sK0 is executed first.  Figure 7 provides a pictorial view  of Mini-AES encryption.

Figure 7:         The Mini-AES Encryption Process

Example 9

       To provide an illustrative example for the student, suppose that the input 16-bit plaintext block is P = 1001 1100 0110 0011.  Expressed as a matrix of 2 ´ 2 of nibbles, it is then

Suppose also that the secret key, K = 1100 0011 1111 0000. This is also expressed as a 2 ´ 2 matrix.

 

Firstly, the round keys are derived from the secret key, K by way of the key schedule.

 Derivation of the Round Keys

K0 = (w0, w1, w2, w3) = (k0, k1, k2, k3) = K = 1100 0011 1111 0000

K1 = (w4, w5, w6, w7) is calculated as follows:

w4                = w0 Å NibbleSub( w3 ) Å 0001

= 1100 Å NibbleSub(0000) Å 0001

= 1100 Å 1110 Å 0001

= 0011

w5                = w1 Å w4

= 0011 Å 0011

= 0000

w6                = w2 Å w5

= 1111 Å 0000

= 1111

w7                = w3 Å w6

= 0000 Å 1111

= 1111

K2 = (w8, w9, w10, w11) is calculated as follows:

w8                = w4 Å NibbleSub( w7 ) Å 0010

= 0011 Å NibbleSub(1111) Å 0010

= 0011 Å 0111 Å 0010

= 0110

w9                = w5 Å w8

= 0000 Å 0110

= 0110

w10              = w6 Å w9

= 1111 Å 0110

= 1001

w11              = w7 Å w10

= 1111 Å 1001

= 0110

Encryption of the Plaintext

Next, we proceed with encryption. Given plaintext, P = 1001 1100 0110 0011, then after the first KeyAddition with the 0th round key, K0, the output is

A = P Å K0             = 1001 1100 0110 0011 Å  1100 0011 1111 0000

= 0101 1111 1001 0011

Round 1

After NibbleSub, the output is

B          = NibbleSub(0101), NibbleSub(1111), NibbleSub(1001), NibbleSub(0011)

= 1111 0111 1010 0001

After ShiftRow, the output is

C          = ShiftRow (1111 0111 1010 0001)

= 1111 0001 1010 0111   

MixColumn is a bit more involved. The input block is rearranged as a 2 ´ 2 matrix, hence:

Taking the first column and multiplying it with the constant matrix, we get:

Taking the second column and multiplying it with the constant matrix, we get:

Therefore, the output after MixColumn is

or                    D  = 0000 1110 0011 1110

After KeyAddition with K1, the output is

E = D Å K1            = 0000 1110 0011 1110 Å 0011 0000 1111 1111

= 0011 1110 1100 0001

 Round 2

After NibbleSub, the output is

F          = NibbleSub(0011), NibbleSub(1110), NibbleSub(1100), NibbleSub(0001)

= 0001 0000 0101 0100

After ShiftRow, the output is

G         = ShiftRow (0001 0000 0101 0100)

= 0001 0100 0101 0000

Note that in the last round, there is no MixColumn. After KeyAddition, the output is H = G Å K2       = 0001 0100 0101 0000 Å 0110 0110 1001 0110

= 0111 0010 1100 0110

Therefore, the final ciphertext is H  = 0111 0010 1100 0110

   Mini-AES Decryption

In order to get back the original plaintext, the reverse process of encryption must be  performed on the ciphertext. This is called decryption.  Noting that decryption is the inverse  of encryption, then

Mini-AESDecrypt = (sK2 o p o g o sK1 o q o p o g o sK0) –1

= sK0 -1 o g -1 o p -1 o q -1 o sK1 -1 o g -1 o p -1 o sK2 -1

= sK0 o g -1 o p o q o sK1 o g -1 o p o sK2

We arrive at this expression since sKi is an XOR operation, which is its own inverse.  We  have also specially chosen the constant matrix in MixColumn, q such that the inverse of MixColumn, q -1 is the same as MixColumn itself. Since ShiftRow simply causes the second row to be rotated left by one nibble amount, then the inverse of ShiftRow, p -1 causes the second row to be rotated right by one nibble. Rotating the nibble left or right are one and the same operation because one row only has two nibbles, therefore inverse ShiftRow is the same as ShiftRow. NibbleSub is a nibble substitution operation based on Table 1. The inverse of Table 1 is easily computed by interchanging the input nibble with the output nibble, and then resorting it based on the new input nibble, as given in Table 3 below.

Input	Output		Input	Output
0000	1110		1000	0111
0001	0011		1001	1101
0010	0100		1010	1001
0011	1000		1011	0110
0100	0001		1100	1011
0101	1100		1101	0010
0110	1010		1110	0000
0111	1111		1111	0101

Table 3:  Inverse S-box of Mini-AES

 Example 10

For an input nibble, a0 = 1111, then based on Table 1, the output nibble is b0 = 0111. To get back the original nibble a0 given the value of b0, we use the inverse of Table 1, which is Table

3.  Referring to Table 3, then given the input b0 = 0111, the output is a0 = 1111.

Observe also that the order in which inverse NibbleSub, g -1 and ShiftRow,  p is carried out is not important, since inverse NibbleSub operates on each individual nibble whereas ShiftRow simply shifts the nibbles around. Hence, the final expression for Mini-  AES decryption is:

Mini-AESDecrypt = sK0 o p o g -1 o q o sK1 o  p o g -1 o sK2

Comparing the expression for decryption and encryption, we see that they are similar in structure, except that the round keys and the round constants are applied in reverse order, and the NibbleSub component is replaced by its inverse.

As an exercise, the student can try by pen and paper to decrypt the ciphertext, H obtained in Example 9 to get back the original plaintext, P.