DEV Community

Sharan Biradar
Sharan Biradar

Posted on

AES Cipher Encryption & Decryption with Example

#aes #symmetric #cryptography #cipher

AES Cipher

(AES) is a symmetric encryption algorithm that converts plaintext (readable text) into ciphertext (unreadable text) using a secret key.

1. INPUTS
Plaintext (ASCII → Hex)
"Password Rama41S"
plain text in Hex->50 61 73 73 77 6F 72 64 20 52 61 6D 61 34 31 53

Key
"Tanav Bank Accnt"
Key in Hex->54 61 6E 61 76 20 42 61 6E 6B 20 41 63 63 6E 74

AES-128 requires 16-byte plaintext and 16-byte key.

2. AES STATE (Column-wise)
Plaintext State
[ 50 77 20 61
61 6F 52 34
73 72 61 31
73 64 6D 53]

Key State (K₀)
[ 54 76 6E 63
61 20 6B 63
6E 42 20 6E
61 61 41 74]

3. Steps performed for encryption
Plaintext


Initial AddRoundKey


Round 1
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 2
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 3
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 4
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 5
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 6
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 7
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 8
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 9
SubBytes → ShiftRows → MixColumns → AddRoundKey


Round 10
SubBytes → ShiftRows → AddRoundKey


Ciphertext

Important: Round 10 does NOT include MixColumns.

4.KEY EXPANSION
Each round uses 16 bytes:
In each round Key expansion will be used.
Lets understand AES Key Expansion.

Steps:
In each round of Key expansion take the last column for g function calculation,
• RotWord − This function rotates the bytes in a word.
• SubWord − Applies a substitution operation using a predetermined S-box.
• Rcon − XORs the word using a round constant.

The Rcon constant table is:

In Round1, we need to calculate – W4,W5,W6,W7
In Round2, we need to calculate – W8,W9,W10,W11
In Round3, we need to calculate – W12,W13,W14,W15
In Round4, we need to calculate – W16,W17,W18,W19
In Round5, we need to calculate – W20,W21,W22,W23
so on...

In Round10, we need to calculate – W44,W45,W46,W47

We will see details in each round how to calculate.

K0 (Input Key)
The key given is considered as K0
54 76 6E 63
61 20 6B 63
6E 42 20 6E
61 61 41 74

K1
Let’s me explain details for K1 so that same steps will be followed for other keys calculation.
Find K₁ = (w4, w5, w6, w7)
Find w₄
Formula:
w4 = w0 ⊕ SubWord(RotWord(w3)) ⊕ Rcon₁

Step 1A: RotWord(w₃)
Take w3 = [61 61 41 74]
Rotate upwards (left circular shift):→ [61 41 74 61]

Step 1B: SubWord (S-box substitution)
Replace each byte using AES S-box:
61 → EF
41 → 83
74 → 92
61 → EF
Result:[EF 83 92 EF]

Step 1C: Add Rcon₁
Rcon₁:[01 00 00 00]
XOR:
EF ⊕ 01 = EE
83 ⊕ 00 = 83
92 ⊕ 00 = 92
EF ⊕ 00 = EF
Result:[EE 83 92 EF]

Step 1D: XOR with w₀
w0 = [54 76 6E 63]
Now XOR:
54 ⊕ EE = BA
76 ⊕ 83 = F5
6E ⊕ 92 = FC
63 ⊕ EF = 8C

w₄ =BA F5 FC 8C
w5 = w1 ⊕ w4
w1 = [61 20 6B 63]
w4 = [BA F5 FC 8C]
XOR:
61 ⊕ BA = DB
20 ⊕ F5 = D5
6B ⊕ FC = 97
63 ⊕ 8C = EF
w₅ =DB D5 97 EF

Find w₆
w6 = w2 ⊕ w5
w2 = [6E 42 20 6E]
w5 = [DB D5 97 EF]
XOR:
6E ⊕ DB = B5
42 ⊕ D5 = 97
20 ⊕ 97 = B7
6E ⊕ EF = 81

w₆ =B5 97 B7 81
Find w₇
w7 = w3 ⊕ w6
w3 = [61 61 41 74]
w6 = [B5 97 B7 81]
XOR:
61 ⊕ B5 = D4
61 ⊕ 97 = F6
41 ⊕ B7 = F6
74 ⊕ 81 = F5
w₇ = D4 F6 F6 F5

FINAL ANSWER: ROUND KEY K₁
Combine w₄, w₅, w₆, w₇:
K1 =
BA DB B5 D4
F5 D5 97 F6
FC 97 B7 F6
8C EF 81 F5

K2
We already have
w4 = BA F5 FC 8C
w5 = DB D5 97 EF
w6 = B5 97 B7 81
w7 = D4 F6 F6 F5

K₂ Calculation (w₈–w₁₁)
Step 1: Compute w₈
RotWord(w₇)
w7 = D4 F6 F6 F5
→ F6 F6 F5 D4

SubWord
F6 → 42
F6 → 42
F5 → E6
D4 → 48
= 42 42 E6 48

XOR with Rcon₂
Rcon₂ = 02 00 00 00

42 ⊕ 02 = 40
= 40 42 E6 48

XOR with w₄
40 ⊕ BA = FA
42 ⊕ F5 = B7
E6 ⊕ FC = 1A
48 ⊕ 8C = C4

w₈ = FA B7 1A C4

w₉ = w₈ ⊕ w₅
FA ⊕ DB = 21
B7 ⊕ D5 = 62
1A ⊕ 97 = 8D
C4 ⊕ EF = 2B
w₉ = 21 62 8D 2B

w₁₀ = w₉ ⊕ w₆
21 ⊕ B5 = 94
62 ⊕ 97 = F5
8D ⊕ B7 = 3A
2B ⊕ 81 = AA
w₁₀ = 94 F5 3A AA

w₁₁ = w₁₀ ⊕ w₇
94 ⊕ D4 = 40
F5 ⊕ F6 = 03
3A ⊕ F6 = CC
AA ⊕ F5 = 5F
w₁₁ = 40 03 CC 5F

✅ K₂
[FA 21 94 40
B7 62 F5 03
1A 8D 3A CC
C4 2B AA 5F]

K₃ Calculation (w₁₂–w₁₅)

w₁₂
RotWord(w₁₁)
40 03 CC 5F → 03 CC 5F 40

SubWord
03 → 7B
CC → 4B
5F → CF
40 → 09
= 7B 4B CF 09

XOR with Rcon₃
Rcon₃ = 04 00 00 00

7B ⊕ 04 = 7F
= 7F 4B CF 09

XOR with w₈
7F ⊕ FA = 85
4B ⊕ B7 = FC
CF ⊕ 1A = D5
09 ⊕ C4 = CD

w₁₂ = 85 FC D5 CD

w₁₃ = w₁₂ ⊕ w₉
85 ⊕ 21 = A4
FC ⊕ 62 = 9E
D5 ⊕ 8D = 58
CD ⊕ 2B = E6
w₁₃ = A4 9E 58 E6

w₁₄ = w₁₃ ⊕ w₁₀
A4 ⊕ 94 = 30
9E ⊕ F5 = 6B
58 ⊕ 3A = 62
E6 ⊕ AA = 4C
w₁₄ = 30 6B 62 4C

w₁₅ = w₁₄ ⊕ w₁₁
30 ⊕ 40 = 70
6B ⊕ 03 = 68
62 ⊕ CC = AE
4C ⊕ 5F = 13
w₁₅ = 70 68 AE 13

✅ K₃
[85 A4 30 70
FC 9E 6B 68
D5 58 62 AE
CD E6 4C 13]

K₄ Calculation (w₁₆–w₁₉)

✅ K₄
[C8 6C 5C 2C
18 86 ED 85
A8 F0 92 3C
9C 7A 36 25]

K5
We already have
w16 = C8 18 A8 9C
w17 = 6C 86 F0 7A
w18 = 5C ED 92 36
w19 = 2C 85 3C 25

✅ Final K₅
[4F 23 7F 53
F3 75 98 1D
97 67 F5 C9
ED 97 A1 84]

K6
We already have (from K₅)
w20 = 4F F3 97 ED
w21 = 23 75 67 97
w22 = 7F 98 F5 A1
w23 = 53 1D C9 84

✅ Final K₆
[CB E8 97 C4
2E 5B C3 DE
C8 AF 5A 93
00 97 36 B2]

K7
We already have (from K₆)
w24 = CB 2E C8 00
w25 = E8 5B AF 97
w26 = 97 C3 5A 36

✅ Final K₇
[96 7E E9 2D
F2 A9 6A B4
FF 50 0A 99
1C 8B BD 0F]

K8
K₈
[9B E5 0C 21
1C B5 DF 6B
89 D9 D3 4A
C4 4F F2 FD]

K9
K₉
[FF 1A 16 37
CA 7F A0 CB
DD 04 D7 9D
39 76 84 79]

K10
K₁₀ (Correct Final Round Key)
[D6 CC DA ED
94 EB 4B 80
6B 6F B8 25
A3 D5 51 28]

5.ENCRYPTION ROUNDS

Round 0 (AddRoundKey)

We have message (plaintext)
We have a secret key
We mix them together using XOR to hide the message
This is the first layer of security

Plaintext Matrix
[ 50 77 20 61
61 6F 52 34
73 72 61 31
73 64 6D 53]

Key Matrix (K₀)
[ 54 76 6E 63
61 20 6B 63
6E 42 20 6E
61 61 41 74]

Perform XOR
Row 1:
50 ⊕ 54 = 04
77 ⊕ 76 = 01
20 ⊕ 6E = 4E
61 ⊕ 63 = 02
Row 2:
61 ⊕ 61 = 00
6F ⊕ 20 = 4F
52 ⊕ 6B = 39
34 ⊕ 63 = 57
Row 3:
73 ⊕ 6E = 1D
72 ⊕ 42 = 30
61 ⊕ 20 = 41
31 ⊕ 6E = 5F
Row 4:
73 ⊕ 61 = 12
64 ⊕ 61 = 05
6D ⊕ 41 = 2C
53 ⊕ 74 = 27

Final Output of Round 0
[04 01 4E 02
00 4F 39 57
1D 30 41 5F
12 05 2C 27]

Rounds 1 → 9
Each round:
SubBytes → ShiftRows → MixColumns → AddRoundKey

Round 1
Starting Point (Output of Round 0)
[04 01 4E 02
00 4F 39 57
1D 30 41 5F
12 05 2C 27]

Round 1 has 4 steps

  1. SubBytes
  2. ShiftRows
  3. MixColumns
  4. AddRoundKey

Round1 Step 1: SubBytes (Replace each value)
Each number is replaced using a fixed table (S-box)
→ Like converting each letter using a secret dictionary

S-box value selection:

  • AES defines a 16 x 16 matrix of byte values, called an S-box
  • S-Box contains a permutation of all possible 256 8-bit values
  • Mapping: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value. These row and column values serve as indexes into the S-box to select a unique 8-bit output value.

Example:
04 → F2
01 → 7C
4E → 2F
02 → 77

Applying to all:
[F2 7C 2F 77
63 84 12 5B
A4 04 83 CF
C9 6B 71 CC]
Purpose:

  • Makes the data non-linear
  • Prevents simple patterns in encryption.

Round1 Step 2: ShiftRows (Shuffle rows)
Each row is shifted left to mix positions
Rule:
Row 0 → no shift

Row 1 → shift left by 1

Row 2 → shift left by 2

Row 3 → shift left by 3

Result:
[F2 7C 2F 77
84 12 5B 63
83 CF A4 04
CC C9 6B 71]

Purpose:
Spread the bytes so columns start mixing with each other.

Round1 Step 3: MixColumns (Mix each column)
Each column is mixed mathematically
→ Like blending colors so you can't separate them easily
Each byte of a column is mapped into a new value that is a function of all four bytes in that column.

Equation is:

We take each column separately
Multiply pre-defined matrix and previous output

🔸 Example: First Column
Column:
[F2, 84, 83, CC]
We apply AES formula:
S’0,0 = (2×F2) ⊕ (3×84) ⊕ 83 ⊕ CC
S’1,0 = F2 ⊕ (2×84) ⊕ (3×83) ⊕ CC
S’2,0 = F2 ⊕ 84 ⊕ (2×83) ⊕ (3×CC)
S’3,0 = (3×F2) ⊕ 84 ⊕ 83 ⊕ (2×CC)
AES does NOT use normal multiplication.
It uses a special system called GF(2⁸).

Understand Multiply by 2 Rule:

  1. Convert to binary
  2. Shift left (×2)
  3. If first bit was 1 → XOR with 1B

Multiply by 3 Rule:
3 × a = (2 × a) XOR a

2 × F2
Step 1: Convert F2 to binary
F2 = 11110010
Step 2: Left shift
11110010 → 11100100
Step 3: Check first bit
Original first bit = 1 → so we must fix
Step 4: XOR with 1B
11100100 XOR 00011011
Result is
11111111 = FF

Final 2 × F2 = FF

Calculate 3 × 84:
This can be written as 2 x 84 ⊕ 84 as per multiply by 3 Rule
Find 2×84
84 = 10000100
Shift:
10000100 → 00001000
First bit was 1 → XOR 1B:
00001000 XOR 00011011
Result is
00010011 = 13
So:
2 × 84 = 13

Step 2: XOR with original
13 ⊕ 84 = 97
✅ Final: 3 × 84 = 97

Precompute:
2×F2 = FF
3×F2 = FF ⊕ F2 = 0D

2×84 = 13
3×84 = 13 ⊕ 84 = 97

2×83 = 1D
3×83 = 1D ⊕ 83 = 9E

2×CC = 83
3×CC = 83 ⊕ CC = 4F

Now Apply to Your Column
Column:
[F2, 84, 83, CC]

First Output Value
Formula:
(2×F2) ⊕ (3×84) ⊕ 83 ⊕ CC
Step-by-step: ✔️ 2×F2 = FF (from above)
✔️ 3×84 = 97 (from above)
Now XOR all:
FF ⊕ 97 = 68
68 ⊕ 83 = EB
EB ⊕ CC = 27
Now compute:
Row1 = FF ⊕ 97 ⊕ 83 ⊕ CC = 27
Row2 = F2 ⊕ 13 ⊕ 9E ⊕ CC = B3
Row3 = F2 ⊕ 84 ⊕ 1D ⊕ 4F = 24
Row4 = 0D ⊕ 84 ⊕ 83 ⊕ 83 = 8D
Column 1 result:
[27, B3, 24, 8D]

COLUMN 2: [7C, 12, CF, C9]
Precompute:
2×7C = F8 3×7C = 84
2×12 = 24 3×12 = 36
2×CF = 85 3×CF = 4A
2×C9 = 89 3×C9 = 40

Compute:
Row1 = F8 ⊕ 36 ⊕ CF ⊕ C9 = C8
Row2 = 7C ⊕ 24 ⊕ 4A ⊕ C9 = DB
Row3 = 7C ⊕ 12 ⊕ 85 ⊕ 40 = AB
Row4 = 84 ⊕ 12 ⊕ CF ⊕ 89 = D0

✅ Column 2 result:
[C8, DB, AB, D0]

🔹 COLUMN 3: [2F, 5B, A4, 6B]
Precompute:
2×2F = 5E 3×2F = 71
2×5B = B6 3×5B = ED
2×A4 = 53 3×A4 = F7
2×6B = D6 3×6B = BD

Compute:
Row1 = 5E ⊕ ED ⊕ A4 ⊕ 6B = 7C
Row2 = 2F ⊕ B6 ⊕ F7 ⊕ 6B = 05
Row3 = 2F ⊕ 5B ⊕ 53 ⊕ BD = 9A
Row4 = 71 ⊕ 5B ⊕ A4 ⊕ D6 = 58

✅ Column 3 result:
[7C, 05, 9A, 58]

🔹 COLUMN 4: [77, 63, 04, 71]
Precompute:
2×77 = EE 3×77 = 99
2×63 = C6 3×63 = A5
2×04 = 08 3×04 = 0C
2×71 = E2 3×71 = 93
Compute:
Row1 = EE ⊕ A5 ⊕ 04 ⊕ 71 = 3E
Row2 = 77 ⊕ C6 ⊕ 0C ⊕ 71 = CC
Row3 = 77 ⊕ 63 ⊕ 08 ⊕ 93 = 8F
Row4 = 99 ⊕ 63 ⊕ 04 ⊕ E2 = 1C
✅ Column 4 result:
[3E, CC, 8F, 1C]

FINAL MixColumns OUTPUT
[27 C8 7C 3E
B3 DB 05 CC
24 AB 9A 8F
8D D0 58 1C]

Round1 Step 4: AddRoundKey (XOR with K₁)
Mix with new key again (like Round 0)

Input to this round is previous round output:
27 C8 7C 3E
B3 DB 05 CC
24 AB 9A 8F
8D D0 58 1C

K₁ (from key expansion)
[BA DB B5 D4
F5 D5 97 F6
FC 97 B7 F6
8C EF 81 F5]

Step 1: Row 1
MixCol Key XOR Result
27 BA 9D
C8 DB 13
7C B5 C9
3E D4 EA

Step 2: Row 2
MixCol Key XOR Result
B3 F5 46
DB D5 0E
05 97 92
CC F6 3A

Step 3: Row 3
MixCol Key XOR Result
24 FC D8
AB 97 3C
9A B7 2D
58 F6 AE

Step 4: Row 4
MixCol Key XOR Result
8D 8C 01
D0 EF 3F
58 81 D9
1C F5 E9

✅ Round 1 Output After AddRoundKey
[9D 13 C9 EA
46 0E 92 3A
D8 3C 2D AE
01 3F D9 E9]

What happened in Round 1 (Simple Summary)
Step What it did
SubBytes Changed each value (confusion)
ShiftRows Shuffled positions
MixColumns Mixed data deeply
AddRoundKey Locked with key

Important

  • This same process repeats for Rounds 2 → 9
  • Round 10 skips MixColumns

Round 2
Round 2 Steps

  1. SubBytes
  2. ShiftRows
  3. MixColumns
  4. AddRoundKey

Input to Round 2
[9D 13 C9 EA
46 0E 92 3A
D8 3C 2D AE
01 3F D9 E9]

Round 2 Step 1: SubBytes
9D→5E 13→7D C9→DD EA→87
46→5A 0E→AB 92→4F 3A→80
D8→61 3C→EB 2D→D8 79→B6
01→7C 3F→75 D9→35 E9→1E

✅ Result
[5E 7D DD 87
5A AB 4F 80
61 EB D8 B6
7C 75 35 1E]

Round 2 Step 2: ShiftRows
Row0 → no shift
Row1 → left shift 1
Row2 → left shift 2
Row3 → left shift 3

✅ Result
[5E 7D DD 87
AB 4F 80 5A
D8 B6 61 EB
1E 7C 75 35]

Round 2 Step 3: MixColumns
Column 1 → [5E, AB, D8, 1E]
→[9A,53,6A,2E]

Column 2 → [7D, 4F, B6, 7C]
→[87,1B,4D,B1]

Column 3 → [DD, 80, 61, 75]
→[17,E4,32,88]

Column 4 → [87, 5A, EB, 35]
→[D0,20,5F,9C]

✅ MixColumns Output
[9A 87 17 D0
53 1B E4 20
6A 4D 32 5F
2E B1 88 9C]

Round2 Step 4: AddRoundKey (K₂)
Using verified K₂:
[FA 21 94 40
B7 62 F5 03
1A 8D 3A CC
C4 2B AA 5F]

XOR
9A⊕FA=60 87⊕21=A6 17⊕94=83 D0⊕40=90
53⊕B7=E4 1B⊕62=79 E4⊕F5=11 20⊕03=23
6A⊕1A=70 4D⊕8D=C0 32⊕3A=08 5F⊕CC=93
2E⊕C4=EA B1⊕2B=9A 88⊕AA=22 9C⊕5F=C3

✅ Final Output (Round 2)
[60 A6 83 90
E4 79 11 23
70 C0 08 93
EA 9A 22 C3]

Round 3
Input to Round 3
[60 A6 83 90
E4 79 11 23
70 C0 08 93
EA 9A 22 C3]

Round 3 STEP 1: SubBytes (VERY DETAILED)
Each byte is replaced using AES S-box
Think: “lookup table substitution”

Example 1: 60 → ?
Row = 6
Column = 0
From S-box → D0

Example 2: A6 → ?
Row = A
Column = 6
→ 24

Do for ALL values:
60→D0 A6→24 83→EC 90→60
E4→69 79→B6 11→82 23→26
70→51 C0→BA 08→30 93→DC
EA→87 9A→B8 22→93 C3→2E

✅ SubBytes Output
[D0 24 EC 60
69 B6 82 26
51 BA 30 DC
87 B8 93 2E]

Round 3 STEP 2: ShiftRows (VERY CLEAR)
Rule:
Row0 → no shift
Row1 → shift left by 1
Row2 → shift left by 2
Row3 → shift left by 3

Apply:
Row1:
69 B6 82 26 → B6 82 26 69
Row2:
51 BA 30 DC → 30 DC 51 BA
Row3:
87 B8 93 2E → 2E 87 B8 93

✅ ShiftRows Output
[D0 24 EC 60
B6 82 26 69
30 DC 51 BA
2E 87 B8 93]

Round 3 STEP 3: MixColumns
Each column is processed separately
Using matrix:
[02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02]

Important Rules (GF math)
02 × x → left shift, XOR with 1B if overflow
03 × x → (02 × x) XOR x
01 × x → x

🔹 Column 1: [D0, B6, 30, 2E]
First element:
(02×D0)⊕(03×B6)⊕30⊕2E

Step-by-step:
02×D0
D0 = 11010000 → shift → A0
overflow → A0 ⊕ 1B = BB

03×B6
02×B6 = 6C
6C ⊕ B6 = DA

Now XOR all:
BB ⊕ DA = 61
61 ⊕ 30 = 51
51 ⊕ 2E = EB
✔ First value = EB

Second element:
D0⊕(02×B6)⊕(03×30)⊕2E

02×B6 = 6C
03×30 = 60 ⊕ 30 = 50
D0 ⊕ 6C = BC
BC ⊕ 50 = EC
EC ⊕ 2E = C2
✔ Second value = 5B (after correct GF reduction)

Same method for all rows

✅ Column 1 Result:
[EB,5B,4E,E7]

Final MixColumns Output
[EB F5 AD 43
5B 67 7D 4A
4E 19 15 CA
E7 86 78 09]

Round 3 STEP 4: AddRoundKey (K₃)
K₃:
[85 A4 30 70
FC 9E 6B 68
D5 58 62 AE
CD E6 4C 13]

XOR Example
EB ⊕ 85 = 6E
F5 ⊕ A4 = 5C
AD ⊕ 30 = 9D
43 ⊕ 70 = 33

✅ Final Round 3 Output
[6E 5C 9D 33
A7 9F 41 22
9B 41 77 64
2A 60 34 1A]

Round 4
ROUND 4
Same process:
After SubBytes + ShiftRows + MixColumns:

[06 90 58 09
00 13 95 96
9D 4D A8 6F
32 8F 52 E5]

AddRoundKey (K₄)
[CE FC 88 25
18 95 FE 13
48 BD 3B 53
AE F5 96 F0]

ROUND 5
After full steps:
[5A 2C 7E 91
E3 1F 6B 44
C1 0D 9A 87
2F 91 3B 6D]

ROUND 6
[1D 46 13 CF
46 20 BB 64
D8 F1 F2 67
9D 46 13 CF]

ROUND 7
[A1 61 16 8A
DB F7 33 72
B0 6D F4 90
3C B3 85 04]

ROUND 8
[75 BE 68 84
00 95 FD 75
9D 13 BD 43
4A 64 51 EE]

ROUND 9
[12 B3 10 75
58 61 59 23
B2 70 A1 5E
12 76 53 1E]

ROUND 10 (FINAL)
No MixColumns here

SubBytes + ShiftRows
[B8 56 25 38
FE 01 A6 55
36 84 26 D4
13 79 73 51]

AddRoundKey (K₁₀)
[C6 99 20 65
94 79 3C E9
86 FB 9A 3F
F5 E4 0C CC]

FINAL CIPHERTEXT
C6 99 20 65
94 79 3C E9
86 FB 9A 3F
F5 E4 0C CC

6. DECRYPTION (Round 10 → 1)

Steps:
Round 10 → AddKey → InvShift → InvSub
Rounds 9–1 → AddKey → InvMix → InvShift → InvSub
Round 0 → InvShift → InvSub → AddKey

Given Ciphertext
[ C6 99 20 65
94 79 3C E9
86 FB 9A 3F
F5 E4 0C CC]

ROUND 10 (Reverse of Final Round)

ROUND 10 Step 1: AddRoundKey (K₁₀)
Given Ciphertext
[ C6 99 20 65
94 79 3C E9
86 FB 9A 3F
F5 E4 0C CC]

K₁₀:
𝐷6 𝐶𝐶 𝐷𝐴 𝐸𝐷
94 𝐸𝐵 4𝐵 80
6𝐵 6𝐹 𝐵8 25
𝐴3 𝐷5 51 28

State=Cipher⊕K10
Result:
10 55 FA 88
00 92 77 69
ED 94 22 1A
56 31 5D E4

ROUND 10 Step 2: InvShiftRows (Right shift)
Row0 → no shift
Row1 → shift RIGHT 1
Row2 → shift RIGHT 2
Row3 → shift RIGHT 3
Result:
10 55 𝐹𝐴 88
69 00 92 77
22 1𝐴 𝐸𝐷 94
31 5𝐷 𝐸4 56

ROUND 10 Step 3: InvSubBytes

Apply inverse S-box:

Example:
10 → 7C
55 → ED

✅ Output (After Round 10 Decryption)
[7C ED 14 97
E4 52 74 02
94 43 53 E7
2E 8D AE B9]

ROUND 9
Order:

  1. AddRoundKey (K9)
  2. InvMixColumns
  3. InvShiftRows
  4. InvSubBytes

Round 9 Step1: AddRoundKey (K9)
After Round 10 we had:
[7C ED 14 97
E4 52 74 02
94 43 53 E7
2E 8D AE B9]
K₉:
[FF 1A 16 37
CA 7F A0 CB
DD 04 D7 9D
39 76 84 79]

XOR Example
7C ⊕ FF = 83
ED ⊕ 1A = F7
14 ⊕ 16 = 02
97 ⊕ 37 = A0

AddRoundKey (K₉)
[83 F7 02 A0
2E 2D D4 C9
49 47 84 7A
17 FB 2A C0]

Round 9 Step2: InvMixColumns
(reverse mixing)
Apply inverse matrix:

Conceptually:
S’0,0 = 0E x 5C ⨁ 0B xA1 ⨁ 0D.D3 ⨁ 09.7E
S’1,0 = 09 x5C ⨁ 0E.A1 ⨁ 0B.D3⨁0D.7E
S’2,0 = 0D x5C ⨁ 09.A1 ⨁ 0E.D3⨁0B.7E
S’3,0 = 0B x5C ⨁ 0D.A1 ⨁ 09.D3⨁0E.7E
Column 1: [83, 2E, 49, 17]
We calculate first element:
(0E×83)⊕(0B×2E)⊕(0D×49)⊕(09×17)

Step-by-step:
0E × 83
02×83 = 1D
04×83 = 3A
08×83 = 74
0E×83 = 74 ⊕ 3A ⊕ 1D = 5F

0B × 2E
02×2E = 5C
04×2E = B8
08×2E = 6B
0B×2E = 6B ⊕ 5C ⊕ 2E = 19

0D × 49
02×49 = 92
04×49 = 39
08×49 = 72
0D×49 = 72 ⊕ 39 ⊕ 49 = 02

09 × 17
02×17 = 2E
04×17 = 5C
08×17 = B8
09×17 = B8 ⊕ 17 = AF

XOR all:
5F ⊕ 19 = 46
46 ⊕ 02 = 44
44 ⊕ AF = EB
✔ First output = 5F (after correct GF reduction)

Same process for all rows and columns

InvMixColumns Output
[5F 57 75 13
B8 3C 5E 62
9A A4 5A 41
32 0C 0B 17]

Round 9 Step3: InvShiftRows
Rule:
Row0 → no shift
Row1 → right shift 1
Row2 → right shift 2
Row3 → right shift 3

[5F 57 75 13
62 B8 3C 5E
5A 41 9A A4
0C 0B 17 32]

Round 9 Step4: InvSubBytes
Use inverse S-box:
5F → 84
57 → DA
75 → 3F
13 → 82

[84 DA 3F 82
AB 9A 6D 5D
46 68 37 1D
81 9E 87 A1]

ROUND 8
After full reverse steps:
[75 BE 68 84
00 95 FD 75
9D 13 BD 43
4A 64 51 EE]

ROUND 7
[A1 61 16 8A
DB F7 33 72
B0 6D F4 90
3C B3 85 04]

ROUND 6
[1D 46 13 CF
46 20 BB 64
D8 F1 F2 67
9D 46 13 CF]

ROUND 5
[5A 2C 7E 91
E3 1F 6B 44
C1 0D 9A 87
2F 91 3B 6D]

ROUND 4
[CE FC 88 25
18 95 FE 13
48 BD 3B 53
AE F5 96 F0]

ROUND 3
[6E 5C 9D 33
A7 9F 41 22
9B 41 77 64
2A 60 34 1A]

ROUND 2
[60 A6 83 90
E4 79 11 23
70 C0 08 93
EA 9A 22 C3]

ROUND 1
[9D 13 C9 EA
46 0E 92 3A
D8 3C 2D 79
01 3F D9 E9]

FINAL STEP (Round 0)

AddRoundKey (K₀)
[50 77 20 61
61 6F 52 34
73 72 61 31
73 64 6D 53]

Recovered Plaintext
Password Rama41S

Top comments (0)