# MixColumns Operation

In the (Inv)MixColumns operation, each individual column of the State matrix is replaced by its multiplication, in a GF(2^{8}),^{1} through one of the matrices depicted in Eq.(1.2). In order to easily understand the GF(2^{8}) multiplication used in the AES (Inv)MixColumns, the approach presented in Table 1.1 can be used, namely: when multiplying a byte with a 2^{n} coefficient, the byte is simply shifted *n* bits to the left, as depicted in Table1.1, e.g., 02 x *B =* *(B* ^ 1); multiplying with any other coefficient (not a power of 2) requires a composite XOR of the smaller 2^{n} coefficients, as also depicted in Table 1.1, e.g., 03 x *B =* 02 x *B* ® 01 x B. When an overflow occurs on the 8th bit during shifting, the result must be subtracted (by XORing) with the value “0x11B”, i.e., reducing it to the irreducible polynomial associated: *x*^{8} + *x*^{4} + *x*^{3} + *x +* 1 [19].

# Key Scheduling

The Key Scheduling, also known as Key Expansion, is an inherent subroutine of the AES algorithm. The Key Scheduling is responsible for converting the 128, 192 or 256 bits long cipher key into all the necessary round keys (11, 13 or 15 round keys).

Similar to the AES ciphering procedures, the Key Scheduling is also an iterative process, as shown in Fig. 1.3. It uses the same SubBytes operation as the ciphering process, alongside the specific **RotByte **and **AddConstant **operations. **RotByte **performs a byte-wise left rotation of a 32-bit word. **AddConstant **is the bitwise XOR ^{[1]}

**Fig. 1.3 ****AES Encryption/Decryption KeySchedule operation for 128-bit keys.**

between a 32-bit word and one equally sized constant vector *{‘C ^{te}’;* 0; 0; 0} [19]. The InvMixColumns operation is also used to calculate the round keys for decryption.

At the end of each round of the AES encryption, a Round Key is required. As long as each key is available in its proper time, the Key Scheduling can either be pre-computed or processed in parallel alongside the data encryption. This is not possible during decryption since the process starts with the last calculated round key (as shown in the right side of Fig. 1.3).

Note that the Key Expansion only needs to be performed once for a given cipher key, since it does not depend on the input data. Given that one cipher key is typically used to cipher a large amount of data, the Key Expansion computation does not need to be recomputed often. Different approaches to implement the Key Scheduling are further discussed in Sect. 1.3.8.

- [1] Galois Field, or finite field, of order 28 [19].