AES Decryption - Expand Key/First Roundkey

LianoQ

12/3/23, 1:10 PM

I am wondering how to use and expand keys during the Decryption.

Let’s say we have an initial key (128bits): 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70

So we get: w[0] = (61 62 63 64), w[1]=( 65 66 67 68),w[2]=( 69 6A 6B 6C),w[3]( 6D 6E 6F 70)

Then with the g () function, we get:

Circular byte left shift of w[3] = 6E 6F 70 6D
Byte substitution using the SBOX
Adding round constant for the round (for round 1 = 01 00 00 00)

To get the first round key we then perform : w[4] = w[0] ⊕ g(w[3]), w[5] = w[4] ⊕ w[1] , w[6] = w[5] ⊕ w[2], w[7] = w[6] ⊕ w[3].

We repeat the process for all rounds. For 10 rounds will generate 10 subkeys + the initial key.

During the encryption process, each subkey will be used in the corresponding Add round key function.

For the Decryption process, do we have to perform a similar operation but, i.e using inverse S-Box?, or do we just generate the subkeys and then use the subkeys in the corresponding round?

Thanks

138

0 + 4

aes

Daniel S

12/3/23, 1:31 PM

Generate the same subkeys, but use them in reverse order

LianoQ

12/3/23, 2:57 PM

I see, so when it said that the decryption algorithm uses the same subkeys used in the encryption algorithm, it is meant that it uses the same subkeys because generated by the same initial key. So will the initial key be used only for generating subkeys, for encrypting the State in the Initial Add round key and for decrypting the State in the last Add round key? Also, does the Expand key process can be considered part of the encryption/decryption process or something apart? Thanks

Daniel S

12/4/23, 9:31 AM

Your statement about initial key is sort of true for AES-128, but not for AES-196 or AES-256 where the initial key forms part of the first round key as well as the Initial Add. Terminology opinions will vary as to whether the Expand Key process is part of the encryption/decryption process, but I would consider it so, particularly as there are implementations that interleave the processes to generate subkeys "one the fly".

LianoQ

12/4/23, 12:30 PM

I see, thent the main key (or part of it) is actually used only in the first and last round, Where can I found description of AES-192 or AES-256 transformation processes ?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AES Decryption - Expand Key/First Roundkey

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.