About the transposition of the input?

[openluopworld]

Hi, I notice that a transposition is applied to the input in this code. Just as follows,

for (i = 0; i < 4; i++) {
    for (j = 0; j < Nb; j++) {
        state[Nb*i+j] = in[i+4*j];
    }
}

I think this is used because the state of AES is column-major, as shown below. It is different with the array in C. But I do not think it is useful. Actually, this piece of code may cause some misunderstanding.

// state of AES
s0 s4 s8  s12
s1 s5 s9  s13
s2 s6 s10 s14
s3 s7 s11 s15

[dhuertas]

Hello, That transposition comes directly from the specification, section 3.4 The State. Notice that at the end of the cipher and inv_cipher the inverse transposition is also applied.

[openluopworld]

I have read FIPS 197. But why not just treat the input in the view of the state. So the transposition and its inverse are both not needed. Hope you have a look at my code if you have time. And I will read this code in details. Thanks very much.

[dhuertas]

I believe that as long as the programmer knows how the data is stored in memory, one could use whatever technique works best for his/her needs in order to implement AES. So yes, I think one could spare the transposition and its inverse choosing memory access accordingly.

It is just that when I wrote it I just found the transpositions useful in order to follow the specification. Others may not find it that useful, I won't discuss that.

So to sum up, I am sure there are plenty of optimizations to be used here. But all of them have been left out in this implementation. The one you suggest could perfectly be one of them :)

[openluopworld]

I see, thanks.