Rijndael is designed for use with keys of lengths 128, 192, and 256 bits. For simplicity, we’ll restrict to 128 bits. First, we give a brief outline of the algorithm, then describe the various components in more detail.

The algorithm consists of 10 rounds (when the key has 192 bits, 12 rounds are used, and when the key has 256 bits, 14 rounds are used). Each round has a round key, derived from the original key. There is also a 0th round key, which is the original key. A round starts with an input of 128 bits and produces an output of 128 bits.

There are four basic steps, called layers, that are used to form the rounds:

1. The SubBytes Transformation (SB): This nonlinear layer is for resistance to differential and linear cryptanalysis attacks.

2. The ShiftRows Transformation (SR): This linear mixing step causes diffusion of the bits over multiple rounds.

3. The MixColumns Transformation (MC): This layer has a purpose similar to ShiftRows.

4. AddRoundKey (ARK): The round key is XORed with the result of the above layer.

A round is then

$\to \boxed{SubBytes}\to \boxed{ShiftRows}\to \boxed{MixColumns}\to \boxed{AddRoundKey}\to \text{.}$

Putting everything together, we obtain the following (see also Figure 8.1):

Figure 8.1The AES-Rijndael Algorithm

The final round uses the SubBytes, ShiftRows, and AddRoundKey steps but omits MixColumns (this omission will be explained in the decryption section).

The 128-bit output is the ciphertext block.