# ShiftRow

**ShiftRow applies circular left shifts**, to each state matrix rows as follows: first row zero shifts, second row one shift, third row two shifts and fourth row three shifts, thus, the resultant matrix can be seen in **Figure # 2**.

**Figure # 2**: ShiftRow transformation **[2]**.

# MixColumns

**This transformation allows mixing the bytes of the columns, considering the bytes of each column** as polynomials whose coefficients belong to *GF(2 ^{8})*. This function consists in multiplying the columns modulus

*x4+1*by the polynomial

*c(x)*where:

*c(x)=03x ^{3}+01x^{2}+01x+02*

or, in matrix form,

By using Rijndael Animation application **[1]**, we can check the result of applying the above procedure, to the first column in the state matrix (see **Figure # 3**), which is going to be replaced in the first column of the new matrix .

**Figure # 3**: MixColumns transformation **[1]**.

# AddRoundKey

Let *[a _{ij}]* be the state matrix and

*[k*the key matrix corresponding to that round.

_{ij}]**The AddRoundKey function, consists in performing a**(

*xor*between state and key matriz**Figure # 4**), and then, replace it with the appropriate value.

*AddRoundKey _{AES128bits}=[a_{ij}]xor[k_{ij}]*

**Figure # 4**: AddRoundKey transformation **[2]**.

# Subkey generation

This process permits to generate sub-keys from the system key. **The key is extended to a list of 4-byte words** called *W*, and containing *N _{b}(N_{r}+1)* words, where,

*N _{r}=Max(N_{k},N_{b})+6=Número de rondas*

The firsts *N _{k}* elements of

*W*correspond to the key. The rest of the

*W*elements are defined recursively, using SubByte function, cyclic shifts and

*xor*operations. The

**Figure # 5**shows it.

**Figure # 5**: Expansion of keys **[3]**.

Now the RotByte function is used, which returns a word whose bytes are cyclically shifted one position to the left.

*R _{con}[i]=(RC[i],0x00,0x00,0x00)*

being *RC[i]* an *GF[2 ^{8}]* element, defined by:

*RC[1]=0x01, RC[i]=0x02*RC[i-1]*

Now, for *N _{k}*

*<=6*and for all

*i*that is not a multiple of

*N*, the keywords are calculated:

_{k}
*W(i)=W(i-N _{k}) xor W(i-1)*

and for all *i* multiple of *N _{k}*, the

**keywords are calculated**:

*W(i)=W(i-N _{k}) xor [ByteSub(RotByte[W(i-1)]) xor R_{con}(i/N_{k})]*

In the case of *N _{k}>6* the operation is the same used for

*N*

_{k}*<=6*, except when

*i*satisfies

*i mod N*the

_{k}=4**sub-keys are calculated**:

*W(i)=W(i-N _{k}) xor ByteSub(W[i-1])*

# Referencias

- http://www.formaestudio.com/rijndaelinspector/
- J A. AES - Advanced Encryption Standard. (2005) Versión 2005: .
- A M. Seguridad Europea para EEUU Algoritmo criptográfico Rijndael. Madrid (2004) : .
- Joan Daemen VR. AES Proposal: Rijndael. NIST AES Proposal (1998) : .
- http://www.cryptosystem.net/aes/
- http://www.criptored.upm.es
- http://www.kriptopolis.es