AES Cipher Encryption & Decryption with Example

**MyrinNew** · 03-23-2026, 02:46 PM

AES Cipher

(AES) is a symmetric encryption algorithm that converts plaintext (readable text) into ciphertext (unreadable text) using a secret key.

1. INPUTS

Plaintext (ASCII → Hex)

"Password Rama41S"

plain text in Hex->50 61 73 73 77 6F 72 64 20 52 61 6D 61 34 31 53

Key

"Tanav Bank Accnt"

Key in Hex->54 61 6E 61 76 20 42 61 6E 6B 20 41 63 63 6E 74

AES-128 requires 16-byte plaintext and 16-byte key.

2. AES STATE (Column-wise)

Plaintext State

[ 50 77 20 61

61 6F 52 34

73 72 61 31

73 64 6D 53]

Key State (K₀)

[ 54 76 6E 63

61 20 6B 63

6E 42 20 6E

61 61 41 74]

3. Steps performed for encryption

Plaintext

│

▼

Initial AddRoundKey

│

▼

Round 1

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 2

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 3

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 4

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 5

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 6

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 7

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 8

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 9

SubBytes → ShiftRows → MixColumns → AddRoundKey

│

▼

Round 10

SubBytes → ShiftRows → AddRoundKey

│

▼

Ciphertext

Important: Round 10 does NOT include MixColumns.

4.KEY EXPANSION

Each round uses 16 bytes:

In each round Key expansion will be used.

Lets understand AES Key Expansion.

Steps:

In each round of Key expansion take the last column for g function calculation,

• RotWord − This function rotates the bytes in a word.

• SubWord − Applies a substitution operation using a predetermined S-box.

• Rcon − XORs the word using a round constant.

The Rcon constant table is:

In Round1, we need to calculate – W4,W5,W6,W7

In Round2, we need to calculate – W8,W9,W10,W11

In Round3, we need to calculate – W12,W13,W14,W15

In Round4, we need to calculate – W16,W17,W18,W19

In Round5, we need to calculate – W20,W21,W22,W23

so on...

In Round10, we need to calculate – W44,W45,W46,W47

We will see details in each round how to calculate.

K0 (Input Key)

The key given is considered as K0

54 76 6E 63

61 20 6B 63

6E 42 20 6E

61 61 41 74

K1

Let’s me explain details for K1 so that same steps will be followed for other keys calculation.

Find K₁ = (w4, w5, w6, w7)

Find w₄

Formula:

w4 = w0 ⊕ SubWord(RotWord(w3)) ⊕ Rcon₁

Step 1A: RotWord(w₃)

Take w3 = [61 61 41 74]

Rotate upwards (left circular shift):→ [61 41 74 61]

Step 1B: SubWord (S-box substitution)

Replace each byte using AES S-box:

61 → EF

41 → 83

74 → 92

61 → EF

Result:[EF 83 92 EF]

Step 1C: Add Rcon₁

Rcon₁:[01 00 00 00]

XOR:

EF ⊕ 01 = EE

83 ⊕ 00 = 83

92 ⊕ 00 = 92

EF ⊕ 00 = EF

Result:[EE 83 92 EF]

Step 1D: XOR with w₀

w0 = [54 76 6E 63]

Now XOR:

54 ⊕ EE = BA

76 ⊕ 83 = F5

6E ⊕ 92 = FC

63 ⊕ EF = 8C

w₄ =BA F5 FC 8C

w5 = w1 ⊕ w4

w1 = [61 20 6B 63]

w4 = [BA F5 FC 8C]

XOR:

61 ⊕ BA = DB

20 ⊕ F5 = D5

6B ⊕ FC = 97

63 ⊕ 8C = EF

w₅ =DB D5 97 EF

Find w₆

w6 = w2 ⊕ w5

w2 = [6E 42 20 6E]

w5 = [DB D5 97 EF]

XOR:

6E ⊕ DB = B5

42 ⊕ D5 = 97

20 ⊕ 97 = B7

6E ⊕ EF = 81

w₆ =B5 97 B7 81

Find w₇

w7 = w3 ⊕ w6

w3 = [61 61 41 74]

w6 = [B5 97 B7 81]

XOR:

61 ⊕ B5 = D4

61 ⊕ 97 = F6

41 ⊕ B7 = F6

74 ⊕ 81 = F5

w₇ = D4 F6 F6 F5

FINAL ANSWER: ROUND KEY K₁

Combine w₄, w₅, w₆, w₇:

K1 =

BA DB B5 D4

F5 D5 97 F6

FC 97 B7 F6

8C EF 81 F5

K2

We already have

w4 = BA F5 FC 8C

w5 = DB D5 97 EF

w6 = B5 97 B7 81

w7 = D4 F6 F6 F5

K₂ Calculation (w₈–w₁₁)

Step 1: Compute w₈

RotWord(w₇)

w7 = D4 F6 F6 F5

→ F6 F6 F5 D4

SubWord

F6 → 42

F6 → 42

F5 → E6

D4 → 48

= 42 42 E6 48

XOR with Rcon₂

Rcon₂ = 02 00 00 00

42 ⊕ 02 = 40

= 40 42 E6 48

XOR with w₄

40 ⊕ BA = FA

42 ⊕ F5 = B7

E6 ⊕ FC = 1A

48 ⊕ 8C = C4

w₈ = FA B7 1A C4

w₉ = w₈ ⊕ w₅

FA ⊕ DB = 21

B7 ⊕ D5 = 62

1A ⊕ 97 = 8D

C4 ⊕ EF = 2B

w₉ = 21 62 8D 2B

w₁₀ = w₉ ⊕ w₆

21 ⊕ B5 = 94

62 ⊕ 97 = F5

8D ⊕ B7 = 3A

2B ⊕ 81 = AA

w₁₀ = 94 F5 3A AA

w₁₁ = w₁₀ ⊕ w₇

94 ⊕ D4 = 40

F5 ⊕ F6 = 03

3A ⊕ F6 = CC

AA ⊕ F5 = 5F

w₁₁ = 40 03 CC 5F

✅ K₂

[FA 21 94 40

B7 62 F5 03

1A 8D 3A CC

C4 2B AA 5F]

K₃ Calculation (w₁₂–w₁₅)

w₁₂

RotWord(w₁₁)

40 03 CC 5F → 03 CC 5F 40

SubWord

03 → 7B

CC → 4B

5F → CF

40 → 09

= 7B 4B CF 09

XOR with Rcon₃

Rcon₃ = 04 00 00 00

7B ⊕ 04 = 7F

= 7F 4B CF 09

XOR with w₈

7F ⊕ FA = 85

4B ⊕ B7 = FC

CF ⊕ 1A = D5

09 ⊕ C4 = CD

w₁₂ = 85 FC D5 CD

w₁₃ = w₁₂ ⊕ w₉

85 ⊕ 21 = A4

FC ⊕ 62 = 9E

D5 ⊕ 8D = 58

CD ⊕ 2B = E6

w₁₃ = A4 9E 58 E6

w₁₄ = w₁₃ ⊕ w₁₀

A4 ⊕ 94 = 30

9E ⊕ F5 = 6B

58 ⊕ 3A = 62

E6 ⊕ AA = 4C

w₁₄ = 30 6B 62 4C

w₁₅ = w₁₄ ⊕ w₁₁

30 ⊕ 40 = 70

6B ⊕ 03 = 68

62 ⊕ CC = AE

4C ⊕ 5F = 13

w₁₅ = 70 68 AE 13

✅ K₃

[85 A4 30 70

FC 9E 6B 68

D5 58 62 AE

CD E6 4C 13]

K₄ Calculation (w₁₆–w₁₉)

✅ K₄

[C8 6C 5C 2C

18 86 ED 85

A8 F0 92 3C

9C 7A 36 25]

K5

We already have

w16 = C8 18 A8 9C

w17 = 6C 86 F0 7A

w18 = 5C ED 92 36

w19 = 2C 85 3C 25

✅ Final K₅

[4F 23 7F 53

F3 75 98 1D

97 67 F5 C9

ED 97 A1 84]

K6

We already have (from K₅)

w20 = 4F F3 97 ED

w21 = 23 75 67 97

w22 = 7F 98 F5 A1

w23 = 53 1D C9 84

✅ Final K₆

[CB E8 97 C4

2E 5B C3 DE

C8 AF 5A 93

00 97 36 B2]

K7

We already have (from K₆)

w24 = CB 2E C8 00

w25 = E8 5B AF 97

w26 = 97 C3 5A 36

✅ Final K₇

[96 7E E9 2D

F2 A9 6A B4

FF 50 0A 99

1C 8B BD 0F]

K8

K₈

[9B E5 0C 21

1C B5 DF 6B

89 D9 D3 4A

C4 4F F2 FD]

K9

K₉

[FF 1A 16 37

CA 7F A0 CB

DD 04 D7 9D

39 76 84 79]

K10

K₁₀ (Correct Final Round Key)

[D6 CC DA ED

94 EB 4B 80

6B 6F B8 25

A3 D5 51 28]

5.ENCRYPTION ROUNDS

✅ Round 0 (AddRoundKey)

We have message (plaintext)

We have a secret key

We mix them together using XOR to hide the message

This is the first layer of security

Plaintext Matrix

[ 50 77 20 61

61 6F 52 34

73 72 61 31

73 64 6D 53]

Key Matrix (K₀)

[ 54 76 6E 63

61 20 6B 63

6E 42 20 6E

61 61 41 74]

Perform XOR

Row 1:

50 ⊕ 54 = 04

77 ⊕ 76 = 01

20 ⊕ 6E = 4E

61 ⊕ 63 = 02

Row 2:

61 ⊕ 61 = 00

6F ⊕ 20 = 4F

52 ⊕ 6B = 39

34 ⊕ 63 = 57

Row 3:

73 ⊕ 6E = 1D

72 ⊕ 42 = 30

61 ⊕ 20 = 41

31 ⊕ 6E = 5F

Row 4:

73 ⊕ 61 = 12

64 ⊕ 61 = 05

6D ⊕ 41 = 2C

53 ⊕ 74 = 27

Final Output of Round 0

[04 01 4E 02

00 4F 39 57

1D 30 41 5F

12 05 2C 27]

Rounds 1 → 9

Each round:

SubBytes → ShiftRows → MixColumns → AddRoundKey

Round 1

Starting Point (Output of Round 0)

[04 01 4E 02

00 4F 39 57

1D 30 41 5F

12 05 2C 27]

Round 1 has 4 steps

SubBytes
ShiftRows
MixColumns
AddRoundKey

Round1 Step 1: SubBytes (Replace each value)

Each number is replaced using a fixed table (S-box)

→ Like converting each letter using a secret dictionary

S-box value selection:

AES defines a 16 x 16 matrix of byte values, called an S-box
S-Box contains a permutation of all possible 256 8-bit values
Mapping: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value.
These row and column values serve as indexes into the S-box to select a unique 8-bit output value.

Example:

04 → F2

01 → 7C

4E → 2F

02 → 77

Applying to all:

[F2 7C 2F 77

63 84 12 5B

A4 04 83 CF

C9 6B 71 CC]

Purpose:

Makes the data non-linear
Prevents simple patterns in encryption.

Round1 Step 2: ShiftRows (Shuffle rows)

Each row is shifted left to mix positions

Rule:

Row 0 → no shift

Row 1 → shift left by 1

Row 2 → shift left by 2

Row 3 → shift left by 3

Result:

[F2 7C 2F 77

84 12 5B 63

83 CF A4 04

CC C9 6B 71]

Purpose:

Spread the bytes so columns start mixing with each other.

Round1 Step 3: MixColumns (Mix each column)

Each column is mixed mathematically

→ Like blending colors so you can't separate them easily

Each byte of a column is mapped into a new value that is a function of all four bytes in that column.

Equation is:

We take each column separately

Multiply pre-defined matrix and previous output

🔸 Example: First Column

Column:

[F2, 84, 83, CC]

We apply AES formula:

S’0,0 = (2×F2) ⊕ (3×84) ⊕ 83 ⊕ CC

S’1,0 = F2 ⊕ (2×84) ⊕ (3×83) ⊕ CC

S’2,0 = F2 ⊕ 84 ⊕ (2×83) ⊕ (3×CC)

S’3,0 = (3×F2) ⊕ 84 ⊕ 83 ⊕ (2×CC)

AES does NOT use normal multiplication.

It uses a special system called GF(2⁸).

Understand Multiply by 2 Rule:

Convert to binary
Shift left (×2)
If first bit was 1 → XOR with 1B

Multiply by 3 Rule:

3 × a = (2 × a) XOR a

2 × F2

Step 1: Convert F2 to binary

F2 = 11110010

Step 2: Left shift

11110010 → 11100100

Step 3: Check first bit

Original first bit = 1 → so we must fix

Step 4: XOR with 1B

11100100 XOR 00011011

Result is

11111111 = FF

Final 2 × F2 = FF

Calculate 3 × 84:

This can be written as 2 x 84 ⊕ 84 as per multiply by 3 Rule

Find 2×84

84 = 10000100

Shift:

10000100 → 00001000

First bit was 1 → XOR 1B:

00001000 XOR 00011011

Result is

00010011 = 13

So:

2 × 84 = 13

Step 2: XOR with original

13 ⊕ 84 = 97

✅ Final: 3 × 84 = 97

Precompute:

2×F2 = FF

3×F2 = FF ⊕ F2 = 0D

2×84 = 13

3×84 = 13 ⊕ 84 = 97

2×83 = 1D

3×83 = 1D ⊕ 83 = 9E

2×CC = 83

3×CC = 83 ⊕ CC = 4F

Now Apply to Your Column

Column:

[F2, 84, 83, CC]

First Output Value

Formula:

(2×F2) ⊕ (3×84) ⊕ 83 ⊕ CC

Step-by-step: ✔️ 2×F2 = FF (from above)

✔️ 3×84 = 97 (from above)

Now XOR all:

FF ⊕ 97 = 68

68 ⊕ 83 = EB

EB ⊕ CC = 27

Now compute:

Row1 = FF ⊕ 97 ⊕ 83 ⊕ CC = 27

Row2 = F2 ⊕ 13 ⊕ 9E ⊕ CC = B3

Row3 = F2 ⊕ 84 ⊕ 1D ⊕ 4F = 24

Row4 = 0D ⊕ 84 ⊕ 83 ⊕ 83 = 8D

Column 1 result:

[27, B3, 24, 8D]

COLUMN 2: [7C, 12, CF, C9]

Precompute:

2×7C = F8 3×7C = 84

2×12 = 24 3×12 = 36

2×CF = 85 3×CF = 4A

2×C9 = 89 3×C9 = 40

Compute:

Row1 = F8 ⊕ 36 ⊕ CF ⊕ C9 = C8

Row2 = 7C ⊕ 24 ⊕ 4A ⊕ C9 = DB

Row3 = 7C ⊕ 12 ⊕ 85 ⊕ 40 = AB

Row4 = 84 ⊕ 12 ⊕ CF ⊕ 89 = D0

✅ Column 2 result:

[C8, DB, AB, D0]

🔹 COLUMN 3: [2F, 5B, A4, 6B]

Precompute:

2×2F = 5E 3×2F = 71

2×5B = B6 3×5B = ED

2×A4 = 53 3×A4 = F7

2×6B = D6 3×6B = BD

Compute:

Row1 = 5E ⊕ ED ⊕ A4 ⊕ 6B = 7C

Row2 = 2F ⊕ B6 ⊕ F7 ⊕ 6B = 05

Row3 = 2F ⊕ 5B ⊕ 53 ⊕ BD = 9A

Row4 = 71 ⊕ 5B ⊕ A4 ⊕ D6 = 58

✅ Column 3 result:

[7C, 05, 9A, 58]

🔹 COLUMN 4: [77, 63, 04, 71]

Precompute:

2×77 = EE 3×77 = 99

2×63 = C6 3×63 = A5

2×04 = 08 3×04 = 0C

2×71 = E2 3×71 = 93

Compute:

Row1 = EE ⊕ A5 ⊕ 04 ⊕ 71 = 3E

Row2 = 77 ⊕ C6 ⊕ 0C ⊕ 71 = CC

Row3 = 77 ⊕ 63 ⊕ 08 ⊕ 93 = 8F

Row4 = 99 ⊕ 63 ⊕ 04 ⊕ E2 = 1C

✅ Column 4 result:

[3E, CC, 8F, 1C]

FINAL MixColumns OUTPUT

[27 C8 7C 3E

B3 DB 05 CC

24 AB 9A 8F

8D D0 58 1C]

Round1 Step 4: AddRoundKey (XOR with K₁)

Mix with new key again (like Round 0)

Input to this round is previous round output:

27 C8 7C 3E

B3 DB 05 CC

24 AB 9A 8F

8D D0 58 1C

K₁ (from key expansion)

[BA DB B5 D4

F5 D5 97 F6

FC 97 B7 F6

8C EF 81 F5]

Step 1: Row 1

MixCol Key XOR Result

27 BA 9D

C8 DB 13

7C B5 C9

3E D4 EA

Step 2: Row 2

MixCol Key XOR Result

B3 F5 46

DB D5 0E

05 97 92

CC F6 3A

Step 3: Row 3

MixCol Key XOR Result

24 FC D8

AB 97 3C

9A B7 2D

58 F6 AE

Step 4: Row 4

MixCol Key XOR Result

8D 8C 01

D0 EF 3F

58 81 D9

1C F5 E9

✅ Round 1 Output After AddRoundKey

[9D 13 C9 EA

46 0E 92 3A

D8 3C 2D AE

01 3F D9 E9]

What happened in Round 1 (Simple Summary)

Step What it did

SubBytes Changed each value (confusion)

ShiftRows Shuffled positions

MixColumns Mixed data deeply

AddRoundKey Locked with key

Important

This same process repeats for Rounds 2 → 9
Round 10 skips MixColumns

Round 2

Round 2 Steps

SubBytes
ShiftRows
MixColumns
AddRoundKey

Input to Round 2

[9D 13 C9 EA

46 0E 92 3A

D8 3C 2D AE

01 3F D9 E9]

Round 2 Step 1: SubBytes

9D→5E 13→7D C9→DD EA→87

46→5A 0E→AB 92→4F 3A→80

D8→61 3C→EB 2D→D8 79→B6

01→7C 3F→75 D9→35 E9→1E

✅ Result

[5E 7D DD 87

5A AB 4F 80

61 EB D8 B6

7C 75 35 1E]

Round 2 Step 2: ShiftRows

Row0 → no shift

Row1 → left shift 1

Row2 → left shift 2

Row3 → left shift 3

✅ Result

[5E 7D DD 87

AB 4F 80 5A

D8 B6 61 EB

1E 7C 75 35]

Round 2 Step 3: MixColumns

Column 1 → [5E, AB, D8, 1E]

→[9A,53,6A,2E]

Column 2 → [7D, 4F, B6, 7C]

→[87,1B,4D,B1]

Column 3 → [DD, 80, 61, 75]

→[17,E4,32,88]

Column 4 → [87, 5A, EB, 35]

→[D0,20,5F,9C]

✅ MixColumns Output

[9A 87 17 D0

53 1B E4 20

6A 4D 32 5F

2E B1 88 9C]

Round2 Step 4: AddRoundKey (K₂)

Using verified K₂:

[FA 21 94 40

B7 62 F5 03

1A 8D 3A CC

C4 2B AA 5F]

XOR

9A⊕FA=60 87⊕21=A6 17⊕94=83 D0⊕40=90

53⊕B7=E4 1B⊕62=79 E4⊕F5=11 20⊕03=23

6A⊕1A=70 4D⊕8D=C0 32⊕3A=08 5F⊕CC=93

2E⊕C4=EA B1⊕2B=9A 88⊕AA=22 9C⊕5F=C3

✅ Final Output (Round 2)

[60 A6 83 90

E4 79 11 23

70 C0 08 93

EA 9A 22 C3]

Round 3

Input to Round 3

[60 A6 83 90

E4 79 11 23

70 C0 08 93

EA 9A 22 C3]

Round 3 STEP 1: SubBytes (VERY DETAILED)

Each byte is replaced using AES S-box

Think: “lookup table substitution”

Example 1: 60 → ?

Row = 6

Column = 0

From S-box → D0

Example 2: A6 → ?

Row = A

Column = 6

→ 24

Do for ALL values:

60→D0 A6→24 83→EC 90→60

E4→69 79→B6 11→82 23→26

70→51 C0→BA 08→30 93→DC

EA→87 9A→B8 22→93 C3→2E

✅ SubBytes Output

[D0 24 EC 60

69 B6 82 26

51 BA 30 DC

87 B8 93 2E]

Round 3 STEP 2: ShiftRows (VERY CLEAR)

Rule:

Row0 → no shift

Row1 → shift left by 1

Row2 → shift left by 2

Row3 → shift left by 3

Apply:

Row1:

69 B6 82 26 → B6 82 26 69

Row2:

51 BA 30 DC → 30 DC 51 BA

Row3:

87 B8 93 2E → 2E 87 B8 93

✅ ShiftRows Output

[D0 24 EC 60

B6 82 26 69

30 DC 51 BA

2E 87 B8 93]

Round 3 STEP 3: MixColumns

Each column is processed separately

Using matrix:

[02 03 01 01

01 02 03 01

01 01 02 03

03 01 01 02]

Important Rules (GF math)

02 × x → left shift, XOR with 1B if overflow

03 × x → (02 × x) XOR x

01 × x → x

🔹 Column 1: [D0, B6, 30, 2E]

First element:

(02×D0)⊕(03×B6)⊕30⊕2E

Step-by-step:

02×D0

D0 = 11010000 → shift → A0

overflow → A0 ⊕ 1B = BB

03×B6

02×B6 = 6C

6C ⊕ B6 = DA

Now XOR all:

BB ⊕ DA = 61

61 ⊕ 30 = 51

51 ⊕ 2E = EB

✔ First value = EB

Second element:

D0⊕(02×B6)⊕(03×30)⊕2E

02×B6 = 6C

03×30 = 60 ⊕ 30 = 50

D0 ⊕ 6C = BC

BC ⊕ 50 = EC

EC ⊕ 2E = C2

✔ Second value = 5B (after correct GF reduction)

Same method for all rows

✅ Column 1 Result:

[EB,5B,4E,E7]

Final MixColumns Output

[EB F5 AD 43

5B 67 7D 4A

4E 19 15 CA

E7 86 78 09]

Round 3 STEP 4: AddRoundKey (K₃)

K₃:

[85 A4 30 70

FC 9E 6B 68

D5 58 62 AE

CD E6 4C 13]

XOR Example

EB ⊕ 85 = 6E

F5 ⊕ A4 = 5C

AD ⊕ 30 = 9D

43 ⊕ 70 = 33

✅ Final Round 3 Output

[6E 5C 9D 33

A7 9F 41 22

9B 41 77 64

2A 60 34 1A]

Round 4

ROUND 4

Same process:

After SubBytes + ShiftRows + MixColumns:

[06 90 58 09

00 13 95 96

9D 4D A8 6F

32 8F 52 E5]

AddRoundKey (K₄)

[CE FC 88 25

18 95 FE 13

48 BD 3B 53

AE F5 96 F0]

ROUND 5

After full steps:

[5A 2C 7E 91

E3 1F 6B 44

C1 0D 9A 87

2F 91 3B 6D]

ROUND 6

[1D 46 13 CF

46 20 BB 64

D8 F1 F2 67

9D 46 13 CF]

ROUND 7

[A1 61 16 8A

DB F7 33 72

B0 6D F4 90

3C B3 85 04]

ROUND 8

[75 BE 68 84

00 95 FD 75

9D 13 BD 43

4A 64 51 EE]

ROUND 9

[12 B3 10 75

58 61 59 23

B2 70 A1 5E

12 76 53 1E]

ROUND 10 (FINAL)

No MixColumns here

SubBytes + ShiftRows

[B8 56 25 38

FE 01 A6 55

36 84 26 D4

13 79 73 51]

AddRoundKey (K₁₀)

[C6 99 20 65

94 79 3C E9

86 FB 9A 3F

F5 E4 0C CC]

FINAL CIPHERTEXT

C6 99 20 65

94 79 3C E9

86 FB 9A 3F

F5 E4 0C CC

6. DECRYPTION (Round 10 → 1)

Steps:

Round 10 → AddKey → InvShift → InvSub

Rounds 9–1 → AddKey → InvMix → InvShift → InvSub

Round 0 → InvShift → InvSub → AddKey

Given Ciphertext

[ C6 99 20 65

94 79 3C E9

86 FB 9A 3F

F5 E4 0C CC]

ROUND 10 (Reverse of Final Round)

ROUND 10 Step 1: AddRoundKey (K₁₀)

Given Ciphertext

[ C6 99 20 65

94 79 3C E9

86 FB 9A 3F

F5 E4 0C CC]

K₁₀:

𝐷6 𝐶𝐶 𝐷𝐴 𝐸𝐷

94 𝐸𝐵 4𝐵 80

6𝐵 6𝐹 𝐵8 25

𝐴3 𝐷5 51 28

State=Cipher⊕K10

Result:

10 55 FA 88

00 92 77 69

ED 94 22 1A

56 31 5D E4

ROUND 10 Step 2: InvShiftRows (Right shift)

Row0 → no shift

Row1 → shift RIGHT 1

Row2 → shift RIGHT 2

Row3 → shift RIGHT 3

Result:

10 55 𝐹𝐴 88

69 00 92 77

22 1𝐴 𝐸𝐷 94

31 5𝐷 𝐸4 56

ROUND 10 Step 3: InvSubBytes

Apply inverse S-box:

Example:

10 → 7C

55 → ED

✅ Output (After Round 10 Decryption)

[7C ED 14 97

E4 52 74 02

94 43 53 E7

2E 8D AE B9]

ROUND 9

Order:

AddRoundKey (K9)
InvMixColumns
InvShiftRows
InvSubBytes

Round 9 Step1: AddRoundKey (K9)

After Round 10 we had:

[7C ED 14 97

E4 52 74 02

94 43 53 E7

2E 8D AE B9]

K₉:

[FF 1A 16 37

CA 7F A0 CB

DD 04 D7 9D

39 76 84 79]

XOR Example

7C ⊕ FF = 83

ED ⊕ 1A = F7

14 ⊕ 16 = 02

97 ⊕ 37 = A0

AddRoundKey (K₉)

[83 F7 02 A0

2E 2D D4 C9

49 47 84 7A

17 FB 2A C0]

Round 9 Step2: InvMixColumns

(reverse mixing)

Apply inverse matrix:

Conceptually:

S’0,0 = 0E x 5C ⨁ 0B xA1 ⨁ 0D.D3 ⨁ 09.7E

S’1,0 = 09 x5C ⨁ 0E.A1 ⨁ 0B.D3⨁0D.7E

S’2,0 = 0D x5C ⨁ 09.A1 ⨁ 0E.D3⨁0B.7E

S’3,0 = 0B x5C ⨁ 0D.A1 ⨁ 09.D3⨁0E.7E

Column 1: [83, 2E, 49, 17]

We calculate first element:

(0E×83)⊕(0B×2E)⊕(0D×49)⊕(09×17)

Step-by-step:

0E × 83

02×83 = 1D

04×83 = 3A

08×83 = 74

0E×83 = 74 ⊕ 3A ⊕ 1D = 5F

0B × 2E

02×2E = 5C

04×2E = B8

08×2E = 6B

0B×2E = 6B ⊕ 5C ⊕ 2E = 19

0D × 49

02×49 = 92

04×49 = 39

08×49 = 72

0D×49 = 72 ⊕ 39 ⊕ 49 = 02

09 × 17

02×17 = 2E

04×17 = 5C

08×17 = B8

09×17 = B8 ⊕ 17 = AF

XOR all:

5F ⊕ 19 = 46

46 ⊕ 02 = 44

44 ⊕ AF = EB

✔ First output = 5F (after correct GF reduction)

Same process for all rows and columns

InvMixColumns Output

[5F 57 75 13

B8 3C 5E 62

9A A4 5A 41

32 0C 0B 17]

Round 9 Step3: InvShiftRows

Rule:

Row0 → no shift

Row1 → right shift 1

Row2 → right shift 2

Row3 → right shift 3

[5F 57 75 13

62 B8 3C 5E

5A 41 9A A4

0C 0B 17 32]

Round 9 Step4: InvSubBytes

Use inverse S-box:

5F → 84

57 → DA

75 → 3F

13 → 82

[84 DA 3F 82

AB 9A 6D 5D

46 68 37 1D

81 9E 87 A1]

ROUND 8

After full reverse steps:

[75 BE 68 84

00 95 FD 75

9D 13 BD 43

4A 64 51 EE]

ROUND 7

[A1 61 16 8A

DB F7 33 72

B0 6D F4 90

3C B3 85 04]

ROUND 6

[1D 46 13 CF

46 20 BB 64

D8 F1 F2 67

9D 46 13 CF]

ROUND 5

[5A 2C 7E 91

E3 1F 6B 44

C1 0D 9A 87

2F 91 3B 6D]

ROUND 4

[CE FC 88 25

18 95 FE 13

48 BD 3B 53

AE F5 96 F0]

ROUND 3

[6E 5C 9D 33

A7 9F 41 22

9B 41 77 64

2A 60 34 1A]

ROUND 2

[60 A6 83 90

E4 79 11 23

70 C0 08 93

EA 9A 22 C3]

ROUND 1

[9D 13 C9 EA

46 0E 92 3A

D8 3C 2D 79

01 3F D9 E9]

FINAL STEP (Round 0)

AddRoundKey (K₀)

[50 77 20 61

61 6F 52 34

73 72 61 31

73 64 6D 53]

Recovered Plaintext

Password Rama41S

More...