1

I found these images depicting the AES decryption process:

enter image description here enter image description here

In the first image, the MixColumns step comes before the AddRoundKey step, while in the second image, the AddRoundKey will come before the MixColumns.

Which order is the correct one?

Paŭlo Ebermann
  • 22,656
  • 7
  • 79
  • 117
goldroger
  • 1,727
  • 8
  • 33
  • 41

3 Answers3

2

InvMixColumns is a linear operation. And because of that it follows:

InvMixColumn(x+RoundKey) = InvMixColumn(x) + InvMixColumn(RoundKey)
                                             ^^^^^^^^^^^^^^^^^^^^^^
                                         "new" round key for decryption

So, the structure on the right is compatible with the structure on the left as long as you use different round keys. The idea behind this is to make the decryption structure look like encryption structure with just a couple of "Inv"s in there. But I'm actually not sure what the benefit of this is. For a block cipher like Anubis (which is similar to AES) it makes much more sense because each operation is an involution. The only difference between encryption and decryption for Anubis are the round keys. So, you can reuse the encryption code for decryption which is a nice property.

sellibitze
  • 321
  • 1
  • 9
0

Not sure if this is answered fully, but if you check wikipedia, you'll see that AddRoundKey occurs 3 times in total with 1 time before and 1 time after the MixColumns operation.

However, if you are just considering the middle rounds then the MixColumns comes before

crawfish
  • 483
  • 6
  • 13
0

After the AddRoundKey step, except for the last round, where it does not happen

calccrypto
  • 536
  • 1
  • 8
  • 25