and at the end of the Cipher and Inverse Cipher,the State is copied to the output array out as follows: outir +4c]=s[r,c] for0≤r<4and0≤c<Nb. (3.4) 3.5 The State as an Array of Columns The four bytes in each column of the State array form 32-bit words,where the row number r provides an index for the four bytes within each word.The state can hence be interpreted as a one-dimensional array of 32 bit words(columns),wo...w3,where the column number c provides an index into this array.Hence,for the example in Fig.3,the State can be considered as an array of four words,as follows: 1W0=S0,0S1,0S2,0S3,0 1w2=S0,2S1,2S2,2S3,2 w1=S0,1S1,1S2,1S3,1 W3=S0,3S1,3S2,3S3,3. (3.5) 4. Mathematical Preliminaries All bytes in the AES algorithm are interpreted as finite field elements using the notation introduced in Sec.3.2.Finite field elements can be added and multiplied,but these operations are different from those used for numbers.The following subsections introduce the basic mathematical concepts needed for Sec.5. 4.1 Addition The addition of two elements in a finite field is achieved by "adding"the coefficients for the corresponding powers in the polynomials for the two elements.The addition is performed with the XOR operation(denoted by⊕)-i.e.,modulo2-so that 1⊕1=0,1⊕0=1，and0⊕0=0. Consequently,subtraction of polynomials is identical to addition of polynomials. Alternatively,addition of finite field elements can be described as the modulo 2 addition of corresponding bits in the byte.For two bytes (adasaasazaao)and (bbbsbab3b2bbol,the sum is {cc6cscc3C2cco},where each c=a⊕bi(i.e,c=a⊕b,c6=a6⊕bo,co=a⊕bo) For example,the following expressions are equivalent to one another: (x6+x4+x2+x+1)+(x?+x+1)=x?+x6+x4+x2 (polynomial notation); {01010111}⊕{10000011}={11010100} (binary notation); {57}©{83}={d4} (hexadecimal notation). 4.2 Multiplication In the polynomial representation,multiplication in GF(2)(denoted by.)corresponds with the multiplication of polynomials modulo an irreducible polynomial of degree 8.A polynomial is irreducible if its only divisors are one and itself.For the AES algorithm,this irreducible polynomial is m(x)=x8+x4+x3+x+1, (4.1) 1010 and at the end of the Cipher and Inverse Cipher, the State is copied to the output array out as follows: out[r + 4c] = s[r, c] for 0 £ r < 4 and 0 £ c < Nb. (3.4) 3.5 The State as an Array of Columns The four bytes in each column of the State array form 32-bit words, where the row number r provides an index for the four bytes within each word. The state can hence be interpreted as a one-dimensional array of 32 bit words (columns), w0...w3, where the column number c provides an index into this array. Hence, for the example in Fig. 3, the State can be considered as an array of four words, as follows: w0 = s0,0 s1,0 s2,0 s3,0 w2 = s0,2 s1,2 s2,2 s3,2 w1 = s0,1 s1,1 s2,1 s3,1 w3 = s0,3 s1,3 s2,3 s3,3 . (3.5) 4. Mathematical Preliminaries All bytes in the AES algorithm are interpreted as finite field elements using the notation introduced in Sec. 3.2. Finite field elements can be added and multiplied, but these operations are different from those used for numbers. The following subsections introduce the basic mathematical concepts needed for Sec. 5. 4.1 Addition The addition of two elements in a finite field is achieved by “adding” the coefficients for the corresponding powers in the polynomials for the two elements. The addition is performed with the XOR operation (denoted by Å ) - i.e., modulo 2 - so that 1Å1 = 0 , 1Å 0 = 1, and 0 Å 0 = 0 . Consequently, subtraction of polynomials is identical to addition of polynomials. Alternatively, addition of finite field elements can be described as the modulo 2 addition of corresponding bits in the byte. For two bytes {a7a6a5a4a3a2a1a0} and {b7b6b5b4b3b2b1b0}, the sum is {c7c6c5c4c3c2c1c0}, where each ci = ai Å bi (i.e., c7 = a7 Å b7, c6 = a6 Å b6, ...c0 = a0 Å b0). For example, the following expressions are equivalent to one another: ( 1) 6 4 2 x + x + x + x + + ( 1) 7 x + x + = 7 6 4 2 x + x + x + x (polynomial notation); {01010111} Å {10000011} = {11010100} (binary notation); {57} Å {83} = {d4} (hexadecimal notation). 4.2 Multiplication In the polynomial representation, multiplication in GF(28 ) (denoted by ·) corresponds with the multiplication of polynomials modulo an irreducible polynomial of degree 8. A polynomial is irreducible if its only divisors are one and itself. For the AES algorithm, this irreducible polynomial is ( ) 1 8 4 3 m x = x + x + x + x + , (4.1)