Skip to content

MixColumns

Jump to bottom
Michael Mattioli edited this page Feb 24, 2020 · 6 revisions

The MixColumns operation is, quite frankly, the most complex. You can read more about the intricacies of the operation here but we'll try to keep it as simple as possible in this explanation. At a very high level, each column in the data is replaced by performing two operations on the bytes: multiplication and XOR.

Let's begin with the resulting data from the ShiftRows operation; this is the data before performing the MixColumns operation.
d4 e0 b8 1e
bf b4 41 27
5d 52 11 98
30 ae f1 e5

Each column (starting from the left and moving to the right) is transformed using a matrix known as Rijndael's Galois Field.
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2

So we take the first column and apply the multiplication and XOR operations which yield the replacement bytes for the first column.
(2 * d4) XOR (3 * bf) XOR (1 * 5d) XOR (1 * 30)
(1 * d4) XOR (2 * bf) XOR (3 * 5d) XOR (1 * 30)
(1 * d4) XOR (1 * bf) XOR (2 * 5d) XOR (3 * 30)
(3 * d4) XOR (1 * bf) XOR (1 * 5d) XOR (2 * 30)

While lookup tables exist, it's best to perform the actual bit manipulation:

  • Anything multiplied by 1 is itself so there's not much work we need to do there.
  • When multiplying by 2, we simply shift left by 1 place and paid with 0. If the 9th bit is high (1) then we must apply an XOR operation with 1b on the 8-bit value.
  • When multiplying by 3, simply apply the same operations as multiplying by 2 (shift left by 1 and pad with 0) and then apply an XOR operation with the same value. In other words, 3 * value = 2 * value XOR value. Similarly, we must also check if the 9th bit is high (1) and apply the same XOR operation with 1b if it is.

Let's do the multiplication on the first row.

  • 2 * d4 = b3
  • 3 * bf = da
  • 1 * 5d = 5d
  • 1 * 30 = 30

Now we apply the XOR operation to yield the first replacement byte.

b3 XOR da XOR 5d XOR 30 = 04

We then repeat for the remaining 3 sets of operations to replace each byte in the column.
04 e0 b8 1e
66 b4 41 27
81 52 11 98
e5 ae f1 e5

We then repeat this again for the remaining columns so that all of the bytes are replaced.
04 e0 48 28
66 cb f8 06
81 19 d3 26
e5 9a 7a 4c

Inverse operation

The inverse operation of MixColumns simply uses a different Galois field.
14 11 13 9
9 14 11 13
13 9 14 11
11 13 9 14
Clone this wiki locally