Twofish CBC-Mode IV-KAT Tables
John Bryan

Table of Contents

Key Schedule

Unexpanded key, M, Me,  Mo,  M64, S vectors

K0,  K1	K2,  K3	K4,  K5	K6,  K7	K8,  K9	K10,  K11	K12,  K13	K14,  K15	K16,  K17	K18,  K19
K20,  K21	K22,  K23	K24,  K25	K26,  K27	K28,  K29	K30,  K31	K32,  K33	K34,  K35	K36,  K37	K38,  K39

Summary listing of the 40 expanded key words

Encryption of plaintext block 1

Encryption start

Encryption CBC xor

Encryption input whiten

r=0

r=1

r=2

r=3

r=4

r=5

r=6

r=7

r=8

r=9

r=10

r=11

r=12

r=13

r=14

r=15

Encryption output whiten

Ciphertext result

Encryption of plaintext block 2

Encryption start

Encryption CBC xor

Encryption input whiten

r=0

r=1

r=2

r=3

r=4

r=5

r=6

r=7

r=8

r=9

r=10

r=11

r=12

r=13

r=14

r=15

Encryption output whiten

Ciphertext result

Encryption of plaintext block 3

Encryption start

Encryption CBC xor

Encryption input whiten

r=0

r=1

r=2

r=3

r=4

r=5

r=6

r=7

r=8

r=9

r=10

r=11

r=12

r=13

r=14

r=15

Encryption output whiten

Ciphertext result

Encryption of plaintext block 4

Encryption start

Encryption CBC xor

Encryption input whiten

r=0

r=1

r=2

r=3

r=4

r=5

r=6

r=7

r=8

r=9

r=10

r=11

r=12

r=13

r=14

r=15

Encryption output whiten

Ciphertext result

Decryption of ciphertext block 1

Decryption start

Decryption input unwhiten

r=15

r=14

r=13

r=12

r=11

r=10

r=9

r=8

r=7

r=6

r=5

r=4

r=3

r=2

r=1

r=0

Decryption output unwhiten

Decryption CBC xor

Plaintext result

Decryption of ciphertext block 2

Decryption start

Decryption input unwhiten

r=15

r=14

r=13

r=12

r=11

r=10

r=9

r=8

r=7

r=6

r=5

r=4

r=3

r=2

r=1

r=0

Decryption output unwhiten

Decryption CBC xor

Plaintext result

Decryption of ciphertext block 3

Decryption start

Decryption input unwhiten

r=15

r=14

r=13

r=12

r=11

r=10

r=9

r=8

r=7

r=6

r=5

r=4

r=3

r=2

r=1

r=0

Decryption output unwhiten

Decryption CBC xor

Plaintext result

Decryption of ciphertext block 4

Decryption start

Decryption input unwhiten

r=15

r=14

r=13

r=12

r=11

r=10

r=9

r=8

r=7

r=6

r=5

r=4

r=3

r=2

r=1

r=0

Decryption output unwhiten

Decryption CBC xor

Plaintext result

Unexpanded Key, M, Me,  Mo,  M64,  S word vectors

key = m0m1m2m3m4m5m6m7m8m9m10m11m12m13m14m15 = 9f589f5cf6122c32b6bfec2f2ae8c35a

m0=9f

m1=58

m2=9f

m3=5c

m4=f6

m5=12

m6=2c

m7=32

m8=b6

m9=bf

m10=ec

m11=2f

m12=2a

m13=e8

m14=c3

m15=5a

Me0 = M0 = m0m1m2m3 = 9f589f5c	Me1 = M2 = m8m9m10m11 = b6bfec2f
Mo0 = M1 = m4m5m6m7 = f6122c32	Mo1 = M3 = m12m13m14m15 = 2ae8c35a

le0,0 = m0 = 9f

le0,1 = m1 = 58

le0,2 = m2 = 9f

le0,3 = m3 = 5c

le1,0 = m8 = b6

le1,1 = m9 = bf

le1,2 = m10 = ec

le1,3 = m11 = 2f

lo0,0 = m4 = f6

lo0,1 = m5 = 12

lo0,2 = m6 = 2c

lo0,3 = m7 = 32

lo1,0 = m12 = 2a

lo1,1 = m13 = e8

lo1,2 = m14 = c3

lo1,3 = m15 = 5a

M640 = M0M1 = m0m1m2m3m4m5m6m7 = 9f589f5cf6122c32

M641 = M2M3 = m8m9m10m11m12m13m14m15 = b6bfec2f2ae8c35a

Pre S list reversal:

s0,0 = 18

s0,1 = 8a

s0,2 = 9c

s0,3 = 14

s1,0 = 81

s1,1 = 8b

s1,2 = 53

s1,3 = dc

S0 = s0,0s0,1s0,2s0,3 = 188a9c14

S1 = s1,0s1,1s1,2s1,3 = 818b53dc

Post S list reversal:

s0,0 = 81

s0,1 = 8b

s0,2 = 53

s0,3 = dc

s1,0 = 18

s1,1 = 8a

s1,2 = 9c

s1,3 = 14

S0 = s0,0s0,1s0,2s0,3 = 818b53dc

S1 = s1,0s1,1s1,2s1,3 = 188a9c14

Key Schedule: K0 and K1

i = 0	i = 0
h input = X = x0x1x2x3 = 2ip = 00000000	h input = X = x0x1x2x3 = (2i+1)p = 01010101

x0 = 00

x1 = 00

x2 = 00

x3 = 00

x0 = 01

x1 = 01

x2 = 01

x3 = 01

y2,0 = 00

y2,1 = 00

y2,2 = 00

y2,3 = 00

y2,0 = 01

y2,1 = 01

y2,2 = 01

y2,3 = 01

q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9 l1,3=2f q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48 l0,3=5c q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e

q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l1,2=ec q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0 l0,2=9f q0.in=e8 a0=e b0=8 a1=6 b1=a a2=3 b2=a a3=9 b3=e a4=8 b4=c q0.out=c8

q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9 l1,1=bf q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l0,1=58 q1.in=ff a0=f b0=f a1=0 b1=8 a2=2 b2=6 a3=4 b3=1 a4=1 b4=9 q1.out=91

q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l1,0=b6 q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85 l0,0=9f q0.in=d9 a0=d b0=9 a1=4 b1=9 a2=6 b2=4 a3=2 b3=4 a4=5 b4=1 q0.out=15

q0.in=01 a0=0 b0=1 a1=1 b1=8 a2=1 b2=f a3=e b3=6 a4=7 b4=6 q0.out=67 l1,3=5a q0.in=4d a0=4 b0=d a1=9 b1=a a2=b b2=a a3=1 b3=6 a4=a b4=6 q0.out=6a l0,3=32 q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4

q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l1,2=c3 q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l0,2=2c q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9

q0.in=01 a0=0 b0=1 a1=1 b1=8 a2=1 b2=f a3=e b3=6 a4=7 b4=6 q0.out=67 l1,1=e8 q1.in=a4 a0=a b0=4 a1=e b1=8 a2=c b2=6 a3=a b3=f a4=d b4=a q1.out=ad l0,1=12 q1.in=81 a0=8 b0=1 a1=9 b1=0 a2=1 b2=1 a3=0 b3=1 a4=4 b4=9 q1.out=94

q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l1,0=2a q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23 l0,0=f6 q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6

y0 = 9e	y1 = c8	y2 = 91	y3 = 15	y0 = c4	y1 = d9	y2 = 94	y3 = c6
MDS input = Y = y0y1y2y3 = 9ec89115				MDS input = Y = y0y1y2y3 = c4d994c6

MDS output = Z = z0z1z2z3 = a595ddd3

MDS output = Z = z0z1z2z3 = 5ba596f6

z0 = a5

z1 = 95

z2 = dd

z3 = d3

z0 = 5b

z1 = a5

z2 = 96

z3 = f6

A0 = h(2pi, Me) = a595ddd3

B0 = ROL[h({2i+1}p, Mo),  8] = ROL[5ba596f6,8] = ROL[f696a55b(big endian),  8] = 96a55bf6(big endian) = f65ba596.

K0 = (A0 + B0) mod 232 = (a595ddd3 + f65ba596) mod 232 = (d3dd95a5(big endian) + 96a55bf6(big endian)) mod 232 = 6a82f19b(big endian) = 9bf1826a.

K1 = ROL([A0 + 2B0] mod 232,  9) = ROL([a595ddd3 + 2(f65ba596) mod32,  9) = ROL([d3dd95a5(big endian) + 2(96a55bf6(big endian))] mod32,  9) = ROL([d3dd95a5(big endian) + 2d4ab7ec(big endian)] mod32,  9) = ROL(01284d91(big endian),  9) = 509b2202(big endian) = 02229b50.

Key Schedule: K2 and K3

i = 1	i = 1
h input = X = x0x1x2x3 = 2ip = 02020202	h input = X = x0x1x2x3 = (2i+1)p = 03030303

x0 = 02

x1 = 02

x2 = 02

x3 = 02

x0 = 03

x1 = 03

x2 = 03

x3 = 03

y2,0 = 02

y2,1 = 02

y2,2 = 02

y2,3 = 02

y2,0 = 03

y2,1 = 03

y2,2 = 03

y2,3 = 03

q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3 l1,3=2f q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l0,3=5c q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20

q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6 l1,2=ec q0.in=79 a0=7 b0=9 a1=e b1=3 a2=a b2=8 a3=2 b3=e a4=5 b4=c q0.out=c5 l0,2=9f q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93

q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3 l1,1=bf q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l0,1=58 q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d

q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6 l1,0=b6 q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2 l0,0=9f q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1

q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8 l1,3=5a q0.in=c2 a0=c b0=2 a1=e b1=d a2=a b2=0 a3=a b3=a a4=f b4=3 q0.out=3f l0,3=32 q1.in=c9 a0=c b0=9 a1=5 b1=0 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q1.out=e9

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,2=c3 q0.in=1c a0=1 b0=c a1=d b1=f a2=c b2=d a3=1 b3=2 a4=a b4=f q0.out=fa l0,2=2c q0.in=e8 a0=e b0=8 a1=6 b1=a a2=3 b2=a a3=9 b3=e a4=8 b4=c q0.out=c8

q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8 l1,1=e8 q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e l0,1=12 q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,0=2a q1.in=ae a0=a b0=e a1=4 b1=d a2=f b2=9 a3=6 b3=b a4=9 b4=f q1.out=f9 l0,0=f6 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17

y0 = 20	y1 = 93	y2 = 9d	y3 = c1	y0 = e9	y1 = c8	y2 = ae	y3 = 17
MDS input = Y = y0y1y2y3 = 20939dc1				MDS input = Y = y0y1y2y3 = e9c8ae17

MDS output = Z = z0z1z2z3 = cf57831a

MDS output = Z = z0z1z2z3 = ba665e1b

z0 = cf

z1 = 57

z2 = 83

z3 = 1a

z0 = ba

z1 = 66

z2 = 5e

z3 = 1b

A1 = h(2pi, Me) = cf57831a

B1 = ROL[h({2i+1}p, Mo),  8] = ROL[ba665e1b,8] = ROL[1b5e66ba(big endian),  8] = 5e66ba1b(big endian) = 1bba665e.

K2 = (A1 + B1) mod 232 = (cf57831a + 1bba665e) mod 232 = (1a8357cf(big endian) + 5e66ba1b(big endian)) mod 232 = 78ea11ea(big endian) = ea11ea78.

K3 = ROL([A1 + 2B1] mod 232,  9) = ROL([cf57831a + 2(1bba665e) mod32,  9) = ROL([1a8357cf(big endian) + 2(5e66ba1b(big endian))] mod32,  9) = ROL([1a8357cf(big endian) + bccd7436(big endian)] mod32,  9) = ROL(d750cc05(big endian),  9) = a1980bae(big endian) = ae0b98a1.

Key Schedule: K4 and K5

i = 2	i = 2
h input = X = x0x1x2x3 = 2ip = 04040404	h input = X = x0x1x2x3 = (2i+1)p = 05050505

x0 = 04

x1 = 04

x2 = 04

x3 = 04

x0 = 05

x1 = 05

x2 = 05

x3 = 05

y2,0 = 04

y2,1 = 04

y2,2 = 04

y2,3 = 04

y2,0 = 05

y2,1 = 05

y2,2 = 05

y2,3 = 05

q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l1,3=2f q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,3=5c q1.in=54 a0=5 b0=4 a1=1 b1=f a2=8 b2=8 a3=0 b3=c a4=4 b4=2 q1.out=24

q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l1,2=ec q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9 l0,2=9f q0.in=b1 a0=b b0=1 a1=a b1=b a2=5 b2=6 a3=3 b3=e a4=e b4=c q0.out=ce

q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l1,1=bf q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l0,1=58 q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1

q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l1,0=b6 q1.in=f4 a0=f b0=4 a1=b b1=5 a2=4 b2=c a3=8 b3=2 a4=0 b4=5 q1.out=50 l0,0=9f q0.in=0c a0=0 b0=c a1=c b1=6 a2=e b2=3 a3=d b3=7 a4=4 b4=e q0.out=e4

q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l1,3=5a q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72 l0,3=32 q1.in=84 a0=8 b0=4 a1=c b1=a a2=0 b2=a a3=a b3=5 a4=d b4=3 q1.out=3d

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,2=c3 q0.in=93 a0=9 b0=3 a1=a b1=8 a2=5 b2=f a3=a b3=2 a4=f b4=f q0.out=ff l0,2=2c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe

q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l1,1=e8 q1.in=3e a0=3 b0=e a1=d b1=c a2=a b2=f a3=5 b3=5 a4=6 b4=3 q1.out=36 l0,1=12 q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,0=2a q1.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=a b4=b q1.out=ba l0,0=f6 q0.in=88 a0=8 b0=8 a1=0 b1=c a2=8 b2=7 a3=f b3=3 a4=1 b4=4 q0.out=41

y0 = 24	y1 = ce	y2 = d1	y3 = e4	y0 = 3d	y1 = fe	y2 = f8	y3 = 41
MDS input = Y = y0y1y2y3 = 24ced1e4				MDS input = Y = y0y1y2y3 = 3dfef841

MDS output = Z = z0z1z2z3 = 6884084f

MDS output = Z = z0z1z2z3 = fa99d08d

z0 = 68

z1 = 84

z2 = 08

z3 = 4f

z0 = fa

z1 = 99

z2 = d0

z3 = 8d

A2 = h(2pi, Me) = 6884084f

B2 = ROL[h({2i+1}p, Mo),  8] = ROL[fa99d08d,8] = ROL[8dd099fa(big endian),  8] = d099fa8d(big endian) = 8dfa99d0.

K4 = (A2 + B2) mod 232 = (6884084f + 8dfa99d0) mod 232 = (4f088468(big endian) + d099fa8d(big endian)) mod 232 = 1fa27ef5(big endian) = f57ea21f.

K5 = ROL([A2 + 2B2] mod 232,  9) = ROL([6884084f + 2(8dfa99d0) mod32,  9) = ROL([4f088468(big endian) + 2(d099fa8d(big endian))] mod32,  9) = ROL([4f088468(big endian) + a133f51a(big endian)] mod32,  9) = ROL(f03c7982(big endian),  9) = 78f305e0(big endian) = e005f378.

Key Schedule: K6 and K7

i = 3	i = 3
h input = X = x0x1x2x3 = 2ip = 06060606	h input = X = x0x1x2x3 = (2i+1)p = 07070707

x0 = 06

x1 = 06

x2 = 06

x3 = 06

x0 = 07

x1 = 07

x2 = 07

x3 = 07

y2,0 = 06

y2,1 = 06

y2,2 = 06

y2,3 = 06

y2,0 = 07

y2,1 = 07

y2,2 = 07

y2,3 = 07

q0.in=06 a0=0 b0=6 a1=6 b1=3 a2=3 b2=8 a3=b b3=f a4=3 b4=a q0.out=a3 l1,3=2f q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7 l0,3=5c q1.in=68 a0=6 b0=8 a1=e b1=2 a2=c b2=2 a3=e b3=d a4=3 b4=0 q1.out=03

q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l1,2=ec q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l0,2=9f q0.in=2b a0=2 b0=b a1=9 b1=f a2=b b2=d a3=6 b3=d a4=9 b4=5 q0.out=59

q0.in=06 a0=0 b0=6 a1=6 b1=3 a2=3 b2=8 a3=b b3=f a4=3 b4=a q0.out=a3 l1,1=bf q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l0,1=58 q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd

q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l1,0=b6 q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59 l0,0=9f q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd

q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l1,3=5a q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4 l0,3=32 q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae

q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l1,2=c3 q0.in=20 a0=2 b0=0 a1=2 b1=2 a2=7 b2=b a3=c b3=2 a4=2 b4=f q0.out=f2 l0,2=2c q0.in=e0 a0=e b0=0 a1=e b1=e a2=a b2=9 a3=3 b3=6 a4=e b4=6 q0.out=6e

q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l1,1=e8 q1.in=b5 a0=b b0=5 a1=e b1=9 a2=c b2=d a3=1 b3=2 a4=c b4=5 q1.out=5c l0,1=12 q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l1,0=2a q1.in=92 a0=9 b0=2 a1=b b1=0 a2=4 b2=1 a3=5 b3=c a4=6 b4=2 q1.out=26 l0,0=f6 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18

y0 = 03	y1 = 59	y2 = fd	y3 = fd	y0 = ae	y1 = 6e	y2 = 79	y3 = 18
MDS input = Y = y0y1y2y3 = 0359fdfd				MDS input = Y = y0y1y2y3 = ae6e7918

MDS output = Z = z0z1z2z3 = 8ecfe2cb

MDS output = Z = z0z1z2z3 = 7b6acca3

z0 = 8e

z1 = cf

z2 = e2

z3 = cb

z0 = 7b

z1 = 6a

z2 = cc

z3 = a3

A3 = h(2pi, Me) = 8ecfe2cb

B3 = ROL[h({2i+1}p, Mo),  8] = ROL[7b6acca3,8] = ROL[a3cc6a7b(big endian),  8] = cc6a7ba3(big endian) = a37b6acc.

K6 = (A3 + B3) mod 232 = (8ecfe2cb + a37b6acc) mod 232 = (cbe2cf8e(big endian) + cc6a7ba3(big endian)) mod 232 = 984d4b31(big endian) = 314b4d98.

K7 = ROL([A3 + 2B3] mod 232,  9) = ROL([8ecfe2cb + 2(a37b6acc) mod32,  9) = ROL([cbe2cf8e(big endian) + 2(cc6a7ba3(big endian))] mod32,  9) = ROL([cbe2cf8e(big endian) + 98d4f746(big endian)] mod32,  9) = ROL(64b7c6d4(big endian),  9) = 6f8da8c9(big endian) = c9a88d6f.

Key Schedule: K8 and K9

i = 4	i = 4
h input = X = x0x1x2x3 = 2ip = 08080808	h input = X = x0x1x2x3 = (2i+1)p = 09090909

x0 = 08

x1 = 08

x2 = 08

x3 = 08

x0 = 09

x1 = 09

x2 = 09

x3 = 09

y2,0 = 08

y2,1 = 08

y2,2 = 08

y2,3 = 08

y2,0 = 09

y2,1 = 09

y2,2 = 09

y2,3 = 09

q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l1,3=2f q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,3=5c q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40

q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l1,2=ec q0.in=f5 a0=f b0=5 a1=a b1=d a2=5 b2=0 a3=5 b3=d a4=d b4=5 q0.out=5d l0,2=9f q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd

q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l1,1=bf q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l0,1=58 q1.in=75 a0=7 b0=5 a1=2 b1=5 a2=b b2=c a3=7 b3=5 a4=a b4=3 q1.out=3a

q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l1,0=b6 q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77 l0,0=9f q0.in=2b a0=2 b0=b a1=9 b1=f a2=b b2=d a3=6 b3=d a4=9 b4=5 q0.out=59

q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l1,3=5a q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l0,3=32 q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85

q1.in=09 a0=0 b0=9 a1=9 b1=c a2=1 b2=f a3=e b3=6 a4=3 b4=d q1.out=d3 l1,2=c3 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l0,2=2c q0.in=ac a0=a b0=c a1=6 b1=c a2=3 b2=7 a3=4 b3=0 a4=6 b4=d q0.out=d6

q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l1,1=e8 q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95 l0,1=12 q1.in=b9 a0=b b0=9 a1=2 b1=f a2=b b2=8 a3=3 b3=7 a4=5 b4=e q1.out=e5

q1.in=09 a0=0 b0=9 a1=9 b1=c a2=1 b2=f a3=e b3=6 a4=3 b4=d q1.out=d3 l1,0=2a q1.in=89 a0=8 b0=9 a1=1 b1=4 a2=8 b2=4 a3=c b3=a a4=2 b4=7 q1.out=72 l0,0=f6 q0.in=40 a0=4 b0=0 a1=4 b1=4 a2=6 b2=1 a3=7 b3=e a4=0 b4=c q0.out=c0

y0 = 40	y1 = fd	y2 = 3a	y3 = 59	y0 = 85	y1 = d6	y2 = e5	y3 = c0
MDS input = Y = y0y1y2y3 = 40fd3a59				MDS input = Y = y0y1y2y3 = 85d6e5c0

MDS output = Z = z0z1z2z3 = 87c65f05

MDS output = Z = z0z1z2z3 = cf422a6e

z0 = 87

z1 = c6

z2 = 5f

z3 = 05

z0 = cf

z1 = 42

z2 = 2a

z3 = 6e

A4 = h(2pi, Me) = 87c65f05

B4 = ROL[h({2i+1}p, Mo),  8] = ROL[cf422a6e,8] = ROL[6e2a42cf(big endian),  8] = 2a42cf6e(big endian) = 6ecf422a.

K8 = (A4 + B4) mod 232 = (87c65f05 + 6ecf422a) mod 232 = (055fc687(big endian) + 2a42cf6e(big endian)) mod 232 = 2fa295f5(big endian) = f595a22f.

K9 = ROL([A4 + 2B4] mod 232,  9) = ROL([87c65f05 + 2(6ecf422a) mod32,  9) = ROL([055fc687(big endian) + 2(2a42cf6e(big endian))] mod32,  9) = ROL([055fc687(big endian) + 54859edc(big endian)] mod32,  9) = ROL(59e56563(big endian),  9) = cacac6b3(big endian) = b3c6caca.

Key Schedule: K10 and K11

i = 5	i = 5
h input = X = x0x1x2x3 = 2ip = 0a0a0a0a	h input = X = x0x1x2x3 = (2i+1)p = 0b0b0b0b

x0 = 0a

x1 = 0a

x2 = 0a

x3 = 0a

x0 = 0b

x1 = 0b

x2 = 0b

x3 = 0b

y2,0 = 0a

y2,1 = 0a

y2,2 = 0a

y2,3 = 0a

y2,0 = 0b

y2,1 = 0b

y2,2 = 0b

y2,3 = 0b

q0.in=0a a0=0 b0=a a1=a b1=5 a2=5 b2=2 a3=7 b3=c a4=0 b4=8 q0.out=80 l1,3=2f q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b l0,3=5c q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db

q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6 l1,2=ec q0.in=59 a0=5 b0=9 a1=c b1=1 a2=e b2=c a3=2 b3=8 a4=5 b4=9 q0.out=95 l0,2=9f q0.in=cd a0=c b0=d a1=1 b1=2 a2=1 b2=b a3=a b3=4 a4=f b4=1 q0.out=1f

q0.in=0a a0=0 b0=a a1=a b1=5 a2=5 b2=2 a3=7 b3=c a4=0 b4=8 q0.out=80 l1,1=bf q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,1=58 q1.in=df a0=d b0=f a1=2 b1=a a2=b b2=a a3=1 b3=6 a4=c b4=d q1.out=dc

q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6 l1,0=b6 q1.in=c9 a0=c b0=9 a1=5 b1=0 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q1.out=e9 l0,0=9f q0.in=b5 a0=b b0=5 a1=e b1=9 a2=a b2=4 a3=e b3=8 a4=7 b4=9 q0.out=97

q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78 l1,3=5a q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd l0,3=32 q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10

q1.in=0b a0=0 b0=b a1=b b1=d a2=4 b2=9 a3=d b3=8 a4=b b4=6 q1.out=6b l1,2=c3 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed l0,2=2c q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0

q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78 l1,1=e8 q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l0,1=12 q1.in=7b a0=7 b0=b a1=c b1=2 a2=0 b2=2 a3=2 b3=1 a4=7 b4=9 q1.out=97

q1.in=0b a0=0 b0=b a1=b b1=d a2=4 b2=9 a3=d b3=8 a4=b b4=6 q1.out=6b l1,0=2a q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,0=f6 q0.in=b6 a0=b b0=6 a1=d b1=0 a2=c b2=e a3=2 b3=b a4=5 b4=0 q0.out=05

y0 = db	y1 = 1f	y2 = dc	y3 = 97	y0 = 10	y1 = e0	y2 = 97	y3 = 05
MDS input = Y = y0y1y2y3 = db1fdc97				MDS input = Y = y0y1y2y3 = 10e09705

MDS output = Z = z0z1z2z3 = 215c531c

MDS output = Z = z0z1z2z3 = ba1abb01

z0 = 21

z1 = 5c

z2 = 53

z3 = 1c

z0 = ba

z1 = 1a

z2 = bb

z3 = 01

A5 = h(2pi, Me) = 215c531c

B5 = ROL[h({2i+1}p, Mo),  8] = ROL[ba1abb01,8] = ROL[01bb1aba(big endian),  8] = bb1aba01(big endian) = 01ba1abb.

K10 = (A5 + B5) mod 232 = (215c531c + 01ba1abb) mod 232 = (1c535c21(big endian) + bb1aba01(big endian)) mod 232 = d76e1622(big endian) = 22166ed7.

K11 = ROL([A5 + 2B5] mod 232,  9) = ROL([215c531c + 2(01ba1abb) mod32,  9) = ROL([1c535c21(big endian) + 2(bb1aba01(big endian))] mod32,  9) = ROL([1c535c21(big endian) + 76357402(big endian)] mod32,  9) = ROL(9288d023(big endian),  9) = 11a04725(big endian) = 2547a011.

Key Schedule: K12 and K13

i = 6	i = 6
h input = X = x0x1x2x3 = 2ip = 0c0c0c0c	h input = X = x0x1x2x3 = (2i+1)p = 0d0d0d0d

x0 = 0c

x1 = 0c

x2 = 0c

x3 = 0c

x0 = 0d

x1 = 0d

x2 = 0d

x3 = 0d

y2,0 = 0c

y2,1 = 0c

y2,2 = 0c

y2,3 = 0c

y2,0 = 0d

y2,1 = 0d

y2,2 = 0d

y2,3 = 0d

q0.in=0c a0=0 b0=c a1=c b1=6 a2=e b2=3 a3=d b3=7 a4=4 b4=e q0.out=e4 l1,3=2f q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd l0,3=5c q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae

q1.in=0c a0=0 b0=c a1=c b1=6 a2=0 b2=3 a3=3 b3=9 a4=5 b4=4 q1.out=45 l1,2=ec q0.in=fa a0=f b0=a a1=5 b1=2 a2=f b2=b a3=4 b3=a a4=6 b4=3 q0.out=36 l0,2=9f q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62

q0.in=0c a0=0 b0=c a1=c b1=6 a2=e b2=3 a3=d b3=7 a4=4 b4=e q0.out=e4 l1,1=bf q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l0,1=58 q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8

q1.in=0c a0=0 b0=c a1=c b1=6 a2=0 b2=3 a3=3 b3=9 a4=5 b4=4 q1.out=45 l1,0=b6 q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08 l0,0=9f q0.in=54 a0=5 b0=4 a1=1 b1=f a2=1 b2=d a3=c b3=7 a4=2 b4=e q0.out=e2

q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd l1,3=5a q0.in=f7 a0=f b0=7 a1=8 b1=c a2=0 b2=7 a3=7 b3=b a4=0 b4=0 q0.out=00 l0,3=32 q1.in=f6 a0=f b0=6 a1=9 b1=4 a2=1 b2=4 a3=5 b3=b a4=6 b4=f q1.out=f6

q1.in=0d a0=0 b0=d a1=d b1=e a2=a b2=0 a3=a b3=a a4=d b4=7 q1.out=7d l1,2=c3 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=2c q0.in=4e a0=4 b0=e a1=a b1=3 a2=5 b2=8 a3=d b3=9 a4=4 b4=b q0.out=b4

q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd l1,1=e8 q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l0,1=12 q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1

q1.in=0d a0=0 b0=d a1=d b1=e a2=a b2=0 a3=a b3=a a4=d b4=7 q1.out=7d l1,0=2a q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,0=f6 q0.in=af a0=a b0=f a1=5 b1=5 a2=f b2=2 a3=d b3=6 a4=4 b4=6 q0.out=64

y0 = ae	y1 = 62	y2 = a8	y3 = e2	y0 = f6	y1 = b4	y2 = b1	y3 = 64
MDS input = Y = y0y1y2y3 = ae62a8e2				MDS input = Y = y0y1y2y3 = f6b4b164

MDS output = Z = z0z1z2z3 = bdfa1fbc

MDS output = Z = z0z1z2z3 = 8ff363e6

z0 = bd

z1 = fa

z2 = 1f

z3 = bc

z0 = 8f

z1 = f3

z2 = 63

z3 = e6

A6 = h(2pi, Me) = bdfa1fbc

B6 = ROL[h({2i+1}p, Mo),  8] = ROL[8ff363e6,8] = ROL[e663f38f(big endian),  8] = 63f38fe6(big endian) = e68ff363.

K12 = (A6 + B6) mod 232 = (bdfa1fbc + e68ff363) mod 232 = (bc1ffabd(big endian) + 63f38fe6(big endian)) mod 232 = 20138aa3(big endian) = a38a1320.

K13 = ROL([A6 + 2B6] mod 232,  9) = ROL([bdfa1fbc + 2(e68ff363) mod32,  9) = ROL([bc1ffabd(big endian) + 2(63f38fe6(big endian))] mod32,  9) = ROL([bc1ffabd(big endian) + c7e71fcc(big endian)] mod32,  9) = ROL(84071a89(big endian),  9) = 0e351308(big endian) = 0813350e.

Key Schedule: K14 and K15

i = 7	i = 7
h input = X = x0x1x2x3 = 2ip = 0e0e0e0e	h input = X = x0x1x2x3 = (2i+1)p = 0f0f0f0f

x0 = 0e

x1 = 0e

x2 = 0e

x3 = 0e

x0 = 0f

x1 = 0f

x2 = 0f

x3 = 0f

y2,0 = 0e

y2,1 = 0e

y2,2 = 0e

y2,3 = 0e

y2,0 = 0f

y2,1 = 0f

y2,2 = 0f

y2,3 = 0f

q0.in=0e a0=0 b0=e a1=e b1=7 a2=a b2=5 a3=f b3=0 a4=1 b4=d q0.out=d1 l1,3=2f q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l0,3=5c q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00

q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8 l1,2=ec q0.in=57 a0=5 b0=7 a1=2 b1=6 a2=7 b2=3 a3=4 b3=6 a4=6 b4=6 q0.out=66 l0,2=9f q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

q0.in=0e a0=0 b0=e a1=e b1=7 a2=a b2=5 a3=f b3=0 a4=1 b4=d q0.out=d1 l1,1=bf q1.in=3d a0=3 b0=d a1=e b1=5 a2=c b2=c a3=0 b3=a a4=4 b4=7 q1.out=74 l0,1=58 q1.in=eb a0=e b0=b a1=5 b1=3 a2=7 b2=b a3=c b3=2 a4=2 b4=5 q1.out=52

q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8 l1,0=b6 q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5 l0,0=9f q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d

q0.in=0f a0=0 b0=f a1=f b1=f a2=4 b2=d a3=9 b3=a a4=8 b4=3 q0.out=38 l1,3=5a q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l0,3=32 q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe

q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l1,2=c3 q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee l0,2=2c q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a

q0.in=0f a0=0 b0=f a1=f b1=f a2=4 b2=d a3=9 b3=a a4=8 b4=3 q0.out=38 l1,1=e8 q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56 l0,1=12 q1.in=7a a0=7 b0=a a1=d b1=a a2=a b2=a a3=0 b3=f a4=4 b4=a q1.out=a4

q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l1,0=2a q1.in=11 a0=1 b0=1 a1=0 b1=1 a2=2 b2=e a3=c b3=5 a4=2 b4=3 q1.out=32 l0,0=f6 q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9

y0 = 00	y1 = e3	y2 = 52	y3 = 9d	y0 = fe	y1 = 4a	y2 = a4	y3 = a9
MDS input = Y = y0y1y2y3 = 00e3529d				MDS input = Y = y0y1y2y3 = fe4aa4a9

MDS output = Z = z0z1z2z3 = e2b67dd8

MDS output = Z = z0z1z2z3 = 63ca7b46

z0 = e2

z1 = b6

z2 = 7d

z3 = d8

z0 = 63

z1 = ca

z2 = 7b

z3 = 46

A7 = h(2pi, Me) = e2b67dd8

B7 = ROL[h({2i+1}p, Mo),  8] = ROL[63ca7b46,8] = ROL[467bca63(big endian),  8] = 7bca6346(big endian) = 4663ca7b.

K14 = (A7 + B7) mod 232 = (e2b67dd8 + 4663ca7b) mod 232 = (d87db6e2(big endian) + 7bca6346(big endian)) mod 232 = 54481a28(big endian) = 281a4854.

K15 = ROL([A7 + 2B7] mod 232,  9) = ROL([e2b67dd8 + 2(4663ca7b) mod32,  9) = ROL([d87db6e2(big endian) + 2(7bca6346(big endian))] mod32,  9) = ROL([d87db6e2(big endian) + f794c68c(big endian)] mod32,  9) = ROL(d0127d6e(big endian),  9) = 24fadda0(big endian) = a0ddfa24.

Key Schedule: K16 and K17

i = 8	i = 8
h input = X = x0x1x2x3 = 2ip = 10101010	h input = X = x0x1x2x3 = (2i+1)p = 11111111

x0 = 10

x1 = 10

x2 = 10

x3 = 10

x0 = 11

x1 = 11

x2 = 11

x3 = 11

y2,0 = 10

y2,1 = 10

y2,2 = 10

y2,3 = 10

y2,0 = 11

y2,1 = 11

y2,2 = 11

y2,3 = 11

q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d l1,3=2f q0.in=bb a0=b b0=b a1=0 b1=e a2=8 b2=9 a3=1 b3=4 a4=a b4=1 q0.out=1a l0,3=5c q1.in=85 a0=8 b0=5 a1=d b1=2 a2=a b2=2 a3=8 b3=b a4=0 b4=f q1.out=f0

q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l1,2=ec q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l0,2=9f q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82

q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d l1,1=bf q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,1=58 q1.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=0 a3=d b3=5 a4=b b4=3 q1.out=3b

q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l1,0=b6 q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,0=9f q0.in=79 a0=7 b0=9 a1=e b1=3 a2=a b2=8 a3=2 b3=e a4=5 b4=c q0.out=c5

q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6 l1,3=5a q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc l0,3=32 q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1

q1.in=11 a0=1 b0=1 a1=0 b1=1 a2=2 b2=e a3=c b3=5 a4=2 b4=3 q1.out=32 l1,2=c3 q0.in=da a0=d b0=a a1=7 b1=0 a2=2 b2=e a3=c b3=5 a4=2 b4=2 q0.out=22 l0,2=2c q0.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=6 a3=b b3=6 a4=3 b4=6 q0.out=63

q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6 l1,1=e8 q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l0,1=12 q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70

q1.in=11 a0=1 b0=1 a1=0 b1=1 a2=2 b2=e a3=c b3=5 a4=2 b4=3 q1.out=32 l1,0=2a q1.in=68 a0=6 b0=8 a1=e b1=2 a2=c b2=2 a3=e b3=d a4=3 b4=0 q1.out=03 l0,0=f6 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01

y0 = f0	y1 = 82	y2 = 3b	y3 = c5	y0 = b1	y1 = 63	y2 = 70	y3 = 01
MDS input = Y = y0y1y2y3 = f0823bc5				MDS input = Y = y0y1y2y3 = b1637001

MDS output = Z = z0z1z2z3 = d22ce1ea

MDS output = Z = z0z1z2z3 = 96822147

z0 = d2

z1 = 2c

z2 = e1

z3 = ea

z0 = 96

z1 = 82

z2 = 21

z3 = 47

A8 = h(2pi, Me) = d22ce1ea

B8 = ROL[h({2i+1}p, Mo),  8] = ROL[96822147,8] = ROL[47218296(big endian),  8] = 21829647(big endian) = 47968221.

K16 = (A8 + B8) mod 232 = (d22ce1ea + 47968221) mod 232 = (eae12cd2(big endian) + 21829647(big endian)) mod 232 = 0c63c319(big endian) = 19c3630c.

K17 = ROL([A8 + 2B8] mod 232,  9) = ROL([d22ce1ea + 2(47968221) mod32,  9) = ROL([eae12cd2(big endian) + 2(21829647(big endian))] mod32,  9) = ROL([eae12cd2(big endian) + 43052c8e(big endian)] mod32,  9) = ROL(2de65960(big endian),  9) = ccb2c05b(big endian) = 5bc0b2cc.

Key Schedule: K18 and K19

i = 9	i = 9
h input = X = x0x1x2x3 = 2ip = 12121212	h input = X = x0x1x2x3 = (2i+1)p = 13131313

x0 = 12

x1 = 12

x2 = 12

x3 = 12

x0 = 13

x1 = 13

x2 = 13

x3 = 13

y2,0 = 12

y2,1 = 12

y2,2 = 12

y2,3 = 12

y2,0 = 13

y2,1 = 13

y2,2 = 13

y2,3 = 13

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,3=2f q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed l0,3=5c q1.in=72 a0=7 b0=2 a1=5 b1=e a2=7 b2=0 a3=7 b3=f a4=a b4=a q1.out=aa

q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8 l1,2=ec q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l0,2=9f q0.in=e2 a0=e b0=2 a1=c b1=f a2=e b2=d a3=3 b3=0 a4=e b4=d q0.out=de

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,1=bf q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,1=58 q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e

q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8 l1,0=b6 q1.in=f7 a0=f b0=7 a1=8 b1=c a2=3 b2=f a3=c b3=4 a4=2 b4=c q1.out=c2 l0,0=9f q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a

q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l1,3=5a q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,3=32 q1.in=3d a0=3 b0=d a1=e b1=5 a2=c b2=c a3=0 b3=a a4=4 b4=7 q1.out=74

q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l1,2=c3 q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7 l0,2=2c q0.in=e5 a0=e b0=5 a1=b b1=4 a2=9 b2=1 a3=8 b3=9 a4=c b4=b q0.out=bc

q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l1,1=e8 q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l0,1=12 q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab

q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l1,0=2a q1.in=a7 a0=a b0=7 a1=d b1=1 a2=a b2=e a3=4 b3=d a4=1 b4=0 q1.out=01 l0,0=f6 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e

y0 = aa	y1 = de	y2 = 6e	y3 = 0a	y0 = 74	y1 = bc	y2 = ab	y3 = 2e
MDS input = Y = y0y1y2y3 = aade6e0a				MDS input = Y = y0y1y2y3 = 74bcab2e

MDS output = Z = z0z1z2z3 = e5faebf5

MDS output = Z = z0z1z2z3 = 4704edf0

z0 = e5

z1 = fa

z2 = eb

z3 = f5

z0 = 47

z1 = 04

z2 = ed

z3 = f0

A9 = h(2pi, Me) = e5faebf5

B9 = ROL[h({2i+1}p, Mo),  8] = ROL[4704edf0,8] = ROL[f0ed0447(big endian),  8] = ed0447f0(big endian) = f04704ed.

K18 = (A9 + B9) mod 232 = (e5faebf5 + f04704ed) mod 232 = (f5ebfae5(big endian) + ed0447f0(big endian)) mod 232 = e2f042d5(big endian) = d542f0e2.

K19 = ROL([A9 + 2B9] mod 232,  9) = ROL([e5faebf5 + 2(f04704ed) mod32,  9) = ROL([f5ebfae5(big endian) + 2(ed0447f0(big endian))] mod32,  9) = ROL([f5ebfae5(big endian) + da088fe0(big endian)] mod32,  9) = ROL(cff48ac5(big endian),  9) = e9158b9f(big endian) = 9f8b15e9.

Key Schedule: K20 and K21

i = a	i = a
h input = X = x0x1x2x3 = 2ip = 14141414	h input = X = x0x1x2x3 = (2i+1)p = 15151515

x0 = 14

x1 = 14

x2 = 14

x3 = 14

x0 = 15

x1 = 15

x2 = 15

x3 = 15

y2,0 = 14

y2,1 = 14

y2,2 = 14

y2,3 = 14

y2,0 = 15

y2,1 = 15

y2,2 = 15

y2,3 = 15

q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18 l1,3=2f q0.in=ae a0=a b0=e a1=4 b1=d a2=6 b2=0 a3=6 b3=6 a4=9 b4=6 q0.out=69 l0,3=5c q1.in=f6 a0=f b0=6 a1=9 b1=4 a2=1 b2=4 a3=5 b3=b a4=6 b4=f q1.out=f6

q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37 l1,2=ec q0.in=88 a0=8 b0=8 a1=0 b1=c a2=8 b2=7 a3=f b3=3 a4=1 b4=4 q0.out=41 l0,2=9f q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75

q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18 l1,1=bf q1.in=f4 a0=f b0=4 a1=b b1=5 a2=4 b2=c a3=8 b3=2 a4=0 b4=5 q1.out=50 l0,1=58 q1.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=b a3=6 b3=8 a4=9 b4=6 q1.out=69

q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37 l1,0=b6 q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l0,0=9f q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33

q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7 l1,3=5a q0.in=dd a0=d b0=d a1=0 b1=b a2=8 b2=6 a3=e b3=b a4=7 b4=0 q0.out=07 l0,3=32 q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61

q1.in=15 a0=1 b0=5 a1=4 b1=3 a2=f b2=b a3=4 b3=a a4=1 b4=7 q1.out=71 l1,2=c3 q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l0,2=2c q0.in=8e a0=8 b0=e a1=6 b1=f a2=3 b2=d a3=e b3=5 a4=7 b4=2 q0.out=27

q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7 l1,1=e8 q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5 l0,1=12 q1.in=99 a0=9 b0=9 a1=0 b1=d a2=2 b2=9 a3=b b3=e a4=8 b4=8 q1.out=88

q1.in=15 a0=1 b0=5 a1=4 b1=3 a2=f b2=b a3=4 b3=a a4=1 b4=7 q1.out=71 l1,0=2a q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e l0,0=f6 q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16

y0 = f6	y1 = 75	y2 = 69	y3 = 33	y0 = 61	y1 = 27	y2 = 88	y3 = 16
MDS input = Y = y0y1y2y3 = f6756933				MDS input = Y = y0y1y2y3 = 61278816

MDS output = Z = z0z1z2z3 = b2592309

MDS output = Z = z0z1z2z3 = 0bbc43c9

z0 = b2

z1 = 59

z2 = 23

z3 = 09

z0 = 0b

z1 = bc

z2 = 43

z3 = c9

A10 = h(2pi, Me) = b2592309

B10 = ROL[h({2i+1}p, Mo),  8] = ROL[0bbc43c9,8] = ROL[c943bc0b(big endian),  8] = 43bc0bc9(big endian) = c90bbc43.

K20 = (A10 + B10) mod 232 = (b2592309 + c90bbc43) mod 232 = (092359b2(big endian) + 43bc0bc9(big endian)) mod 232 = 4cdf657b(big endian) = 7b65df4c.

K21 = ROL([A10 + 2B10] mod 232,  9) = ROL([b2592309 + 2(c90bbc43) mod32,  9) = ROL([092359b2(big endian) + 2(43bc0bc9(big endian))] mod32,  9) = ROL([092359b2(big endian) + 87781792(big endian)] mod32,  9) = ROL(909b7144(big endian),  9) = 36e28921(big endian) = 2189e236.

Key Schedule: K22 and K23

i = b	i = b
h input = X = x0x1x2x3 = 2ip = 16161616	h input = X = x0x1x2x3 = (2i+1)p = 17171717

x0 = 16

x1 = 16

x2 = 16

x3 = 16

x0 = 17

x1 = 17

x2 = 17

x3 = 17

y2,0 = 16

y2,1 = 16

y2,2 = 16

y2,3 = 16

y2,0 = 17

y2,1 = 17

y2,2 = 17

y2,3 = 17

q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec l1,3=2f q0.in=5a a0=5 b0=a a1=f b1=8 a2=4 b2=f a3=b b3=b a4=3 b4=0 q0.out=03 l0,3=5c q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=ec q0.in=4e a0=4 b0=e a1=a b1=3 a2=5 b2=8 a3=d b3=9 a4=4 b4=b q0.out=b4 l0,2=9f q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc

q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec l1,1=bf q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l0,1=58 q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,0=b6 q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,0=9f q0.in=93 a0=9 b0=3 a1=a b1=8 a2=5 b2=f a3=a b3=2 a4=f b4=f q0.out=ff

q0.in=17 a0=1 b0=7 a1=6 b1=2 a2=3 b2=b a3=8 b3=6 a4=c b4=6 q0.out=6c l1,3=5a q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l0,3=32 q1.in=d3 a0=d b0=3 a1=e b1=c a2=c b2=f a3=3 b3=3 a4=5 b4=1 q1.out=15

q1.in=17 a0=1 b0=7 a1=6 b1=2 a2=6 b2=2 a3=4 b3=7 a4=1 b4=e q1.out=e1 l1,2=c3 q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l0,2=2c q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=17 a0=1 b0=7 a1=6 b1=2 a2=3 b2=b a3=8 b3=6 a4=c b4=6 q0.out=6c l1,1=e8 q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48 l0,1=12 q1.in=64 a0=6 b0=4 a1=2 b1=4 a2=b b2=4 a3=f b3=1 a4=f b4=9 q1.out=9f

q1.in=17 a0=1 b0=7 a1=6 b1=2 a2=6 b2=2 a3=4 b3=7 a4=1 b4=e q1.out=e1 l1,0=2a q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l0,0=f6 q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf

y0 = c4	y1 = dc	y2 = 0d	y3 = ff	y0 = 15	y1 = a1	y2 = 9f	y3 = cf
MDS input = Y = y0y1y2y3 = c4dc0dff				MDS input = Y = y0y1y2y3 = 15a19fcf

MDS output = Z = z0z1z2z3 = 3b699483

MDS output = Z = z0z1z2z3 = 661f79ea

z0 = 3b

z1 = 69

z2 = 94

z3 = 83

z0 = 66

z1 = 1f

z2 = 79

z3 = ea

A11 = h(2pi, Me) = 3b699483

B11 = ROL[h({2i+1}p, Mo),  8] = ROL[661f79ea,8] = ROL[ea791f66(big endian),  8] = 791f66ea(big endian) = ea661f79.

K22 = (A11 + B11) mod 232 = (3b699483 + ea661f79) mod 232 = (8394693b(big endian) + 791f66ea(big endian)) mod 232 = fcb3d025(big endian) = 25d0b3fc.

K23 = ROL([A11 + 2B11] mod 232,  9) = ROL([3b699483 + 2(ea661f79) mod32,  9) = ROL([8394693b(big endian) + 2(791f66ea(big endian))] mod32,  9) = ROL([8394693b(big endian) + f23ecdd4(big endian)] mod32,  9) = ROL(75d3370f(big endian),  9) = a66e1eeb(big endian) = eb1e6ea6.

Key Schedule: K24 and K25

i = c	i = c
h input = X = x0x1x2x3 = 2ip = 18181818	h input = X = x0x1x2x3 = (2i+1)p = 19191919

x0 = 18

x1 = 18

x2 = 18

x3 = 18

x0 = 19

x1 = 19

x2 = 19

x3 = 19

y2,0 = 18

y2,1 = 18

y2,2 = 18

y2,3 = 18

y2,0 = 19

y2,1 = 19

y2,2 = 19

y2,3 = 19

q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l1,3=2f q0.in=f5 a0=f b0=5 a1=a b1=d a2=5 b2=0 a3=5 b3=d a4=d b4=5 q0.out=5d l0,3=5c q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6

q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l1,2=ec q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90 l0,2=9f q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8

q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l1,1=bf q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48 l0,1=58 q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e

q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l1,0=b6 q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l0,0=9f q0.in=63 a0=6 b0=3 a1=5 b1=f a2=f b2=d a3=2 b3=9 a4=5 b4=b q0.out=b5

q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75 l1,3=5a q0.in=5f a0=5 b0=f a1=a b1=2 a2=5 b2=b a3=e b3=0 a4=7 b4=d q0.out=d7 l0,3=32 q1.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=a b4=b q1.out=ba

q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f l1,2=c3 q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8 l0,2=2c q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b

q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75 l1,1=e8 q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l0,1=12 q1.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=9 a3=4 b3=9 a4=1 b4=4 q1.out=41

q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f l1,0=2a q1.in=55 a0=5 b0=5 a1=0 b1=7 a2=2 b2=7 a3=5 b3=9 a4=6 b4=4 q1.out=46 l0,0=f6 q0.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=0 a3=d b3=5 a4=4 b4=2 q0.out=24

y0 = b6	y1 = b8	y2 = 9e	y3 = b5	y0 = ba	y1 = 2b	y2 = 41	y3 = 24
MDS input = Y = y0y1y2y3 = b6b89eb5				MDS input = Y = y0y1y2y3 = ba2b4124

MDS output = Z = z0z1z2z3 = b312504c

MDS output = Z = z0z1z2z3 = f2f5cce4

z0 = b3

z1 = 12

z2 = 50

z3 = 4c

z0 = f2

z1 = f5

z2 = cc

z3 = e4

A12 = h(2pi, Me) = b312504c

B12 = ROL[h({2i+1}p, Mo),  8] = ROL[f2f5cce4,8] = ROL[e4ccf5f2(big endian),  8] = ccf5f2e4(big endian) = e4f2f5cc.

K24 = (A12 + B12) mod 232 = (b312504c + e4f2f5cc) mod 232 = (4c5012b3(big endian) + ccf5f2e4(big endian)) mod 232 = 19460597(big endian) = 97054619.

K25 = ROL([A12 + 2B12] mod 232,  9) = ROL([b312504c + 2(e4f2f5cc) mod32,  9) = ROL([4c5012b3(big endian) + 2(ccf5f2e4(big endian))] mod32,  9) = ROL([4c5012b3(big endian) + 99ebe5c8(big endian)] mod32,  9) = ROL(e63bf87b(big endian),  9) = 77f0f7cc(big endian) = ccf7f077.

Key Schedule: K26 and K27

i = d	i = d
h input = X = x0x1x2x3 = 2ip = 1a1a1a1a	h input = X = x0x1x2x3 = (2i+1)p = 1b1b1b1b

x0 = 1a

x1 = 1a

x2 = 1a

x3 = 1a

x0 = 1b

x1 = 1b

x2 = 1b

x3 = 1b

y2,0 = 1a

y2,1 = 1a

y2,2 = 1a

y2,3 = 1a

y2,0 = 1b

y2,1 = 1b

y2,2 = 1b

y2,3 = 1b

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,3=2f q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d l0,3=5c q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1

q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l1,2=ec q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=9f q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,1=bf q1.in=db a0=d b0=b a1=6 b1=8 a2=6 b2=6 a3=0 b3=5 a4=4 b4=3 q1.out=34 l0,1=58 q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l1,0=b6 q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e l0,0=9f q0.in=c2 a0=c b0=2 a1=e b1=d a2=a b2=0 a3=a b3=a a4=f b4=3 q0.out=3f

q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l1,3=5a q0.in=0c a0=0 b0=c a1=c b1=6 a2=e b2=3 a3=d b3=7 a4=4 b4=e q0.out=e4 l0,3=32 q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8

q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l1,2=c3 q0.in=f3 a0=f b0=3 a1=c b1=e a2=e b2=9 a3=7 b3=2 a4=0 b4=f q0.out=f0 l0,2=2c q0.in=e2 a0=e b0=2 a1=c b1=f a2=e b2=d a3=3 b3=0 a4=e b4=d q0.out=de

q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l1,1=e8 q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l0,1=12 q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16

q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l1,0=2a q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0 l0,0=f6 q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa

y0 = a1	y1 = 45	y2 = 1f	y3 = 3f	y0 = d8	y1 = de	y2 = 16	y3 = aa
MDS input = Y = y0y1y2y3 = a1451f3f				MDS input = Y = y0y1y2y3 = d8de16aa

MDS output = Z = z0z1z2z3 = 113953e1

MDS output = Z = z0z1z2z3 = 79daa8c4

z0 = 11

z1 = 39

z2 = 53

z3 = e1

z0 = 79

z1 = da

z2 = a8

z3 = c4

A13 = h(2pi, Me) = 113953e1

B13 = ROL[h({2i+1}p, Mo),  8] = ROL[79daa8c4,8] = ROL[c4a8da79(big endian),  8] = a8da79c4(big endian) = c479daa8.

K26 = (A13 + B13) mod 232 = (113953e1 + c479daa8) mod 232 = (e1533911(big endian) + a8da79c4(big endian)) mod 232 = 8a2db2d5(big endian) = d5b22d8a.

K27 = ROL([A13 + 2B13] mod 232,  9) = ROL([113953e1 + 2(c479daa8) mod32,  9) = ROL([e1533911(big endian) + 2(a8da79c4(big endian))] mod32,  9) = ROL([e1533911(big endian) + 51b4f388(big endian)] mod32,  9) = ROL(33082c99(big endian),  9) = 10593266(big endian) = 66325910.

Key Schedule: K28 and K29

i = e	i = e
h input = X = x0x1x2x3 = 2ip = 1c1c1c1c	h input = X = x0x1x2x3 = (2i+1)p = 1d1d1d1d

x0 = 1c

x1 = 1c

x2 = 1c

x3 = 1c

x0 = 1d

x1 = 1d

x2 = 1d

x3 = 1d

y2,0 = 1c

y2,1 = 1c

y2,2 = 1c

y2,3 = 1c

y2,0 = 1d

y2,1 = 1d

y2,2 = 1d

y2,3 = 1d

q0.in=1c a0=1 b0=c a1=d b1=f a2=c b2=d a3=1 b3=2 a4=a b4=f q0.out=fa l1,3=2f q0.in=4c a0=4 b0=c a1=8 b1=2 a2=0 b2=b a3=b b3=d a4=3 b4=5 q0.out=53 l0,3=5c q1.in=cc a0=c b0=c a1=0 b1=a a2=2 b2=a a3=8 b3=7 a4=0 b4=e q1.out=e0

q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87 l1,2=ec q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,2=9f q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1

q0.in=1c a0=1 b0=c a1=d b1=f a2=c b2=d a3=1 b3=2 a4=a b4=f q0.out=fa l1,1=bf q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l0,1=58 q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b

q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87 l1,0=b6 q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l0,0=9f q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,3=5a q0.in=39 a0=3 b0=9 a1=a b1=7 a2=5 b2=5 a3=0 b3=7 a4=b b4=e q0.out=eb l0,3=32 q1.in=1d a0=1 b0=d a1=c b1=7 a2=0 b2=7 a3=7 b3=b a4=a b4=f q1.out=fa

q1.in=1d a0=1 b0=d a1=c b1=7 a2=0 b2=7 a3=7 b3=b a4=a b4=f q1.out=fa l1,2=c3 q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l0,2=2c q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,1=e8 q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,1=12 q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b

q1.in=1d a0=1 b0=d a1=c b1=7 a2=0 b2=7 a3=7 b3=b a4=a b4=f q1.out=fa l1,0=2a q1.in=a0 a0=a b0=0 a1=a b1=a a2=9 b2=a a3=3 b3=4 a4=5 b4=c q1.out=c5 l0,0=f6 q0.in=f7 a0=f b0=7 a1=8 b1=c a2=0 b2=7 a3=7 b3=b a4=0 b4=0 q0.out=00

y0 = e0	y1 = c1	y2 = 2b	y3 = 73	y0 = fa	y1 = 23	y2 = 7b	y3 = 00
MDS input = Y = y0y1y2y3 = e0c12b73				MDS input = Y = y0y1y2y3 = fa237b00

MDS output = Z = z0z1z2z3 = d1ba2486

MDS output = Z = z0z1z2z3 = 1112b32c

z0 = d1

z1 = ba

z2 = 24

z3 = 86

z0 = 11

z1 = 12

z2 = b3

z3 = 2c

A14 = h(2pi, Me) = d1ba2486

B14 = ROL[h({2i+1}p, Mo),  8] = ROL[1112b32c,8] = ROL[2cb31211(big endian),  8] = b312112c(big endian) = 2c1112b3.

K28 = (A14 + B14) mod 232 = (d1ba2486 + 2c1112b3) mod 232 = (8624bad1(big endian) + b312112c(big endian)) mod 232 = 3936cbfd(big endian) = fdcb3639.

K29 = ROL([A14 + 2B14] mod 232,  9) = ROL([d1ba2486 + 2(2c1112b3) mod32,  9) = ROL([8624bad1(big endian) + 2(b312112c(big endian))] mod32,  9) = ROL([8624bad1(big endian) + 66242258(big endian)] mod32,  9) = ROL(ec48dd29(big endian),  9) = 91ba53d8(big endian) = d853ba91.

Key Schedule: K30 and K31

i = f	i = f
h input = X = x0x1x2x3 = 2ip = 1e1e1e1e	h input = X = x0x1x2x3 = (2i+1)p = 1f1f1f1f

x0 = 1e

x1 = 1e

x2 = 1e

x3 = 1e

x0 = 1f

x1 = 1f

x2 = 1f

x3 = 1f

y2,0 = 1e

y2,1 = 1e

y2,2 = 1e

y2,3 = 1e

y2,0 = 1f

y2,1 = 1f

y2,2 = 1f

y2,3 = 1f

q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l1,3=2f q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l0,3=5c q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37

q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l1,2=ec q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l0,2=9f q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23

q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l1,1=bf q1.in=78 a0=7 b0=8 a1=f b1=b a2=5 b2=5 a3=0 b3=7 a4=4 b4=e q1.out=e4 l0,1=58 q1.in=7b a0=7 b0=b a1=c b1=2 a2=0 b2=2 a3=2 b3=1 a4=7 b4=9 q1.out=97

q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l1,0=b6 q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1 l0,0=9f q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93

q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48 l1,3=5a q0.in=62 a0=6 b0=2 a1=4 b1=7 a2=6 b2=5 a3=3 b3=c a4=e b4=8 q0.out=8e l0,3=32 q1.in=78 a0=7 b0=8 a1=f b1=b a2=5 b2=5 a3=0 b3=7 a4=4 b4=e q1.out=e4

q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l1,2=c3 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72 l0,2=2c q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb

q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48 l1,1=e8 q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l0,1=12 q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0

q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l1,0=2a q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77 l0,0=f6 q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c

y0 = 37	y1 = 23	y2 = 97	y3 = 93	y0 = e4	y1 = fb	y2 = a0	y3 = 2c
MDS input = Y = y0y1y2y3 = 37239793				MDS input = Y = y0y1y2y3 = e4fba02c

MDS output = Z = z0z1z2z3 = 52848da2

MDS output = Z = z0z1z2z3 = a9cb15ab

z0 = 52

z1 = 84

z2 = 8d

z3 = a2

z0 = a9

z1 = cb

z2 = 15

z3 = ab

A15 = h(2pi, Me) = 52848da2

B15 = ROL[h({2i+1}p, Mo),  8] = ROL[a9cb15ab,8] = ROL[ab15cba9(big endian),  8] = 15cba9ab(big endian) = aba9cb15.

K30 = (A15 + B15) mod 232 = (52848da2 + aba9cb15) mod 232 = (a28d8452(big endian) + 15cba9ab(big endian)) mod 232 = b8592dfd(big endian) = fd2d59b8.

K31 = ROL([A15 + 2B15] mod 232,  9) = ROL([52848da2 + 2(aba9cb15) mod32,  9) = ROL([a28d8452(big endian) + 2(15cba9ab(big endian))] mod32,  9) = ROL([a28d8452(big endian) + 2b975356(big endian)] mod32,  9) = ROL(ce24d7a8(big endian),  9) = 49af519c(big endian) = 9c51af49.

Key Schedule: K32 and K33

i = 10	i = 10
h input = X = x0x1x2x3 = 2ip = 20202020	h input = X = x0x1x2x3 = (2i+1)p = 21212121

x0 = 20

x1 = 20

x2 = 20

x3 = 20

x0 = 21

x1 = 21

x2 = 21

x3 = 21

y2,0 = 20

y2,1 = 20

y2,2 = 20

y2,3 = 20

y2,0 = 21

y2,1 = 21

y2,2 = 21

y2,3 = 21

q0.in=20 a0=2 b0=0 a1=2 b1=2 a2=7 b2=b a3=c b3=2 a4=2 b4=f q0.out=f2 l1,3=2f q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l0,3=5c q1.in=ec a0=e b0=c a1=2 b1=8 a2=b b2=6 a3=d b3=0 a4=b b4=b q1.out=bb

q1.in=20 a0=2 b0=0 a1=2 b1=2 a2=b b2=2 a3=9 b3=2 a4=e b4=5 q1.out=5e l1,2=ec q0.in=e1 a0=e b0=1 a1=f b1=6 a2=4 b2=3 a3=7 b3=d a4=0 b4=5 q0.out=50 l0,2=9f q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=20 a0=2 b0=0 a1=2 b1=2 a2=7 b2=b a3=c b3=2 a4=2 b4=f q0.out=f2 l1,1=bf q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l0,1=58 q1.in=99 a0=9 b0=9 a1=0 b1=d a2=2 b2=9 a3=b b3=e a4=8 b4=8 q1.out=88

q1.in=20 a0=2 b0=0 a1=2 b1=2 a2=b b2=2 a3=9 b3=2 a4=e b4=5 q1.out=5e l1,0=b6 q1.in=71 a0=7 b0=1 a1=6 b1=7 a2=6 b2=7 a3=1 b3=d a4=c b4=0 q1.out=0c l0,0=9f q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1

q0.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=0 b4=d q0.out=d0 l1,3=5a q0.in=fa a0=f b0=a a1=5 b1=2 a2=f b2=b a3=4 b3=a a4=6 b4=3 q0.out=36 l0,3=32 q1.in=c0 a0=c b0=0 a1=c b1=c a2=0 b2=f a3=f b3=f a4=f b4=a q1.out=af

q1.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=a b4=b q1.out=ba l1,2=c3 q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd l0,2=2c q0.in=af a0=a b0=f a1=5 b1=5 a2=f b2=2 a3=d b3=6 a4=4 b4=6 q0.out=64

q0.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=0 b4=d q0.out=d0 l1,1=e8 q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l0,1=12 q1.in=d1 a0=d b0=1 a1=c b1=d a2=0 b2=9 a3=9 b3=c a4=e b4=2 q1.out=2e

q1.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=a b4=b q1.out=ba l1,0=2a q1.in=e0 a0=e b0=0 a1=e b1=e a2=c b2=0 a3=c b3=c a4=2 b4=2 q1.out=22 l0,0=f6 q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d

y0 = bb	y1 = 9a	y2 = 88	y3 = e1	y0 = af	y1 = 64	y2 = 2e	y3 = 0d
MDS input = Y = y0y1y2y3 = bb9a88e1				MDS input = Y = y0y1y2y3 = af642e0d

MDS output = Z = z0z1z2z3 = d7315565

MDS output = Z = z0z1z2z3 = 25ae3c3f

z0 = d7

z1 = 31

z2 = 55

z3 = 65

z0 = 25

z1 = ae

z2 = 3c

z3 = 3f

A16 = h(2pi, Me) = d7315565

B16 = ROL[h({2i+1}p, Mo),  8] = ROL[25ae3c3f,8] = ROL[3f3cae25(big endian),  8] = 3cae253f(big endian) = 3f25ae3c.

K32 = (A16 + B16) mod 232 = (d7315565 + 3f25ae3c) mod 232 = (655531d7(big endian) + 3cae253f(big endian)) mod 232 = a2035716(big endian) = 165703a2.

K33 = ROL([A16 + 2B16] mod 232,  9) = ROL([d7315565 + 2(3f25ae3c) mod32,  9) = ROL([655531d7(big endian) + 2(3cae253f(big endian))] mod32,  9) = ROL([655531d7(big endian) + 795c4a7e(big endian)] mod32,  9) = ROL(deb17c55(big endian),  9) = 62f8abbd(big endian) = bdabf862.

Key Schedule: K34 and K35

i = 11	i = 11
h input = X = x0x1x2x3 = 2ip = 22222222	h input = X = x0x1x2x3 = (2i+1)p = 23232323

x0 = 22

x1 = 22

x2 = 22

x3 = 22

x0 = 23

x1 = 23

x2 = 23

x3 = 23

y2,0 = 22

y2,1 = 22

y2,2 = 22

y2,3 = 22

y2,0 = 23

y2,1 = 23

y2,2 = 23

y2,3 = 23

q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l1,3=2f q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l0,3=5c q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,2=ec q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6 l0,2=9f q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a

q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l1,1=bf q1.in=67 a0=6 b0=7 a1=1 b1=d a2=8 b2=9 a3=1 b3=4 a4=c b4=c q1.out=cc l0,1=58 q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,0=b6 q1.in=81 a0=8 b0=1 a1=9 b1=0 a2=1 b2=1 a3=0 b3=1 a4=4 b4=9 q1.out=94 l0,0=9f q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8

q0.in=23 a0=2 b0=3 a1=1 b1=b a2=1 b2=6 a3=7 b3=a a4=0 b4=3 q0.out=30 l1,3=5a q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,3=32 q1.in=c1 a0=c b0=1 a1=d b1=4 a2=a b2=4 a3=e b3=8 a4=3 b4=6 q1.out=63

q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b l1,2=c3 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f l0,2=2c q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c

q0.in=23 a0=2 b0=3 a1=1 b1=b a2=1 b2=6 a3=7 b3=a a4=0 b4=3 q0.out=30 l1,1=e8 q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4 l0,1=12 q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81

q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b l1,0=2a q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l0,0=f6 q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14

y0 = 5f	y1 = 0a	y2 = c7	y3 = b8	y0 = 63	y1 = 0c	y2 = 81	y3 = 14
MDS input = Y = y0y1y2y3 = 5f0ac7b8				MDS input = Y = y0y1y2y3 = 630c8114

MDS output = Z = z0z1z2z3 = 68688c6e

MDS output = Z = z0z1z2z3 = 80878502

z0 = 68

z1 = 68

z2 = 8c

z3 = 6e

z0 = 80

z1 = 87

z2 = 85

z3 = 02

A17 = h(2pi, Me) = 68688c6e

B17 = ROL[h({2i+1}p, Mo),  8] = ROL[80878502,8] = ROL[02858780(big endian),  8] = 85878002(big endian) = 02808785.

K34 = (A17 + B17) mod 232 = (68688c6e + 02808785) mod 232 = (6e8c6868(big endian) + 85878002(big endian)) mod 232 = f413e86a(big endian) = 6ae813f4.

K35 = ROL([A17 + 2B17] mod 232,  9) = ROL([68688c6e + 2(02808785) mod32,  9) = ROL([6e8c6868(big endian) + 2(85878002(big endian))] mod32,  9) = ROL([6e8c6868(big endian) + 0b0f0004(big endian)] mod32,  9) = ROL(799b686c(big endian),  9) = 36d0d8f3(big endian) = f3d8d036.

Key Schedule: K36 and K37

i = 12	i = 12
h input = X = x0x1x2x3 = 2ip = 24242424	h input = X = x0x1x2x3 = (2i+1)p = 25252525

x0 = 24

x1 = 24

x2 = 24

x3 = 24

x0 = 25

x1 = 25

x2 = 25

x3 = 25

y2,0 = 24

y2,1 = 24

y2,2 = 24

y2,3 = 24

y2,0 = 25

y2,1 = 25

y2,2 = 25

y2,3 = 25

q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l1,3=2f q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,3=5c q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87

q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l1,2=ec q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l0,2=9f q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92

q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l1,1=bf q1.in=68 a0=6 b0=8 a1=e b1=2 a2=c b2=2 a3=e b3=d a4=3 b4=0 q1.out=03 l0,1=58 q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4

q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l1,0=b6 q1.in=a5 a0=a b0=5 a1=f b1=0 a2=5 b2=1 a3=4 b3=5 a4=1 b4=3 q1.out=31 l0,0=9f q0.in=6d a0=6 b0=d a1=b b1=8 a2=9 b2=f a3=6 b3=e a4=9 b4=c q0.out=c9

q0.in=25 a0=2 b0=5 a1=7 b1=8 a2=2 b2=f a3=d b3=d a4=4 b4=5 q0.out=54 l1,3=5a q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l0,3=32 q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l1,2=c3 q0.in=e8 a0=e b0=8 a1=6 b1=a a2=3 b2=a a3=9 b3=e a4=8 b4=c q0.out=c8 l0,2=2c q0.in=da a0=d b0=a a1=7 b1=0 a2=2 b2=e a3=c b3=5 a4=2 b4=2 q0.out=22

q0.in=25 a0=2 b0=5 a1=7 b1=8 a2=2 b2=f a3=d b3=d a4=4 b4=5 q0.out=54 l1,1=e8 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,1=12 q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77

q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l1,0=2a q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85 l0,0=f6 q0.in=b7 a0=b b0=7 a1=c b1=8 a2=e b2=f a3=1 b3=1 a4=a b4=7 q0.out=7a

y0 = 87	y1 = 92	y2 = c4	y3 = c9	y0 = 79	y1 = 22	y2 = 77	y3 = 7a
MDS input = Y = y0y1y2y3 = 8792c4c9				MDS input = Y = y0y1y2y3 = 7922777a

MDS output = Z = z0z1z2z3 = 985d081b

MDS output = Z = z0z1z2z3 = a2c3b14c

z0 = 98

z1 = 5d

z2 = 08

z3 = 1b

z0 = a2

z1 = c3

z2 = b1

z3 = 4c

A18 = h(2pi, Me) = 985d081b

B18 = ROL[h({2i+1}p, Mo),  8] = ROL[a2c3b14c,8] = ROL[4cb1c3a2(big endian),  8] = b1c3a24c(big endian) = 4ca2c3b1.

K36 = (A18 + B18) mod 232 = (985d081b + 4ca2c3b1) mod 232 = (1b085d98(big endian) + b1c3a24c(big endian)) mod 232 = cccbffe4(big endian) = e4ffcbcc.

K37 = ROL([A18 + 2B18] mod 232,  9) = ROL([985d081b + 2(4ca2c3b1) mod32,  9) = ROL([1b085d98(big endian) + 2(b1c3a24c(big endian))] mod32,  9) = ROL([1b085d98(big endian) + 63874498(big endian)] mod32,  9) = ROL(7e8fa230(big endian),  9) = 1f4460fd(big endian) = fd60441f.

Key Schedule: K38 and K39

i = 13	i = 13
h input = X = x0x1x2x3 = 2ip = 26262626	h input = X = x0x1x2x3 = (2i+1)p = 27272727

x0 = 26

x1 = 26

x2 = 26

x3 = 26

x0 = 27

x1 = 27

x2 = 27

x3 = 27

y2,0 = 26

y2,1 = 26

y2,2 = 26

y2,3 = 26

y2,0 = 27

y2,1 = 27

y2,2 = 27

y2,3 = 27

q0.in=26 a0=2 b0=6 a1=4 b1=1 a2=6 b2=c a3=a b3=0 a4=f b4=d q0.out=df l1,3=2f q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l0,3=5c q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12

q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc l1,2=ec q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8 l0,2=9f q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a

q0.in=26 a0=2 b0=6 a1=4 b1=1 a2=6 b2=c a3=a b3=0 a4=f b4=d q0.out=df l1,1=bf q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14 l0,1=58 q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c

q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc l1,0=b6 q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l0,0=9f q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,3=5a q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l0,3=32 q1.in=64 a0=6 b0=4 a1=2 b1=4 a2=b b2=4 a3=f b3=1 a4=f b4=9 q1.out=9f

q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l1,2=c3 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd l0,2=2c q0.in=df a0=d b0=f a1=2 b1=a a2=7 b2=a a3=d b3=a a4=4 b4=3 q0.out=34

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=e8 q1.in=e0 a0=e b0=0 a1=e b1=e a2=c b2=0 a3=c b3=c a4=2 b4=2 q1.out=22 l0,1=12 q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8

q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l1,0=2a q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5 l0,0=f6 q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab

y0 = 12	y1 = 2a	y2 = 1c	y3 = e8	y0 = 9f	y1 = 34	y2 = e8	y3 = ab
MDS input = Y = y0y1y2y3 = 122a1ce8				MDS input = Y = y0y1y2y3 = 9f34e8ab

MDS output = Z = z0z1z2z3 = 5ade8546

MDS output = Z = z0z1z2z3 = 0178f250

z0 = 5a

z1 = de

z2 = 85

z3 = 46

z0 = 01

z1 = 78

z2 = f2

z3 = 50

A19 = h(2pi, Me) = 5ade8546

B19 = ROL[h({2i+1}p, Mo),  8] = ROL[0178f250,8] = ROL[50f27801(big endian),  8] = f2780150(big endian) = 500178f2.

K38 = (A19 + B19) mod 232 = (5ade8546 + 500178f2) mod 232 = (4685de5a(big endian) + f2780150(big endian)) mod 232 = 38fddfaa(big endian) = aadffd38.

K39 = ROL([A19 + 2B19] mod 232,  9) = ROL([5ade8546 + 2(500178f2) mod32,  9) = ROL([4685de5a(big endian) + 2(f2780150(big endian))] mod32,  9) = ROL([4685de5a(big endian) + e4f002a0(big endian)] mod32,  9) = ROL(2b75e0fa(big endian),  9) = ebc1f456(big endian) = 56f4c1eb.

 

Summary listing of the 40 expanded key words

K0 = 9bf1826a	K1 = 02229b50	K2 = ea11ea78	K3 = ae0b98a1
K4 = f57ea21f	K5 = e005f378	K6 = 314b4d98	K7 = c9a88d6f
K8 = f595a22f	K9 = b3c6caca	K10 = 22166ed7	K11 = 2547a011
K12 = a38a1320	K13 = 0813350e	K14 = 281a4854	K15 = a0ddfa24
K16 = 19c3630c	K17 = 5bc0b2cc	K18 = d542f0e2	K19 = 9f8b15e9
K20 = 7b65df4c	K21 = 2189e236	K22 = 25d0b3fc	K23 = eb1e6ea6
K24 = 97054619	K25 = ccf7f077	K26 = d5b22d8a	K27 = 66325910
K28 = fdcb3639	K29 = d853ba91	K30 = fd2d59b8	K31 = 9c51af49
K32 = 165703a2	K33 = bdabf862	K34 = 6ae813f4	K35 = f3d8d036
K36 = e4ffcbcc	K37 = fd60441f	K38 = aadffd38	K39 = 56f4c1eb

 

Encryption start: block 1

128-bit plaintext block = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = d4919116e7b1b19e86cbcb6b789f9f19

P0 = p0p1p2p3 = d491db16	P1 = p4p5p6p7 = e7b1c39e
P2 = p8p9p10p11 = 86cb086b	P3 = p12p13p14p15 = 789f5419

 

Encryption of block 1 : Encryption CBC step: Xor of plaintext block with ciphertext result of previous block

P '0 = P0 C0(previous round) = d491db16 00000000 = d491db16

P '1 = P1 C1(previous round) = e7b1c39e 00000000 = e7b1c39e

P '2 = P2 C2(previous round) = 86cb086b 00000000 = 86cb086b

P '3 = P3 C3(previous round) = 789f5419 00000000 = 789f5419

 

Encryption Input Whiten : Block 1

R0,0 = P '0 K0 = d491db16 9bf1826a = 4f60597c

R0,1 = P '1 K1 = e7b1c39e 02229b50 = e59358ce

R0,2 = P '2 K2 = 86cb086b ea11ea78 = 6cdae213

R0,3 = P '3 K3 = 789f5419 ae0b98a1 = d694ccb8

 

Encryption of block 1, round r=0

g input = X = x0x1x2x3 = R0,0 = 4f60597c

g input = X = x0x1x2x3 = ROL(R0,1,  8) = ROL(e59358ce ,  8) = ROL(ce5893e5(big endian),  8) = 5893e5ce(big endian) = cee59358.

x0 = 4f

x1 = 60

x2 = 59

x3 = 7c

x0 = ce

x1 = e5

x2 = 93

x3 = 58

y2,0 = 4f

y2,1 = 60

y2,2 = 59

y2,3 = 7c

y2,0 = ce

y2,1 = e5

y2,2 = 93

y2,3 = 58

q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1 l1,3=14 q0.in=e9 a0=e b0=9 a1=7 b1=2 a2=2 b2=b a3=9 b3=f a4=8 b4=a q0.out=a8 l0,3=dc q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,2=9c q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,2=53 q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5

q0.in=59 a0=5 b0=9 a1=c b1=1 a2=e b2=c a3=2 b3=8 a4=5 b4=9 q0.out=95 l1,1=8a q1.in=09 a0=0 b0=9 a1=9 b1=c a2=1 b2=f a3=e b3=6 a4=3 b4=d q1.out=d3 l0,1=8b q1.in=80 a0=8 b0=0 a1=8 b1=8 a2=3 b2=6 a3=5 b3=8 a4=6 b4=6 q1.out=66

q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l1,0=18 q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08 l0,0=81 q0.in=d4 a0=d b0=4 a1=9 b1=7 a2=b b2=5 a3=e b3=9 a4=7 b4=b q0.out=b7

q0.in=ce a0=c b0=e a1=2 b1=b a2=7 b2=6 a3=1 b3=c a4=a b4=8 q0.out=8a l1,3=14 q0.in=92 a0=9 b0=2 a1=b b1=0 a2=9 b2=e a3=7 b3=6 a4=0 b4=6 q0.out=60 l0,3=dc q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9

q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l1,2=9c q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e l0,2=53 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

q0.in=93 a0=9 b0=3 a1=a b1=8 a2=5 b2=f a3=a b3=2 a4=f b4=f q0.out=ff l1,1=8a q1.in=63 a0=6 b0=3 a1=5 b1=f a2=7 b2=8 a3=f b3=b a4=f b4=f q1.out=ff l0,1=8b q1.in=ac a0=a b0=c a1=6 b1=c a2=6 b2=f a3=9 b3=9 a4=e b4=4 q1.out=4e

q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l1,0=18 q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,0=81 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98

y0 = c1	y1 = e5	y2 = 66	y3 = b7	y0 = c9	y1 = 5c	y2 = 4e	y3 = 98
MDS input = Y = y0y1y2y3 = c1e566b7				MDS input = Y = y0y1y2y3 = c95c4e98

MDS output = Z = z0z1z2z3 = 3ea40416

MDS output = Z = z0z1z2z3 = fb92865d

z0 = 3e

z1 = a4

z2 = 04

z3 = 16

z0 = fb

z1 = 92

z2 = 86

z3 = 5d

T0 = g(R0) = 3ea40416

T1 = g(ROL(R1, 8)) = fb92865d

F0,0 = (T0 + T1 + K8) mod 232 = (3ea40416 + fb92865d + f595a22f) mod 232 = (1604a43e(big endian) + 5d8692fb(big endian) + 2fa295f5(big endian)) mod 232 = a32dcd2e(big endian) = 2ecd2da3.

F0,1 = (T0 + 2T1 + K9) mod 232 = (3ea40416 + 2[fb92865d] + b3c6caca) mod 232 = (1604a43e(big endian) + 2[5d8692fb(big endian)] + cacac6b3(big endian)) mod 232 = (1604a43e(big endian) + bb0d25f6(big endian) + cacac6b3(big endian)) mod 232 = 9bdc90e7(big endian) = e790dc9b.

R1,0  =  ROR(R0, 2    F0,0,1) =  ROR(6cdae213    2ecd2da3, 1) =  ROR(4217cfb0, 1) =  ROR(b0cf1742(big endian), 1) =  58678ba1(big endian) =  a18b6758

R1,1  =  ROL(R0, 3,  1)    F0,1) =  ROL(d694ccb8,  1)    e790dc9b =  ROL(b8cc94d6(big endian),  1)    e790dc9b =  719929ad(big endian)    e790dc9b =  ad299971   e790dc9b =  4ab945ea.

R1,2 = R0,0 = 4f60597c

R1,3 = R0,1 = e59358ce

 

Encryption of block 1, round r=1

g input = X = x0x1x2x3 = R1,0 = a18b6758

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(4ab945ea ,  8) = ROL(ea45b94a(big endian),  8) = 45b94aea(big endian) = ea4ab945.

x0 = a1

x1 = 8b

x2 = 67

x3 = 58

x0 = ea

x1 = 4a

x2 = b9

x3 = 45

y2,0 = a1

y2,1 = 8b

y2,2 = 67

y2,3 = 58

y2,0 = ea

y2,1 = 4a

y2,2 = b9

y2,3 = 45

q0.in=a1 a0=a b0=1 a1=b b1=2 a2=9 b2=b a3=2 b3=c a4=5 b4=8 q0.out=85 l1,3=14 q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93 l0,3=dc q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8

q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l1,2=9c q0.in=96 a0=9 b0=6 a1=f b1=2 a2=4 b2=b a3=f b3=9 a4=1 b4=b q0.out=b1 l0,2=53 q0.in=3a a0=3 b0=a a1=9 b1=e a2=b b2=9 a3=2 b3=f a4=5 b4=a q0.out=a5

q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l1,1=8a q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc l0,1=8b q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9

q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l1,0=18 q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,0=81 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98

q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l1,3=14 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e l0,3=dc q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48

q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7 l1,2=9c q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08 l0,2=53 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed

q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l1,1=8a q1.in=e3 a0=e b0=3 a1=d b1=7 a2=a b2=7 a3=d b3=1 a4=b b4=9 q1.out=9b l0,1=8b q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce

q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l1,0=18 q1.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=9 a3=4 b3=9 a4=1 b4=4 q1.out=41 l0,0=81 q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93

y0 = d8	y1 = a5	y2 = a9	y3 = 98	y0 = 48	y1 = ed	y2 = ce	y3 = 93
MDS input = Y = y0y1y2y3 = d8a5a998				MDS input = Y = y0y1y2y3 = 48edce93

MDS output = Z = z0z1z2z3 = 8f7f0fa0

MDS output = Z = z0z1z2z3 = 16a998e4

z0 = 8f

z1 = 7f

z2 = 0f

z3 = a0

z0 = 16

z1 = a9

z2 = 98

z3 = e4

T0 = g(R0) = 8f7f0fa0

T1 = g(ROL(R1, 8)) = 16a998e4

F1,0 = (T0 + T1 + K10) mod 232 = (8f7f0fa0 + 16a998e4 + 22166ed7) mod 232 = (a00f7f8f(big endian) + e498a916(big endian) + d76e1622(big endian)) mod 232 = 5c163ec7(big endian) = c73e165c.

F1,1 = (T0 + 2T1 + K11) mod 232 = (8f7f0fa0 + 2[16a998e4] + 2547a011) mod 232 = (a00f7f8f(big endian) + 2[e498a916(big endian)] + 11a04725(big endian)) mod 232 = (a00f7f8f(big endian) + c931522c(big endian) + 11a04725(big endian)) mod 232 = 7ae118e0(big endian) = e018e17a.

R2,0  =  ROR(R1, 2    F1,0,1) =  ROR(4f60597c    c73e165c, 1) =  ROR(885e4f20, 1) =  ROR(204f5e88(big endian), 1) =  1027af44(big endian) =  44af2710

R2,1  =  ROL(R1, 3,  1)    F1,1) =  ROL(e59358ce,  1)    e018e17a =  ROL(ce5893e5(big endian),  1)    e018e17a =  9cb127cb(big endian)    e018e17a =  cb27b19c   e018e17a =  2b3f50e6.

R2,2 = R1,0 = a18b6758

R2,3 = R1,1 = 4ab945ea

 

Encryption of block 1, round r=2

g input = X = x0x1x2x3 = R2,0 = 44af2710

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(2b3f50e6 ,  8) = ROL(e6503f2b(big endian),  8) = 503f2be6(big endian) = e62b3f50.

x0 = 44

x1 = af

x2 = 27

x3 = 10

x0 = e6

x1 = 2b

x2 = 3f

x3 = 50

y2,0 = 44

y2,1 = af

y2,2 = 27

y2,3 = 10

y2,0 = e6

y2,1 = 2b

y2,2 = 3f

y2,3 = 50

q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l1,3=14 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af l0,3=dc q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2

q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48 l1,2=9c q0.in=c2 a0=c b0=2 a1=e b1=d a2=a b2=0 a3=a b3=a a4=f b4=3 q0.out=3f l0,2=53 q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=8a q1.in=bf a0=b b0=f a1=4 b1=c a2=f b2=f a3=0 b3=8 a4=4 b4=6 q1.out=64 l0,1=8b q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l1,0=18 q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l0,0=81 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39

q0.in=e6 a0=e b0=6 a1=8 b1=d a2=0 b2=0 a3=0 b3=0 a4=b b4=d q0.out=db l1,3=14 q0.in=c3 a0=c b0=3 a1=f b1=5 a2=4 b2=2 a3=6 b3=5 a4=9 b4=2 q0.out=29 l0,3=dc q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18

q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e l1,2=9c q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,2=53 q0.in=8d a0=8 b0=d a1=5 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=c q0.out=c2

q0.in=3f a0=3 b0=f a1=c b1=4 a2=e b2=1 a3=f b3=6 a4=1 b4=6 q0.out=61 l1,1=8a q1.in=fd a0=f b0=d a1=2 b1=9 a2=b b2=d a3=6 b3=d a4=9 b4=0 q1.out=09 l0,1=8b q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85

q1.in=50 a0=5 b0=0 a1=5 b1=d a2=7 b2=9 a3=e b3=3 a4=3 b4=1 q1.out=13 l1,0=18 q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l0,0=81 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18

y0 = d2	y1 = fc	y2 = a3	y3 = 39	y0 = 18	y1 = c2	y2 = 85	y3 = 18
MDS input = Y = y0y1y2y3 = d2fca339				MDS input = Y = y0y1y2y3 = 18c28518

MDS output = Z = z0z1z2z3 = 67569e2a

MDS output = Z = z0z1z2z3 = df29c3c6

z0 = 67

z1 = 56

z2 = 9e

z3 = 2a

z0 = df

z1 = 29

z2 = c3

z3 = c6

T0 = g(R0) = 67569e2a

T1 = g(ROL(R1, 8)) = df29c3c6

F2,0 = (T0 + T1 + K12) mod 232 = (67569e2a + df29c3c6 + a38a1320) mod 232 = (2a9e5667(big endian) + c6c329df(big endian) + 20138aa3(big endian)) mod 232 = 11750ae9(big endian) = e90a7511.

F2,1 = (T0 + 2T1 + K13) mod 232 = (67569e2a + 2[df29c3c6] + 0813350e) mod 232 = (2a9e5667(big endian) + 2[c6c329df(big endian)] + 0e351308(big endian)) mod 232 = (2a9e5667(big endian) + 8d8653be(big endian) + 0e351308(big endian)) mod 232 = c659bd2d(big endian) = 2dbd59c6.

R3,0  =  ROR(R2, 2    F2,0,1) =  ROR(a18b6758    e90a7511, 1) =  ROR(48811249, 1) =  ROR(49128148(big endian), 1) =  248940a4(big endian) =  a4408924

R3,1  =  ROL(R2, 3,  1)    F2,1) =  ROL(4ab945ea,  1)    2dbd59c6 =  ROL(ea45b94a(big endian),  1)    2dbd59c6 =  d48b7295(big endian)    2dbd59c6 =  95728bd4   2dbd59c6 =  b8cfd212.

R3,2 = R2,0 = 44af2710

R3,3 = R2,1 = 2b3f50e6

 

Encryption of block 1, round r=3

g input = X = x0x1x2x3 = R3,0 = a4408924

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(b8cfd212 ,  8) = ROL(12d2cfb8(big endian),  8) = d2cfb812(big endian) = 12b8cfd2.

x0 = a4

x1 = 40

x2 = 89

x3 = 24

x0 = 12

x1 = b8

x2 = cf

x3 = d2

y2,0 = a4

y2,1 = 40

y2,2 = 89

y2,3 = 24

y2,0 = 12

y2,1 = b8

y2,2 = cf

y2,3 = d2

q0.in=a4 a0=a b0=4 a1=e b1=8 a2=a b2=f a3=5 b3=5 a4=d b4=2 q0.out=2d l1,3=14 q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l0,3=dc q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29

q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l1,2=9c q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,2=53 q0.in=40 a0=4 b0=0 a1=4 b1=4 a2=6 b2=1 a3=7 b3=e a4=0 b4=c q0.out=c0

q0.in=89 a0=8 b0=9 a1=1 b1=4 a2=1 b2=1 a3=0 b3=1 a4=b b4=7 q0.out=7b l1,1=8a q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab l0,1=8b q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16

q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l1,0=18 q1.in=9e a0=9 b0=e a1=7 b1=6 a2=e b2=3 a3=d b3=7 a4=b b4=e q1.out=eb l0,0=81 q0.in=37 a0=3 b0=7 a1=4 b1=0 a2=6 b2=e a3=8 b3=1 a4=c b4=7 q0.out=7c

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,3=14 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae l0,3=dc q1.in=2f a0=2 b0=f a1=d b1=d a2=a b2=9 a3=3 b3=6 a4=5 b4=d q1.out=d5

q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l1,2=9c q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l0,2=53 q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e

q0.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=8 a3=5 b3=1 a4=d b4=7 q0.out=7d l1,1=8a q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,1=8b q1.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=4 a3=9 b3=7 a4=e b4=e q1.out=ee

q1.in=d2 a0=d b0=2 a1=f b1=4 a2=5 b2=4 a3=1 b3=f a4=c b4=a q1.out=ac l1,0=18 q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l0,0=81 q0.in=51 a0=5 b0=1 a1=4 b1=5 a2=6 b2=2 a3=4 b3=7 a4=6 b4=e q0.out=e6

y0 = 29	y1 = c0	y2 = 16	y3 = 7c	y0 = d5	y1 = 5e	y2 = ee	y3 = e6
MDS input = Y = y0y1y2y3 = 29c0167c				MDS input = Y = y0y1y2y3 = d55eeee6

MDS output = Z = z0z1z2z3 = 7d3962d6

MDS output = Z = z0z1z2z3 = 0d986f47

z0 = 7d

z1 = 39

z2 = 62

z3 = d6

z0 = 0d

z1 = 98

z2 = 6f

z3 = 47

T0 = g(R0) = 7d3962d6

T1 = g(ROL(R1, 8)) = 0d986f47

F3,0 = (T0 + T1 + K14) mod 232 = (7d3962d6 + 0d986f47 + 281a4854) mod 232 = (d662397d(big endian) + 476f980d(big endian) + 54481a28(big endian)) mod 232 = 7219ebb2(big endian) = b2eb1972.

F3,1 = (T0 + 2T1 + K15) mod 232 = (7d3962d6 + 2[0d986f47] + a0ddfa24) mod 232 = (d662397d(big endian) + 2[476f980d(big endian)] + 24fadda0(big endian)) mod 232 = (d662397d(big endian) + 8edf301a(big endian) + 24fadda0(big endian)) mod 232 = 8a3c4737(big endian) = 37473c8a.

R4,0  =  ROR(R3, 2    F3,0,1) =  ROR(44af2710    b2eb1972, 1) =  ROR(f6443e62, 1) =  ROR(623e44f6(big endian), 1) =  311f227b(big endian) =  7b221f31

R4,1  =  ROL(R3, 3,  1)    F3,1) =  ROL(2b3f50e6,  1)    37473c8a =  ROL(e6503f2b(big endian),  1)    37473c8a =  cca07e57(big endian)    37473c8a =  577ea0cc   37473c8a =  60399c46.

R4,2 = R3,0 = a4408924

R4,3 = R3,1 = b8cfd212

 

Encryption of block 1, round r=4

g input = X = x0x1x2x3 = R4,0 = 7b221f31

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(60399c46 ,  8) = ROL(469c3960(big endian),  8) = 9c396046(big endian) = 4660399c.

x0 = 7b

x1 = 22

x2 = 1f

x3 = 31

x0 = 46

x1 = 60

x2 = 39

x3 = 9c

y2,0 = 7b

y2,1 = 22

y2,2 = 1f

y2,3 = 31

y2,0 = 46

y2,1 = 60

y2,2 = 39

y2,3 = 9c

q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l1,3=14 q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4 l0,3=dc q1.in=75 a0=7 b0=5 a1=2 b1=5 a2=b b2=c a3=7 b3=5 a4=a b4=3 q1.out=3a

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,2=9c q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l0,2=53 q0.in=0f a0=0 b0=f a1=f b1=f a2=4 b2=d a3=9 b3=a a4=8 b4=3 q0.out=38

q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48 l1,1=8a q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59 l0,1=8b q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6

q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l1,0=18 q1.in=90 a0=9 b0=0 a1=9 b1=1 a2=1 b2=e a3=f b3=e a4=f b4=8 q1.out=8f l0,0=81 q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l1,3=14 q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l0,3=dc q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,2=9c q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,2=53 q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5

q0.in=39 a0=3 b0=9 a1=a b1=7 a2=5 b2=5 a3=0 b3=7 a4=b b4=e q0.out=eb l1,1=8a q1.in=77 a0=7 b0=7 a1=0 b1=4 a2=2 b2=4 a3=6 b3=0 a4=9 b4=b q1.out=b9 l0,1=8b q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d

q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4 l1,0=18 q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,0=81 q0.in=f5 a0=f b0=5 a1=a b1=d a2=5 b2=0 a3=5 b3=d a4=d b4=5 q0.out=5d

y0 = 3a	y1 = 38	y2 = e6	y3 = 45	y0 = d1	y1 = e5	y2 = 0d	y3 = 5d
MDS input = Y = y0y1y2y3 = 3a38e645				MDS input = Y = y0y1y2y3 = d1e50d5d

MDS output = Z = z0z1z2z3 = 75f7d5b3

MDS output = Z = z0z1z2z3 = d5446270

z0 = 75

z1 = f7

z2 = d5

z3 = b3

z0 = d5

z1 = 44

z2 = 62

z3 = 70

T0 = g(R0) = 75f7d5b3

T1 = g(ROL(R1, 8)) = d5446270

F4,0 = (T0 + T1 + K16) mod 232 = (75f7d5b3 + d5446270 + 19c3630c) mod 232 = (b3d5f775(big endian) + 706244d5(big endian) + 0c63c319(big endian)) mod 232 = 309bff63(big endian) = 63ff9b30.

F4,1 = (T0 + 2T1 + K17) mod 232 = (75f7d5b3 + 2[d5446270] + 5bc0b2cc) mod 232 = (b3d5f775(big endian) + 2[706244d5(big endian)] + ccb2c05b(big endian)) mod 232 = (b3d5f775(big endian) + e0c489aa(big endian) + ccb2c05b(big endian)) mod 232 = 614d417a(big endian) = 7a414d61.

R5,0  =  ROR(R4, 2    F4,0,1) =  ROR(a4408924    63ff9b30, 1) =  ROR(c7bf1214, 1) =  ROR(1412bfc7(big endian), 1) =  8a095fe3(big endian) =  e35f098a

R5,1  =  ROL(R4, 3,  1)    F4,1) =  ROL(b8cfd212,  1)    7a414d61 =  ROL(12d2cfb8(big endian),  1)    7a414d61 =  25a59f70(big endian)    7a414d61 =  709fa525   7a414d61 =  0adee844.

R5,2 = R4,0 = 7b221f31

R5,3 = R4,1 = 60399c46

 

Encryption of block 1, round r=5

g input = X = x0x1x2x3 = R5,0 = e35f098a

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(0adee844 ,  8) = ROL(44e8de0a(big endian),  8) = e8de0a44(big endian) = 440adee8.

x0 = e3

x1 = 5f

x2 = 09

x3 = 8a

x0 = 44

x1 = 0a

x2 = de

x3 = e8

y2,0 = e3

y2,1 = 5f

y2,2 = 09

y2,3 = 8a

y2,0 = 44

y2,1 = 0a

y2,2 = de

y2,3 = e8

q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68 l1,3=14 q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81 l0,3=dc q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75

q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l1,2=9c q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,2=53 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l1,1=8a q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8 l0,1=8b q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57

q1.in=8a a0=8 b0=a a1=2 b1=d a2=b b2=9 a3=2 b3=f a4=7 b4=a q1.out=a7 l1,0=18 q1.in=b3 a0=b b0=3 a1=8 b1=a a2=3 b2=a a3=9 b3=e a4=e b4=8 q1.out=8e l0,0=81 q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd

q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l1,3=14 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af l0,3=dc q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2

q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6 l1,2=9c q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l0,2=53 q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac

q0.in=de a0=d b0=e a1=3 b1=2 a2=d b2=b a3=6 b3=8 a4=9 b4=9 q0.out=99 l1,1=8a q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l0,1=8b q1.in=28 a0=2 b0=8 a1=a b1=6 a2=9 b2=3 a3=a b3=8 a4=d b4=6 q1.out=6d

q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l1,0=18 q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l0,0=81 q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23

y0 = 75	y1 = 9a	y2 = 57	y3 = bd	y0 = d2	y1 = ac	y2 = 6d	y3 = 23
MDS input = Y = y0y1y2y3 = 759a57bd				MDS input = Y = y0y1y2y3 = d2ac6d23

MDS output = Z = z0z1z2z3 = 54f9c1dd

MDS output = Z = z0z1z2z3 = ea0eb1fc

z0 = 54

z1 = f9

z2 = c1

z3 = dd

z0 = ea

z1 = 0e

z2 = b1

z3 = fc

T0 = g(R0) = 54f9c1dd

T1 = g(ROL(R1, 8)) = ea0eb1fc

F5,0 = (T0 + T1 + K18) mod 232 = (54f9c1dd + ea0eb1fc + d542f0e2) mod 232 = (ddc1f954(big endian) + fcb10eea(big endian) + e2f042d5(big endian)) mod 232 = bd634b13(big endian) = 134b63bd.

F5,1 = (T0 + 2T1 + K19) mod 232 = (54f9c1dd + 2[ea0eb1fc] + 9f8b15e9) mod 232 = (ddc1f954(big endian) + 2[fcb10eea(big endian)] + e9158b9f(big endian)) mod 232 = (ddc1f954(big endian) + f9621dd4(big endian) + e9158b9f(big endian)) mod 232 = c039a2c7(big endian) = c7a239c0.

R6,0  =  ROR(R5, 2    F5,0,1) =  ROR(7b221f31    134b63bd, 1) =  ROR(68697c8c, 1) =  ROR(8c7c6968(big endian), 1) =  463e34b4(big endian) =  b4343e46

R6,1  =  ROL(R5, 3,  1)    F5,1) =  ROL(60399c46,  1)    c7a239c0 =  ROL(469c3960(big endian),  1)    c7a239c0 =  8d3872c0(big endian)    c7a239c0 =  c072388d   c7a239c0 =  07d0014d.

R6,2 = R5,0 = e35f098a

R6,3 = R5,1 = 0adee844

 

Encryption of block 1, round r=6

g input = X = x0x1x2x3 = R6,0 = b4343e46

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(07d0014d ,  8) = ROL(4d01d007(big endian),  8) = 01d0074d(big endian) = 4d07d001.

x0 = b4

x1 = 34

x2 = 3e

x3 = 46

x0 = 4d

x1 = 07

x2 = d0

x3 = 01

y2,0 = b4

y2,1 = 34

y2,2 = 3e

y2,3 = 46

y2,0 = 4d

y2,1 = 07

y2,2 = d0

y2,3 = 01

q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l1,3=14 q0.in=e4 a0=e b0=4 a1=a b1=c a2=5 b2=7 a3=2 b3=6 a4=5 b4=6 q0.out=65 l0,3=dc q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89

q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5 l1,2=9c q0.in=3f a0=3 b0=f a1=c b1=4 a2=e b2=1 a3=f b3=6 a4=1 b4=6 q0.out=61 l0,2=53 q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b

q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3 l1,1=8a q1.in=7f a0=7 b0=f a1=8 b1=0 a2=3 b2=1 a3=2 b3=3 a4=7 b4=1 q1.out=17 l0,1=8b q1.in=44 a0=4 b0=4 a1=0 b1=6 a2=2 b2=3 a3=1 b3=b a4=c b4=f q1.out=fc

q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62 l1,0=18 q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l0,0=81 q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b

q0.in=4d a0=4 b0=d a1=9 b1=a a2=b b2=a a3=1 b3=6 a4=a b4=6 q0.out=6a l1,3=14 q0.in=72 a0=7 b0=2 a1=5 b1=e a2=f b2=9 a3=6 b3=b a4=9 b4=0 q0.out=09 l0,3=dc q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b

q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l1,2=9c q0.in=42 a0=4 b0=2 a1=6 b1=5 a2=3 b2=2 a3=1 b3=a a4=a b4=3 q0.out=3a l0,2=53 q0.in=b1 a0=b b0=1 a1=a b1=b a2=5 b2=6 a3=3 b3=e a4=e b4=c q0.out=ce

q0.in=d0 a0=d b0=0 a1=d b1=5 a2=c b2=2 a3=e b3=d a4=7 b4=5 q0.out=57 l1,1=8a q1.in=cb a0=c b0=b a1=7 b1=1 a2=e b2=e a3=0 b3=9 a4=4 b4=4 q1.out=44 l0,1=8b q1.in=17 a0=1 b0=7 a1=6 b1=2 a2=6 b2=2 a3=4 b3=7 a4=1 b4=e q1.out=e1

q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l1,0=18 q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab l0,0=81 q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8

y0 = 89	y1 = 2b	y2 = fc	y3 = 9b	y0 = 0b	y1 = ce	y2 = e1	y3 = d8
MDS input = Y = y0y1y2y3 = 892bfc9b				MDS input = Y = y0y1y2y3 = 0bcee1d8

MDS output = Z = z0z1z2z3 = 77b998c4

MDS output = Z = z0z1z2z3 = 48567c31

z0 = 77

z1 = b9

z2 = 98

z3 = c4

z0 = 48

z1 = 56

z2 = 7c

z3 = 31

T0 = g(R0) = 77b998c4

T1 = g(ROL(R1, 8)) = 48567c31

F6,0 = (T0 + T1 + K20) mod 232 = (77b998c4 + 48567c31 + 7b65df4c) mod 232 = (c498b977(big endian) + 317c5648(big endian) + 4cdf657b(big endian)) mod 232 = 42f4753a(big endian) = 3a75f442.

F6,1 = (T0 + 2T1 + K21) mod 232 = (77b998c4 + 2[48567c31] + 2189e236) mod 232 = (c498b977(big endian) + 2[317c5648(big endian)] + 36e28921(big endian)) mod 232 = (c498b977(big endian) + 62f8ac90(big endian) + 36e28921(big endian)) mod 232 = 5e73ef28(big endian) = 28ef735e.

R7,0  =  ROR(R6, 2    F6,0,1) =  ROR(e35f098a    3a75f442, 1) =  ROR(d92afdc8, 1) =  ROR(c8fd2ad9(big endian), 1) =  e47e956c(big endian) =  6c957ee4

R7,1  =  ROL(R6, 3,  1)    F6,1) =  ROL(0adee844,  1)    28ef735e =  ROL(44e8de0a(big endian),  1)    28ef735e =  89d1bc14(big endian)    28ef735e =  14bcd189   28ef735e =  3c53a2d7.

R7,2 = R6,0 = b4343e46

R7,3 = R6,1 = 07d0014d

 

Encryption of block 1, round r=7

g input = X = x0x1x2x3 = R7,0 = 6c957ee4

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(3c53a2d7 ,  8) = ROL(d7a2533c(big endian),  8) = a2533cd7(big endian) = d73c53a2.

x0 = 6c

x1 = 95

x2 = 7e

x3 = e4

x0 = d7

x1 = 3c

x2 = 53

x3 = a2

y2,0 = 6c

y2,1 = 95

y2,2 = 7e

y2,3 = e4

y2,0 = d7

y2,1 = 3c

y2,2 = 53

y2,3 = a2

q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l1,3=14 q0.in=2b a0=2 b0=b a1=9 b1=f a2=b b2=d a3=6 b3=d a4=9 b4=5 q0.out=59 l0,3=dc q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e

q1.in=95 a0=9 b0=5 a1=c b1=b a2=0 b2=5 a3=5 b3=a a4=6 b4=7 q1.out=76 l1,2=9c q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a l0,2=53 q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14

q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l1,1=8a q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l0,1=8b q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89 l1,0=18 q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l0,0=81 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72 l1,3=14 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39 l0,3=dc q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d

q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92 l1,2=9c q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l0,2=53 q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8

q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45 l1,1=8a q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,1=8b q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37

q1.in=a2 a0=a b0=2 a1=8 b1=b a2=3 b2=5 a3=6 b3=1 a4=9 b4=9 q1.out=99 l1,0=18 q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1 l0,0=81 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd

y0 = 6e	y1 = 14	y2 = 1f	y3 = 4c	y0 = 8d	y1 = b8	y2 = 37	y3 = dd
MDS input = Y = y0y1y2y3 = 6e141f4c				MDS input = Y = y0y1y2y3 = 8db837dd

MDS output = Z = z0z1z2z3 = dcdb81f0

MDS output = Z = z0z1z2z3 = 2398cd75

z0 = dc

z1 = db

z2 = 81

z3 = f0

z0 = 23

z1 = 98

z2 = cd

z3 = 75

T0 = g(R0) = dcdb81f0

T1 = g(ROL(R1, 8)) = 2398cd75

F7,0 = (T0 + T1 + K22) mod 232 = (dcdb81f0 + 2398cd75 + 25d0b3fc) mod 232 = (f081dbdc(big endian) + 75cd9823(big endian) + fcb3d025(big endian)) mod 232 = 63034424(big endian) = 24440363.

F7,1 = (T0 + 2T1 + K23) mod 232 = (dcdb81f0 + 2[2398cd75] + eb1e6ea6) mod 232 = (f081dbdc(big endian) + 2[75cd9823(big endian)] + a66e1eeb(big endian)) mod 232 = (f081dbdc(big endian) + eb9b3046(big endian) + a66e1eeb(big endian)) mod 232 = 828b2b0d(big endian) = 0d2b8b82.

R8,0  =  ROR(R7, 2    F7,0,1) =  ROR(b4343e46    24440363, 1) =  ROR(90703d25, 1) =  ROR(253d7090(big endian), 1) =  129eb848(big endian) =  48b89e12

R8,1  =  ROL(R7, 3,  1)    F7,1) =  ROL(07d0014d,  1)    0d2b8b82 =  ROL(4d01d007(big endian),  1)    0d2b8b82 =  9a03a00e(big endian)    0d2b8b82 =  0ea0039a   0d2b8b82 =  038b8818.

R8,2 = R7,0 = 6c957ee4

R8,3 = R7,1 = 3c53a2d7

 

Encryption of block 1, round r=8

g input = X = x0x1x2x3 = R8,0 = 48b89e12

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(038b8818 ,  8) = ROL(18888b03(big endian),  8) = 888b0318(big endian) = 18038b88.

x0 = 48

x1 = b8

x2 = 9e

x3 = 12

x0 = 18

x1 = 03

x2 = 8b

x3 = 88

y2,0 = 48

y2,1 = b8

y2,2 = 9e

y2,3 = 12

y2,0 = 18

y2,1 = 03

y2,2 = 8b

y2,3 = 88

q0.in=48 a0=4 b0=8 a1=c b1=0 a2=e b2=e a3=0 b3=9 a4=b b4=b q0.out=bb l1,3=14 q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee l0,3=dc q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2

q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l1,2=9c q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l0,2=53 q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e

q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l1,1=8a q1.in=96 a0=9 b0=6 a1=f b1=2 a2=5 b2=2 a3=7 b3=c a4=a b4=2 q1.out=2a l0,1=8b q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a

q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8 l1,0=18 q1.in=cc a0=c b0=c a1=0 b1=a a2=2 b2=a a3=8 b3=7 a4=0 b4=e q1.out=e0 l0,0=81 q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16

q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l1,3=14 q0.in=5b a0=5 b0=b a1=e b1=0 a2=a b2=e a3=4 b3=d a4=6 b4=5 q0.out=56 l0,3=dc q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,2=9c q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l0,2=53 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd

q0.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=2 a3=f b3=4 a4=1 b4=1 q0.out=11 l1,1=8a q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1 l0,1=8b q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1

q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b l1,0=18 q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l0,0=81 q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68

y0 = e2	y1 = 5e	y2 = 9a	y3 = 16	y0 = 9e	y1 = dd	y2 = a1	y3 = 68
MDS input = Y = y0y1y2y3 = e25e9a16				MDS input = Y = y0y1y2y3 = 9edda168

MDS output = Z = z0z1z2z3 = 9fefd4a3

MDS output = Z = z0z1z2z3 = 553815da

z0 = 9f

z1 = ef

z2 = d4

z3 = a3

z0 = 55

z1 = 38

z2 = 15

z3 = da

T0 = g(R0) = 9fefd4a3

T1 = g(ROL(R1, 8)) = 553815da

F8,0 = (T0 + T1 + K24) mod 232 = (9fefd4a3 + 553815da + 97054619) mod 232 = (a3d4ef9f(big endian) + da153855(big endian) + 19460597(big endian)) mod 232 = 97302d8b(big endian) = 8b2d3097.

F8,1 = (T0 + 2T1 + K25) mod 232 = (9fefd4a3 + 2[553815da] + ccf7f077) mod 232 = (a3d4ef9f(big endian) + 2[da153855(big endian)] + 77f0f7cc(big endian)) mod 232 = (a3d4ef9f(big endian) + b42a70aa(big endian) + 77f0f7cc(big endian)) mod 232 = cff05815(big endian) = 1558f0cf.

R9,0  =  ROR(R8, 2    F8,0,1) =  ROR(6c957ee4    8b2d3097, 1) =  ROR(e7b84e73, 1) =  ROR(734eb8e7(big endian), 1) =  b9a75c73(big endian) =  735ca7b9

R9,1  =  ROL(R8, 3,  1)    F8,1) =  ROL(3c53a2d7,  1)    1558f0cf =  ROL(d7a2533c(big endian),  1)    1558f0cf =  af44a679(big endian)    1558f0cf =  79a644af   1558f0cf =  6cfeb460.

R9,2 = R8,0 = 48b89e12

R9,3 = R8,1 = 038b8818

 

Encryption of block 1, round r=9

g input = X = x0x1x2x3 = R9,0 = 735ca7b9

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(6cfeb460 ,  8) = ROL(60b4fe6c(big endian),  8) = b4fe6c60(big endian) = 606cfeb4.

x0 = 73

x1 = 5c

x2 = a7

x3 = b9

x0 = 60

x1 = 6c

x2 = fe

x3 = b4

y2,0 = 73

y2,1 = 5c

y2,2 = a7

y2,3 = b9

y2,0 = 60

y2,1 = 6c

y2,2 = fe

y2,3 = b4

q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l1,3=14 q0.in=b5 a0=b b0=5 a1=e b1=9 a2=a b2=4 a3=e b3=8 a4=7 b4=9 q0.out=97 l0,3=dc q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1

q1.in=5c a0=5 b0=c a1=9 b1=b a2=1 b2=5 a3=4 b3=3 a4=1 b4=1 q1.out=11 l1,2=9c q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b l0,2=53 q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20

q0.in=a7 a0=a b0=7 a1=d b1=1 a2=c b2=c a3=0 b3=a a4=b b4=3 q0.out=3b l1,1=8a q1.in=a7 a0=a b0=7 a1=d b1=1 a2=a b2=e a3=4 b3=d a4=1 b4=0 q1.out=01 l0,1=8b q1.in=52 a0=5 b0=2 a1=7 b1=c a2=e b2=f a3=1 b3=1 a4=c b4=9 q1.out=9c

q1.in=b9 a0=b b0=9 a1=2 b1=f a2=b b2=8 a3=3 b3=7 a4=5 b4=e q1.out=e5 l1,0=18 q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61 l0,0=81 q0.in=bd a0=b b0=d a1=6 b1=d a2=3 b2=0 a3=3 b3=b a4=e b4=0 q0.out=0e

q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb l1,3=14 q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68 l0,3=dc q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2

q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l1,2=9c q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0 l0,2=53 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be

q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1 l1,1=8a q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l0,1=8b q1.in=83 a0=8 b0=3 a1=b b1=1 a2=4 b2=e a3=a b3=3 a4=d b4=1 q1.out=1d

q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l1,0=18 q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,0=81 q0.in=9c a0=9 b0=c a1=5 b1=7 a2=f b2=5 a3=a b3=d a4=f b4=5 q0.out=5f

y0 = f1	y1 = 20	y2 = 9c	y3 = 0e	y0 = a2	y1 = be	y2 = 1d	y3 = 5f
MDS input = Y = y0y1y2y3 = f1209c0e				MDS input = Y = y0y1y2y3 = a2be1d5f

MDS output = Z = z0z1z2z3 = cb545137

MDS output = Z = z0z1z2z3 = 3ee16a8d

z0 = cb

z1 = 54

z2 = 51

z3 = 37

z0 = 3e

z1 = e1

z2 = 6a

z3 = 8d

T0 = g(R0) = cb545137

T1 = g(ROL(R1, 8)) = 3ee16a8d

F9,0 = (T0 + T1 + K26) mod 232 = (cb545137 + 3ee16a8d + d5b22d8a) mod 232 = (375154cb(big endian) + 8d6ae13e(big endian) + 8a2db2d5(big endian)) mod 232 = 4ee9e8de(big endian) = dee8e94e.

F9,1 = (T0 + 2T1 + K27) mod 232 = (cb545137 + 2[3ee16a8d] + 66325910) mod 232 = (375154cb(big endian) + 2[8d6ae13e(big endian)] + 10593266(big endian)) mod 232 = (375154cb(big endian) + 1ad5c27c(big endian) + 10593266(big endian)) mod 232 = 628049ad(big endian) = ad498062.

R10,0  =  ROR(R9, 2    F9,0,1) =  ROR(48b89e12    dee8e94e, 1) =  ROR(9650775c, 1) =  ROR(5c775096(big endian), 1) =  2e3ba84b(big endian) =  4ba83b2e

R10,1  =  ROL(R9, 3,  1)    F9,1) =  ROL(038b8818,  1)    ad498062 =  ROL(18888b03(big endian),  1)    ad498062 =  31111606(big endian)    ad498062 =  06161131   ad498062 =  ab5f9153.

R10,2 = R9,0 = 735ca7b9

R10,3 = R9,1 = 6cfeb460

 

Encryption of block 1, round r=10

g input = X = x0x1x2x3 = R10,0 = 4ba83b2e

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(ab5f9153 ,  8) = ROL(53915fab(big endian),  8) = 915fab53(big endian) = 53ab5f91.

x0 = 4b

x1 = a8

x2 = 3b

x3 = 2e

x0 = 53

x1 = ab

x2 = 5f

x3 = 91

y2,0 = 4b

y2,1 = a8

y2,2 = 3b

y2,3 = 2e

y2,0 = 53

y2,1 = ab

y2,2 = 5f

y2,3 = 91

q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b l1,3=14 q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l0,3=dc q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l1,2=9c q0.in=92 a0=9 b0=2 a1=b b1=0 a2=9 b2=e a3=7 b3=6 a4=0 b4=6 q0.out=60 l0,2=53 q0.in=eb a0=e b0=b a1=5 b1=3 a2=f b2=8 a3=7 b3=3 a4=0 b4=4 q0.out=40

q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l1,1=8a q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l0,1=8b q1.in=fd a0=f b0=d a1=2 b1=9 a2=b b2=d a3=6 b3=d a4=9 b4=0 q1.out=09

q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2 l1,0=18 q1.in=c6 a0=c b0=6 a1=a b1=f a2=9 b2=8 a3=1 b3=5 a4=c b4=3 q1.out=3c l0,0=81 q0.in=e0 a0=e b0=0 a1=e b1=e a2=a b2=9 a3=3 b3=6 a4=e b4=6 q0.out=6e

q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45 l1,3=14 q0.in=5d a0=5 b0=d a1=8 b1=3 a2=0 b2=8 a3=8 b3=4 a4=c b4=1 q0.out=1c l0,3=dc q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=5f a0=5 b0=f a1=a b1=2 a2=5 b2=b a3=e b3=0 a4=7 b4=d q0.out=d7 l1,1=8a q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10 l0,1=8b q1.in=43 a0=4 b0=3 a1=7 b1=d a2=e b2=9 a3=7 b3=2 a4=a b4=5 q1.out=5a

q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l1,0=18 q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,0=81 q0.in=41 a0=4 b0=1 a1=5 b1=c a2=f b2=7 a3=8 b3=c a4=c b4=8 q0.out=8c

y0 = 80	y1 = 40	y2 = 09	y3 = 6e	y0 = 1a	y1 = 72	y2 = 5a	y3 = 8c
MDS input = Y = y0y1y2y3 = 8040096e				MDS input = Y = y0y1y2y3 = 1a725a8c

MDS output = Z = z0z1z2z3 = 605f4f80

MDS output = Z = z0z1z2z3 = ae12ccad

z0 = 60

z1 = 5f

z2 = 4f

z3 = 80

z0 = ae

z1 = 12

z2 = cc

z3 = ad

T0 = g(R0) = 605f4f80

T1 = g(ROL(R1, 8)) = ae12ccad

F10,0 = (T0 + T1 + K28) mod 232 = (605f4f80 + ae12ccad + fdcb3639) mod 232 = (804f5f60(big endian) + adcc12ae(big endian) + 3936cbfd(big endian)) mod 232 = 67523e0b(big endian) = 0b3e5267.

F10,1 = (T0 + 2T1 + K29) mod 232 = (605f4f80 + 2[ae12ccad] + d853ba91) mod 232 = (804f5f60(big endian) + 2[adcc12ae(big endian)] + 91ba53d8(big endian)) mod 232 = (804f5f60(big endian) + 5b98255c(big endian) + 91ba53d8(big endian)) mod 232 = 6da1d894(big endian) = 94d8a16d.

R11,0  =  ROR(R10, 2    F10,0,1) =  ROR(735ca7b9    0b3e5267, 1) =  ROR(7862f5de, 1) =  ROR(def56278(big endian), 1) =  6f7ab13c(big endian) =  3cb17a6f

R11,1  =  ROL(R10, 3,  1)    F10,1) =  ROL(6cfeb460,  1)    94d8a16d =  ROL(60b4fe6c(big endian),  1)    94d8a16d =  c169fcd8(big endian)    94d8a16d =  d8fc69c1   94d8a16d =  4c24c8ac.

R11,2 = R10,0 = 4ba83b2e

R11,3 = R10,1 = ab5f9153

 

Encryption of block 1, round r=11

g input = X = x0x1x2x3 = R11,0 = 3cb17a6f

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(4c24c8ac ,  8) = ROL(acc8244c(big endian),  8) = c8244cac(big endian) = ac4c24c8.

x0 = 3c

x1 = b1

x2 = 7a

x3 = 6f

x0 = ac

x1 = 4c

x2 = 24

x3 = c8

y2,0 = 3c

y2,1 = b1

y2,2 = 7a

y2,3 = 6f

y2,0 = ac

y2,1 = 4c

y2,2 = 24

y2,3 = c8

q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16 l1,3=14 q0.in=0e a0=0 b0=e a1=e b1=7 a2=a b2=5 a3=f b3=0 a4=1 b4=d q0.out=d1 l0,3=dc q1.in=50 a0=5 b0=0 a1=5 b1=d a2=7 b2=9 a3=e b3=3 a4=3 b4=1 q1.out=13

q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l1,2=9c q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5 l0,2=53 q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2 l1,0=18 q1.in=f6 a0=f b0=6 a1=9 b1=4 a2=1 b2=4 a3=5 b3=b a4=6 b4=f q1.out=f6 l0,0=81 q0.in=2a a0=2 b0=a a1=8 b1=7 a2=0 b2=5 a3=5 b3=a a4=d b4=3 q0.out=3d

q0.in=ac a0=a b0=c a1=6 b1=c a2=3 b2=7 a3=4 b3=0 a4=6 b4=d q0.out=d6 l1,3=14 q0.in=ce a0=c b0=e a1=2 b1=b a2=7 b2=6 a3=1 b3=c a4=a b4=8 q0.out=8a l0,3=dc q1.in=0b a0=0 b0=b a1=b b1=d a2=4 b2=9 a3=d b3=8 a4=b b4=6 q1.out=6b

q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l1,2=9c q0.in=f6 a0=f b0=6 a1=9 b1=4 a2=b b2=1 a3=a b3=b a4=f b4=0 q0.out=0f l0,2=53 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06

q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l1,1=8a q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l0,1=8b q1.in=63 a0=6 b0=3 a1=5 b1=f a2=7 b2=8 a3=f b3=b a4=f b4=f q1.out=ff

q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce l1,0=18 q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df l0,0=81 q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8

y0 = 13	y1 = 62	y2 = c7	y3 = 3d	y0 = 6b	y1 = 06	y2 = ff	y3 = e8
MDS input = Y = y0y1y2y3 = 1362c73d				MDS input = Y = y0y1y2y3 = 6b06ffe8

MDS output = Z = z0z1z2z3 = 9cf48f81

MDS output = Z = z0z1z2z3 = 2722f42f

z0 = 9c

z1 = f4

z2 = 8f

z3 = 81

z0 = 27

z1 = 22

z2 = f4

z3 = 2f

T0 = g(R0) = 9cf48f81

T1 = g(ROL(R1, 8)) = 2722f42f

F11,0 = (T0 + T1 + K30) mod 232 = (9cf48f81 + 2722f42f + fd2d59b8) mod 232 = (818ff49c(big endian) + 2ff42227(big endian) + b8592dfd(big endian)) mod 232 = 69dd44c0(big endian) = c044dd69.

F11,1 = (T0 + 2T1 + K31) mod 232 = (9cf48f81 + 2[2722f42f] + 9c51af49) mod 232 = (818ff49c(big endian) + 2[2ff42227(big endian)] + 49af519c(big endian)) mod 232 = (818ff49c(big endian) + 5fe8444e(big endian) + 49af519c(big endian)) mod 232 = 2b278a86(big endian) = 868a272b.

R12,0  =  ROR(R11, 2    F11,0,1) =  ROR(4ba83b2e    c044dd69, 1) =  ROR(8bece647, 1) =  ROR(47e6ec8b(big endian), 1) =  a3f37645(big endian) =  4576f3a3

R12,1  =  ROL(R11, 3,  1)    F11,1) =  ROL(ab5f9153,  1)    868a272b =  ROL(53915fab(big endian),  1)    868a272b =  a722bf56(big endian)    868a272b =  56bf22a7   868a272b =  d035058c.

R12,2 = R11,0 = 3cb17a6f

R12,3 = R11,1 = 4c24c8ac

 

Encryption of block 1, round r=12

g input = X = x0x1x2x3 = R12,0 = 4576f3a3

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(d035058c ,  8) = ROL(8c0535d0(big endian),  8) = 0535d08c(big endian) = 8cd03505.

x0 = 45

x1 = 76

x2 = f3

x3 = a3

x0 = 8c

x1 = d0

x2 = 35

x3 = 05

y2,0 = 45

y2,1 = 76

y2,2 = f3

y2,3 = a3

y2,0 = 8c

y2,1 = d0

y2,2 = 35

y2,3 = 05

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,3=14 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l0,3=dc q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l1,2=9c q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb l0,2=53 q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81

q0.in=f3 a0=f b0=3 a1=c b1=e a2=e b2=9 a3=7 b3=2 a4=0 b4=f q0.out=f0 l1,1=8a q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,1=8b q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,0=18 q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,0=81 q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b

q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31 l1,3=14 q0.in=29 a0=2 b0=9 a1=b b1=e a2=9 b2=9 a3=0 b3=d a4=b b4=5 q0.out=5b l0,3=dc q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df

q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l1,2=9c q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee l0,2=53 q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf

q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l1,1=8a q1.in=cd a0=c b0=d a1=1 b1=2 a2=8 b2=2 a3=a b3=9 a4=d b4=4 q1.out=4d l0,1=8b q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,0=18 q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2 l0,0=81 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

y0 = ca	y1 = 81	y2 = fd	y3 = 1b	y0 = df	y1 = cf	y2 = 06	y3 = e3
MDS input = Y = y0y1y2y3 = ca81fd1b				MDS input = Y = y0y1y2y3 = dfcf06e3

MDS output = Z = z0z1z2z3 = ae0a6509

MDS output = Z = z0z1z2z3 = 98943997

z0 = ae

z1 = 0a

z2 = 65

z3 = 09

z0 = 98

z1 = 94

z2 = 39

z3 = 97

T0 = g(R0) = ae0a6509

T1 = g(ROL(R1, 8)) = 98943997

F12,0 = (T0 + T1 + K32) mod 232 = (ae0a6509 + 98943997 + 165703a2) mod 232 = (09650aae(big endian) + 97399498(big endian) + a2035716(big endian)) mod 232 = 42a1f65c(big endian) = 5cf6a142.

F12,1 = (T0 + 2T1 + K33) mod 232 = (ae0a6509 + 2[98943997] + bdabf862) mod 232 = (09650aae(big endian) + 2[97399498(big endian)] + 62f8abbd(big endian)) mod 232 = (09650aae(big endian) + 2e732930(big endian) + 62f8abbd(big endian)) mod 232 = 9ad0df9b(big endian) = 9bdfd09a.

R13,0  =  ROR(R12, 2    F12,0,1) =  ROR(3cb17a6f    5cf6a142, 1) =  ROR(6047db2d, 1) =  ROR(2ddb4760(big endian), 1) =  16eda3b0(big endian) =  b0a3ed16

R13,1  =  ROL(R12, 3,  1)    F12,1) =  ROL(4c24c8ac,  1)    9bdfd09a =  ROL(acc8244c(big endian),  1)    9bdfd09a =  59904899(big endian)    9bdfd09a =  99489059   9bdfd09a =  029740c3.

R13,2 = R12,0 = 4576f3a3

R13,3 = R12,1 = d035058c

 

Encryption of block 1, round r=13

g input = X = x0x1x2x3 = R13,0 = b0a3ed16

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(029740c3 ,  8) = ROL(c3409702(big endian),  8) = 409702c3(big endian) = c3029740.

x0 = b0

x1 = a3

x2 = ed

x3 = 16

x0 = c3

x1 = 02

x2 = 97

x3 = 40

y2,0 = b0

y2,1 = a3

y2,2 = ed

y2,3 = 16

y2,0 = c3

y2,1 = 02

y2,2 = 97

y2,3 = 40

q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a l1,3=14 q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,3=dc q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,2=9c q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=53 q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l1,1=8a q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20 l0,1=8b q1.in=73 a0=7 b0=3 a1=4 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=8 q1.out=82

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,0=18 q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l0,0=81 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=c3 a0=c b0=3 a1=f b1=5 a2=4 b2=2 a3=6 b3=5 a4=9 b4=2 q0.out=29 l1,3=14 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01 l0,3=dc q1.in=80 a0=8 b0=0 a1=8 b1=8 a2=3 b2=6 a3=5 b3=8 a4=6 b4=6 q1.out=66

q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6 l1,2=9c q0.in=4c a0=4 b0=c a1=8 b1=2 a2=0 b2=b a3=b b3=d a4=3 b4=5 q0.out=53 l0,2=53 q0.in=d8 a0=d b0=8 a1=5 b1=1 a2=f b2=c a3=3 b3=1 a4=e b4=7 q0.out=7e

q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab l1,1=8a q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3 l0,1=8b q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l1,0=18 q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l0,0=81 q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4

y0 = c6	y1 = a1	y2 = 82	y3 = 9a	y0 = 66	y1 = 7e	y2 = d7	y3 = d4
MDS input = Y = y0y1y2y3 = c6a1829a				MDS input = Y = y0y1y2y3 = 667ed7d4

MDS output = Z = z0z1z2z3 = efb934de

MDS output = Z = z0z1z2z3 = 612671b4

z0 = ef

z1 = b9

z2 = 34

z3 = de

z0 = 61

z1 = 26

z2 = 71

z3 = b4

T0 = g(R0) = efb934de

T1 = g(ROL(R1, 8)) = 612671b4

F13,0 = (T0 + T1 + K34) mod 232 = (efb934de + 612671b4 + 6ae813f4) mod 232 = (de34b9ef(big endian) + b4712661(big endian) + f413e86a(big endian)) mod 232 = 86b9c8ba(big endian) = bac8b986.

F13,1 = (T0 + 2T1 + K35) mod 232 = (efb934de + 2[612671b4] + f3d8d036) mod 232 = (de34b9ef(big endian) + 2[b4712661(big endian)] + 36d0d8f3(big endian)) mod 232 = (de34b9ef(big endian) + 68e24cc2(big endian) + 36d0d8f3(big endian)) mod 232 = 7de7dfa4(big endian) = a4dfe77d.

R14,0  =  ROR(R13, 2    F13,0,1) =  ROR(4576f3a3    bac8b986, 1) =  ROR(ffbe4a25, 1) =  ROR(254abeff(big endian), 1) =  92a55f7f(big endian) =  7f5fa592

R14,1  =  ROL(R13, 3,  1)    F13,1) =  ROL(d035058c,  1)    a4dfe77d =  ROL(8c0535d0(big endian),  1)    a4dfe77d =  180a6ba1(big endian)    a4dfe77d =  a16b0a18   a4dfe77d =  05b4ed65.

R14,2 = R13,0 = b0a3ed16

R14,3 = R13,1 = 029740c3

 

Encryption of block 1, round r=14

g input = X = x0x1x2x3 = R14,0 = 7f5fa592

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(05b4ed65 ,  8) = ROL(65edb405(big endian),  8) = edb40565(big endian) = 6505b4ed.

x0 = 7f

x1 = 5f

x2 = a5

x3 = 92

x0 = 65

x1 = 05

x2 = b4

x3 = ed

y2,0 = 7f

y2,1 = 5f

y2,2 = a5

y2,3 = 92

y2,0 = 65

y2,1 = 05

y2,2 = b4

y2,3 = ed

q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7 l1,3=14 q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l0,3=dc q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83

q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l1,2=9c q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,2=53 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=a5 a0=a b0=5 a1=f b1=0 a2=4 b2=e a3=a b3=3 a4=f b4=4 q0.out=4f l1,1=8a q1.in=d3 a0=d b0=3 a1=e b1=c a2=c b2=f a3=3 b3=3 a4=5 b4=1 q1.out=15 l0,1=8b q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62

q1.in=92 a0=9 b0=2 a1=b b1=0 a2=4 b2=1 a3=5 b3=c a4=6 b4=2 q1.out=26 l1,0=18 q1.in=32 a0=3 b0=2 a1=1 b1=a a2=8 b2=a a3=2 b3=d a4=7 b4=0 q1.out=07 l0,0=81 q0.in=db a0=d b0=b a1=6 b1=8 a2=3 b2=f a3=c b3=4 a4=2 b4=1 q0.out=12

q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l1,3=14 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72 l0,3=dc q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,2=9c q0.in=f1 a0=f b0=1 a1=e b1=f a2=a b2=d a3=7 b3=4 a4=0 b4=1 q0.out=10 l0,2=53 q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b

q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l1,1=8a q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l0,1=8b q1.in=f5 a0=f b0=5 a1=a b1=d a2=9 b2=9 a3=0 b3=d a4=4 b4=0 q1.out=04

q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l1,0=18 q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l0,0=81 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae

y0 = 83	y1 = 9a	y2 = 62	y3 = 12	y0 = b4	y1 = 1b	y2 = 04	y3 = ae
MDS input = Y = y0y1y2y3 = 839a6212				MDS input = Y = y0y1y2y3 = b41b04ae

MDS output = Z = z0z1z2z3 = aae5797f

MDS output = Z = z0z1z2z3 = ca7a52ee

z0 = aa

z1 = e5

z2 = 79

z3 = 7f

z0 = ca

z1 = 7a

z2 = 52

z3 = ee

T0 = g(R0) = aae5797f

T1 = g(ROL(R1, 8)) = ca7a52ee

F14,0 = (T0 + T1 + K36) mod 232 = (aae5797f + ca7a52ee + e4ffcbcc) mod 232 = (7f79e5aa(big endian) + ee527aca(big endian) + cccbffe4(big endian)) mod 232 = 3a986058(big endian) = 5860983a.

F14,1 = (T0 + 2T1 + K37) mod 232 = (aae5797f + 2[ca7a52ee] + fd60441f) mod 232 = (7f79e5aa(big endian) + 2[ee527aca(big endian)] + 1f4460fd(big endian)) mod 232 = (7f79e5aa(big endian) + dca4f594(big endian) + 1f4460fd(big endian)) mod 232 = 7b633c3b(big endian) = 3b3c637b.

R15,0  =  ROR(R14, 2    F14,0,1) =  ROR(b0a3ed16    5860983a, 1) =  ROR(e8c3752c, 1) =  ROR(2c75c3e8(big endian), 1) =  163ae1f4(big endian) =  f4e13a16

R15,1  =  ROL(R14, 3,  1)    F14,1) =  ROL(029740c3,  1)    3b3c637b =  ROL(c3409702(big endian),  1)    3b3c637b =  86812e05(big endian)    3b3c637b =  052e8186   3b3c637b =  3e12e2fd.

R15,2 = R14,0 = 7f5fa592

R15,3 = R14,1 = 05b4ed65

 

Encryption of block 1, round r=15

g input = X = x0x1x2x3 = R15,0 = f4e13a16

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(3e12e2fd ,  8) = ROL(fde2123e(big endian),  8) = e2123efd(big endian) = fd3e12e2.

x0 = f4

x1 = e1

x2 = 3a

x3 = 16

x0 = fd

x1 = 3e

x2 = 12

x3 = e2

y2,0 = f4

y2,1 = e1

y2,2 = 3a

y2,3 = 16

y2,0 = fd

y2,1 = 3e

y2,2 = 12

y2,3 = e2

q0.in=f4 a0=f b0=4 a1=b b1=5 a2=9 b2=2 a3=b b3=0 a4=3 b4=d q0.out=d3 l1,3=14 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17 l0,3=dc q1.in=96 a0=9 b0=6 a1=f b1=2 a2=5 b2=2 a3=7 b3=c a4=a b4=2 q1.out=2a

q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l1,2=9c q0.in=43 a0=4 b0=3 a1=7 b1=d a2=2 b2=0 a3=2 b3=2 a4=5 b4=f q0.out=f5 l0,2=53 q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86

q0.in=3a a0=3 b0=a a1=9 b1=e a2=b b2=9 a3=2 b3=f a4=5 b4=a q0.out=a5 l1,1=8a q1.in=39 a0=3 b0=9 a1=a b1=7 a2=9 b2=7 a3=e b3=a a4=3 b4=7 q1.out=73 l0,1=8b q1.in=20 a0=2 b0=0 a1=2 b1=2 a2=b b2=2 a3=9 b3=2 a4=e b4=5 q1.out=5e

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,0=18 q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l0,0=81 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e l1,3=14 q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l0,3=dc q1.in=a4 a0=a b0=4 a1=e b1=8 a2=c b2=6 a3=a b3=f a4=d b4=a q1.out=ad

q1.in=3e a0=3 b0=e a1=d b1=c a2=a b2=f a3=5 b3=5 a4=6 b4=3 q1.out=36 l1,2=9c q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b l0,2=53 q0.in=c0 a0=c b0=0 a1=c b1=c a2=e b2=7 a3=9 b3=5 a4=8 b4=2 q0.out=28

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,1=8a q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23 l0,1=8b q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=e2 a0=e b0=2 a1=c b1=f a2=0 b2=8 a3=8 b3=4 a4=0 b4=c q1.out=c0 l1,0=18 q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59 l0,0=81 q0.in=85 a0=8 b0=5 a1=d b1=2 a2=c b2=b a3=7 b3=1 a4=0 b4=7 q0.out=70

y0 = 2a	y1 = 86	y2 = 5e	y3 = 9a	y0 = ad	y1 = 28	y2 = 79	y3 = 70
MDS input = Y = y0y1y2y3 = 2a865e9a				MDS input = Y = y0y1y2y3 = ad287970

MDS output = Z = z0z1z2z3 = 8f8c89dd

MDS output = Z = z0z1z2z3 = ca2f31cf

z0 = 8f

z1 = 8c

z2 = 89

z3 = dd

z0 = ca

z1 = 2f

z2 = 31

z3 = cf

T0 = g(R0) = 8f8c89dd

T1 = g(ROL(R1, 8)) = ca2f31cf

F15,0 = (T0 + T1 + K38) mod 232 = (8f8c89dd + ca2f31cf + aadffd38) mod 232 = (dd898c8f(big endian) + cf312fca(big endian) + 38fddfaa(big endian)) mod 232 = e5b89c03(big endian) = 039cb8e5.

F15,1 = (T0 + 2T1 + K39) mod 232 = (8f8c89dd + 2[ca2f31cf] + 56f4c1eb) mod 232 = (dd898c8f(big endian) + 2[cf312fca(big endian)] + ebc1f456(big endian)) mod 232 = (dd898c8f(big endian) + 9e625f94(big endian) + ebc1f456(big endian)) mod 232 = 67ade079(big endian) = 79e0ad67.

R16,0  =  ROR(R15, 2    F15,0,1) =  ROR(7f5fa592    039cb8e5, 1) =  ROR(7cc31d77, 1) =  ROR(771dc37c(big endian), 1) =  3b8ee1be(big endian) =  bee18e3b

R16,1  =  ROL(R15, 3,  1)    F15,1) =  ROL(05b4ed65,  1)    79e0ad67 =  ROL(65edb405(big endian),  1)    79e0ad67 =  cbdb680a(big endian)    79e0ad67 =  0a68dbcb   79e0ad67 =  738876ac.

R16,2 = R15,0 = f4e13a16

R16,3 = R15,1 = 3e12e2fd

 

Encryption of block 1 : Output Whiten

C0 = R16,2 mod 4    K0+4 = R16,2    K4 = f4e13a16    f57ea21f  =  019f9809

C1 = R16,3 mod 4    K1+4 = R16,3    K5 = 3e12e2fd    e005f378  =  de171185

C2 = R16,4 mod 4    K2+4 = R16,0    K6 = bee18e3b    314b4d98  =  8faac3a3

C3 = R16,5 mod 4    K3+4 = R16,1    K7 = 738876ac    c9a88d6f  =  ba20fbc3

 

Encryption of block 1: Ciphertext result

c0 = [C0 2[8(0 mod 4)]] mod 28 = [019f9809 20] mod 28 = [09989f01(big endian) 20] mod 28 = 01

c1 = [C0 2[8(1 mod 4)]] mod 28 = [019f9809 28] mod 28 = [09989f01(big endian) 28] mod 28 = 9f

c2 = [C0 2[8(2 mod 4)]] mod 28 = [019f9809 216] mod 28 = [09989f01(big endian) 216] mod 28 = 98

c3 = [C0 2[8(3 mod 4)]] mod 28 = [019f9809 224] mod 28 = [09989f01(big endian) 224] mod 28 = 09

c4 = [C1 2[8(4 mod 4)]] mod 28 = [de171185 20] mod 28 = [851117de(big endian) 20] mod 28 = de

c5 = [C1 2[8(5 mod 4)]] mod 28 = [de171185 28] mod 28 = [851117de(big endian) 28] mod 28 = 17

c6 = [C1 2[8(6 mod 4)]] mod 28 = [de171185 216] mod 28 = [851117de(big endian) 216] mod 28 = 11

c7 = [C1 2[8(7 mod 4)]] mod 28 = [de171185 224] mod 28 = [851117de(big endian) 224] mod 28 = 85

c8 = [C2 2[8(8 mod 4)]] mod 28 = [8faac3a3 20] mod 28 = [a3c3aa8f(big endian) 20] mod 28 = 8f

c9 = [C2 2[8(9 mod 4)]] mod 28 = [8faac3a3 28] mod 28 = [a3c3aa8f(big endian) 28] mod 28 = aa

c10 = [C2 2[8(10 mod 4)]] mod 28 = [8faac3a3 216] mod 28 = [a3c3aa8f(big endian) 216] mod 28 = c3

c11 = [C2 2[8(11 mod 4)]] mod 28 = [8faac3a3 224] mod 28 = [a3c3aa8f(big endian) 224] mod 28 = a3

c12 = [C3 2[8(12 mod 4)]] mod 28 = [ba20fbc3 20] mod 28 = [c3fb20ba(big endian) 20] mod 28 = ba

c13 = [C3 2[8(13 mod 4)]] mod 28 = [ba20fbc3 28] mod 28 = [c3fb20ba(big endian) 28] mod 28 = 20

c14 = [C3 2[8(14 mod 4)]] mod 28 = [ba20fbc3 216] mod 28 = [c3fb20ba(big endian) 216] mod 28 = fb

c15 = [C3 2[8(15 mod 4)]] mod 28 = [ba20fbc3 224] mod 28 = [c3fb20ba(big endian) 224] mod 28 = c3

Ciphertext block output = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = 019f9809de1711858faac3a3ba20fbc3

 

Encryption start: block 2

128-bit plaintext block = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = 182b2bd814979745f9dadadc29191965

P0 = p0p1p2p3 = 182b02d8	P1 = p4p5p6p7 = 1497ea45
P2 = p8p9p10p11 = f9daacdc	P3 = p12p13p14p15 = 29193a65

 

Encryption of block 2 : Encryption CBC step: Xor of plaintext block with ciphertext result of previous block

P '0 = P0 C0(previous round) = 182b02d8 019f9809 = 19b49ad1

P '1 = P1 C1(previous round) = 1497ea45 de171185 = ca80fbc0

P '2 = P2 C2(previous round) = f9daacdc 8faac3a3 = 76706f7f

P '3 = P3 C3(previous round) = 29193a65 ba20fbc3 = 9339c1a6

 

Encryption Input Whiten : Block 2

R0,0 = P '0 K0 = 19b49ad1 9bf1826a = 824518bb

R0,1 = P '1 K1 = ca80fbc0 02229b50 = c8a26090

R0,2 = P '2 K2 = 76706f7f ea11ea78 = 9c618507

R0,3 = P '3 K3 = 9339c1a6 ae0b98a1 = 3d325907

 

Encryption of block 2, round r=0

g input = X = x0x1x2x3 = R0,0 = 824518bb

g input = X = x0x1x2x3 = ROL(R0,1,  8) = ROL(c8a26090 ,  8) = ROL(9060a2c8(big endian),  8) = 60a2c890(big endian) = 90c8a260.

x0 = 82

x1 = 45

x2 = 18

x3 = bb

x0 = 90

x1 = c8

x2 = a2

x3 = 60

y2,0 = 82

y2,1 = 45

y2,2 = 18

y2,3 = bb

y2,0 = 90

y2,1 = c8

y2,2 = a2

y2,3 = 60

q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa l1,3=14 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,3=dc q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7

q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l1,2=9c q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l0,2=53 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91

q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l1,1=8a q1.in=df a0=d b0=f a1=2 b1=a a2=b b2=a a3=1 b3=6 a4=c b4=d q1.out=dc l0,1=8b q1.in=8f a0=8 b0=f a1=7 b1=7 a2=e b2=7 a3=9 b3=5 a4=e b4=3 q1.out=3e

q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l1,0=18 q1.in=43 a0=4 b0=3 a1=7 b1=d a2=e b2=9 a3=7 b3=2 a4=a b4=5 q1.out=5a l0,0=81 q0.in=86 a0=8 b0=6 a1=e b1=b a2=a b2=6 a3=c b3=9 a4=2 b4=b q0.out=b2

q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20 l1,3=14 q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,3=dc q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d

q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce l1,2=9c q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l0,2=53 q0.in=f8 a0=f b0=8 a1=7 b1=3 a2=2 b2=8 a3=a b3=6 a4=f b4=6 q0.out=6f

q0.in=a2 a0=a b0=2 a1=8 b1=b a2=0 b2=6 a3=6 b3=3 a4=9 b4=4 q0.out=49 l1,1=8a q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8 l0,1=8b q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,0=18 q1.in=b2 a0=b b0=2 a1=9 b1=2 a2=1 b2=2 a3=3 b3=8 a4=5 b4=6 q1.out=65 l0,0=81 q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f

y0 = f7	y1 = 91	y2 = 3e	y3 = b2	y0 = 9d	y1 = 6f	y2 = 56	y3 = 7f
MDS input = Y = y0y1y2y3 = f7913eb2				MDS input = Y = y0y1y2y3 = 9d6f567f

MDS output = Z = z0z1z2z3 = 4b1f49ca

MDS output = Z = z0z1z2z3 = fd5ad327

z0 = 4b

z1 = 1f

z2 = 49

z3 = ca

z0 = fd

z1 = 5a

z2 = d3

z3 = 27

T0 = g(R0) = 4b1f49ca

T1 = g(ROL(R1, 8)) = fd5ad327

F0,0 = (T0 + T1 + K8) mod 232 = (4b1f49ca + fd5ad327 + f595a22f) mod 232 = (ca491f4b(big endian) + 27d35afd(big endian) + 2fa295f5(big endian)) mod 232 = 21bf103d(big endian) = 3d10bf21.

F0,1 = (T0 + 2T1 + K9) mod 232 = (4b1f49ca + 2[fd5ad327] + b3c6caca) mod 232 = (ca491f4b(big endian) + 2[27d35afd(big endian)] + cacac6b3(big endian)) mod 232 = (ca491f4b(big endian) + 4fa6b5fa(big endian) + cacac6b3(big endian)) mod 232 = e4ba9bf8(big endian) = f89bbae4.

R1,0  =  ROR(R0, 2    F0,0,1) =  ROR(9c618507    3d10bf21, 1) =  ROR(a1713a26, 1) =  ROR(263a71a1(big endian), 1) =  931d38d0(big endian) =  d0381d93

R1,1  =  ROL(R0, 3,  1)    F0,1) =  ROL(3d325907,  1)    f89bbae4 =  ROL(0759323d(big endian),  1)    f89bbae4 =  0eb2647a(big endian)    f89bbae4 =  7a64b20e   f89bbae4 =  82ff08ea.

R1,2 = R0,0 = 824518bb

R1,3 = R0,1 = c8a26090

 

Encryption of block 2, round r=1

g input = X = x0x1x2x3 = R1,0 = d0381d93

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(82ff08ea ,  8) = ROL(ea08ff82(big endian),  8) = 08ff82ea(big endian) = ea82ff08.

x0 = d0

x1 = 38

x2 = 1d

x3 = 93

x0 = ea

x1 = 82

x2 = ff

x3 = 08

y2,0 = d0

y2,1 = 38

y2,2 = 1d

y2,3 = 93

y2,0 = ea

y2,1 = 82

y2,2 = ff

y2,3 = 08

q0.in=d0 a0=d b0=0 a1=d b1=5 a2=c b2=2 a3=e b3=d a4=7 b4=5 q0.out=57 l1,3=14 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1 l0,3=dc q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=38 a0=3 b0=8 a1=b b1=f a2=4 b2=8 a3=c b3=0 a4=2 b4=b q1.out=b2 l1,2=9c q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,2=53 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,1=8a q1.in=8f a0=8 b0=f a1=7 b1=7 a2=e b2=7 a3=9 b3=5 a4=e b4=3 q1.out=3e l0,1=8b q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,0=18 q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10 l0,0=81 q0.in=cc a0=c b0=c a1=0 b1=a a2=8 b2=a a3=2 b3=d a4=5 b4=5 q0.out=55

q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l1,3=14 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e l0,3=dc q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48

q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1 l1,2=9c q0.in=2b a0=2 b0=b a1=9 b1=f a2=b b2=d a3=6 b3=d a4=9 b4=5 q0.out=59 l0,2=53 q0.in=d2 a0=d b0=2 a1=f b1=4 a2=4 b2=1 a3=5 b3=c a4=d b4=8 q0.out=8d

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l1,0=18 q1.in=5e a0=5 b0=e a1=b b1=a a2=4 b2=a a3=e b3=1 a4=3 b4=9 q1.out=93 l0,0=81 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

y0 = 79	y1 = ae	y2 = e7	y3 = 55	y0 = 48	y1 = 8d	y2 = 5d	y3 = f1
MDS input = Y = y0y1y2y3 = 79aee755				MDS input = Y = y0y1y2y3 = 488d5df1

MDS output = Z = z0z1z2z3 = 35f9e7f6

MDS output = Z = z0z1z2z3 = c9278cee

z0 = 35

z1 = f9

z2 = e7

z3 = f6

z0 = c9

z1 = 27

z2 = 8c

z3 = ee

T0 = g(R0) = 35f9e7f6

T1 = g(ROL(R1, 8)) = c9278cee

F1,0 = (T0 + T1 + K10) mod 232 = (35f9e7f6 + c9278cee + 22166ed7) mod 232 = (f6e7f935(big endian) + ee8c27c9(big endian) + d76e1622(big endian)) mod 232 = bce23720(big endian) = 2037e2bc.

F1,1 = (T0 + 2T1 + K11) mod 232 = (35f9e7f6 + 2[c9278cee] + 2547a011) mod 232 = (f6e7f935(big endian) + 2[ee8c27c9(big endian)] + 11a04725(big endian)) mod 232 = (f6e7f935(big endian) + dd184f92(big endian) + 11a04725(big endian)) mod 232 = e5a08fec(big endian) = ec8fa0e5.

R2,0  =  ROR(R1, 2    F1,0,1) =  ROR(824518bb    2037e2bc, 1) =  ROR(a272fa07, 1) =  ROR(07fa72a2(big endian), 1) =  03fd3951(big endian) =  5139fd03

R2,1  =  ROL(R1, 3,  1)    F1,1) =  ROL(c8a26090,  1)    ec8fa0e5 =  ROL(9060a2c8(big endian),  1)    ec8fa0e5 =  20c14591(big endian)    ec8fa0e5 =  9145c120   ec8fa0e5 =  7dca61c5.

R2,2 = R1,0 = d0381d93

R2,3 = R1,1 = 82ff08ea

 

Encryption of block 2, round r=2

g input = X = x0x1x2x3 = R2,0 = 5139fd03

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(7dca61c5 ,  8) = ROL(c561ca7d(big endian),  8) = 61ca7dc5(big endian) = c57dca61.

x0 = 51

x1 = 39

x2 = fd

x3 = 03

x0 = c5

x1 = 7d

x2 = ca

x3 = 61

y2,0 = 51

y2,1 = 39

y2,2 = fd

y2,3 = 03

y2,0 = c5

y2,1 = 7d

y2,2 = ca

y2,3 = 61

q0.in=51 a0=5 b0=1 a1=4 b1=5 a2=6 b2=2 a3=4 b3=7 a4=6 b4=e q0.out=e6 l1,3=14 q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1 l0,3=dc q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38

q1.in=39 a0=3 b0=9 a1=a b1=7 a2=9 b2=7 a3=e b3=a a4=3 b4=7 q1.out=73 l1,2=9c q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d l0,2=53 q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec

q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e l1,1=8a q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l0,1=8b q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,0=18 q1.in=e0 a0=e b0=0 a1=e b1=e a2=c b2=0 a3=c b3=c a4=2 b4=2 q1.out=22 l0,0=81 q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1

q0.in=c5 a0=c b0=5 a1=9 b1=6 a2=b b2=3 a3=8 b3=a a4=c b4=3 q0.out=3c l1,3=14 q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l0,3=dc q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b

q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da l1,2=9c q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1 l0,2=53 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39

q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0 l1,1=8a q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l0,1=8b q1.in=d3 a0=d b0=3 a1=e b1=c a2=c b2=f a3=3 b3=3 a4=5 b4=1 q1.out=15

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,0=18 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,0=81 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

y0 = 38	y1 = ec	y2 = d4	y3 = c1	y0 = 7b	y1 = 39	y2 = 15	y3 = 5c
MDS input = Y = y0y1y2y3 = 38ecd4c1				MDS input = Y = y0y1y2y3 = 7b39155c

MDS output = Z = z0z1z2z3 = d3dd56e6

MDS output = Z = z0z1z2z3 = bfe61f84

z0 = d3

z1 = dd

z2 = 56

z3 = e6

z0 = bf

z1 = e6

z2 = 1f

z3 = 84

T0 = g(R0) = d3dd56e6

T1 = g(ROL(R1, 8)) = bfe61f84

F2,0 = (T0 + T1 + K12) mod 232 = (d3dd56e6 + bfe61f84 + a38a1320) mod 232 = (e656ddd3(big endian) + 841fe6bf(big endian) + 20138aa3(big endian)) mod 232 = 8a8a4f35(big endian) = 354f8a8a.

F2,1 = (T0 + 2T1 + K13) mod 232 = (d3dd56e6 + 2[bfe61f84] + 0813350e) mod 232 = (e656ddd3(big endian) + 2[841fe6bf(big endian)] + 0e351308(big endian)) mod 232 = (e656ddd3(big endian) + 083fcd7e(big endian) + 0e351308(big endian)) mod 232 = fccbbe59(big endian) = 59becbfc.

R3,0  =  ROR(R2, 2    F2,0,1) =  ROR(d0381d93    354f8a8a, 1) =  ROR(e5779719, 1) =  ROR(199777e5(big endian), 1) =  8ccbbbf2(big endian) =  f2bbcb8c

R3,1  =  ROL(R2, 3,  1)    F2,1) =  ROL(82ff08ea,  1)    59becbfc =  ROL(ea08ff82(big endian),  1)    59becbfc =  d411ff05(big endian)    59becbfc =  05ff11d4   59becbfc =  5c41da28.

R3,2 = R2,0 = 5139fd03

R3,3 = R2,1 = 7dca61c5

 

Encryption of block 2, round r=3

g input = X = x0x1x2x3 = R3,0 = f2bbcb8c

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(5c41da28 ,  8) = ROL(28da415c(big endian),  8) = da415c28(big endian) = 285c41da.

x0 = f2

x1 = bb

x2 = cb

x3 = 8c

x0 = 28

x1 = 5c

x2 = 41

x3 = da

y2,0 = f2

y2,1 = bb

y2,2 = cb

y2,3 = 8c

y2,0 = 28

y2,1 = 5c

y2,2 = 41

y2,3 = da

q0.in=f2 a0=f b0=2 a1=d b1=6 a2=c b2=3 a3=f b3=5 a4=1 b4=2 q0.out=21 l1,3=14 q0.in=39 a0=3 b0=9 a1=a b1=7 a2=5 b2=5 a3=0 b3=7 a4=b b4=e q0.out=eb l0,3=dc q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08

q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l1,2=9c q0.in=dd a0=d b0=d a1=0 b1=b a2=8 b2=6 a3=e b3=b a4=7 b4=0 q0.out=07 l0,2=53 q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31

q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17 l1,1=8a q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l0,1=8b q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c

q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef l1,0=18 q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56 l0,0=81 q0.in=8a a0=8 b0=a a1=2 b1=d a2=7 b2=0 a3=7 b3=f a4=0 b4=a q0.out=a0

q0.in=28 a0=2 b0=8 a1=a b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=1 q0.out=19 l1,3=14 q0.in=01 a0=0 b0=1 a1=1 b1=8 a2=1 b2=f a3=e b3=6 a4=7 b4=6 q0.out=67 l0,3=dc q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed

q1.in=5c a0=5 b0=c a1=9 b1=b a2=1 b2=5 a3=4 b3=3 a4=1 b4=1 q1.out=11 l1,2=9c q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b l0,2=53 q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20

q0.in=41 a0=4 b0=1 a1=5 b1=c a2=f b2=7 a3=8 b3=c a4=c b4=8 q0.out=8c l1,1=8a q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l0,1=8b q1.in=85 a0=8 b0=5 a1=d b1=2 a2=a b2=2 a3=8 b3=b a4=0 b4=f q1.out=f0

q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df l1,0=18 q1.in=cb a0=c b0=b a1=7 b1=1 a2=e b2=e a3=0 b3=9 a4=4 b4=4 q1.out=44 l0,0=81 q0.in=98 a0=9 b0=8 a1=1 b1=5 a2=1 b2=2 a3=3 b3=8 a4=e b4=9 q0.out=9e

y0 = 08	y1 = 31	y2 = 8c	y3 = a0	y0 = ed	y1 = 20	y2 = f0	y3 = 9e
MDS input = Y = y0y1y2y3 = 08318ca0				MDS input = Y = y0y1y2y3 = ed20f09e

MDS output = Z = z0z1z2z3 = e4883d5e

MDS output = Z = z0z1z2z3 = 149ed4d7

z0 = e4

z1 = 88

z2 = 3d

z3 = 5e

z0 = 14

z1 = 9e

z2 = d4

z3 = d7

T0 = g(R0) = e4883d5e

T1 = g(ROL(R1, 8)) = 149ed4d7

F3,0 = (T0 + T1 + K14) mod 232 = (e4883d5e + 149ed4d7 + 281a4854) mod 232 = (5e3d88e4(big endian) + d7d49e14(big endian) + 54481a28(big endian)) mod 232 = 8a5a4120(big endian) = 20415a8a.

F3,1 = (T0 + 2T1 + K15) mod 232 = (e4883d5e + 2[149ed4d7] + a0ddfa24) mod 232 = (5e3d88e4(big endian) + 2[d7d49e14(big endian)] + 24fadda0(big endian)) mod 232 = (5e3d88e4(big endian) + afa93c28(big endian) + 24fadda0(big endian)) mod 232 = 32e1a2ac(big endian) = aca2e132.

R4,0  =  ROR(R3, 2    F3,0,1) =  ROR(5139fd03    20415a8a, 1) =  ROR(7178a789, 1) =  ROR(89a77871(big endian), 1) =  c4d3bc38(big endian) =  38bcd3c4

R4,1  =  ROL(R3, 3,  1)    F3,1) =  ROL(7dca61c5,  1)    aca2e132 =  ROL(c561ca7d(big endian),  1)    aca2e132 =  8ac394fb(big endian)    aca2e132 =  fb94c38a   aca2e132 =  573622b8.

R4,2 = R3,0 = f2bbcb8c

R4,3 = R3,1 = 5c41da28

 

Encryption of block 2, round r=4

g input = X = x0x1x2x3 = R4,0 = 38bcd3c4

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(573622b8 ,  8) = ROL(b8223657(big endian),  8) = 223657b8(big endian) = b8573622.

x0 = 38

x1 = bc

x2 = d3

x3 = c4

x0 = b8

x1 = 57

x2 = 36

x3 = 22

y2,0 = 38

y2,1 = bc

y2,2 = d3

y2,3 = c4

y2,0 = b8

y2,1 = 57

y2,2 = 36

y2,3 = 22

q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l1,3=14 q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7 l0,3=dc q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74 l1,1=8a q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l0,1=8b q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0

q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l1,0=18 q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,0=81 q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7

q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l1,3=14 q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l0,3=dc q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da

q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70 l1,2=9c q0.in=fa a0=f b0=a a1=5 b1=2 a2=f b2=b a3=4 b3=a a4=6 b4=3 q0.out=36 l0,2=53 q0.in=bd a0=b b0=d a1=6 b1=d a2=3 b2=0 a3=3 b3=b a4=e b4=0 q0.out=0e

q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b l1,1=8a q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l0,1=8b q1.in=9b a0=9 b0=b a1=2 b1=c a2=b b2=f a3=4 b3=c a4=1 b4=2 q1.out=21

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,0=18 q1.in=ba a0=b b0=a a1=1 b1=6 a2=8 b2=3 a3=b b3=1 a4=8 b4=9 q1.out=98 l0,0=81 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

y0 = bc	y1 = cd	y2 = b0	y3 = f7	y0 = da	y1 = 0e	y2 = 21	y3 = 73
MDS input = Y = y0y1y2y3 = bccdb0f7				MDS input = Y = y0y1y2y3 = da0e2173

MDS output = Z = z0z1z2z3 = 72d632e0

MDS output = Z = z0z1z2z3 = 9642a16d

z0 = 72

z1 = d6

z2 = 32

z3 = e0

z0 = 96

z1 = 42

z2 = a1

z3 = 6d

T0 = g(R0) = 72d632e0

T1 = g(ROL(R1, 8)) = 9642a16d

F4,0 = (T0 + T1 + K16) mod 232 = (72d632e0 + 9642a16d + 19c3630c) mod 232 = (e032d672(big endian) + 6da14296(big endian) + 0c63c319(big endian)) mod 232 = 5a37dc21(big endian) = 21dc375a.

F4,1 = (T0 + 2T1 + K17) mod 232 = (72d632e0 + 2[9642a16d] + 5bc0b2cc) mod 232 = (e032d672(big endian) + 2[6da14296(big endian)] + ccb2c05b(big endian)) mod 232 = (e032d672(big endian) + db42852c(big endian) + ccb2c05b(big endian)) mod 232 = 88281bf9(big endian) = f91b2888.

R5,0  =  ROR(R4, 2    F4,0,1) =  ROR(f2bbcb8c    21dc375a, 1) =  ROR(d367fcd6, 1) =  ROR(d6fc67d3(big endian), 1) =  eb7e33e9(big endian) =  e9337eeb

R5,1  =  ROL(R4, 3,  1)    F4,1) =  ROL(5c41da28,  1)    f91b2888 =  ROL(28da415c(big endian),  1)    f91b2888 =  51b482b8(big endian)    f91b2888 =  b882b451   f91b2888 =  41999cd9.

R5,2 = R4,0 = 38bcd3c4

R5,3 = R4,1 = 573622b8

 

Encryption of block 2, round r=5

g input = X = x0x1x2x3 = R5,0 = e9337eeb

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(41999cd9 ,  8) = ROL(d99c9941(big endian),  8) = 9c9941d9(big endian) = d941999c.

x0 = e9

x1 = 33

x2 = 7e

x3 = eb

x0 = d9

x1 = 41

x2 = 99

x3 = 9c

y2,0 = e9

y2,1 = 33

y2,2 = 7e

y2,3 = eb

y2,0 = d9

y2,1 = 41

y2,2 = 99

y2,3 = 9c

q0.in=e9 a0=e b0=9 a1=7 b1=2 a2=2 b2=b a3=9 b3=f a4=8 b4=a q0.out=a8 l1,3=14 q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a l0,3=dc q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14 l1,2=9c q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l0,2=53 q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d

q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l1,1=8a q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l0,1=8b q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=eb a0=e b0=b a1=5 b1=3 a2=7 b2=b a3=c b3=2 a4=2 b4=5 q1.out=52 l1,0=18 q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62 l0,0=81 q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7

q0.in=d9 a0=d b0=9 a1=4 b1=9 a2=6 b2=4 a3=2 b3=4 a4=5 b4=1 q0.out=15 l1,3=14 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd l0,3=dc q1.in=5c a0=5 b0=c a1=9 b1=b a2=1 b2=5 a3=4 b3=3 a4=1 b4=1 q1.out=11

q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0 l1,2=9c q0.in=3a a0=3 b0=a a1=9 b1=e a2=b b2=9 a3=2 b3=f a4=5 b4=a q0.out=a5 l0,2=53 q0.in=2e a0=2 b0=e a1=c b1=5 a2=e b2=2 a3=c b3=f a4=2 b4=a q0.out=a2

q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l1,1=8a q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l0,1=8b q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc

q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4 l1,0=18 q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,0=81 q0.in=f5 a0=f b0=5 a1=a b1=d a2=5 b2=0 a3=5 b3=d a4=d b4=5 q0.out=5d

y0 = 1f	y1 = 1d	y2 = 1f	y3 = a7	y0 = 11	y1 = a2	y2 = bc	y3 = 5d
MDS input = Y = y0y1y2y3 = 1f1d1fa7				MDS input = Y = y0y1y2y3 = 11a2bc5d

MDS output = Z = z0z1z2z3 = 73e6957d

MDS output = Z = z0z1z2z3 = fdb0fb8c

z0 = 73

z1 = e6

z2 = 95

z3 = 7d

z0 = fd

z1 = b0

z2 = fb

z3 = 8c

T0 = g(R0) = 73e6957d

T1 = g(ROL(R1, 8)) = fdb0fb8c

F5,0 = (T0 + T1 + K18) mod 232 = (73e6957d + fdb0fb8c + d542f0e2) mod 232 = (7d95e673(big endian) + 8cfbb0fd(big endian) + e2f042d5(big endian)) mod 232 = ed81da45(big endian) = 45da81ed.

F5,1 = (T0 + 2T1 + K19) mod 232 = (73e6957d + 2[fdb0fb8c] + 9f8b15e9) mod 232 = (7d95e673(big endian) + 2[8cfbb0fd(big endian)] + e9158b9f(big endian)) mod 232 = (7d95e673(big endian) + 19f761fa(big endian) + e9158b9f(big endian)) mod 232 = 80a2d40c(big endian) = 0cd4a280.

R6,0  =  ROR(R5, 2    F5,0,1) =  ROR(38bcd3c4    45da81ed, 1) =  ROR(7d665229, 1) =  ROR(2952667d(big endian), 1) =  94a9333e(big endian) =  3e33a994

R6,1  =  ROL(R5, 3,  1)    F5,1) =  ROL(573622b8,  1)    0cd4a280 =  ROL(b8223657(big endian),  1)    0cd4a280 =  70446caf(big endian)    0cd4a280 =  af6c4470   0cd4a280 =  a3b8e6f0.

R6,2 = R5,0 = e9337eeb

R6,3 = R5,1 = 41999cd9

 

Encryption of block 2, round r=6

g input = X = x0x1x2x3 = R6,0 = 3e33a994

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(a3b8e6f0 ,  8) = ROL(f0e6b8a3(big endian),  8) = e6b8a3f0(big endian) = f0a3b8e6.

x0 = 3e

x1 = 33

x2 = a9

x3 = 94

x0 = f0

x1 = a3

x2 = b8

x3 = e6

y2,0 = 3e

y2,1 = 33

y2,2 = a9

y2,3 = 94

y2,0 = f0

y2,1 = a3

y2,2 = b8

y2,3 = e6

q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3 l1,3=14 q0.in=fb a0=f b0=b a1=4 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=4 q0.out=42 l0,3=dc q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe

q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14 l1,2=9c q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l0,2=53 q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d

q0.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=7 b4=8 q0.out=87 l1,1=8a q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l0,1=8b q1.in=48 a0=4 b0=8 a1=c b1=0 a2=0 b2=1 a3=1 b3=8 a4=c b4=6 q1.out=6c

q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec l1,0=18 q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16 l0,0=81 q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0

q0.in=f0 a0=f b0=0 a1=f b1=7 a2=4 b2=5 a3=1 b3=e a4=a b4=c q0.out=ca l1,3=14 q0.in=d2 a0=d b0=2 a1=f b1=4 a2=4 b2=1 a3=5 b3=c a4=d b4=8 q0.out=8d l0,3=dc q1.in=0c a0=0 b0=c a1=c b1=6 a2=0 b2=3 a3=3 b3=9 a4=5 b4=4 q1.out=45

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,2=9c q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=53 q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l1,1=8a q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0 l0,1=8b q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4

q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l1,0=18 q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,0=81 q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d

y0 = fe	y1 = 1d	y2 = 6c	y3 = b0	y0 = 45	y1 = a1	y2 = b4	y3 = 9d
MDS input = Y = y0y1y2y3 = fe1d6cb0				MDS input = Y = y0y1y2y3 = 45a1b49d

MDS output = Z = z0z1z2z3 = ef7ee2ca

MDS output = Z = z0z1z2z3 = 0b67e51a

z0 = ef

z1 = 7e

z2 = e2

z3 = ca

z0 = 0b

z1 = 67

z2 = e5

z3 = 1a

T0 = g(R0) = ef7ee2ca

T1 = g(ROL(R1, 8)) = 0b67e51a

F6,0 = (T0 + T1 + K20) mod 232 = (ef7ee2ca + 0b67e51a + 7b65df4c) mod 232 = (cae27eef(big endian) + 1ae5670b(big endian) + 4cdf657b(big endian)) mod 232 = 32a74b75(big endian) = 754ba732.

F6,1 = (T0 + 2T1 + K21) mod 232 = (ef7ee2ca + 2[0b67e51a] + 2189e236) mod 232 = (cae27eef(big endian) + 2[1ae5670b(big endian)] + 36e28921(big endian)) mod 232 = (cae27eef(big endian) + 35cace16(big endian) + 36e28921(big endian)) mod 232 = 378fd626(big endian) = 26d68f37.

R7,0  =  ROR(R6, 2    F6,0,1) =  ROR(e9337eeb    754ba732, 1) =  ROR(9c78d9d9, 1) =  ROR(d9d9789c(big endian), 1) =  6cecbc4e(big endian) =  4ebcec6c

R7,1  =  ROL(R6, 3,  1)    F6,1) =  ROL(41999cd9,  1)    26d68f37 =  ROL(d99c9941(big endian),  1)    26d68f37 =  b3393283(big endian)    26d68f37 =  833239b3   26d68f37 =  a5e4b684.

R7,2 = R6,0 = 3e33a994

R7,3 = R6,1 = a3b8e6f0

 

Encryption of block 2, round r=7

g input = X = x0x1x2x3 = R7,0 = 4ebcec6c

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(a5e4b684 ,  8) = ROL(84b6e4a5(big endian),  8) = b6e4a584(big endian) = 84a5e4b6.

x0 = 4e

x1 = bc

x2 = ec

x3 = 6c

x0 = 84

x1 = a5

x2 = e4

x3 = b6

y2,0 = 4e

y2,1 = bc

y2,2 = ec

y2,3 = 6c

y2,0 = 84

y2,1 = a5

y2,2 = e4

y2,3 = b6

q0.in=4e a0=4 b0=e a1=a b1=3 a2=5 b2=8 a3=d b3=9 a4=4 b4=b q0.out=b4 l1,3=14 q0.in=ac a0=a b0=c a1=6 b1=c a2=3 b2=7 a3=4 b3=0 a4=6 b4=d q0.out=d6 l0,3=dc q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc l1,1=8a q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l0,1=8b q1.in=6b a0=6 b0=b a1=d b1=b a2=a b2=5 a3=f b3=0 a4=f b4=b q1.out=bf

q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l1,0=18 q1.in=54 a0=5 b0=4 a1=1 b1=f a2=8 b2=8 a3=0 b3=c a4=4 b4=2 q1.out=24 l0,0=81 q0.in=f8 a0=f b0=8 a1=7 b1=3 a2=2 b2=8 a3=a b3=6 a4=f b4=6 q0.out=6f

q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l1,3=14 q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l0,3=dc q1.in=15 a0=1 b0=5 a1=4 b1=3 a2=f b2=b a3=4 b3=a a4=1 b4=7 q1.out=71

q1.in=a5 a0=a b0=5 a1=f b1=0 a2=5 b2=1 a3=4 b3=5 a4=1 b4=3 q1.out=31 l1,2=9c q0.in=bb a0=b b0=b a1=0 b1=e a2=8 b2=9 a3=1 b3=4 a4=a b4=1 q0.out=1a l0,2=53 q0.in=91 a0=9 b0=1 a1=8 b1=9 a2=0 b2=4 a3=4 b3=2 a4=6 b4=f q0.out=f6

q0.in=e4 a0=e b0=4 a1=a b1=c a2=5 b2=7 a3=2 b3=6 a4=5 b4=6 q0.out=65 l1,1=8a q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,1=8b q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea

q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l1,0=18 q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,0=81 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91

y0 = 70	y1 = cd	y2 = bf	y3 = 6f	y0 = 71	y1 = f6	y2 = ea	y3 = 91
MDS input = Y = y0y1y2y3 = 70cdbf6f				MDS input = Y = y0y1y2y3 = 71f6ea91

MDS output = Z = z0z1z2z3 = e2e05696

MDS output = Z = z0z1z2z3 = feb33db3

z0 = e2

z1 = e0

z2 = 56

z3 = 96

z0 = fe

z1 = b3

z2 = 3d

z3 = b3

T0 = g(R0) = e2e05696

T1 = g(ROL(R1, 8)) = feb33db3

F7,0 = (T0 + T1 + K22) mod 232 = (e2e05696 + feb33db3 + 25d0b3fc) mod 232 = (9656e0e2(big endian) + b33db3fe(big endian) + fcb3d025(big endian)) mod 232 = 46486505(big endian) = 05654846.

F7,1 = (T0 + 2T1 + K23) mod 232 = (e2e05696 + 2[feb33db3] + eb1e6ea6) mod 232 = (9656e0e2(big endian) + 2[b33db3fe(big endian)] + a66e1eeb(big endian)) mod 232 = (9656e0e2(big endian) + 667b67fc(big endian) + a66e1eeb(big endian)) mod 232 = a34067c9(big endian) = c96740a3.

R8,0  =  ROR(R7, 2    F7,0,1) =  ROR(3e33a994    05654846, 1) =  ROR(3b56e1d2, 1) =  ROR(d2e1563b(big endian), 1) =  e970ab1d(big endian) =  1dab70e9

R8,1  =  ROL(R7, 3,  1)    F7,1) =  ROL(a3b8e6f0,  1)    c96740a3 =  ROL(f0e6b8a3(big endian),  1)    c96740a3 =  e1cd7147(big endian)    c96740a3 =  4771cde1   c96740a3 =  8e168d42.

R8,2 = R7,0 = 4ebcec6c

R8,3 = R7,1 = a5e4b684

 

Encryption of block 2, round r=8

g input = X = x0x1x2x3 = R8,0 = 1dab70e9

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(8e168d42 ,  8) = ROL(428d168e(big endian),  8) = 8d168e42(big endian) = 428e168d.

x0 = 1d

x1 = ab

x2 = 70

x3 = e9

x0 = 42

x1 = 8e

x2 = 16

x3 = 8d

y2,0 = 1d

y2,1 = ab

y2,2 = 70

y2,3 = e9

y2,0 = 42

y2,1 = 8e

y2,2 = 16

y2,3 = 8d

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,3=14 q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78 l0,3=dc q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81 l1,1=8a q1.in=1d a0=1 b0=d a1=c b1=7 a2=0 b2=7 a3=7 b3=b a4=a b4=f q1.out=fa l0,1=8b q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23

q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2 l1,0=18 q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l0,0=81 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06

q0.in=42 a0=4 b0=2 a1=6 b1=5 a2=3 b2=2 a3=1 b3=a a4=a b4=3 q0.out=3a l1,3=14 q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l0,3=dc q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6

q1.in=8e a0=8 b0=e a1=6 b1=f a2=6 b2=8 a3=e b3=2 a4=3 b4=5 q1.out=53 l1,2=9c q0.in=d9 a0=d b0=9 a1=4 b1=9 a2=6 b2=4 a3=2 b3=4 a4=5 b4=1 q0.out=15 l0,2=53 q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a

q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec l1,1=8a q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l0,1=8b q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1

q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1 l1,0=18 q1.in=c5 a0=c b0=5 a1=9 b1=6 a2=1 b2=3 a3=2 b3=0 a4=7 b4=b q1.out=b7 l0,0=81 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af

y0 = 25	y1 = 72	y2 = 23	y3 = 06	y0 = e6	y1 = 0a	y2 = b1	y3 = af
MDS input = Y = y0y1y2y3 = 25722306				MDS input = Y = y0y1y2y3 = e60ab1af

MDS output = Z = z0z1z2z3 = b0f39971

MDS output = Z = z0z1z2z3 = f2569c53

z0 = b0

z1 = f3

z2 = 99

z3 = 71

z0 = f2

z1 = 56

z2 = 9c

z3 = 53

T0 = g(R0) = b0f39971

T1 = g(ROL(R1, 8)) = f2569c53

F8,0 = (T0 + T1 + K24) mod 232 = (b0f39971 + f2569c53 + 97054619) mod 232 = (7199f3b0(big endian) + 539c56f2(big endian) + 19460597(big endian)) mod 232 = de7c5039(big endian) = 39507cde.

F8,1 = (T0 + 2T1 + K25) mod 232 = (b0f39971 + 2[f2569c53] + ccf7f077) mod 232 = (7199f3b0(big endian) + 2[539c56f2(big endian)] + 77f0f7cc(big endian)) mod 232 = (7199f3b0(big endian) + a738ade4(big endian) + 77f0f7cc(big endian)) mod 232 = 90c39960(big endian) = 6099c390.

R9,0  =  ROR(R8, 2    F8,0,1) =  ROR(4ebcec6c    39507cde, 1) =  ROR(77ec90b2, 1) =  ROR(b290ec77(big endian), 1) =  d948763b(big endian) =  3b7648d9

R9,1  =  ROL(R8, 3,  1)    F8,1) =  ROL(a5e4b684,  1)    6099c390 =  ROL(84b6e4a5(big endian),  1)    6099c390 =  096dc94b(big endian)    6099c390 =  4bc96d09   6099c390 =  2b50ae99.

R9,2 = R8,0 = 1dab70e9

R9,3 = R8,1 = 8e168d42

 

Encryption of block 2, round r=9

g input = X = x0x1x2x3 = R9,0 = 3b7648d9

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(2b50ae99 ,  8) = ROL(99ae502b(big endian),  8) = ae502b99(big endian) = 992b50ae.

x0 = 3b

x1 = 76

x2 = 48

x3 = d9

x0 = 99

x1 = 2b

x2 = 50

x3 = ae

y2,0 = 3b

y2,1 = 76

y2,2 = 48

y2,3 = d9

y2,0 = 99

y2,1 = 2b

y2,2 = 50

y2,3 = ae

q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l1,3=14 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f l0,3=dc q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8

q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l1,2=9c q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb l0,2=53 q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81

q0.in=48 a0=4 b0=8 a1=c b1=0 a2=e b2=e a3=0 b3=9 a4=b b4=b q0.out=bb l1,1=8a q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,1=8b q1.in=ce a0=c b0=e a1=2 b1=b a2=b b2=5 a3=e b3=9 a4=3 b4=4 q1.out=43

q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l1,0=18 q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7 l0,0=81 q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26

q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l1,3=14 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,3=dc q1.in=87 a0=8 b0=7 a1=f b1=3 a2=5 b2=b a3=e b3=0 a4=3 b4=b q1.out=b3

q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e l1,2=9c q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,2=53 q0.in=8d a0=8 b0=d a1=5 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=c q0.out=c2

q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1 l1,1=8a q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da l0,1=8b q1.in=89 a0=8 b0=9 a1=1 b1=4 a2=8 b2=4 a3=c b3=a a4=2 b4=7 q1.out=72

q1.in=ae a0=a b0=e a1=4 b1=d a2=f b2=9 a3=6 b3=b a4=9 b4=f q1.out=f9 l1,0=18 q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l0,0=81 q0.in=de a0=d b0=e a1=3 b1=2 a2=d b2=b a3=6 b3=8 a4=9 b4=9 q0.out=99

y0 = e8	y1 = 81	y2 = 43	y3 = 26	y0 = b3	y1 = c2	y2 = 72	y3 = 99
MDS input = Y = y0y1y2y3 = e8814326				MDS input = Y = y0y1y2y3 = b3c27299

MDS output = Z = z0z1z2z3 = c1d39694

MDS output = Z = z0z1z2z3 = ab2cb558

z0 = c1

z1 = d3

z2 = 96

z3 = 94

z0 = ab

z1 = 2c

z2 = b5

z3 = 58

T0 = g(R0) = c1d39694

T1 = g(ROL(R1, 8)) = ab2cb558

F9,0 = (T0 + T1 + K26) mod 232 = (c1d39694 + ab2cb558 + d5b22d8a) mod 232 = (9496d3c1(big endian) + 58b52cab(big endian) + 8a2db2d5(big endian)) mod 232 = 7779b341(big endian) = 41b37977.

F9,1 = (T0 + 2T1 + K27) mod 232 = (c1d39694 + 2[ab2cb558] + 66325910) mod 232 = (9496d3c1(big endian) + 2[58b52cab(big endian)] + 10593266(big endian)) mod 232 = (9496d3c1(big endian) + b16a5956(big endian) + 10593266(big endian)) mod 232 = 565a5f7d(big endian) = 7d5f5a56.

R10,0  =  ROR(R9, 2    F9,0,1) =  ROR(1dab70e9    41b37977, 1) =  ROR(5c18099e, 1) =  ROR(9e09185c(big endian), 1) =  4f048c2e(big endian) =  2e8c044f

R10,1  =  ROL(R9, 3,  1)    F9,1) =  ROL(8e168d42,  1)    7d5f5a56 =  ROL(428d168e(big endian),  1)    7d5f5a56 =  851a2d1c(big endian)    7d5f5a56 =  1c2d1a85   7d5f5a56 =  617240d3.

R10,2 = R9,0 = 3b7648d9

R10,3 = R9,1 = 2b50ae99

 

Encryption of block 2, round r=10

g input = X = x0x1x2x3 = R10,0 = 2e8c044f

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(617240d3 ,  8) = ROL(d3407261(big endian),  8) = 407261d3(big endian) = d3617240.

x0 = 2e

x1 = 8c

x2 = 04

x3 = 4f

x0 = d3

x1 = 61

x2 = 72

x3 = 40

y2,0 = 2e

y2,1 = 8c

y2,2 = 04

y2,3 = 4f

y2,0 = d3

y2,1 = 61

y2,2 = 72

y2,3 = 40

q0.in=2e a0=2 b0=e a1=c b1=5 a2=e b2=2 a3=c b3=f a4=2 b4=a q0.out=a2 l1,3=14 q0.in=ba a0=b b0=a a1=1 b1=6 a2=1 b2=3 a3=2 b3=0 a4=5 b4=d q0.out=d5 l0,3=dc q1.in=54 a0=5 b0=4 a1=1 b1=f a2=8 b2=8 a3=0 b3=c a4=4 b4=2 q1.out=24

q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef l1,2=9c q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l0,2=53 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l1,1=8a q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81 l0,1=8b q1.in=d2 a0=d b0=2 a1=f b1=4 a2=5 b2=4 a3=1 b3=f a4=c b4=a q1.out=ac

q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l1,0=18 q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81 l0,0=81 q0.in=5d a0=5 b0=d a1=8 b1=3 a2=0 b2=8 a3=8 b3=4 a4=c b4=1 q0.out=1c

q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74 l1,3=14 q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l0,3=dc q1.in=b2 a0=b b0=2 a1=9 b1=2 a2=1 b2=2 a3=3 b3=8 a4=5 b4=6 q1.out=65

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,2=9c q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l0,2=53 q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75

q0.in=72 a0=7 b0=2 a1=5 b1=e a2=f b2=9 a3=6 b3=b a4=9 b4=0 q0.out=09 l1,1=8a q1.in=95 a0=9 b0=5 a1=c b1=b a2=0 b2=5 a3=5 b3=a a4=6 b4=7 q1.out=76 l0,1=8b q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00

q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l1,0=18 q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l0,0=81 q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4

y0 = 24	y1 = 73	y2 = ac	y3 = 1c	y0 = 65	y1 = 75	y2 = 00	y3 = d4
MDS input = Y = y0y1y2y3 = 2473ac1c				MDS input = Y = y0y1y2y3 = 657500d4

MDS output = Z = z0z1z2z3 = b4ec0786

MDS output = Z = z0z1z2z3 = 384e1934

z0 = b4

z1 = ec

z2 = 07

z3 = 86

z0 = 38

z1 = 4e

z2 = 19

z3 = 34

T0 = g(R0) = b4ec0786

T1 = g(ROL(R1, 8)) = 384e1934

F10,0 = (T0 + T1 + K28) mod 232 = (b4ec0786 + 384e1934 + fdcb3639) mod 232 = (8607ecb4(big endian) + 34194e38(big endian) + 3936cbfd(big endian)) mod 232 = f35806e9(big endian) = e90658f3.

F10,1 = (T0 + 2T1 + K29) mod 232 = (b4ec0786 + 2[384e1934] + d853ba91) mod 232 = (8607ecb4(big endian) + 2[34194e38(big endian)] + 91ba53d8(big endian)) mod 232 = (8607ecb4(big endian) + 68329c70(big endian) + 91ba53d8(big endian)) mod 232 = 7ff4dcfc(big endian) = fcdcf47f.

R11,0  =  ROR(R10, 2    F10,0,1) =  ROR(3b7648d9    e90658f3, 1) =  ROR(d270102a, 1) =  ROR(2a1070d2(big endian), 1) =  15083869(big endian) =  69380815

R11,1  =  ROL(R10, 3,  1)    F10,1) =  ROL(2b50ae99,  1)    fcdcf47f =  ROL(99ae502b(big endian),  1)    fcdcf47f =  335ca057(big endian)    fcdcf47f =  57a05c33   fcdcf47f =  ab7ca84c.

R11,2 = R10,0 = 2e8c044f

R11,3 = R10,1 = 617240d3

 

Encryption of block 2, round r=11

g input = X = x0x1x2x3 = R11,0 = 69380815

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(ab7ca84c ,  8) = ROL(4ca87cab(big endian),  8) = a87cab4c(big endian) = 4cab7ca8.

x0 = 69

x1 = 38

x2 = 08

x3 = 15

x0 = 4c

x1 = ab

x2 = 7c

x3 = a8

y2,0 = 69

y2,1 = 38

y2,2 = 08

y2,3 = 15

y2,0 = 4c

y2,1 = ab

y2,2 = 7c

y2,3 = a8

q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l1,3=14 q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l0,3=dc q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=38 a0=3 b0=8 a1=b b1=f a2=4 b2=8 a3=c b3=0 a4=2 b4=b q1.out=b2 l1,2=9c q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,2=53 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae

q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l1,1=8a q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l0,1=8b q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18

q1.in=15 a0=1 b0=5 a1=4 b1=3 a2=f b2=b a3=4 b3=a a4=1 b4=7 q1.out=71 l1,0=18 q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77 l0,0=81 q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46

q0.in=4c a0=4 b0=c a1=8 b1=2 a2=0 b2=b a3=b b3=d a4=3 b4=5 q0.out=53 l1,3=14 q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b l0,3=dc q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=7c a0=7 b0=c a1=b b1=9 a2=9 b2=4 a3=d b3=3 a4=4 b4=4 q0.out=44 l1,1=8a q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e l0,1=8b q1.in=3d a0=3 b0=d a1=e b1=5 a2=c b2=c a3=0 b3=a a4=4 b4=7 q1.out=74

q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l1,0=18 q1.in=0c a0=0 b0=c a1=c b1=6 a2=0 b2=3 a3=3 b3=9 a4=5 b4=4 q1.out=45 l0,0=81 q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c

y0 = d7	y1 = ae	y2 = 18	y3 = 46	y0 = 0d	y1 = 72	y2 = 74	y3 = 9c
MDS input = Y = y0y1y2y3 = d7ae1846				MDS input = Y = y0y1y2y3 = 0d72749c

MDS output = Z = z0z1z2z3 = 4c3e3a8c

MDS output = Z = z0z1z2z3 = 3c78bd7c

z0 = 4c

z1 = 3e

z2 = 3a

z3 = 8c

z0 = 3c

z1 = 78

z2 = bd

z3 = 7c

T0 = g(R0) = 4c3e3a8c

T1 = g(ROL(R1, 8)) = 3c78bd7c

F11,0 = (T0 + T1 + K30) mod 232 = (4c3e3a8c + 3c78bd7c + fd2d59b8) mod 232 = (8c3a3e4c(big endian) + 7cbd783c(big endian) + b8592dfd(big endian)) mod 232 = c150e485(big endian) = 85e450c1.

F11,1 = (T0 + 2T1 + K31) mod 232 = (4c3e3a8c + 2[3c78bd7c] + 9c51af49) mod 232 = (8c3a3e4c(big endian) + 2[7cbd783c(big endian)] + 49af519c(big endian)) mod 232 = (8c3a3e4c(big endian) + f97af078(big endian) + 49af519c(big endian)) mod 232 = cf648060(big endian) = 608064cf.

R12,0  =  ROR(R11, 2    F11,0,1) =  ROR(2e8c044f    85e450c1, 1) =  ROR(ab68548e, 1) =  ROR(8e5468ab(big endian), 1) =  c72a3455(big endian) =  55342ac7

R12,1  =  ROL(R11, 3,  1)    F11,1) =  ROL(617240d3,  1)    608064cf =  ROL(d3407261(big endian),  1)    608064cf =  a680e4c3(big endian)    608064cf =  c3e480a6   608064cf =  a364e469.

R12,2 = R11,0 = 69380815

R12,3 = R11,1 = ab7ca84c

 

Encryption of block 2, round r=12

g input = X = x0x1x2x3 = R12,0 = 55342ac7

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(a364e469 ,  8) = ROL(69e464a3(big endian),  8) = e464a369(big endian) = 69a364e4.

x0 = 55

x1 = 34

x2 = 2a

x3 = c7

x0 = 69

x1 = a3

x2 = 64

x3 = e4

y2,0 = 55

y2,1 = 34

y2,2 = 2a

y2,3 = c7

y2,0 = 69

y2,1 = a3

y2,2 = 64

y2,3 = e4

q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4 l1,3=14 q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc l0,3=dc q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0

q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5 l1,2=9c q0.in=3f a0=3 b0=f a1=c b1=4 a2=e b2=1 a3=f b3=6 a4=1 b4=6 q0.out=61 l0,2=53 q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b

q0.in=2a a0=2 b0=a a1=8 b1=7 a2=0 b2=5 a3=5 b3=a a4=d b4=3 q0.out=3d l1,1=8a q1.in=a1 a0=a b0=1 a1=b b1=2 a2=4 b2=2 a3=6 b3=5 a4=9 b4=3 q1.out=39 l0,1=8b q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08

q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5 l1,0=18 q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l0,0=81 q0.in=2e a0=2 b0=e a1=c b1=5 a2=e b2=2 a3=c b3=f a4=2 b4=a q0.out=a2

q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l1,3=14 q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l0,3=dc q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,2=9c q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=53 q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9 l1,1=8a q1.in=75 a0=7 b0=5 a1=2 b1=5 a2=b b2=c a3=7 b3=5 a4=a b4=3 q1.out=3a l0,1=8b q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f

q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89 l1,0=18 q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l0,0=81 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

y0 = d0	y1 = 2b	y2 = 08	y3 = a2	y0 = d7	y1 = a1	y2 = 6f	y3 = 4c
MDS input = Y = y0y1y2y3 = d02b08a2				MDS input = Y = y0y1y2y3 = d7a16f4c

MDS output = Z = z0z1z2z3 = 8a262497

MDS output = Z = z0z1z2z3 = 256e1634

z0 = 8a

z1 = 26

z2 = 24

z3 = 97

z0 = 25

z1 = 6e

z2 = 16

z3 = 34

T0 = g(R0) = 8a262497

T1 = g(ROL(R1, 8)) = 256e1634

F12,0 = (T0 + T1 + K32) mod 232 = (8a262497 + 256e1634 + 165703a2) mod 232 = (9724268a(big endian) + 34166e25(big endian) + a2035716(big endian)) mod 232 = 6d3debc5(big endian) = c5eb3d6d.

F12,1 = (T0 + 2T1 + K33) mod 232 = (8a262497 + 2[256e1634] + bdabf862) mod 232 = (9724268a(big endian) + 2[34166e25(big endian)] + 62f8abbd(big endian)) mod 232 = (9724268a(big endian) + 682cdc4a(big endian) + 62f8abbd(big endian)) mod 232 = 6249ae91(big endian) = 91ae4962.

R13,0  =  ROR(R12, 2    F12,0,1) =  ROR(69380815    c5eb3d6d, 1) =  ROR(acd33578, 1) =  ROR(7835d3ac(big endian), 1) =  3c1ae9d6(big endian) =  d6e91a3c

R13,1  =  ROL(R12, 3,  1)    F12,1) =  ROL(ab7ca84c,  1)    91ae4962 =  ROL(4ca87cab(big endian),  1)    91ae4962 =  9950f956(big endian)    91ae4962 =  56f95099   91ae4962 =  c75719fb.

R13,2 = R12,0 = 55342ac7

R13,3 = R12,1 = a364e469

 

Encryption of block 2, round r=13

g input = X = x0x1x2x3 = R13,0 = d6e91a3c

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(c75719fb ,  8) = ROL(fb1957c7(big endian),  8) = 1957c7fb(big endian) = fbc75719.

x0 = d6

x1 = e9

x2 = 1a

x3 = 3c

x0 = fb

x1 = c7

x2 = 57

x3 = 19

y2,0 = d6

y2,1 = e9

y2,2 = 1a

y2,3 = 3c

y2,0 = fb

y2,1 = c7

y2,2 = 57

y2,3 = 19

q0.in=d6 a0=d b0=6 a1=b b1=6 a2=9 b2=3 a3=a b3=8 a4=f b4=9 q0.out=9f l1,3=14 q0.in=87 a0=8 b0=7 a1=f b1=3 a2=4 b2=8 a3=c b3=0 a4=2 b4=d q0.out=d2 l0,3=dc q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2 l1,2=9c q0.in=28 a0=2 b0=8 a1=a b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=1 q0.out=19 l0,2=53 q0.in=92 a0=9 b0=2 a1=b b1=0 a2=9 b2=e a3=7 b3=6 a4=0 b4=6 q0.out=60

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,1=8a q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l0,1=8b q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c

q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92 l1,0=18 q1.in=86 a0=8 b0=6 a1=e b1=b a2=c b2=5 a3=9 b3=6 a4=e b4=d q1.out=de l0,0=81 q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3

q0.in=fb a0=f b0=b a1=4 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=4 q0.out=42 l1,3=14 q0.in=5a a0=5 b0=a a1=f b1=8 a2=4 b2=f a3=b b3=b a4=3 b4=0 q0.out=03 l0,3=dc q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1

q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5 l1,2=9c q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l0,2=53 q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92

q0.in=57 a0=5 b0=7 a1=2 b1=6 a2=7 b2=3 a3=4 b3=6 a4=6 b4=6 q0.out=66 l1,1=8a q1.in=fa a0=f b0=a a1=5 b1=2 a2=7 b2=2 a3=5 b3=e a4=6 b4=8 q1.out=86 l0,1=8b q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8

q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f l1,0=18 q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l0,0=81 q0.in=c7 a0=c b0=7 a1=b b1=7 a2=9 b2=5 a3=c b3=b a4=2 b4=0 q0.out=02

y0 = c7	y1 = 60	y2 = 7c	y3 = b3	y0 = a1	y1 = 92	y2 = a8	y3 = 02
MDS input = Y = y0y1y2y3 = c7607cb3				MDS input = Y = y0y1y2y3 = a192a802

MDS output = Z = z0z1z2z3 = 9dbe5783

MDS output = Z = z0z1z2z3 = de4c2ac5

z0 = 9d

z1 = be

z2 = 57

z3 = 83

z0 = de

z1 = 4c

z2 = 2a

z3 = c5

T0 = g(R0) = 9dbe5783

T1 = g(ROL(R1, 8)) = de4c2ac5

F13,0 = (T0 + T1 + K34) mod 232 = (9dbe5783 + de4c2ac5 + 6ae813f4) mod 232 = (8357be9d(big endian) + c52a4cde(big endian) + f413e86a(big endian)) mod 232 = 3c95f3e5(big endian) = e5f3953c.

F13,1 = (T0 + 2T1 + K35) mod 232 = (9dbe5783 + 2[de4c2ac5] + f3d8d036) mod 232 = (8357be9d(big endian) + 2[c52a4cde(big endian)] + 36d0d8f3(big endian)) mod 232 = (8357be9d(big endian) + 8a5499bc(big endian) + 36d0d8f3(big endian)) mod 232 = 447d314c(big endian) = 4c317d44.

R14,0  =  ROR(R13, 2    F13,0,1) =  ROR(55342ac7    e5f3953c, 1) =  ROR(b0c7bffb, 1) =  ROR(fbbfc7b0(big endian), 1) =  7ddfe3d8(big endian) =  d8e3df7d

R14,1  =  ROL(R13, 3,  1)    F13,1) =  ROL(a364e469,  1)    4c317d44 =  ROL(69e464a3(big endian),  1)    4c317d44 =  d3c8c946(big endian)    4c317d44 =  46c9c8d3   4c317d44 =  0af8b597.

R14,2 = R13,0 = d6e91a3c

R14,3 = R13,1 = c75719fb

 

Encryption of block 2, round r=14

g input = X = x0x1x2x3 = R14,0 = d8e3df7d

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(0af8b597 ,  8) = ROL(97b5f80a(big endian),  8) = b5f80a97(big endian) = 970af8b5.

x0 = d8

x1 = e3

x2 = df

x3 = 7d

x0 = 97

x1 = 0a

x2 = f8

x3 = b5

y2,0 = d8

y2,1 = e3

y2,2 = df

y2,3 = 7d

y2,0 = 97

y2,1 = 0a

y2,2 = f8

y2,3 = b5

q0.in=d8 a0=d b0=8 a1=5 b1=1 a2=f b2=c a3=3 b3=1 a4=e b4=7 q0.out=7e l1,3=14 q0.in=66 a0=6 b0=6 a1=0 b1=5 a2=8 b2=2 a3=a b3=9 a4=f b4=b q0.out=bf l0,3=dc q1.in=3e a0=3 b0=e a1=d b1=c a2=a b2=f a3=5 b3=5 a4=6 b4=3 q1.out=36

q1.in=e3 a0=e b0=3 a1=d b1=7 a2=a b2=7 a3=d b3=1 a4=b b4=9 q1.out=9b l1,2=9c q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6 l0,2=53 q0.in=4d a0=4 b0=d a1=9 b1=a a2=b b2=a a3=1 b3=6 a4=a b4=6 q0.out=6a

q0.in=df a0=d b0=f a1=2 b1=a a2=7 b2=a a3=d b3=a a4=4 b4=3 q0.out=34 l1,1=8a q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l0,1=8b q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10

q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da l1,0=18 q1.in=ce a0=c b0=e a1=2 b1=b a2=b b2=5 a3=e b3=9 a4=3 b4=4 q1.out=43 l0,0=81 q0.in=9f a0=9 b0=f a1=6 b1=e a2=3 b2=9 a3=a b3=7 a4=f b4=e q0.out=ef

q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab l1,3=14 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f l0,3=dc q1.in=ae a0=a b0=e a1=4 b1=d a2=f b2=9 a3=6 b3=b a4=9 b4=f q1.out=f9

q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6 l1,2=9c q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l0,2=53 q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac

q0.in=f8 a0=f b0=8 a1=7 b1=3 a2=2 b2=8 a3=a b3=6 a4=f b4=6 q0.out=6f l1,1=8a q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4 l0,1=8b q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab

q1.in=b5 a0=b b0=5 a1=e b1=9 a2=c b2=d a3=1 b3=2 a4=c b4=5 q1.out=5c l1,0=18 q1.in=48 a0=4 b0=8 a1=c b1=0 a2=0 b2=1 a3=1 b3=8 a4=c b4=6 q1.out=6c l0,0=81 q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a

y0 = 36	y1 = 6a	y2 = 10	y3 = ef	y0 = f9	y1 = ac	y2 = ab	y3 = 2a
MDS input = Y = y0y1y2y3 = 366a10ef				MDS input = Y = y0y1y2y3 = f9acab2a

MDS output = Z = z0z1z2z3 = e98db9d8

MDS output = Z = z0z1z2z3 = d3e8f8e3

z0 = e9

z1 = 8d

z2 = b9

z3 = d8

z0 = d3

z1 = e8

z2 = f8

z3 = e3

T0 = g(R0) = e98db9d8

T1 = g(ROL(R1, 8)) = d3e8f8e3

F14,0 = (T0 + T1 + K36) mod 232 = (e98db9d8 + d3e8f8e3 + e4ffcbcc) mod 232 = (d8b98de9(big endian) + e3f8e8d3(big endian) + cccbffe4(big endian)) mod 232 = 897e76a0(big endian) = a0767e89.

F14,1 = (T0 + 2T1 + K37) mod 232 = (e98db9d8 + 2[d3e8f8e3] + fd60441f) mod 232 = (d8b98de9(big endian) + 2[e3f8e8d3(big endian)] + 1f4460fd(big endian)) mod 232 = (d8b98de9(big endian) + c7f1d1a6(big endian) + 1f4460fd(big endian)) mod 232 = bfefc08c(big endian) = 8cc0efbf.

R15,0  =  ROR(R14, 2    F14,0,1) =  ROR(d6e91a3c    a0767e89, 1) =  ROR(769f64b5, 1) =  ROR(b5649f76(big endian), 1) =  5ab24fbb(big endian) =  bb4fb25a

R15,1  =  ROL(R14, 3,  1)    F14,1) =  ROL(c75719fb,  1)    8cc0efbf =  ROL(fb1957c7(big endian),  1)    8cc0efbf =  f632af8f(big endian)    8cc0efbf =  8faf32f6   8cc0efbf =  036fdd49.

R15,2 = R14,0 = d8e3df7d

R15,3 = R14,1 = 0af8b597

 

Encryption of block 2, round r=15

g input = X = x0x1x2x3 = R15,0 = bb4fb25a

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(036fdd49 ,  8) = ROL(49dd6f03(big endian),  8) = dd6f0349(big endian) = 49036fdd.

x0 = bb

x1 = 4f

x2 = b2

x3 = 5a

x0 = 49

x1 = 03

x2 = 6f

x3 = dd

y2,0 = bb

y2,1 = 4f

y2,2 = b2

y2,3 = 5a

y2,0 = 49

y2,1 = 03

y2,2 = 6f

y2,3 = dd

q0.in=bb a0=b b0=b a1=0 b1=e a2=8 b2=9 a3=1 b3=4 a4=a b4=1 q0.out=1a l1,3=14 q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3 l0,3=dc q1.in=32 a0=3 b0=2 a1=1 b1=a a2=8 b2=a a3=2 b3=d a4=7 b4=0 q1.out=07

q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l1,2=9c q0.in=06 a0=0 b0=6 a1=6 b1=3 a2=3 b2=8 a3=b b3=f a4=3 b4=a q0.out=a3 l0,2=53 q0.in=28 a0=2 b0=8 a1=a b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=1 q0.out=19

q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l1,1=8a q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70 l0,1=8b q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b

q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85 l1,0=18 q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l0,0=81 q0.in=ef a0=e b0=f a1=1 b1=1 a2=1 b2=c a3=d b3=f a4=4 b4=a q0.out=a4

q0.in=49 a0=4 b0=9 a1=d b1=8 a2=c b2=f a3=3 b3=3 a4=e b4=4 q0.out=4e l1,3=14 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l0,3=dc q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,2=9c q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l0,2=53 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd

q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l1,1=8a q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l0,1=8b q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95

q1.in=dd a0=d b0=d a1=0 b1=b a2=2 b2=5 a3=7 b3=8 a4=a b4=6 q1.out=6a l1,0=18 q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l0,0=81 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f

y0 = 07	y1 = 19	y2 = 5b	y3 = a4	y0 = a3	y1 = dd	y2 = 95	y3 = 8f
MDS input = Y = y0y1y2y3 = 07195ba4				MDS input = Y = y0y1y2y3 = a3dd958f

MDS output = Z = z0z1z2z3 = d48b9ef1

MDS output = Z = z0z1z2z3 = 6194140b

z0 = d4

z1 = 8b

z2 = 9e

z3 = f1

z0 = 61

z1 = 94

z2 = 14

z3 = 0b

T0 = g(R0) = d48b9ef1

T1 = g(ROL(R1, 8)) = 6194140b

F15,0 = (T0 + T1 + K38) mod 232 = (d48b9ef1 + 6194140b + aadffd38) mod 232 = (f19e8bd4(big endian) + 0b149461(big endian) + 38fddfaa(big endian)) mod 232 = 35b0ffdf(big endian) = dfffb035.

F15,1 = (T0 + 2T1 + K39) mod 232 = (d48b9ef1 + 2[6194140b] + 56f4c1eb) mod 232 = (f19e8bd4(big endian) + 2[0b149461(big endian)] + ebc1f456(big endian)) mod 232 = (f19e8bd4(big endian) + 162928c2(big endian) + ebc1f456(big endian)) mod 232 = f389a8ec(big endian) = eca889f3.

R16,0  =  ROR(R15, 2    F15,0,1) =  ROR(d8e3df7d    dfffb035, 1) =  ROR(071c6f48, 1) =  ROR(486f1c07(big endian), 1) =  a4378e03(big endian) =  038e37a4

R16,1  =  ROL(R15, 3,  1)    F15,1) =  ROL(0af8b597,  1)    eca889f3 =  ROL(97b5f80a(big endian),  1)    eca889f3 =  2f6bf015(big endian)    eca889f3 =  15f06b2f   eca889f3 =  f958e2dc.

R16,2 = R15,0 = bb4fb25a

R16,3 = R15,1 = 036fdd49

 

Encryption of block 2 : Output Whiten

C0 = R16,2 mod 4    K0+4 = R16,2    K4 = bb4fb25a    f57ea21f  =  4e311045

C1 = R16,3 mod 4    K1+4 = R16,3    K5 = 036fdd49    e005f378  =  e36a2e31

C2 = R16,4 mod 4    K2+4 = R16,0    K6 = 038e37a4    314b4d98  =  32c57a3c

C3 = R16,5 mod 4    K3+4 = R16,1    K7 = f958e2dc    c9a88d6f  =  30f06fb3

 

Encryption of block 2: Ciphertext result

c0 = [C0 2[8(0 mod 4)]] mod 28 = [4e311045 20] mod 28 = [4510314e(big endian) 20] mod 28 = 4e

c1 = [C0 2[8(1 mod 4)]] mod 28 = [4e311045 28] mod 28 = [4510314e(big endian) 28] mod 28 = 31

c2 = [C0 2[8(2 mod 4)]] mod 28 = [4e311045 216] mod 28 = [4510314e(big endian) 216] mod 28 = 10

c3 = [C0 2[8(3 mod 4)]] mod 28 = [4e311045 224] mod 28 = [4510314e(big endian) 224] mod 28 = 45

c4 = [C1 2[8(4 mod 4)]] mod 28 = [e36a2e31 20] mod 28 = [312e6ae3(big endian) 20] mod 28 = e3

c5 = [C1 2[8(5 mod 4)]] mod 28 = [e36a2e31 28] mod 28 = [312e6ae3(big endian) 28] mod 28 = 6a

c6 = [C1 2[8(6 mod 4)]] mod 28 = [e36a2e31 216] mod 28 = [312e6ae3(big endian) 216] mod 28 = 2e

c7 = [C1 2[8(7 mod 4)]] mod 28 = [e36a2e31 224] mod 28 = [312e6ae3(big endian) 224] mod 28 = 31

c8 = [C2 2[8(8 mod 4)]] mod 28 = [32c57a3c 20] mod 28 = [3c7ac532(big endian) 20] mod 28 = 32

c9 = [C2 2[8(9 mod 4)]] mod 28 = [32c57a3c 28] mod 28 = [3c7ac532(big endian) 28] mod 28 = c5

c10 = [C2 2[8(10 mod 4)]] mod 28 = [32c57a3c 216] mod 28 = [3c7ac532(big endian) 216] mod 28 = 7a

c11 = [C2 2[8(11 mod 4)]] mod 28 = [32c57a3c 224] mod 28 = [3c7ac532(big endian) 224] mod 28 = 3c

c12 = [C3 2[8(12 mod 4)]] mod 28 = [30f06fb3 20] mod 28 = [b36ff030(big endian) 20] mod 28 = 30

c13 = [C3 2[8(13 mod 4)]] mod 28 = [30f06fb3 28] mod 28 = [b36ff030(big endian) 28] mod 28 = f0

c14 = [C3 2[8(14 mod 4)]] mod 28 = [30f06fb3 216] mod 28 = [b36ff030(big endian) 216] mod 28 = 6f

c15 = [C3 2[8(15 mod 4)]] mod 28 = [30f06fb3 224] mod 28 = [b36ff030(big endian) 224] mod 28 = b3

Ciphertext block output = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = 4e311045e36a2e3132c57a3c30f06fb3

 

Encryption start: block 3

128-bit plaintext block = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = 248a8a3528b1b1acfdd1d16e3f51510c

P0 = p0p1p2p3 = 248a7f35	P1 = p4p5p6p7 = 28b168ac
P2 = p8p9p10p11 = fdd1386e	P3 = p12p13p14p15 = 3f51e30c

 

Encryption of block 3 : Encryption CBC step: Xor of plaintext block with ciphertext result of previous block

P '0 = P0 C0(previous round) = 248a7f35 4e311045 = 6abb6f70

P '1 = P1 C1(previous round) = 28b168ac e36a2e31 = cbdb469d

P '2 = P2 C2(previous round) = fdd1386e 32c57a3c = cf144252

P '3 = P3 C3(previous round) = 3f51e30c 30f06fb3 = 0fa18cbf

 

Encryption Input Whiten : Block 3

R0,0 = P '0 K0 = 6abb6f70 9bf1826a = f14aed1a

R0,1 = P '1 K1 = cbdb469d 02229b50 = c9f9ddcd

R0,2 = P '2 K2 = cf144252 ea11ea78 = 2505a82a

R0,3 = P '3 K3 = 0fa18cbf ae0b98a1 = a1aa141e

 

Encryption of block 3, round r=0

g input = X = x0x1x2x3 = R0,0 = f14aed1a

g input = X = x0x1x2x3 = ROL(R0,1,  8) = ROL(c9f9ddcd ,  8) = ROL(cdddf9c9(big endian),  8) = ddf9c9cd(big endian) = cdc9f9dd.

x0 = f1

x1 = 4a

x2 = ed

x3 = 1a

x0 = cd

x1 = c9

x2 = f9

x3 = dd

y2,0 = f1

y2,1 = 4a

y2,2 = ed

y2,3 = 1a

y2,0 = cd

y2,1 = c9

y2,2 = f9

y2,3 = dd

q0.in=f1 a0=f b0=1 a1=e b1=f a2=a b2=d a3=7 b3=4 a4=0 b4=1 q0.out=10 l1,3=14 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l0,3=dc q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b

q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7 l1,2=9c q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08 l0,2=53 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed

q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l1,1=8a q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20 l0,1=8b q1.in=73 a0=7 b0=3 a1=4 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=8 q1.out=82

q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l1,0=18 q1.in=ec a0=e b0=c a1=2 b1=8 a2=b b2=6 a3=d b3=0 a4=b b4=b q1.out=bb l0,0=81 q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba

q0.in=cd a0=c b0=d a1=1 b1=2 a2=1 b2=b a3=a b3=4 a4=f b4=1 q0.out=1f l1,3=14 q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l0,3=dc q1.in=f7 a0=f b0=7 a1=8 b1=c a2=3 b2=f a3=c b3=4 a4=2 b4=c q1.out=c2

q1.in=c9 a0=c b0=9 a1=5 b1=0 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q1.out=e9 l1,2=9c q0.in=63 a0=6 b0=3 a1=5 b1=f a2=f b2=d a3=2 b3=9 a4=5 b4=b q0.out=b5 l0,2=53 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d l1,1=8a q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l0,1=8b q1.in=a0 a0=a b0=0 a1=a b1=a a2=9 b2=a a3=3 b3=4 a4=5 b4=c q1.out=c5

q1.in=dd a0=d b0=d a1=0 b1=b a2=2 b2=5 a3=7 b3=8 a4=a b4=6 q1.out=6a l1,0=18 q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l0,0=81 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f

y0 = 1b	y1 = ed	y2 = 82	y3 = ba	y0 = c2	y1 = e3	y2 = c5	y3 = 8f
MDS input = Y = y0y1y2y3 = 1bed82ba				MDS input = Y = y0y1y2y3 = c2e3c58f

MDS output = Z = z0z1z2z3 = 635039d0

MDS output = Z = z0z1z2z3 = de4166fe

z0 = 63

z1 = 50

z2 = 39

z3 = d0

z0 = de

z1 = 41

z2 = 66

z3 = fe

T0 = g(R0) = 635039d0

T1 = g(ROL(R1, 8)) = de4166fe

F0,0 = (T0 + T1 + K8) mod 232 = (635039d0 + de4166fe + f595a22f) mod 232 = (d0395063(big endian) + fe6641de(big endian) + 2fa295f5(big endian)) mod 232 = fe422836(big endian) = 362842fe.

F0,1 = (T0 + 2T1 + K9) mod 232 = (635039d0 + 2[de4166fe] + b3c6caca) mod 232 = (d0395063(big endian) + 2[fe6641de(big endian)] + cacac6b3(big endian)) mod 232 = (d0395063(big endian) + fccc83bc(big endian) + cacac6b3(big endian)) mod 232 = 97d09ad2(big endian) = d29ad097.

R1,0  =  ROR(R0, 2    F0,0,1) =  ROR(2505a82a    362842fe, 1) =  ROR(132dead4, 1) =  ROR(d4ea2d13(big endian), 1) =  ea751689(big endian) =  891675ea

R1,1  =  ROL(R0, 3,  1)    F0,1) =  ROL(a1aa141e,  1)    d29ad097 =  ROL(1e14aaa1(big endian),  1)    d29ad097 =  3c295542(big endian)    d29ad097 =  4255293c   d29ad097 =  90cff9ab.

R1,2 = R0,0 = f14aed1a

R1,3 = R0,1 = c9f9ddcd

 

Encryption of block 3, round r=1

g input = X = x0x1x2x3 = R1,0 = 891675ea

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(90cff9ab ,  8) = ROL(abf9cf90(big endian),  8) = f9cf90ab(big endian) = ab90cff9.

x0 = 89

x1 = 16

x2 = 75

x3 = ea

x0 = ab

x1 = 90

x2 = cf

x3 = f9

y2,0 = 89

y2,1 = 16

y2,2 = 75

y2,3 = ea

y2,0 = ab

y2,1 = 90

y2,2 = cf

y2,3 = f9

q0.in=89 a0=8 b0=9 a1=1 b1=4 a2=1 b2=1 a3=0 b3=1 a4=b b4=7 q0.out=7b l1,3=14 q0.in=63 a0=6 b0=3 a1=5 b1=f a2=f b2=d a3=2 b3=9 a4=5 b4=b q0.out=b5 l0,3=dc q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=9c q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l0,2=53 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd l1,1=8a q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95 l0,1=8b q1.in=c6 a0=c b0=6 a1=a b1=f a2=9 b2=8 a3=1 b3=5 a4=c b4=3 q1.out=3c

q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d l1,0=18 q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f l0,0=81 q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74

q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l1,3=14 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e l0,3=dc q1.in=9f a0=9 b0=f a1=6 b1=e a2=6 b2=0 a3=6 b3=6 a4=9 b4=d q1.out=d9

q1.in=90 a0=9 b0=0 a1=9 b1=1 a2=1 b2=e a3=f b3=e a4=f b4=8 q1.out=8f l1,2=9c q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l0,2=53 q0.in=76 a0=7 b0=6 a1=1 b1=c a2=1 b2=7 a3=6 b3=2 a4=9 b4=f q0.out=f9

q0.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=8 a3=5 b3=1 a4=d b4=7 q0.out=7d l1,1=8a q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,1=8b q1.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=4 a3=9 b3=7 a4=e b4=e q1.out=ee

q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l1,0=18 q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,0=81 q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc

y0 = b5	y1 = 4c	y2 = 3c	y3 = 74	y0 = d9	y1 = f9	y2 = ee	y3 = cc
MDS input = Y = y0y1y2y3 = b54c3c74				MDS input = Y = y0y1y2y3 = d9f9eecc

MDS output = Z = z0z1z2z3 = 96e21c24

MDS output = Z = z0z1z2z3 = 123a877d

z0 = 96

z1 = e2

z2 = 1c

z3 = 24

z0 = 12

z1 = 3a

z2 = 87

z3 = 7d

T0 = g(R0) = 96e21c24

T1 = g(ROL(R1, 8)) = 123a877d

F1,0 = (T0 + T1 + K10) mod 232 = (96e21c24 + 123a877d + 22166ed7) mod 232 = (241ce296(big endian) + 7d873a12(big endian) + d76e1622(big endian)) mod 232 = 791232ca(big endian) = ca321279.

F1,1 = (T0 + 2T1 + K11) mod 232 = (96e21c24 + 2[123a877d] + 2547a011) mod 232 = (241ce296(big endian) + 2[7d873a12(big endian)] + 11a04725(big endian)) mod 232 = (241ce296(big endian) + fb0e7424(big endian) + 11a04725(big endian)) mod 232 = 30cb9ddf(big endian) = df9dcb30.

R2,0  =  ROR(R1, 2    F1,0,1) =  ROR(f14aed1a    ca321279, 1) =  ROR(3b78ff63, 1) =  ROR(63ff783b(big endian), 1) =  b1ffbc1d(big endian) =  1dbcffb1

R2,1  =  ROL(R1, 3,  1)    F1,1) =  ROL(c9f9ddcd,  1)    df9dcb30 =  ROL(cdddf9c9(big endian),  1)    df9dcb30 =  9bbbf393(big endian)    df9dcb30 =  93f3bb9b   df9dcb30 =  4c6e70ab.

R2,2 = R1,0 = 891675ea

R2,3 = R1,1 = 90cff9ab

 

Encryption of block 3, round r=2

g input = X = x0x1x2x3 = R2,0 = 1dbcffb1

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(4c6e70ab ,  8) = ROL(ab706e4c(big endian),  8) = 706e4cab(big endian) = ab4c6e70.

x0 = 1d

x1 = bc

x2 = ff

x3 = b1

x0 = ab

x1 = 4c

x2 = 6e

x3 = 70

y2,0 = 1d

y2,1 = bc

y2,2 = ff

y2,3 = b1

y2,0 = ab

y2,1 = 4c

y2,2 = 6e

y2,3 = 70

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,3=14 q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78 l0,3=dc q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l1,0=18 q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l0,0=81 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01

q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l1,3=14 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e l0,3=dc q1.in=9f a0=9 b0=f a1=6 b1=e a2=6 b2=0 a3=6 b3=6 a4=9 b4=d q1.out=d9

q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l1,2=9c q0.in=f6 a0=f b0=6 a1=9 b1=4 a2=b b2=1 a3=a b3=b a4=f b4=0 q0.out=0f l0,2=53 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06

q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62 l1,1=8a q1.in=fe a0=f b0=e a1=1 b1=0 a2=8 b2=1 a3=9 b3=0 a4=e b4=b q1.out=be l0,1=8b q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02

q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l1,0=18 q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7 l0,0=81 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be

y0 = 25	y1 = cd	y2 = 5d	y3 = 01	y0 = d9	y1 = 06	y2 = 02	y3 = be
MDS input = Y = y0y1y2y3 = 25cd5d01				MDS input = Y = y0y1y2y3 = d90602be

MDS output = Z = z0z1z2z3 = 188bc6cc

MDS output = Z = z0z1z2z3 = fa0ca6f9

z0 = 18

z1 = 8b

z2 = c6

z3 = cc

z0 = fa

z1 = 0c

z2 = a6

z3 = f9

T0 = g(R0) = 188bc6cc

T1 = g(ROL(R1, 8)) = fa0ca6f9

F2,0 = (T0 + T1 + K12) mod 232 = (188bc6cc + fa0ca6f9 + a38a1320) mod 232 = (ccc68b18(big endian) + f9a60cfa(big endian) + 20138aa3(big endian)) mod 232 = e68022b5(big endian) = b52280e6.

F2,1 = (T0 + 2T1 + K13) mod 232 = (188bc6cc + 2[fa0ca6f9] + 0813350e) mod 232 = (ccc68b18(big endian) + 2[f9a60cfa(big endian)] + 0e351308(big endian)) mod 232 = (ccc68b18(big endian) + f34c19f4(big endian) + 0e351308(big endian)) mod 232 = ce47b814(big endian) = 14b847ce.

R3,0  =  ROR(R2, 2    F2,0,1) =  ROR(891675ea    b52280e6, 1) =  ROR(3c34f50c, 1) =  ROR(0cf5343c(big endian), 1) =  067a9a1e(big endian) =  1e9a7a06

R3,1  =  ROL(R2, 3,  1)    F2,1) =  ROL(90cff9ab,  1)    14b847ce =  ROL(abf9cf90(big endian),  1)    14b847ce =  57f39f21(big endian)    14b847ce =  219ff357   14b847ce =  3527b499.

R3,2 = R2,0 = 1dbcffb1

R3,3 = R2,1 = 4c6e70ab

 

Encryption of block 3, round r=3

g input = X = x0x1x2x3 = R3,0 = 1e9a7a06

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(3527b499 ,  8) = ROL(99b42735(big endian),  8) = b4273599(big endian) = 993527b4.

x0 = 1e

x1 = 9a

x2 = 7a

x3 = 06

x0 = 99

x1 = 35

x2 = 27

x3 = b4

y2,0 = 1e

y2,1 = 9a

y2,2 = 7a

y2,3 = 06

y2,0 = 99

y2,1 = 35

y2,2 = 27

y2,3 = b4

q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l1,3=14 q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31 l0,3=dc q1.in=b0 a0=b b0=0 a1=b b1=3 a2=4 b2=b a3=f b3=9 a4=f b4=4 q1.out=4f

q1.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=4 a3=9 b3=7 a4=e b4=e q1.out=ee l1,2=9c q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9 l0,2=53 q0.in=62 a0=6 b0=2 a1=4 b1=7 a2=6 b2=5 a3=3 b3=c a4=e b4=8 q0.out=8e

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l1,0=18 q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9 l0,0=81 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l1,3=14 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,3=dc q1.in=87 a0=8 b0=7 a1=f b1=3 a2=5 b2=b a3=e b3=0 a4=3 b4=b q1.out=b3

q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l1,2=9c q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,2=53 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=8a q1.in=bf a0=b b0=f a1=4 b1=c a2=f b2=f a3=0 b3=8 a4=4 b4=6 q1.out=64 l0,1=8b q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l1,0=18 q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,0=81 q0.in=9c a0=9 b0=c a1=5 b1=7 a2=f b2=5 a3=a b3=d a4=f b4=5 q0.out=5f

y0 = 4f	y1 = 8e	y2 = c7	y3 = cd	y0 = b3	y1 = 4b	y2 = a3	y3 = 5f
MDS input = Y = y0y1y2y3 = 4f8ec7cd				MDS input = Y = y0y1y2y3 = b34ba35f

MDS output = Z = z0z1z2z3 = adee89c4

MDS output = Z = z0z1z2z3 = 5688b5f1

z0 = ad

z1 = ee

z2 = 89

z3 = c4

z0 = 56

z1 = 88

z2 = b5

z3 = f1

T0 = g(R0) = adee89c4

T1 = g(ROL(R1, 8)) = 5688b5f1

F3,0 = (T0 + T1 + K14) mod 232 = (adee89c4 + 5688b5f1 + 281a4854) mod 232 = (c489eead(big endian) + f1b58856(big endian) + 54481a28(big endian)) mod 232 = 0a87912b(big endian) = 2b91870a.

F3,1 = (T0 + 2T1 + K15) mod 232 = (adee89c4 + 2[5688b5f1] + a0ddfa24) mod 232 = (c489eead(big endian) + 2[f1b58856(big endian)] + 24fadda0(big endian)) mod 232 = (c489eead(big endian) + e36b10ac(big endian) + 24fadda0(big endian)) mod 232 = ccefdcf9(big endian) = f9dcefcc.

R4,0  =  ROR(R3, 2    F3,0,1) =  ROR(1dbcffb1    2b91870a, 1) =  ROR(362d78bb, 1) =  ROR(bb782d36(big endian), 1) =  5dbc169b(big endian) =  9b16bc5d

R4,1  =  ROL(R3, 3,  1)    F3,1) =  ROL(4c6e70ab,  1)    f9dcefcc =  ROL(ab706e4c(big endian),  1)    f9dcefcc =  56e0dc99(big endian)    f9dcefcc =  99dce056   f9dcefcc =  60000f9a.

R4,2 = R3,0 = 1e9a7a06

R4,3 = R3,1 = 3527b499

 

Encryption of block 3, round r=4

g input = X = x0x1x2x3 = R4,0 = 9b16bc5d

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(60000f9a ,  8) = ROL(9a0f0060(big endian),  8) = 0f00609a(big endian) = 9a60000f.

x0 = 9b

x1 = 16

x2 = bc

x3 = 5d

x0 = 9a

x1 = 60

x2 = 00

x3 = 0f

y2,0 = 9b

y2,1 = 16

y2,2 = bc

y2,3 = 5d

y2,0 = 9a

y2,1 = 60

y2,2 = 00

y2,3 = 0f

q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b l1,3=14 q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8 l0,3=dc q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=9c q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l0,2=53 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b l1,1=8a q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e l0,1=8b q1.in=cd a0=c b0=d a1=1 b1=2 a2=8 b2=2 a3=a b3=9 a4=d b4=4 q1.out=4d

q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l1,0=18 q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l0,0=81 q0.in=29 a0=2 b0=9 a1=b b1=e a2=9 b2=9 a3=0 b3=d a4=b b4=5 q0.out=5b

q0.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=1 a3=c b3=d a4=2 b4=5 q0.out=52 l1,3=14 q0.in=4a a0=4 b0=a a1=e b1=1 a2=a b2=c a3=6 b3=c a4=9 b4=8 q0.out=89 l0,3=dc q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,2=9c q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,2=53 q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5

q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9 l1,1=8a q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l0,1=8b q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe

q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l1,0=18 q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l0,0=81 q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9

y0 = 6f	y1 = 4c	y2 = 4d	y3 = 5b	y0 = 4a	y1 = e5	y2 = fe	y3 = e9
MDS input = Y = y0y1y2y3 = 6f4c4d5b				MDS input = Y = y0y1y2y3 = 4ae5fee9

MDS output = Z = z0z1z2z3 = b12e3160

MDS output = Z = z0z1z2z3 = f64ff8af

z0 = b1

z1 = 2e

z2 = 31

z3 = 60

z0 = f6

z1 = 4f

z2 = f8

z3 = af

T0 = g(R0) = b12e3160

T1 = g(ROL(R1, 8)) = f64ff8af

F4,0 = (T0 + T1 + K16) mod 232 = (b12e3160 + f64ff8af + 19c3630c) mod 232 = (60312eb1(big endian) + aff84ff6(big endian) + 0c63c319(big endian)) mod 232 = 1c8d41c0(big endian) = c0418d1c.

F4,1 = (T0 + 2T1 + K17) mod 232 = (b12e3160 + 2[f64ff8af] + 5bc0b2cc) mod 232 = (60312eb1(big endian) + 2[aff84ff6(big endian)] + ccb2c05b(big endian)) mod 232 = (60312eb1(big endian) + 5ff09fec(big endian) + ccb2c05b(big endian)) mod 232 = 8cd48ef8(big endian) = f88ed48c.

R5,0  =  ROR(R4, 2    F4,0,1) =  ROR(1e9a7a06    c0418d1c, 1) =  ROR(dedbf71a, 1) =  ROR(1af7dbde(big endian), 1) =  0d7bedef(big endian) =  efed7b0d

R5,1  =  ROL(R4, 3,  1)    F4,1) =  ROL(3527b499,  1)    f88ed48c =  ROL(99b42735(big endian),  1)    f88ed48c =  33684e6b(big endian)    f88ed48c =  6b4e6833   f88ed48c =  93c0bcbf.

R5,2 = R4,0 = 9b16bc5d

R5,3 = R4,1 = 60000f9a

 

Encryption of block 3, round r=5

g input = X = x0x1x2x3 = R5,0 = efed7b0d

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(93c0bcbf ,  8) = ROL(bfbcc093(big endian),  8) = bcc093bf(big endian) = bf93c0bc.

x0 = ef

x1 = ed

x2 = 7b

x3 = 0d

x0 = bf

x1 = 93

x2 = c0

x3 = bc

y2,0 = ef

y2,1 = ed

y2,2 = 7b

y2,3 = 0d

y2,0 = bf

y2,1 = 93

y2,2 = c0

y2,3 = bc

q0.in=ef a0=e b0=f a1=1 b1=1 a2=1 b2=c a3=d b3=f a4=4 b4=a q0.out=a4 l1,3=14 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b l0,3=dc q1.in=ca a0=c b0=a a1=6 b1=9 a2=6 b2=d a3=b b3=8 a4=8 b4=6 q1.out=68

q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l1,2=9c q0.in=88 a0=8 b0=8 a1=0 b1=c a2=8 b2=7 a3=f b3=3 a4=1 b4=4 q0.out=41 l0,2=53 q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0

q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l1,1=8a q1.in=d1 a0=d b0=1 a1=c b1=d a2=0 b2=9 a3=9 b3=c a4=e b4=2 q1.out=2e l0,1=8b q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da

q1.in=0d a0=0 b0=d a1=d b1=e a2=a b2=0 a3=a b3=a a4=d b4=7 q1.out=7d l1,0=18 q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f l0,0=81 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f

q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l1,3=14 q0.in=42 a0=4 b0=2 a1=6 b1=5 a2=3 b2=2 a3=1 b3=a a4=a b4=3 q0.out=3a l0,3=dc q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,2=9c q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l0,2=53 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

q0.in=c0 a0=c b0=0 a1=c b1=c a2=e b2=7 a3=9 b3=5 a4=8 b4=2 q0.out=28 l1,1=8a q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l0,1=8b q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,0=18 q1.in=73 a0=7 b0=3 a1=4 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=8 q1.out=82 l0,0=81 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e

y0 = 68	y1 = b0	y2 = da	y3 = 2f	y0 = 57	y1 = f1	y2 = 0e	y3 = 1e
MDS input = Y = y0y1y2y3 = 68b0da2f				MDS input = Y = y0y1y2y3 = 57f10e1e

MDS output = Z = z0z1z2z3 = 3eac6909

MDS output = Z = z0z1z2z3 = 185708d1

z0 = 3e

z1 = ac

z2 = 69

z3 = 09

z0 = 18

z1 = 57

z2 = 08

z3 = d1

T0 = g(R0) = 3eac6909

T1 = g(ROL(R1, 8)) = 185708d1

F5,0 = (T0 + T1 + K18) mod 232 = (3eac6909 + 185708d1 + d542f0e2) mod 232 = (0969ac3e(big endian) + d1085718(big endian) + e2f042d5(big endian)) mod 232 = bd62462b(big endian) = 2b4662bd.

F5,1 = (T0 + 2T1 + K19) mod 232 = (3eac6909 + 2[185708d1] + 9f8b15e9) mod 232 = (0969ac3e(big endian) + 2[d1085718(big endian)] + e9158b9f(big endian)) mod 232 = (0969ac3e(big endian) + a210ae30(big endian) + e9158b9f(big endian)) mod 232 = 948fe60d(big endian) = 0de68f94.

R6,0  =  ROR(R5, 2    F5,0,1) =  ROR(9b16bc5d    2b4662bd, 1) =  ROR(b050dee0, 1) =  ROR(e0de50b0(big endian), 1) =  706f2858(big endian) =  58286f70

R6,1  =  ROL(R5, 3,  1)    F5,1) =  ROL(60000f9a,  1)    0de68f94 =  ROL(9a0f0060(big endian),  1)    0de68f94 =  341e00c1(big endian)    0de68f94 =  c1001e34   0de68f94 =  cce691a0.

R6,2 = R5,0 = efed7b0d

R6,3 = R5,1 = 93c0bcbf

 

Encryption of block 3, round r=6

g input = X = x0x1x2x3 = R6,0 = 58286f70

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(cce691a0 ,  8) = ROL(a091e6cc(big endian),  8) = 91e6cca0(big endian) = a0cce691.

x0 = 58

x1 = 28

x2 = 6f

x3 = 70

x0 = a0

x1 = cc

x2 = e6

x3 = 91

y2,0 = 58

y2,1 = 28

y2,2 = 6f

y2,3 = 70

y2,0 = a0

y2,1 = cc

y2,2 = e6

y2,3 = 91

q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc l1,3=14 q0.in=d4 a0=d b0=4 a1=9 b1=7 a2=b b2=5 a3=e b3=9 a4=7 b4=b q0.out=b7 l0,3=dc q1.in=36 a0=3 b0=6 a1=5 b1=8 a2=7 b2=6 a3=1 b3=c a4=c b4=2 q1.out=2c

q1.in=28 a0=2 b0=8 a1=a b1=6 a2=9 b2=3 a3=a b3=8 a4=d b4=6 q1.out=6d l1,2=9c q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8 l0,2=53 q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad

q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l1,1=8a q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l0,1=8b q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95

q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l1,0=18 q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7 l0,0=81 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be

q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91 l1,3=14 q0.in=89 a0=8 b0=9 a1=1 b1=4 a2=1 b2=1 a3=0 b3=1 a4=b b4=7 q0.out=7b l0,3=dc q1.in=fa a0=f b0=a a1=5 b1=2 a2=7 b2=2 a3=5 b3=e a4=6 b4=8 q1.out=86

q1.in=cc a0=c b0=c a1=0 b1=a a2=2 b2=a a3=8 b3=7 a4=0 b4=e q1.out=e0 l1,2=9c q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39 l0,2=53 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb

q0.in=e6 a0=e b0=6 a1=8 b1=d a2=0 b2=0 a3=0 b3=0 a4=b b4=d q0.out=db l1,1=8a q1.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=8 a3=5 b3=1 a4=6 b4=9 q1.out=96 l0,1=8b q1.in=c5 a0=c b0=5 a1=9 b1=6 a2=1 b2=3 a3=2 b3=0 a4=7 b4=b q1.out=b7

q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l1,0=18 q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,0=81 q0.in=41 a0=4 b0=1 a1=5 b1=c a2=f b2=7 a3=8 b3=c a4=c b4=8 q0.out=8c

y0 = 2c	y1 = ad	y2 = 95	y3 = be	y0 = 86	y1 = cb	y2 = b7	y3 = 8c
MDS input = Y = y0y1y2y3 = 2cad95be				MDS input = Y = y0y1y2y3 = 86cbb78c

MDS output = Z = z0z1z2z3 = ddb302ad

MDS output = Z = z0z1z2z3 = 9bc219af

z0 = dd

z1 = b3

z2 = 02

z3 = ad

z0 = 9b

z1 = c2

z2 = 19

z3 = af

T0 = g(R0) = ddb302ad

T1 = g(ROL(R1, 8)) = 9bc219af

F6,0 = (T0 + T1 + K20) mod 232 = (ddb302ad + 9bc219af + 7b65df4c) mod 232 = (ad02b3dd(big endian) + af19c29b(big endian) + 4cdf657b(big endian)) mod 232 = a8fbdbf3(big endian) = f3dbfba8.

F6,1 = (T0 + 2T1 + K21) mod 232 = (ddb302ad + 2[9bc219af] + 2189e236) mod 232 = (ad02b3dd(big endian) + 2[af19c29b(big endian)] + 36e28921(big endian)) mod 232 = (ad02b3dd(big endian) + 5e338536(big endian) + 36e28921(big endian)) mod 232 = 4218c234(big endian) = 34c21842.

R7,0  =  ROR(R6, 2    F6,0,1) =  ROR(efed7b0d    f3dbfba8, 1) =  ROR(1c3680a5, 1) =  ROR(a580361c(big endian), 1) =  52c01b0e(big endian) =  0e1bc052

R7,1  =  ROL(R6, 3,  1)    F6,1) =  ROL(93c0bcbf,  1)    34c21842 =  ROL(bfbcc093(big endian),  1)    34c21842 =  7f798127(big endian)    34c21842 =  2781797f   34c21842 =  1343613d.

R7,2 = R6,0 = 58286f70

R7,3 = R6,1 = cce691a0

 

Encryption of block 3, round r=7

g input = X = x0x1x2x3 = R7,0 = 0e1bc052

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(1343613d ,  8) = ROL(3d614313(big endian),  8) = 6143133d(big endian) = 3d134361.

x0 = 0e

x1 = 1b

x2 = c0

x3 = 52

x0 = 3d

x1 = 13

x2 = 43

x3 = 61

y2,0 = 0e

y2,1 = 1b

y2,2 = c0

y2,3 = 52

y2,0 = 3d

y2,1 = 13

y2,2 = 43

y2,3 = 61

q0.in=0e a0=0 b0=e a1=e b1=7 a2=a b2=5 a3=f b3=0 a4=1 b4=d q0.out=d1 l1,3=14 q0.in=c9 a0=c b0=9 a1=5 b1=0 a2=f b2=e a3=1 b3=0 a4=a b4=d q0.out=da l0,3=dc q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb

q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l1,2=9c q0.in=91 a0=9 b0=1 a1=8 b1=9 a2=0 b2=4 a3=4 b3=2 a4=6 b4=f q0.out=f6 l0,2=53 q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08

q0.in=c0 a0=c b0=0 a1=c b1=c a2=e b2=7 a3=9 b3=5 a4=8 b4=2 q0.out=28 l1,1=8a q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l0,1=8b q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e

q1.in=52 a0=5 b0=2 a1=7 b1=c a2=e b2=f a3=1 b3=1 a4=c b4=9 q1.out=9c l1,0=18 q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b l0,0=81 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l1,3=14 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18 l0,3=dc q1.in=99 a0=9 b0=9 a1=0 b1=d a2=2 b2=9 a3=b b3=e a4=8 b4=8 q1.out=88

q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l1,2=9c q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8 l0,2=53 q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=43 a0=4 b0=3 a1=7 b1=d a2=2 b2=0 a3=2 b3=2 a4=5 b4=f q0.out=f5 l1,1=8a q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f l0,1=8b q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,0=18 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,0=81 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

y0 = cb	y1 = 08	y2 = 0e	y3 = 72	y0 = 88	y1 = 45	y2 = 92	y3 = 5c
MDS input = Y = y0y1y2y3 = cb080e72				MDS input = Y = y0y1y2y3 = 8845925c

MDS output = Z = z0z1z2z3 = a6d521aa

MDS output = Z = z0z1z2z3 = 592517ab

z0 = a6

z1 = d5

z2 = 21

z3 = aa

z0 = 59

z1 = 25

z2 = 17

z3 = ab

T0 = g(R0) = a6d521aa

T1 = g(ROL(R1, 8)) = 592517ab

F7,0 = (T0 + T1 + K22) mod 232 = (a6d521aa + 592517ab + 25d0b3fc) mod 232 = (aa21d5a6(big endian) + ab172559(big endian) + fcb3d025(big endian)) mod 232 = 51eccb24(big endian) = 24cbec51.

F7,1 = (T0 + 2T1 + K23) mod 232 = (a6d521aa + 2[592517ab] + eb1e6ea6) mod 232 = (aa21d5a6(big endian) + 2[ab172559(big endian)] + a66e1eeb(big endian)) mod 232 = (aa21d5a6(big endian) + 562e4ab2(big endian) + a66e1eeb(big endian)) mod 232 = a6be3f43(big endian) = 433fbea6.

R8,0  =  ROR(R7, 2    F7,0,1) =  ROR(58286f70    24cbec51, 1) =  ROR(7ce38321, 1) =  ROR(2183e37c(big endian), 1) =  10c1f1be(big endian) =  bef1c110

R8,1  =  ROL(R7, 3,  1)    F7,1) =  ROL(cce691a0,  1)    433fbea6 =  ROL(a091e6cc(big endian),  1)    433fbea6 =  4123cd99(big endian)    433fbea6 =  99cd2341   433fbea6 =  daf29de7.

R8,2 = R7,0 = 0e1bc052

R8,3 = R7,1 = 1343613d

 

Encryption of block 3, round r=8

g input = X = x0x1x2x3 = R8,0 = bef1c110

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(daf29de7 ,  8) = ROL(e79df2da(big endian),  8) = 9df2dae7(big endian) = e7daf29d.

x0 = be

x1 = f1

x2 = c1

x3 = 10

x0 = e7

x1 = da

x2 = f2

x3 = 9d

y2,0 = be

y2,1 = f1

y2,2 = c1

y2,3 = 10

y2,0 = e7

y2,1 = da

y2,2 = f2

y2,3 = 9d

q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7 l1,3=14 q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l0,3=dc q1.in=db a0=d b0=b a1=6 b1=8 a2=6 b2=6 a3=0 b3=5 a4=4 b4=3 q1.out=34

q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61 l1,2=9c q0.in=eb a0=e b0=b a1=5 b1=3 a2=f b2=8 a3=7 b3=3 a4=0 b4=4 q0.out=40 l0,2=53 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17

q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14 l1,1=8a q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b l0,1=8b q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l1,0=18 q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l0,0=81 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39

q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8 l1,3=14 q0.in=e0 a0=e b0=0 a1=e b1=e a2=a b2=9 a3=3 b3=6 a4=e b4=6 q0.out=6e l0,3=dc q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9

q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df l1,2=9c q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4 l0,2=53 q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7

q0.in=f2 a0=f b0=2 a1=d b1=6 a2=c b2=3 a3=f b3=5 a4=1 b4=2 q0.out=21 l1,1=8a q1.in=bd a0=b b0=d a1=6 b1=d a2=6 b2=9 a3=f b3=a a4=f b4=7 q1.out=7f l0,1=8b q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l1,0=18 q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8 l0,0=81 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9

y0 = 34	y1 = 17	y2 = ca	y3 = 39	y0 = a9	y1 = e7	y2 = 80	y3 = d9
MDS input = Y = y0y1y2y3 = 3417ca39				MDS input = Y = y0y1y2y3 = a9e780d9

MDS output = Z = z0z1z2z3 = 566ad070

MDS output = Z = z0z1z2z3 = 4b17e48b

z0 = 56

z1 = 6a

z2 = d0

z3 = 70

z0 = 4b

z1 = 17

z2 = e4

z3 = 8b

T0 = g(R0) = 566ad070

T1 = g(ROL(R1, 8)) = 4b17e48b

F8,0 = (T0 + T1 + K24) mod 232 = (566ad070 + 4b17e48b + 97054619) mod 232 = (70d06a56(big endian) + 8be4174b(big endian) + 19460597(big endian)) mod 232 = 15fa8738(big endian) = 3887fa15.

F8,1 = (T0 + 2T1 + K25) mod 232 = (566ad070 + 2[4b17e48b] + ccf7f077) mod 232 = (70d06a56(big endian) + 2[8be4174b(big endian)] + 77f0f7cc(big endian)) mod 232 = (70d06a56(big endian) + 17c82e96(big endian) + 77f0f7cc(big endian)) mod 232 = 008990b8(big endian) = b8908900.

R9,0  =  ROR(R8, 2    F8,0,1) =  ROR(0e1bc052    3887fa15, 1) =  ROR(369c3a47, 1) =  ROR(473a9c36(big endian), 1) =  239d4e1b(big endian) =  1b4e9d23

R9,1  =  ROL(R8, 3,  1)    F8,1) =  ROL(1343613d,  1)    b8908900 =  ROL(3d614313(big endian),  1)    b8908900 =  7ac28626(big endian)    b8908900 =  2686c27a   b8908900 =  9e164b7a.

R9,2 = R8,0 = bef1c110

R9,3 = R8,1 = daf29de7

 

Encryption of block 3, round r=9

g input = X = x0x1x2x3 = R9,0 = 1b4e9d23

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(9e164b7a ,  8) = ROL(7a4b169e(big endian),  8) = 4b169e7a(big endian) = 7a9e164b.

x0 = 1b

x1 = 4e

x2 = 9d

x3 = 23

x0 = 7a

x1 = 9e

x2 = 16

x3 = 4b

y2,0 = 1b

y2,1 = 4e

y2,2 = 9d

y2,3 = 23

y2,0 = 7a

y2,1 = 9e

y2,2 = 16

y2,3 = 4b

q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l1,3=14 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3 l0,3=dc q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20

q1.in=4e a0=4 b0=e a1=a b1=3 a2=9 b2=b a3=2 b3=c a4=7 b4=2 q1.out=27 l1,2=9c q0.in=ad a0=a b0=d a1=7 b1=4 a2=2 b2=1 a3=3 b3=a a4=e b4=3 q0.out=3e l0,2=53 q0.in=b5 a0=b b0=5 a1=e b1=9 a2=a b2=4 a3=e b3=8 a4=7 b4=9 q0.out=97

q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93 l1,1=8a q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l0,1=8b q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30

q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b l1,0=18 q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l0,0=81 q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,3=14 q0.in=a1 a0=a b0=1 a1=b b1=2 a2=9 b2=b a3=2 b3=c a4=5 b4=8 q0.out=85 l0,3=dc q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db

q1.in=9e a0=9 b0=e a1=7 b1=6 a2=e b2=3 a3=d b3=7 a4=b b4=e q1.out=eb l1,2=9c q0.in=61 a0=6 b0=1 a1=7 b1=e a2=2 b2=9 a3=b b3=e a4=3 b4=c q0.out=c3 l0,2=53 q0.in=48 a0=4 b0=8 a1=c b1=0 a2=e b2=e a3=0 b3=9 a4=b b4=b q0.out=bb

q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec l1,1=8a q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l0,1=8b q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1

q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10 l1,0=18 q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l0,0=81 q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76

y0 = 20	y1 = 97	y2 = 30	y3 = e1	y0 = db	y1 = bb	y2 = b1	y3 = 76
MDS input = Y = y0y1y2y3 = 209730e1				MDS input = Y = y0y1y2y3 = dbbbb176

MDS output = Z = z0z1z2z3 = 3c4e1308

MDS output = Z = z0z1z2z3 = 51ccf495

z0 = 3c

z1 = 4e

z2 = 13

z3 = 08

z0 = 51

z1 = cc

z2 = f4

z3 = 95

T0 = g(R0) = 3c4e1308

T1 = g(ROL(R1, 8)) = 51ccf495

F9,0 = (T0 + T1 + K26) mod 232 = (3c4e1308 + 51ccf495 + d5b22d8a) mod 232 = (08134e3c(big endian) + 95f4cc51(big endian) + 8a2db2d5(big endian)) mod 232 = 2835cd62(big endian) = 62cd3528.

F9,1 = (T0 + 2T1 + K27) mod 232 = (3c4e1308 + 2[51ccf495] + 66325910) mod 232 = (08134e3c(big endian) + 2[95f4cc51(big endian)] + 10593266(big endian)) mod 232 = (08134e3c(big endian) + 2be998a2(big endian) + 10593266(big endian)) mod 232 = 44561944(big endian) = 44195644.

R10,0  =  ROR(R9, 2    F9,0,1) =  ROR(bef1c110    62cd3528, 1) =  ROR(dc3cf438, 1) =  ROR(38f43cdc(big endian), 1) =  1c7a1e6e(big endian) =  6e1e7a1c

R10,1  =  ROL(R9, 3,  1)    F9,1) =  ROL(daf29de7,  1)    44195644 =  ROL(e79df2da(big endian),  1)    44195644 =  cf3be5b5(big endian)    44195644 =  b5e53bcf   44195644 =  f1fc6d8b.

R10,2 = R9,0 = 1b4e9d23

R10,3 = R9,1 = 9e164b7a

 

Encryption of block 3, round r=10

g input = X = x0x1x2x3 = R10,0 = 6e1e7a1c

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(f1fc6d8b ,  8) = ROL(8b6dfcf1(big endian),  8) = 6dfcf18b(big endian) = 8bf1fc6d.

x0 = 6e

x1 = 1e

x2 = 7a

x3 = 1c

x0 = 8b

x1 = f1

x2 = fc

x3 = 6d

y2,0 = 6e

y2,1 = 1e

y2,2 = 7a

y2,3 = 1c

y2,0 = 8b

y2,1 = f1

y2,2 = fc

y2,3 = 6d

q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62 l1,3=14 q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l0,3=dc q1.in=38 a0=3 b0=8 a1=b b1=f a2=4 b2=8 a3=c b3=0 a4=2 b4=b q1.out=b2

q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l1,2=9c q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31 l0,2=53 q0.in=ba a0=b b0=a a1=1 b1=6 a2=1 b2=3 a3=2 b3=0 a4=5 b4=d q0.out=d5

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87 l1,0=18 q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l0,0=81 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed

q0.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=2 a3=f b3=4 a4=1 b4=1 q0.out=11 l1,3=14 q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l0,3=dc q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd

q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61 l1,2=9c q0.in=eb a0=e b0=b a1=5 b1=3 a2=f b2=8 a3=7 b3=3 a4=0 b4=4 q0.out=40 l0,2=53 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17

q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a l1,1=8a q1.in=d6 a0=d b0=6 a1=b b1=6 a2=4 b2=3 a3=7 b3=d a4=a b4=0 q1.out=0a l0,1=8b q1.in=59 a0=5 b0=9 a1=c b1=1 a2=0 b2=e a3=e b3=7 a4=3 b4=e q1.out=e3

q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7 l1,0=18 q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4 l0,0=81 q0.in=68 a0=6 b0=8 a1=e b1=2 a2=a b2=b a3=1 b3=7 a4=a b4=e q0.out=ea

y0 = b2	y1 = d5	y2 = c7	y3 = ed	y0 = fd	y1 = 17	y2 = e3	y3 = ea
MDS input = Y = y0y1y2y3 = b2d5c7ed				MDS input = Y = y0y1y2y3 = fd17e3ea

MDS output = Z = z0z1z2z3 = 426c40e5

MDS output = Z = z0z1z2z3 = efc15cd1

z0 = 42

z1 = 6c

z2 = 40

z3 = e5

z0 = ef

z1 = c1

z2 = 5c

z3 = d1

T0 = g(R0) = 426c40e5

T1 = g(ROL(R1, 8)) = efc15cd1

F10,0 = (T0 + T1 + K28) mod 232 = (426c40e5 + efc15cd1 + fdcb3639) mod 232 = (e5406c42(big endian) + d15cc1ef(big endian) + 3936cbfd(big endian)) mod 232 = efd3fa2e(big endian) = 2efad3ef.

F10,1 = (T0 + 2T1 + K29) mod 232 = (426c40e5 + 2[efc15cd1] + d853ba91) mod 232 = (e5406c42(big endian) + 2[d15cc1ef(big endian)] + 91ba53d8(big endian)) mod 232 = (e5406c42(big endian) + a2b983de(big endian) + 91ba53d8(big endian)) mod 232 = 19b443f8(big endian) = f843b419.

R11,0  =  ROR(R10, 2    F10,0,1) =  ROR(1b4e9d23    2efad3ef, 1) =  ROR(35b44ecc, 1) =  ROR(cc4eb435(big endian), 1) =  e6275a1a(big endian) =  1a5a27e6

R11,1  =  ROL(R10, 3,  1)    F10,1) =  ROL(9e164b7a,  1)    f843b419 =  ROL(7a4b169e(big endian),  1)    f843b419 =  f4962d3c(big endian)    f843b419 =  3c2d96f4   f843b419 =  c46e22ed.

R11,2 = R10,0 = 6e1e7a1c

R11,3 = R10,1 = f1fc6d8b

 

Encryption of block 3, round r=11

g input = X = x0x1x2x3 = R11,0 = 1a5a27e6

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(c46e22ed ,  8) = ROL(ed226ec4(big endian),  8) = 226ec4ed(big endian) = edc46e22.

x0 = 1a

x1 = 5a

x2 = 27

x3 = e6

x0 = ed

x1 = c4

x2 = 6e

x3 = 22

y2,0 = 1a

y2,1 = 5a

y2,2 = 27

y2,3 = e6

y2,0 = ed

y2,1 = c4

y2,2 = 6e

y2,3 = 22

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,3=14 q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l0,3=dc q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4

q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85 l1,2=9c q0.in=0f a0=0 b0=f a1=f b1=f a2=4 b2=d a3=9 b3=a a4=8 b4=3 q0.out=38 l0,2=53 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=8a q1.in=bf a0=b b0=f a1=4 b1=c a2=f b2=f a3=0 b3=8 a4=4 b4=6 q1.out=64 l0,1=8b q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l1,0=18 q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,0=81 q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d

q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l1,3=14 q0.in=e6 a0=e b0=6 a1=8 b1=d a2=0 b2=0 a3=0 b3=0 a4=b b4=d q0.out=db l0,3=dc q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85

q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l1,2=9c q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7 l0,2=53 q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33

q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62 l1,1=8a q1.in=fe a0=f b0=e a1=1 b1=0 a2=8 b2=1 a3=9 b3=0 a4=e b4=b q1.out=be l0,1=8b q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,0=18 q1.in=ba a0=b b0=a a1=1 b1=6 a2=8 b2=3 a3=b b3=1 a4=8 b4=9 q1.out=98 l0,0=81 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

y0 = f4	y1 = 2f	y2 = a3	y3 = 9d	y0 = 85	y1 = 33	y2 = 02	y3 = 73
MDS input = Y = y0y1y2y3 = f42fa39d				MDS input = Y = y0y1y2y3 = 85330273

MDS output = Z = z0z1z2z3 = 18bdc0fc

MDS output = Z = z0z1z2z3 = ce46d70d

z0 = 18

z1 = bd

z2 = c0

z3 = fc

z0 = ce

z1 = 46

z2 = d7

z3 = 0d

T0 = g(R0) = 18bdc0fc

T1 = g(ROL(R1, 8)) = ce46d70d

F11,0 = (T0 + T1 + K30) mod 232 = (18bdc0fc + ce46d70d + fd2d59b8) mod 232 = (fcc0bd18(big endian) + 0dd746ce(big endian) + b8592dfd(big endian)) mod 232 = c2f131e3(big endian) = e331f1c2.

F11,1 = (T0 + 2T1 + K31) mod 232 = (18bdc0fc + 2[ce46d70d] + 9c51af49) mod 232 = (fcc0bd18(big endian) + 2[0dd746ce(big endian)] + 49af519c(big endian)) mod 232 = (fcc0bd18(big endian) + 1bae8d9c(big endian) + 49af519c(big endian)) mod 232 = 621e9c50(big endian) = 509c1e62.

R12,0  =  ROR(R11, 2    F11,0,1) =  ROR(6e1e7a1c    e331f1c2, 1) =  ROR(8d2f8bde, 1) =  ROR(de8b2f8d(big endian), 1) =  ef4597c6(big endian) =  c69745ef

R12,1  =  ROL(R11, 3,  1)    F11,1) =  ROL(f1fc6d8b,  1)    509c1e62 =  ROL(8b6dfcf1(big endian),  1)    509c1e62 =  16dbf9e3(big endian)    509c1e62 =  e3f9db16   509c1e62 =  b365c574.

R12,2 = R11,0 = 1a5a27e6

R12,3 = R11,1 = c46e22ed

 

Encryption of block 3, round r=12

g input = X = x0x1x2x3 = R12,0 = c69745ef

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(b365c574 ,  8) = ROL(74c565b3(big endian),  8) = c565b374(big endian) = 74b365c5.

x0 = c6

x1 = 97

x2 = 45

x3 = ef

x0 = 74

x1 = b3

x2 = 65

x3 = c5

y2,0 = c6

y2,1 = 97

y2,2 = 45

y2,3 = ef

y2,0 = 74

y2,1 = b3

y2,2 = 65

y2,3 = c5

q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c l1,3=14 q0.in=54 a0=5 b0=4 a1=1 b1=f a2=1 b2=d a3=c b3=7 a4=2 b4=e q0.out=e2 l0,3=dc q1.in=63 a0=6 b0=3 a1=5 b1=f a2=7 b2=8 a3=f b3=b a4=f b4=f q1.out=ff

q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l1,2=9c q0.in=c3 a0=c b0=3 a1=f b1=5 a2=4 b2=2 a3=6 b3=5 a4=9 b4=2 q0.out=29 l0,2=53 q0.in=a2 a0=a b0=2 a1=8 b1=b a2=0 b2=6 a3=6 b3=3 a4=9 b4=4 q0.out=49

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,1=8a q1.in=b0 a0=b b0=0 a1=b b1=3 a2=4 b2=b a3=f b3=9 a4=f b4=4 q1.out=4f l0,1=8b q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87

q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9 l1,0=18 q1.in=bd a0=b b0=d a1=6 b1=d a2=6 b2=9 a3=f b3=a a4=f b4=7 q1.out=7f l0,0=81 q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee

q0.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=0 a3=d b3=5 a4=4 b4=2 q0.out=24 l1,3=14 q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16 l0,3=dc q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49

q1.in=b3 a0=b b0=3 a1=8 b1=a a2=3 b2=a a3=9 b3=e a4=e b4=8 q1.out=8e l1,2=9c q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l0,2=53 q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90

q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l1,1=8a q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7 l0,1=8b q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec

q1.in=c5 a0=c b0=5 a1=9 b1=6 a2=1 b2=3 a3=2 b3=0 a4=7 b4=b q1.out=b7 l1,0=18 q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l0,0=81 q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6

y0 = ff	y1 = 49	y2 = 87	y3 = ee	y0 = 49	y1 = 90	y2 = ec	y3 = c6
MDS input = Y = y0y1y2y3 = ff4987ee				MDS input = Y = y0y1y2y3 = 4990ecc6

MDS output = Z = z0z1z2z3 = 47ee7572

MDS output = Z = z0z1z2z3 = 219ae9e3

z0 = 47

z1 = ee

z2 = 75

z3 = 72

z0 = 21

z1 = 9a

z2 = e9

z3 = e3

T0 = g(R0) = 47ee7572

T1 = g(ROL(R1, 8)) = 219ae9e3

F12,0 = (T0 + T1 + K32) mod 232 = (47ee7572 + 219ae9e3 + 165703a2) mod 232 = (7275ee47(big endian) + e3e99a21(big endian) + a2035716(big endian)) mod 232 = f862df7e(big endian) = 7edf62f8.

F12,1 = (T0 + 2T1 + K33) mod 232 = (47ee7572 + 2[219ae9e3] + bdabf862) mod 232 = (7275ee47(big endian) + 2[e3e99a21(big endian)] + 62f8abbd(big endian)) mod 232 = (7275ee47(big endian) + c7d33442(big endian) + 62f8abbd(big endian)) mod 232 = 9d41ce46(big endian) = 46ce419d.

R13,0  =  ROR(R12, 2    F12,0,1) =  ROR(1a5a27e6    7edf62f8, 1) =  ROR(6485451e, 1) =  ROR(1e458564(big endian), 1) =  0f22c2b2(big endian) =  b2c2220f

R13,1  =  ROL(R12, 3,  1)    F12,1) =  ROL(c46e22ed,  1)    46ce419d =  ROL(ed226ec4(big endian),  1)    46ce419d =  da44dd89(big endian)    46ce419d =  89dd44da   46ce419d =  cf130547.

R13,2 = R12,0 = c69745ef

R13,3 = R12,1 = b365c574

 

Encryption of block 3, round r=13

g input = X = x0x1x2x3 = R13,0 = b2c2220f

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(cf130547 ,  8) = ROL(470513cf(big endian),  8) = 0513cf47(big endian) = 47cf1305.

x0 = b2

x1 = c2

x2 = 22

x3 = 0f

x0 = 47

x1 = cf

x2 = 13

x3 = 05

y2,0 = b2

y2,1 = c2

y2,2 = 22

y2,3 = 0f

y2,0 = 47

y2,1 = cf

y2,2 = 13

y2,3 = 05

q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l1,3=14 q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74 l0,3=dc q1.in=f5 a0=f b0=5 a1=a b1=d a2=9 b2=9 a3=0 b3=d a4=4 b4=0 q1.out=04

q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l1,2=9c q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16 l0,2=53 q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93

q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l1,1=8a q1.in=17 a0=1 b0=7 a1=6 b1=2 a2=6 b2=2 a3=4 b3=7 a4=1 b4=e q1.out=e1 l0,1=8b q1.in=b2 a0=b b0=2 a1=9 b1=2 a2=1 b2=2 a3=3 b3=8 a4=5 b4=6 q1.out=65

q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l1,0=18 q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l0,0=81 q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9

q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l1,3=14 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l0,3=dc q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f

q1.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=b a3=6 b3=8 a4=9 b4=6 q1.out=69 l1,2=9c q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68 l0,2=53 q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68

q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l1,1=8a q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l0,1=8b q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,0=18 q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2 l0,0=81 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

y0 = 04	y1 = 93	y2 = 65	y3 = e9	y0 = 0f	y1 = 68	y2 = 0b	y3 = e3
MDS input = Y = y0y1y2y3 = 049365e9				MDS input = Y = y0y1y2y3 = 0f680be3

MDS output = Z = z0z1z2z3 = 0fe872bd

MDS output = Z = z0z1z2z3 = 9b11d85a

z0 = 0f

z1 = e8

z2 = 72

z3 = bd

z0 = 9b

z1 = 11

z2 = d8

z3 = 5a

T0 = g(R0) = 0fe872bd

T1 = g(ROL(R1, 8)) = 9b11d85a

F13,0 = (T0 + T1 + K34) mod 232 = (0fe872bd + 9b11d85a + 6ae813f4) mod 232 = (bd72e80f(big endian) + 5ad8119b(big endian) + f413e86a(big endian)) mod 232 = 0c5ee214(big endian) = 14e25e0c.

F13,1 = (T0 + 2T1 + K35) mod 232 = (0fe872bd + 2[9b11d85a] + f3d8d036) mod 232 = (bd72e80f(big endian) + 2[5ad8119b(big endian)] + 36d0d8f3(big endian)) mod 232 = (bd72e80f(big endian) + b5b02336(big endian) + 36d0d8f3(big endian)) mod 232 = a9f3e438(big endian) = 38e4f3a9.

R14,0  =  ROR(R13, 2    F13,0,1) =  ROR(c69745ef    14e25e0c, 1) =  ROR(d2751be3, 1) =  ROR(e31b75d2(big endian), 1) =  718dbae9(big endian) =  e9ba8d71

R14,1  =  ROL(R13, 3,  1)    F13,1) =  ROL(b365c574,  1)    38e4f3a9 =  ROL(74c565b3(big endian),  1)    38e4f3a9 =  e98acb66(big endian)    38e4f3a9 =  66cb8ae9   38e4f3a9 =  5e2f7940.

R14,2 = R13,0 = b2c2220f

R14,3 = R13,1 = cf130547

 

Encryption of block 3, round r=14

g input = X = x0x1x2x3 = R14,0 = e9ba8d71

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(5e2f7940 ,  8) = ROL(40792f5e(big endian),  8) = 792f5e40(big endian) = 405e2f79.

x0 = e9

x1 = ba

x2 = 8d

x3 = 71

x0 = 40

x1 = 5e

x2 = 2f

x3 = 79

y2,0 = e9

y2,1 = ba

y2,2 = 8d

y2,3 = 71

y2,0 = 40

y2,1 = 5e

y2,2 = 2f

y2,3 = 79

q0.in=e9 a0=e b0=9 a1=7 b1=2 a2=2 b2=b a3=9 b3=f a4=8 b4=a q0.out=a8 l1,3=14 q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a l0,3=dc q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=ba a0=b b0=a a1=1 b1=6 a2=8 b2=3 a3=b b3=1 a4=8 b4=9 q1.out=98 l1,2=9c q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l0,2=53 q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7

q0.in=8d a0=8 b0=d a1=5 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=c q0.out=c2 l1,1=8a q1.in=5e a0=5 b0=e a1=b b1=a a2=4 b2=a a3=e b3=1 a4=3 b4=9 q1.out=93 l0,1=8b q1.in=c0 a0=c b0=0 a1=c b1=c a2=0 b2=f a3=f b3=f a4=f b4=a q1.out=af

q1.in=71 a0=7 b0=1 a1=6 b1=7 a2=6 b2=7 a3=1 b3=d a4=c b4=0 q1.out=0c l1,0=18 q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l0,0=81 q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc

q0.in=40 a0=4 b0=0 a1=4 b1=4 a2=6 b2=1 a3=7 b3=e a4=0 b4=c q0.out=c0 l1,3=14 q0.in=d8 a0=d b0=8 a1=5 b1=1 a2=f b2=c a3=3 b3=1 a4=e b4=7 q0.out=7e l0,3=dc q1.in=ff a0=f b0=f a1=0 b1=8 a2=2 b2=6 a3=4 b3=1 a4=1 b4=9 q1.out=91

q1.in=5e a0=5 b0=e a1=b b1=a a2=4 b2=a a3=e b3=1 a4=3 b4=9 q1.out=93 l1,2=9c q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75 l0,2=53 q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1

q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l1,1=8a q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l0,1=8b q1.in=55 a0=5 b0=5 a1=0 b1=7 a2=2 b2=7 a3=5 b3=9 a4=6 b4=4 q1.out=46

q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a l1,0=18 q1.in=8e a0=8 b0=e a1=6 b1=f a2=6 b2=8 a3=e b3=2 a4=3 b4=5 q1.out=53 l0,0=81 q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90

y0 = 1f	y1 = a7	y2 = af	y3 = dc	y0 = 91	y1 = c1	y2 = 46	y3 = 90
MDS input = Y = y0y1y2y3 = 1fa7afdc				MDS input = Y = y0y1y2y3 = 91c14690

MDS output = Z = z0z1z2z3 = 19240788

MDS output = Z = z0z1z2z3 = b9c002a6

z0 = 19

z1 = 24

z2 = 07

z3 = 88

z0 = b9

z1 = c0

z2 = 02

z3 = a6

T0 = g(R0) = 19240788

T1 = g(ROL(R1, 8)) = b9c002a6

F14,0 = (T0 + T1 + K36) mod 232 = (19240788 + b9c002a6 + e4ffcbcc) mod 232 = (88072419(big endian) + a602c0b9(big endian) + cccbffe4(big endian)) mod 232 = fad5e4b6(big endian) = b6e4d5fa.

F14,1 = (T0 + 2T1 + K37) mod 232 = (19240788 + 2[b9c002a6] + fd60441f) mod 232 = (88072419(big endian) + 2[a602c0b9(big endian)] + 1f4460fd(big endian)) mod 232 = (88072419(big endian) + 4c058172(big endian) + 1f4460fd(big endian)) mod 232 = f3510688(big endian) = 880651f3.

R15,0  =  ROR(R14, 2    F14,0,1) =  ROR(b2c2220f    b6e4d5fa, 1) =  ROR(0426f7f5, 1) =  ROR(f5f72604(big endian), 1) =  7afb9302(big endian) =  0293fb7a

R15,1  =  ROL(R14, 3,  1)    F14,1) =  ROL(cf130547,  1)    880651f3 =  ROL(470513cf(big endian),  1)    880651f3 =  8e0a279e(big endian)    880651f3 =  9e270a8e   880651f3 =  16215b7d.

R15,2 = R14,0 = e9ba8d71

R15,3 = R14,1 = 5e2f7940

 

Encryption of block 3, round r=15

g input = X = x0x1x2x3 = R15,0 = 0293fb7a

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(16215b7d ,  8) = ROL(7d5b2116(big endian),  8) = 5b21167d(big endian) = 7d16215b.

x0 = 02

x1 = 93

x2 = fb

x3 = 7a

x0 = 7d

x1 = 16

x2 = 21

x3 = 5b

y2,0 = 02

y2,1 = 93

y2,2 = fb

y2,3 = 7a

y2,0 = 7d

y2,1 = 16

y2,2 = 21

y2,3 = 5b

q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3 l1,3=14 q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l0,3=dc q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,2=9c q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l0,2=53 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

q0.in=fb a0=f b0=b a1=4 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=4 q0.out=42 l1,1=8a q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,1=8b q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4

q1.in=7a a0=7 b0=a a1=d b1=a a2=a b2=a a3=0 b3=f a4=4 b4=a q1.out=a4 l1,0=18 q1.in=b0 a0=b b0=0 a1=b b1=3 a2=4 b2=b a3=f b3=9 a4=f b4=4 q1.out=4f l0,0=81 q0.in=93 a0=9 b0=3 a1=a b1=8 a2=5 b2=f a3=a b3=2 a4=f b4=f q0.out=ff

q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08 l1,3=14 q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d l0,3=dc q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=9c q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l0,2=53 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=0 b4=d q0.out=d0 l1,1=8a q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,1=8b q1.in=2f a0=2 b0=f a1=d b1=d a2=a b2=9 a3=3 b3=6 a4=5 b4=d q1.out=d5

q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l1,0=18 q1.in=df a0=d b0=f a1=2 b1=a a2=b b2=a a3=1 b3=6 a4=c b4=d q1.out=dc l0,0=81 q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9

y0 = a5	y1 = f1	y2 = c4	y3 = ff	y0 = ef	y1 = 4c	y2 = d5	y3 = a9
MDS input = Y = y0y1y2y3 = a5f1c4ff				MDS input = Y = y0y1y2y3 = ef4cd5a9

MDS output = Z = z0z1z2z3 = 25e58678

MDS output = Z = z0z1z2z3 = f58e4a08

z0 = 25

z1 = e5

z2 = 86

z3 = 78

z0 = f5

z1 = 8e

z2 = 4a

z3 = 08

T0 = g(R0) = 25e58678

T1 = g(ROL(R1, 8)) = f58e4a08

F15,0 = (T0 + T1 + K38) mod 232 = (25e58678 + f58e4a08 + aadffd38) mod 232 = (7886e525(big endian) + 084a8ef5(big endian) + 38fddfaa(big endian)) mod 232 = b9cf53c4(big endian) = c453cfb9.

F15,1 = (T0 + 2T1 + K39) mod 232 = (25e58678 + 2[f58e4a08] + 56f4c1eb) mod 232 = (7886e525(big endian) + 2[084a8ef5(big endian)] + ebc1f456(big endian)) mod 232 = (7886e525(big endian) + 10951dea(big endian) + ebc1f456(big endian)) mod 232 = 74ddf765(big endian) = 65f7dd74.

R16,0  =  ROR(R15, 2    F15,0,1) =  ROR(e9ba8d71    c453cfb9, 1) =  ROR(2de942c8, 1) =  ROR(c842e92d(big endian), 1) =  e4217496(big endian) =  967421e4

R16,1  =  ROL(R15, 3,  1)    F15,1) =  ROL(5e2f7940,  1)    65f7dd74 =  ROL(40792f5e(big endian),  1)    65f7dd74 =  80f25ebc(big endian)    65f7dd74 =  bc5ef280   65f7dd74 =  d9a92ff4.

R16,2 = R15,0 = 0293fb7a

R16,3 = R15,1 = 16215b7d

 

Encryption of block 3 : Output Whiten

C0 = R16,2 mod 4    K0+4 = R16,2    K4 = 0293fb7a    f57ea21f  =  f7ed5965

C1 = R16,3 mod 4    K1+4 = R16,3    K5 = 16215b7d    e005f378  =  f624a805

C2 = R16,4 mod 4    K2+4 = R16,0    K6 = 967421e4    314b4d98  =  a73f6c7c

C3 = R16,5 mod 4    K3+4 = R16,1    K7 = d9a92ff4    c9a88d6f  =  1001a29b

 

Encryption of block 3: Ciphertext result

c0 = [C0 2[8(0 mod 4)]] mod 28 = [f7ed5965 20] mod 28 = [6559edf7(big endian) 20] mod 28 = f7

c1 = [C0 2[8(1 mod 4)]] mod 28 = [f7ed5965 28] mod 28 = [6559edf7(big endian) 28] mod 28 = ed

c2 = [C0 2[8(2 mod 4)]] mod 28 = [f7ed5965 216] mod 28 = [6559edf7(big endian) 216] mod 28 = 59

c3 = [C0 2[8(3 mod 4)]] mod 28 = [f7ed5965 224] mod 28 = [6559edf7(big endian) 224] mod 28 = 65

c4 = [C1 2[8(4 mod 4)]] mod 28 = [f624a805 20] mod 28 = [05a824f6(big endian) 20] mod 28 = f6

c5 = [C1 2[8(5 mod 4)]] mod 28 = [f624a805 28] mod 28 = [05a824f6(big endian) 28] mod 28 = 24

c6 = [C1 2[8(6 mod 4)]] mod 28 = [f624a805 216] mod 28 = [05a824f6(big endian) 216] mod 28 = a8

c7 = [C1 2[8(7 mod 4)]] mod 28 = [f624a805 224] mod 28 = [05a824f6(big endian) 224] mod 28 = 05

c8 = [C2 2[8(8 mod 4)]] mod 28 = [a73f6c7c 20] mod 28 = [7c6c3fa7(big endian) 20] mod 28 = a7

c9 = [C2 2[8(9 mod 4)]] mod 28 = [a73f6c7c 28] mod 28 = [7c6c3fa7(big endian) 28] mod 28 = 3f

c10 = [C2 2[8(10 mod 4)]] mod 28 = [a73f6c7c 216] mod 28 = [7c6c3fa7(big endian) 216] mod 28 = 6c

c11 = [C2 2[8(11 mod 4)]] mod 28 = [a73f6c7c 224] mod 28 = [7c6c3fa7(big endian) 224] mod 28 = 7c

c12 = [C3 2[8(12 mod 4)]] mod 28 = [1001a29b 20] mod 28 = [9ba20110(big endian) 20] mod 28 = 10

c13 = [C3 2[8(13 mod 4)]] mod 28 = [1001a29b 28] mod 28 = [9ba20110(big endian) 28] mod 28 = 01

c14 = [C3 2[8(14 mod 4)]] mod 28 = [1001a29b 216] mod 28 = [9ba20110(big endian) 216] mod 28 = a2

c15 = [C3 2[8(15 mod 4)]] mod 28 = [1001a29b 224] mod 28 = [9ba20110(big endian) 224] mod 28 = 9b

Ciphertext block output = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = f7ed5965f624a805a73f6c7c1001a29b

 

Encryption start: block 4

128-bit plaintext block = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = 90afaf1bb288884f2c3232239b2626e6

P0 = p0p1p2p3 = 90afe91b	P1 = p4p5p6p7 = b288544f
P2 = p8p9p10p11 = 2c32dc23	P3 = p12p13p14p15 = 9b2635e6

 

Encryption of block 4 : Encryption CBC step: Xor of plaintext block with ciphertext result of previous block

P '0 = P0 C0(previous round) = 90afe91b f7ed5965 = 6742b07e

P '1 = P1 C1(previous round) = b288544f f624a805 = 44acfc4a

P '2 = P2 C2(previous round) = 2c32dc23 a73f6c7c = 8b0db05f

P '3 = P3 C3(previous round) = 9b2635e6 1001a29b = 8b27977d

 

Encryption Input Whiten : Block 4

R0,0 = P '0 K0 = 6742b07e 9bf1826a = fcb33214

R0,1 = P '1 K1 = 44acfc4a 02229b50 = 468e671a

R0,2 = P '2 K2 = 8b0db05f ea11ea78 = 611c5a27

R0,3 = P '3 K3 = 8b27977d ae0b98a1 = 252c0fdc

 

Encryption of block 4, round r=0

g input = X = x0x1x2x3 = R0,0 = fcb33214

g input = X = x0x1x2x3 = ROL(R0,1,  8) = ROL(468e671a ,  8) = ROL(1a678e46(big endian),  8) = 678e461a(big endian) = 1a468e67.

x0 = fc

x1 = b3

x2 = 32

x3 = 14

x0 = 1a

x1 = 46

x2 = 8e

x3 = 67

y2,0 = fc

y2,1 = b3

y2,2 = 32

y2,3 = 14

y2,0 = 1a

y2,1 = 46

y2,2 = 8e

y2,3 = 67

q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a l1,3=14 q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd l0,3=dc q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92

q1.in=b3 a0=b b0=3 a1=8 b1=a a2=3 b2=a a3=9 b3=e a4=e b4=8 q1.out=8e l1,2=9c q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l0,2=53 q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90

q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l1,1=8a q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l0,1=8b q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40

q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37 l1,0=18 q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b l0,0=81 q0.in=87 a0=8 b0=7 a1=f b1=3 a2=4 b2=8 a3=c b3=0 a4=2 b4=d q0.out=d2

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,3=14 q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l0,3=dc q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4

q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62 l1,2=9c q0.in=e8 a0=e b0=8 a1=6 b1=a a2=3 b2=a a3=9 b3=e a4=8 b4=c q0.out=c8 l0,2=53 q0.in=43 a0=4 b0=3 a1=7 b1=d a2=2 b2=0 a3=2 b3=2 a4=5 b4=f q0.out=f5

q0.in=8e a0=8 b0=e a1=6 b1=f a2=3 b2=d a3=e b3=5 a4=7 b4=2 q0.out=27 l1,1=8a q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l0,1=8b q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db

q1.in=67 a0=6 b0=7 a1=1 b1=d a2=8 b2=9 a3=1 b3=4 a4=c b4=c q1.out=cc l1,0=18 q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e l0,0=81 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb

y0 = 92	y1 = 90	y2 = 40	y3 = d2	y0 = f4	y1 = f5	y2 = db	y3 = cb
MDS input = Y = y0y1y2y3 = 929040d2				MDS input = Y = y0y1y2y3 = f4f5dbcb

MDS output = Z = z0z1z2z3 = 6c5c84f9

MDS output = Z = z0z1z2z3 = bc843c8b

z0 = 6c

z1 = 5c

z2 = 84

z3 = f9

z0 = bc

z1 = 84

z2 = 3c

z3 = 8b

T0 = g(R0) = 6c5c84f9

T1 = g(ROL(R1, 8)) = bc843c8b

F0,0 = (T0 + T1 + K8) mod 232 = (6c5c84f9 + bc843c8b + f595a22f) mod 232 = (f9845c6c(big endian) + 8b3c84bc(big endian) + 2fa295f5(big endian)) mod 232 = b463771d(big endian) = 1d7763b4.

F0,1 = (T0 + 2T1 + K9) mod 232 = (6c5c84f9 + 2[bc843c8b] + b3c6caca) mod 232 = (f9845c6c(big endian) + 2[8b3c84bc(big endian)] + cacac6b3(big endian)) mod 232 = (f9845c6c(big endian) + 16790978(big endian) + cacac6b3(big endian)) mod 232 = dac82c97(big endian) = 972cc8da.

R1,0  =  ROR(R0, 2    F0,0,1) =  ROR(611c5a27    1d7763b4, 1) =  ROR(7c6b3993, 1) =  ROR(93396b7c(big endian), 1) =  499cb5be(big endian) =  beb59c49

R1,1  =  ROL(R0, 3,  1)    F0,1) =  ROL(252c0fdc,  1)    972cc8da =  ROL(dc0f2c25(big endian),  1)    972cc8da =  b81e584b(big endian)    972cc8da =  4b581eb8   972cc8da =  dc74d662.

R1,2 = R0,0 = fcb33214

R1,3 = R0,1 = 468e671a

 

Encryption of block 4, round r=1

g input = X = x0x1x2x3 = R1,0 = beb59c49

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(dc74d662 ,  8) = ROL(62d674dc(big endian),  8) = d674dc62(big endian) = 62dc74d6.

x0 = be

x1 = b5

x2 = 9c

x3 = 49

x0 = 62

x1 = dc

x2 = 74

x3 = d6

y2,0 = be

y2,1 = b5

y2,2 = 9c

y2,3 = 49

y2,0 = 62

y2,1 = dc

y2,2 = 74

y2,3 = d6

q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7 l1,3=14 q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l0,3=dc q1.in=db a0=d b0=b a1=6 b1=8 a2=6 b2=6 a3=0 b3=5 a4=4 b4=3 q1.out=34

q1.in=b5 a0=b b0=5 a1=e b1=9 a2=c b2=d a3=1 b3=2 a4=c b4=5 q1.out=5c l1,2=9c q0.in=d6 a0=d b0=6 a1=b b1=6 a2=9 b2=3 a3=a b3=8 a4=f b4=9 q0.out=9f l0,2=53 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18

q0.in=9c a0=9 b0=c a1=5 b1=7 a2=f b2=5 a3=a b3=d a4=f b4=5 q0.out=5f l1,1=8a q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe l0,1=8b q1.in=ad a0=a b0=d a1=7 b1=4 a2=e b2=4 a3=a b3=c a4=d b4=2 q1.out=2d

q1.in=49 a0=4 b0=9 a1=d b1=8 a2=a b2=6 a3=c b3=9 a4=2 b4=4 q1.out=42 l1,0=18 q1.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=0 a3=d b3=5 a4=b b4=3 q1.out=3b l0,0=81 q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8

q0.in=62 a0=6 b0=2 a1=4 b1=7 a2=6 b2=5 a3=3 b3=c a4=e b4=8 q0.out=8e l1,3=14 q0.in=96 a0=9 b0=6 a1=f b1=2 a2=4 b2=b a3=f b3=9 a4=1 b4=b q0.out=b1 l0,3=dc q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0

q1.in=dc a0=d b0=c a1=1 b1=3 a2=8 b2=b a3=3 b3=5 a4=5 b4=3 q1.out=35 l1,2=9c q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l0,2=53 q0.in=d1 a0=d b0=1 a1=c b1=d a2=e b2=0 a3=e b3=e a4=7 b4=c q0.out=c7

q0.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=0 a3=d b3=5 a4=4 b4=2 q0.out=24 l1,1=8a q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l0,1=8b q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf

q1.in=d6 a0=d b0=6 a1=b b1=6 a2=4 b2=3 a3=7 b3=d a4=a b4=0 q1.out=0a l1,0=18 q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l0,0=81 q0.in=da a0=d b0=a a1=7 b1=0 a2=2 b2=e a3=c b3=5 a4=2 b4=2 q0.out=22

y0 = 34	y1 = 18	y2 = 2d	y3 = f8	y0 = a0	y1 = c7	y2 = cf	y3 = 22
MDS input = Y = y0y1y2y3 = 34182df8				MDS input = Y = y0y1y2y3 = a0c7cf22

MDS output = Z = z0z1z2z3 = 9c0daa23

MDS output = Z = z0z1z2z3 = e3a48040

z0 = 9c

z1 = 0d

z2 = aa

z3 = 23

z0 = e3

z1 = a4

z2 = 80

z3 = 40

T0 = g(R0) = 9c0daa23

T1 = g(ROL(R1, 8)) = e3a48040

F1,0 = (T0 + T1 + K10) mod 232 = (9c0daa23 + e3a48040 + 22166ed7) mod 232 = (23aa0d9c(big endian) + 4080a4e3(big endian) + d76e1622(big endian)) mod 232 = 3b98c8a1(big endian) = a1c8983b.

F1,1 = (T0 + 2T1 + K11) mod 232 = (9c0daa23 + 2[e3a48040] + 2547a011) mod 232 = (23aa0d9c(big endian) + 2[4080a4e3(big endian)] + 11a04725(big endian)) mod 232 = (23aa0d9c(big endian) + 810149c6(big endian) + 11a04725(big endian)) mod 232 = b64b9e87(big endian) = 879e4bb6.

R2,0  =  ROR(R1, 2    F1,0,1) =  ROR(fcb33214    a1c8983b, 1) =  ROR(5d7baa2f, 1) =  ROR(2faa7b5d(big endian), 1) =  97d53dae(big endian) =  ae3dd597

R2,1  =  ROL(R1, 3,  1)    F1,1) =  ROL(468e671a,  1)    879e4bb6 =  ROL(1a678e46(big endian),  1)    879e4bb6 =  34cf1c8c(big endian)    879e4bb6 =  8c1ccf34   879e4bb6 =  0b828482.

R2,2 = R1,0 = beb59c49

R2,3 = R1,1 = dc74d662

 

Encryption of block 4, round r=2

g input = X = x0x1x2x3 = R2,0 = ae3dd597

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(0b828482 ,  8) = ROL(8284820b(big endian),  8) = 84820b82(big endian) = 820b8284.

x0 = ae

x1 = 3d

x2 = d5

x3 = 97

x0 = 82

x1 = 0b

x2 = 82

x3 = 84

y2,0 = ae

y2,1 = 3d

y2,2 = d5

y2,3 = 97

y2,0 = 82

y2,1 = 0b

y2,2 = 82

y2,3 = 84

q0.in=ae a0=a b0=e a1=4 b1=d a2=6 b2=0 a3=6 b3=6 a4=9 b4=6 q0.out=69 l1,3=14 q0.in=71 a0=7 b0=1 a1=6 b1=7 a2=3 b2=5 a3=6 b3=1 a4=9 b4=7 q0.out=79 l0,3=dc q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16

q1.in=3d a0=3 b0=d a1=e b1=5 a2=c b2=c a3=0 b3=a a4=4 b4=7 q1.out=74 l1,2=9c q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1 l0,2=53 q0.in=4a a0=4 b0=a a1=e b1=1 a2=a b2=c a3=6 b3=c a4=9 b4=8 q0.out=89

q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l1,1=8a q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l0,1=8b q1.in=99 a0=9 b0=9 a1=0 b1=d a2=2 b2=9 a3=b b3=e a4=8 b4=8 q1.out=88

q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l1,0=18 q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l0,0=81 q0.in=0c a0=0 b0=c a1=c b1=6 a2=e b2=3 a3=d b3=7 a4=4 b4=e q0.out=e4

q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa l1,3=14 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,3=dc q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7

q1.in=0b a0=0 b0=b a1=b b1=d a2=4 b2=9 a3=d b3=8 a4=b b4=6 q1.out=6b l1,2=9c q0.in=e1 a0=e b0=1 a1=f b1=6 a2=4 b2=3 a3=7 b3=d a4=0 b4=5 q0.out=50 l0,2=53 q0.in=db a0=d b0=b a1=6 b1=8 a2=3 b2=f a3=c b3=4 a4=2 b4=1 q0.out=12

q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa l1,1=8a q1.in=36 a0=3 b0=6 a1=5 b1=8 a2=7 b2=6 a3=1 b3=c a4=c b4=2 q1.out=2c l0,1=8b q1.in=7f a0=7 b0=f a1=8 b1=0 a2=3 b2=1 a3=2 b3=3 a4=7 b4=1 q1.out=17

q1.in=84 a0=8 b0=4 a1=c b1=a a2=0 b2=a a3=a b3=5 a4=d b4=3 q1.out=3d l1,0=18 q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1 l0,0=81 q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13

y0 = 16	y1 = 89	y2 = 88	y3 = e4	y0 = f7	y1 = 12	y2 = 17	y3 = 13
MDS input = Y = y0y1y2y3 = 168988e4				MDS input = Y = y0y1y2y3 = f7121713

MDS output = Z = z0z1z2z3 = 60ac7a16

MDS output = Z = z0z1z2z3 = 59df1a43

z0 = 60

z1 = ac

z2 = 7a

z3 = 16

z0 = 59

z1 = df

z2 = 1a

z3 = 43

T0 = g(R0) = 60ac7a16

T1 = g(ROL(R1, 8)) = 59df1a43

F2,0 = (T0 + T1 + K12) mod 232 = (60ac7a16 + 59df1a43 + a38a1320) mod 232 = (167aac60(big endian) + 431adf59(big endian) + 20138aa3(big endian)) mod 232 = 79a9165c(big endian) = 5c16a979.

F2,1 = (T0 + 2T1 + K13) mod 232 = (60ac7a16 + 2[59df1a43] + 0813350e) mod 232 = (167aac60(big endian) + 2[431adf59(big endian)] + 0e351308(big endian)) mod 232 = (167aac60(big endian) + 8635beb2(big endian) + 0e351308(big endian)) mod 232 = aae57e1a(big endian) = 1a7ee5aa.

R3,0  =  ROR(R2, 2    F2,0,1) =  ROR(beb59c49    5c16a979, 1) =  ROR(e2a33530, 1) =  ROR(3035a3e2(big endian), 1) =  181ad1f1(big endian) =  f1d11a18

R3,1  =  ROL(R2, 3,  1)    F2,1) =  ROL(dc74d662,  1)    1a7ee5aa =  ROL(62d674dc(big endian),  1)    1a7ee5aa =  c5ace9b8(big endian)    1a7ee5aa =  b8e9acc5   1a7ee5aa =  a297496f.

R3,2 = R2,0 = ae3dd597

R3,3 = R2,1 = 0b828482

 

Encryption of block 4, round r=3

g input = X = x0x1x2x3 = R3,0 = f1d11a18

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(a297496f ,  8) = ROL(6f4997a2(big endian),  8) = 4997a26f(big endian) = 6fa29749.

x0 = f1

x1 = d1

x2 = 1a

x3 = 18

x0 = 6f

x1 = a2

x2 = 97

x3 = 49

y2,0 = f1

y2,1 = d1

y2,2 = 1a

y2,3 = 18

y2,0 = 6f

y2,1 = a2

y2,2 = 97

y2,3 = 49

q0.in=f1 a0=f b0=1 a1=e b1=f a2=a b2=d a3=7 b3=4 a4=0 b4=1 q0.out=10 l1,3=14 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l0,3=dc q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b

q1.in=d1 a0=d b0=1 a1=c b1=d a2=0 b2=9 a3=9 b3=c a4=e b4=2 q1.out=2e l1,2=9c q0.in=a4 a0=a b0=4 a1=e b1=8 a2=a b2=f a3=5 b3=5 a4=d b4=2 q0.out=2d l0,2=53 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,1=8a q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l0,1=8b q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c

q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l1,0=18 q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l0,0=81 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6

q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l1,3=14 q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l0,3=dc q1.in=f6 a0=f b0=6 a1=9 b1=4 a2=1 b2=4 a3=5 b3=b a4=6 b4=f q1.out=f6

q1.in=a2 a0=a b0=2 a1=8 b1=b a2=3 b2=5 a3=6 b3=1 a4=9 b4=9 q1.out=99 l1,2=9c q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l0,2=53 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98

q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab l1,1=8a q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3 l0,1=8b q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=49 a0=4 b0=9 a1=d b1=8 a2=a b2=6 a3=c b3=9 a4=2 b4=4 q1.out=42 l1,0=18 q1.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=0 a3=d b3=5 a4=b b4=3 q1.out=3b l0,0=81 q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8

y0 = 1b	y1 = 8f	y2 = 7c	y3 = b6	y0 = f6	y1 = 98	y2 = d7	y3 = f8
MDS input = Y = y0y1y2y3 = 1b8f7cb6				MDS input = Y = y0y1y2y3 = f698d7f8

MDS output = Z = z0z1z2z3 = e6a900b7

MDS output = Z = z0z1z2z3 = cea6d789

z0 = e6

z1 = a9

z2 = 00

z3 = b7

z0 = ce

z1 = a6

z2 = d7

z3 = 89

T0 = g(R0) = e6a900b7

T1 = g(ROL(R1, 8)) = cea6d789

F3,0 = (T0 + T1 + K14) mod 232 = (e6a900b7 + cea6d789 + 281a4854) mod 232 = (b700a9e6(big endian) + 89d7a6ce(big endian) + 54481a28(big endian)) mod 232 = 95206adc(big endian) = dc6a2095.

F3,1 = (T0 + 2T1 + K15) mod 232 = (e6a900b7 + 2[cea6d789] + a0ddfa24) mod 232 = (b700a9e6(big endian) + 2[89d7a6ce(big endian)] + 24fadda0(big endian)) mod 232 = (b700a9e6(big endian) + 13af4d9c(big endian) + 24fadda0(big endian)) mod 232 = efaad522(big endian) = 22d5aaef.

R4,0  =  ROR(R3, 2    F3,0,1) =  ROR(ae3dd597    dc6a2095, 1) =  ROR(7257f502, 1) =  ROR(02f55772(big endian), 1) =  017aabb9(big endian) =  b9ab7a01

R4,1  =  ROL(R3, 3,  1)    F3,1) =  ROL(0b828482,  1)    22d5aaef =  ROL(8284820b(big endian),  1)    22d5aaef =  05090417(big endian)    22d5aaef =  17040905   22d5aaef =  35d1a3ea.

R4,2 = R3,0 = f1d11a18

R4,3 = R3,1 = a297496f

 

Encryption of block 4, round r=4

g input = X = x0x1x2x3 = R4,0 = b9ab7a01

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(35d1a3ea ,  8) = ROL(eaa3d135(big endian),  8) = a3d135ea(big endian) = ea35d1a3.

x0 = b9

x1 = ab

x2 = 7a

x3 = 01

x0 = ea

x1 = 35

x2 = d1

x3 = a3

y2,0 = b9

y2,1 = ab

y2,2 = 7a

y2,3 = 01

y2,0 = ea

y2,1 = 35

y2,2 = d1

y2,3 = a3

q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l1,3=14 q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l0,3=dc q1.in=3b a0=3 b0=b a1=8 b1=6 a2=3 b2=3 a3=0 b3=2 a4=4 b4=5 q1.out=54

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l1,0=18 q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab l0,0=81 q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8

q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l1,3=14 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e l0,3=dc q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48

q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l1,2=9c q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,2=53 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b

q0.in=d1 a0=d b0=1 a1=c b1=d a2=e b2=0 a3=e b3=e a4=7 b4=c q0.out=c7 l1,1=8a q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l0,1=8b q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,0=18 q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,0=81 q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b

y0 = 54	y1 = 72	y2 = c7	y3 = d8	y0 = 48	y1 = 4b	y2 = 81	y3 = 1b
MDS input = Y = y0y1y2y3 = 5472c7d8				MDS input = Y = y0y1y2y3 = 484b811b

MDS output = Z = z0z1z2z3 = 41b5f438

MDS output = Z = z0z1z2z3 = 666802c9

z0 = 41

z1 = b5

z2 = f4

z3 = 38

z0 = 66

z1 = 68

z2 = 02

z3 = c9

T0 = g(R0) = 41b5f438

T1 = g(ROL(R1, 8)) = 666802c9

F4,0 = (T0 + T1 + K16) mod 232 = (41b5f438 + 666802c9 + 19c3630c) mod 232 = (38f4b541(big endian) + c9026866(big endian) + 0c63c319(big endian)) mod 232 = 0e5ae0c0(big endian) = c0e05a0e.

F4,1 = (T0 + 2T1 + K17) mod 232 = (41b5f438 + 2[666802c9] + 5bc0b2cc) mod 232 = (38f4b541(big endian) + 2[c9026866(big endian)] + ccb2c05b(big endian)) mod 232 = (38f4b541(big endian) + 9204d0cc(big endian) + ccb2c05b(big endian)) mod 232 = 97ac4668(big endian) = 6846ac97.

R5,0  =  ROR(R4, 2    F4,0,1) =  ROR(f1d11a18    c0e05a0e, 1) =  ROR(31314016, 1) =  ROR(16403131(big endian), 1) =  8b201898(big endian) =  9818208b

R5,1  =  ROL(R4, 3,  1)    F4,1) =  ROL(a297496f,  1)    6846ac97 =  ROL(6f4997a2(big endian),  1)    6846ac97 =  de932f44(big endian)    6846ac97 =  442f93de   6846ac97 =  2c693f49.

R5,2 = R4,0 = b9ab7a01

R5,3 = R4,1 = 35d1a3ea

 

Encryption of block 4, round r=5

g input = X = x0x1x2x3 = R5,0 = 9818208b

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(2c693f49 ,  8) = ROL(493f692c(big endian),  8) = 3f692c49(big endian) = 492c693f.

x0 = 98

x1 = 18

x2 = 20

x3 = 8b

x0 = 49

x1 = 2c

x2 = 69

x3 = 3f

y2,0 = 98

y2,1 = 18

y2,2 = 20

y2,3 = 8b

y2,0 = 49

y2,1 = 2c

y2,2 = 69

y2,3 = 3f

q0.in=98 a0=9 b0=8 a1=1 b1=5 a2=1 b2=2 a3=3 b3=8 a4=e b4=9 q0.out=9e l1,3=14 q0.in=86 a0=8 b0=6 a1=e b1=b a2=a b2=6 a3=c b3=9 a4=2 b4=b q0.out=b2 l0,3=dc q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14

q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l1,2=9c q0.in=ba a0=b b0=a a1=1 b1=6 a2=1 b2=3 a3=2 b3=0 a4=5 b4=d q0.out=d5 l0,2=53 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e

q0.in=20 a0=2 b0=0 a1=2 b1=2 a2=7 b2=b a3=c b3=2 a4=2 b4=f q0.out=f2 l1,1=8a q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b l0,1=8b q1.in=78 a0=7 b0=8 a1=f b1=b a2=5 b2=5 a3=0 b3=7 a4=4 b4=e q1.out=e4

q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l1,0=18 q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l0,0=81 q0.in=96 a0=9 b0=6 a1=f b1=2 a2=4 b2=b a3=f b3=9 a4=1 b4=b q0.out=b1

q0.in=49 a0=4 b0=9 a1=d b1=8 a2=c b2=f a3=3 b3=3 a4=e b4=4 q0.out=4e l1,3=14 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l0,3=dc q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l1,2=9c q0.in=0a a0=0 b0=a a1=a b1=5 a2=5 b2=2 a3=7 b3=c a4=0 b4=8 q0.out=80 l0,2=53 q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78

q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l1,1=8a q1.in=eb a0=e b0=b a1=5 b1=3 a2=7 b2=b a3=c b3=2 a4=2 b4=5 q1.out=52 l0,1=8b q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3

q1.in=3f a0=3 b0=f a1=c b1=4 a2=0 b2=4 a3=4 b3=2 a4=1 b4=5 q1.out=51 l1,0=18 q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l0,0=81 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b

y0 = 14	y1 = 1e	y2 = e4	y3 = b1	y0 = a3	y1 = 78	y2 = f3	y3 = 4b
MDS input = Y = y0y1y2y3 = 141ee4b1				MDS input = Y = y0y1y2y3 = a378f34b

MDS output = Z = z0z1z2z3 = acad796d

MDS output = Z = z0z1z2z3 = 6f9833a3

z0 = ac

z1 = ad

z2 = 79

z3 = 6d

z0 = 6f

z1 = 98

z2 = 33

z3 = a3

T0 = g(R0) = acad796d

T1 = g(ROL(R1, 8)) = 6f9833a3

F5,0 = (T0 + T1 + K18) mod 232 = (acad796d + 6f9833a3 + d542f0e2) mod 232 = (6d79adac(big endian) + a333986f(big endian) + e2f042d5(big endian)) mod 232 = f39d88f0(big endian) = f0889df3.

F5,1 = (T0 + 2T1 + K19) mod 232 = (acad796d + 2[6f9833a3] + 9f8b15e9) mod 232 = (6d79adac(big endian) + 2[a333986f(big endian)] + e9158b9f(big endian)) mod 232 = (6d79adac(big endian) + 466730de(big endian) + e9158b9f(big endian)) mod 232 = 9cf66a29(big endian) = 296af69c.

R6,0  =  ROR(R5, 2    F5,0,1) =  ROR(b9ab7a01    f0889df3, 1) =  ROR(4923e7f2, 1) =  ROR(f2e72349(big endian), 1) =  f97391a4(big endian) =  a49173f9

R6,1  =  ROL(R5, 3,  1)    F5,1) =  ROL(35d1a3ea,  1)    296af69c =  ROL(eaa3d135(big endian),  1)    296af69c =  d547a26b(big endian)    296af69c =  6ba247d5   296af69c =  42c8b149.

R6,2 = R5,0 = 9818208b

R6,3 = R5,1 = 2c693f49

 

Encryption of block 4, round r=6

g input = X = x0x1x2x3 = R6,0 = a49173f9

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(42c8b149 ,  8) = ROL(49b1c842(big endian),  8) = b1c84249(big endian) = 4942c8b1.

x0 = a4

x1 = 91

x2 = 73

x3 = f9

x0 = 49

x1 = 42

x2 = c8

x3 = b1

y2,0 = a4

y2,1 = 91

y2,2 = 73

y2,3 = f9

y2,0 = 49

y2,1 = 42

y2,2 = c8

y2,3 = b1

q0.in=a4 a0=a b0=4 a1=e b1=8 a2=a b2=f a3=5 b3=5 a4=d b4=2 q0.out=2d l1,3=14 q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l0,3=dc q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29

q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l1,2=9c q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l0,2=53 q0.in=f4 a0=f b0=4 a1=b b1=5 a2=9 b2=2 a3=b b3=0 a4=3 b4=d q0.out=d3

q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l1,1=8a q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,1=8b q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e

q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l1,0=18 q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,0=81 q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc

q0.in=49 a0=4 b0=9 a1=d b1=8 a2=c b2=f a3=3 b3=3 a4=e b4=4 q0.out=4e l1,3=14 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l0,3=dc q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=42 a0=4 b0=2 a1=6 b1=5 a2=6 b2=c a3=a b3=0 a4=d b4=b q1.out=bd l1,2=9c q0.in=37 a0=3 b0=7 a1=4 b1=0 a2=6 b2=e a3=8 b3=1 a4=c b4=7 q0.out=7c l0,2=53 q0.in=f7 a0=f b0=7 a1=8 b1=c a2=0 b2=7 a3=7 b3=b a4=0 b4=0 q0.out=00

q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8 l1,1=8a q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l0,1=8b q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47

q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l1,0=18 q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l0,0=81 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01

y0 = 29	y1 = d3	y2 = 9e	y3 = cc	y0 = a3	y1 = 00	y2 = 47	y3 = 01
MDS input = Y = y0y1y2y3 = 29d39ecc				MDS input = Y = y0y1y2y3 = a3004701

MDS output = Z = z0z1z2z3 = 0f23d7b7

MDS output = Z = z0z1z2z3 = 404b28f4

z0 = 0f

z1 = 23

z2 = d7

z3 = b7

z0 = 40

z1 = 4b

z2 = 28

z3 = f4

T0 = g(R0) = 0f23d7b7

T1 = g(ROL(R1, 8)) = 404b28f4

F6,0 = (T0 + T1 + K20) mod 232 = (0f23d7b7 + 404b28f4 + 7b65df4c) mod 232 = (b7d7230f(big endian) + f4284b40(big endian) + 4cdf657b(big endian)) mod 232 = f8ded3ca(big endian) = cad3def8.

F6,1 = (T0 + 2T1 + K21) mod 232 = (0f23d7b7 + 2[404b28f4] + 2189e236) mod 232 = (b7d7230f(big endian) + 2[f4284b40(big endian)] + 36e28921(big endian)) mod 232 = (b7d7230f(big endian) + e8509680(big endian) + 36e28921(big endian)) mod 232 = d70a42b0(big endian) = b0420ad7.

R7,0  =  ROR(R6, 2    F6,0,1) =  ROR(9818208b    cad3def8, 1) =  ROR(52cbfe73, 1) =  ROR(73fecb52(big endian), 1) =  39ff65a9(big endian) =  a965ff39

R7,1  =  ROL(R6, 3,  1)    F6,1) =  ROL(2c693f49,  1)    b0420ad7 =  ROL(493f692c(big endian),  1)    b0420ad7 =  927ed258(big endian)    b0420ad7 =  58d27e92   b0420ad7 =  e8907445.

R7,2 = R6,0 = a49173f9

R7,3 = R6,1 = 42c8b149

 

Encryption of block 4, round r=7

g input = X = x0x1x2x3 = R7,0 = a965ff39

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(e8907445 ,  8) = ROL(457490e8(big endian),  8) = 7490e845(big endian) = 45e89074.

x0 = a9

x1 = 65

x2 = ff

x3 = 39

x0 = 45

x1 = e8

x2 = 90

x3 = 74

y2,0 = a9

y2,1 = 65

y2,2 = ff

y2,3 = 39

y2,0 = 45

y2,1 = e8

y2,2 = 90

y2,3 = 74

q0.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=7 b4=8 q0.out=87 l1,3=14 q0.in=9f a0=9 b0=f a1=6 b1=e a2=3 b2=9 a3=a b3=7 a4=f b4=e q0.out=ef l0,3=dc q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b

q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77 l1,2=9c q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e l0,2=53 q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=39 a0=3 b0=9 a1=a b1=7 a2=9 b2=7 a3=e b3=a a4=3 b4=7 q1.out=73 l1,0=18 q1.in=67 a0=6 b0=7 a1=1 b1=d a2=8 b2=9 a3=1 b3=4 a4=c b4=c q1.out=cc l0,0=81 q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,3=14 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l0,3=dc q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l1,2=9c q0.in=98 a0=9 b0=8 a1=1 b1=5 a2=1 b2=2 a3=3 b3=8 a4=e b4=9 q0.out=9e l0,2=53 q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7

q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20 l1,1=8a q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l0,1=8b q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5

q1.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=9 a3=4 b3=9 a4=1 b4=4 q1.out=41 l1,0=18 q1.in=55 a0=5 b0=5 a1=0 b1=7 a2=2 b2=7 a3=5 b3=9 a4=6 b4=4 q1.out=46 l0,0=81 q0.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=1 a3=c b3=d a4=2 b4=5 q0.out=52

y0 = 2b	y1 = c4	y2 = 5d	y3 = 0d	y0 = ca	y1 = f7	y2 = b5	y3 = 52
MDS input = Y = y0y1y2y3 = 2bc45d0d				MDS input = Y = y0y1y2y3 = caf7b552

MDS output = Z = z0z1z2z3 = f8df2074

MDS output = Z = z0z1z2z3 = 11d96300

z0 = f8

z1 = df

z2 = 20

z3 = 74

z0 = 11

z1 = d9

z2 = 63

z3 = 00

T0 = g(R0) = f8df2074

T1 = g(ROL(R1, 8)) = 11d96300

F7,0 = (T0 + T1 + K22) mod 232 = (f8df2074 + 11d96300 + 25d0b3fc) mod 232 = (7420dff8(big endian) + 0063d911(big endian) + fcb3d025(big endian)) mod 232 = 7138892e(big endian) = 2e893871.

F7,1 = (T0 + 2T1 + K23) mod 232 = (f8df2074 + 2[11d96300] + eb1e6ea6) mod 232 = (7420dff8(big endian) + 2[0063d911(big endian)] + a66e1eeb(big endian)) mod 232 = (7420dff8(big endian) + 00c7b222(big endian) + a66e1eeb(big endian)) mod 232 = 1b56b105(big endian) = 05b1561b.

R8,0  =  ROR(R7, 2    F7,0,1) =  ROR(a49173f9    2e893871, 1) =  ROR(8a184b88, 1) =  ROR(884b188a(big endian), 1) =  44258c45(big endian) =  458c2544

R8,1  =  ROL(R7, 3,  1)    F7,1) =  ROL(42c8b149,  1)    05b1561b =  ROL(49b1c842(big endian),  1)    05b1561b =  93639084(big endian)    05b1561b =  84906393   05b1561b =  81213588.

R8,2 = R7,0 = a965ff39

R8,3 = R7,1 = e8907445

 

Encryption of block 4, round r=8

g input = X = x0x1x2x3 = R8,0 = 458c2544

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(81213588 ,  8) = ROL(88352181(big endian),  8) = 35218188(big endian) = 88812135.

x0 = 45

x1 = 8c

x2 = 25

x3 = 44

x0 = 88

x1 = 81

x2 = 21

x3 = 35

y2,0 = 45

y2,1 = 8c

y2,2 = 25

y2,3 = 44

y2,0 = 88

y2,1 = 81

y2,2 = 21

y2,3 = 35

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,3=14 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l0,3=dc q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef l1,2=9c q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l0,2=53 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

q0.in=25 a0=2 b0=5 a1=7 b1=8 a2=2 b2=f a3=d b3=d a4=4 b4=5 q0.out=54 l1,1=8a q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce l0,1=8b q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a

q1.in=44 a0=4 b0=4 a1=0 b1=6 a2=2 b2=3 a3=1 b3=b a4=c b4=f q1.out=fc l1,0=18 q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l0,0=81 q0.in=ce a0=c b0=e a1=2 b1=b a2=7 b2=6 a3=1 b3=c a4=a b4=8 q0.out=8a

q0.in=88 a0=8 b0=8 a1=0 b1=c a2=8 b2=7 a3=f b3=3 a4=1 b4=4 q0.out=41 l1,3=14 q0.in=59 a0=5 b0=9 a1=c b1=1 a2=e b2=c a3=2 b3=8 a4=5 b4=9 q0.out=95 l0,3=dc q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37

q1.in=81 a0=8 b0=1 a1=9 b1=0 a2=1 b2=1 a3=0 b3=1 a4=4 b4=9 q1.out=94 l1,2=9c q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l0,2=53 q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48

q0.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=0 b4=d q0.out=d0 l1,1=8a q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,1=8b q1.in=2f a0=2 b0=f a1=d b1=d a2=a b2=9 a3=3 b3=6 a4=5 b4=d q1.out=d5

q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l1,0=18 q1.in=84 a0=8 b0=4 a1=c b1=a a2=0 b2=a a3=a b3=5 a4=d b4=3 q1.out=3d l0,0=81 q0.in=e1 a0=e b0=1 a1=f b1=6 a2=4 b2=3 a3=7 b3=d a4=0 b4=5 q0.out=50

y0 = ca	y1 = 73	y2 = 1a	y3 = 8a	y0 = 37	y1 = 48	y2 = d5	y3 = 50
MDS input = Y = y0y1y2y3 = ca731a8a				MDS input = Y = y0y1y2y3 = 3748d550

MDS output = Z = z0z1z2z3 = 726febe3

MDS output = Z = z0z1z2z3 = b79e9813

z0 = 72

z1 = 6f

z2 = eb

z3 = e3

z0 = b7

z1 = 9e

z2 = 98

z3 = 13

T0 = g(R0) = 726febe3

T1 = g(ROL(R1, 8)) = b79e9813

F8,0 = (T0 + T1 + K24) mod 232 = (726febe3 + b79e9813 + 97054619) mod 232 = (e3eb6f72(big endian) + 13989eb7(big endian) + 19460597(big endian)) mod 232 = 10ca13c0(big endian) = c013ca10.

F8,1 = (T0 + 2T1 + K25) mod 232 = (726febe3 + 2[b79e9813] + ccf7f077) mod 232 = (e3eb6f72(big endian) + 2[13989eb7(big endian)] + 77f0f7cc(big endian)) mod 232 = (e3eb6f72(big endian) + 27313d6e(big endian) + 77f0f7cc(big endian)) mod 232 = 830da4ac(big endian) = aca40d83.

R9,0  =  ROR(R8, 2    F8,0,1) =  ROR(a965ff39    c013ca10, 1) =  ROR(69763529, 1) =  ROR(29357669(big endian), 1) =  949abb34(big endian) =  34bb9a94

R9,1  =  ROL(R8, 3,  1)    F8,1) =  ROL(e8907445,  1)    aca40d83 =  ROL(457490e8(big endian),  1)    aca40d83 =  8ae921d0(big endian)    aca40d83 =  d021e98a   aca40d83 =  7c85e409.

R9,2 = R8,0 = 458c2544

R9,3 = R8,1 = 81213588

 

Encryption of block 4, round r=9

g input = X = x0x1x2x3 = R9,0 = 34bb9a94

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(7c85e409 ,  8) = ROL(09e4857c(big endian),  8) = e4857c09(big endian) = 097c85e4.

x0 = 34

x1 = bb

x2 = 9a

x3 = 94

x0 = 09

x1 = 7c

x2 = 85

x3 = e4

y2,0 = 34

y2,1 = bb

y2,2 = 9a

y2,3 = 94

y2,0 = 09

y2,1 = 7c

y2,2 = 85

y2,3 = e4

q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l1,3=14 q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14 l0,3=dc q1.in=95 a0=9 b0=5 a1=c b1=b a2=0 b2=5 a3=5 b3=a a4=6 b4=7 q1.out=76

q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l1,2=9c q0.in=dd a0=d b0=d a1=0 b1=b a2=8 b2=6 a3=e b3=b a4=7 b4=0 q0.out=07 l0,2=53 q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31

q0.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=1 a3=c b3=d a4=2 b4=5 q0.out=52 l1,1=8a q1.in=ce a0=c b0=e a1=2 b1=b a2=b b2=5 a3=e b3=9 a4=3 b4=4 q1.out=43 l0,1=8b q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6

q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec l1,0=18 q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16 l0,0=81 q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0

q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l1,3=14 q0.in=8a a0=8 b0=a a1=2 b1=d a2=7 b2=0 a3=7 b3=f a4=0 b4=a q0.out=a0 l0,3=dc q1.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=a b4=b q1.out=ba

q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l1,2=9c q0.in=f4 a0=f b0=4 a1=b b1=5 a2=9 b2=2 a3=b b3=0 a4=3 b4=d q0.out=d3 l0,2=53 q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc

q0.in=85 a0=8 b0=5 a1=d b1=2 a2=c b2=b a3=7 b3=1 a4=0 b4=7 q0.out=70 l1,1=8a q1.in=ec a0=e b0=c a1=2 b1=8 a2=b b2=6 a3=d b3=0 a4=b b4=b q1.out=bb l0,1=8b q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12

q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89 l1,0=18 q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l0,0=81 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

y0 = 76	y1 = 31	y2 = d6	y3 = b0	y0 = ba	y1 = cc	y2 = 12	y3 = 4c
MDS input = Y = y0y1y2y3 = 7631d6b0				MDS input = Y = y0y1y2y3 = bacc124c

MDS output = Z = z0z1z2z3 = 76989175

MDS output = Z = z0z1z2z3 = de5ee945

z0 = 76

z1 = 98

z2 = 91

z3 = 75

z0 = de

z1 = 5e

z2 = e9

z3 = 45

T0 = g(R0) = 76989175

T1 = g(ROL(R1, 8)) = de5ee945

F9,0 = (T0 + T1 + K26) mod 232 = (76989175 + de5ee945 + d5b22d8a) mod 232 = (75919876(big endian) + 45e95ede(big endian) + 8a2db2d5(big endian)) mod 232 = 45a8aa29(big endian) = 29aaa845.

F9,1 = (T0 + 2T1 + K27) mod 232 = (76989175 + 2[de5ee945] + 66325910) mod 232 = (75919876(big endian) + 2[45e95ede(big endian)] + 10593266(big endian)) mod 232 = (75919876(big endian) + 8bd2bdbc(big endian) + 10593266(big endian)) mod 232 = 11bd8898(big endian) = 9888bd11.

R10,0  =  ROR(R9, 2    F9,0,1) =  ROR(458c2544    29aaa845, 1) =  ROR(6c268d01, 1) =  ROR(018d266c(big endian), 1) =  00c69336(big endian) =  3693c600

R10,1  =  ROL(R9, 3,  1)    F9,1) =  ROL(81213588,  1)    9888bd11 =  ROL(88352181(big endian),  1)    9888bd11 =  106a4303(big endian)    9888bd11 =  03436a10   9888bd11 =  9bcbd701.

R10,2 = R9,0 = 34bb9a94

R10,3 = R9,1 = 7c85e409

 

Encryption of block 4, round r=10

g input = X = x0x1x2x3 = R10,0 = 3693c600

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(9bcbd701 ,  8) = ROL(01d7cb9b(big endian),  8) = d7cb9b01(big endian) = 019bcbd7.

x0 = 36

x1 = 93

x2 = c6

x3 = 00

x0 = 01

x1 = 9b

x2 = cb

x3 = d7

y2,0 = 36

y2,1 = 93

y2,2 = c6

y2,3 = 00

y2,0 = 01

y2,1 = 9b

y2,2 = cb

y2,3 = d7

q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b l1,3=14 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed l0,3=dc q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,2=9c q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l0,2=53 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c l1,1=8a q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,1=8b q1.in=7a a0=7 b0=a a1=d b1=a a2=a b2=a a3=0 b3=f a4=4 b4=a q1.out=a4

q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l1,0=18 q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l0,0=81 q0.in=5f a0=5 b0=f a1=a b1=2 a2=5 b2=b a3=e b3=0 a4=7 b4=d q0.out=d7

q0.in=01 a0=0 b0=1 a1=1 b1=8 a2=1 b2=f a3=e b3=6 a4=7 b4=6 q0.out=67 l1,3=14 q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7 l0,3=dc q1.in=66 a0=6 b0=6 a1=0 b1=5 a2=2 b2=c a3=e b3=4 a4=3 b4=c q1.out=c3

q1.in=9b a0=9 b0=b a1=2 b1=c a2=b b2=f a3=4 b3=c a4=1 b4=2 q1.out=21 l1,2=9c q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l0,2=53 q0.in=cd a0=c b0=d a1=1 b1=2 a2=1 b2=b a3=a b3=4 a4=f b4=1 q0.out=1f

q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17 l1,1=8a q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l0,1=8b q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c

q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e l1,0=18 q1.in=8a a0=8 b0=a a1=2 b1=d a2=b b2=9 a3=2 b3=f a4=7 b4=a q1.out=a7 l0,0=81 q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d

y0 = 40	y1 = f1	y2 = a4	y3 = d7	y0 = c3	y1 = 1f	y2 = 8c	y3 = 4d
MDS input = Y = y0y1y2y3 = 40f1a4d7				MDS input = Y = y0y1y2y3 = c31f8c4d

MDS output = Z = z0z1z2z3 = 9a039052

MDS output = Z = z0z1z2z3 = 25f4243a

z0 = 9a

z1 = 03

z2 = 90

z3 = 52

z0 = 25

z1 = f4

z2 = 24

z3 = 3a

T0 = g(R0) = 9a039052

T1 = g(ROL(R1, 8)) = 25f4243a

F10,0 = (T0 + T1 + K28) mod 232 = (9a039052 + 25f4243a + fdcb3639) mod 232 = (5290039a(big endian) + 3a24f425(big endian) + 3936cbfd(big endian)) mod 232 = c5ebc3bc(big endian) = bcc3ebc5.

F10,1 = (T0 + 2T1 + K29) mod 232 = (9a039052 + 2[25f4243a] + d853ba91) mod 232 = (5290039a(big endian) + 2[3a24f425(big endian)] + 91ba53d8(big endian)) mod 232 = (5290039a(big endian) + 7449e84a(big endian) + 91ba53d8(big endian)) mod 232 = 58943fbc(big endian) = bc3f9458.

R11,0  =  ROR(R10, 2    F10,0,1) =  ROR(34bb9a94    bcc3ebc5, 1) =  ROR(88787151, 1) =  ROR(51717888(big endian), 1) =  28b8bc44(big endian) =  44bcb828

R11,1  =  ROL(R10, 3,  1)    F10,1) =  ROL(7c85e409,  1)    bc3f9458 =  ROL(09e4857c(big endian),  1)    bc3f9458 =  13c90af8(big endian)    bc3f9458 =  f80ac913   bc3f9458 =  44355d4b.

R11,2 = R10,0 = 3693c600

R11,3 = R10,1 = 9bcbd701

 

Encryption of block 4, round r=11

g input = X = x0x1x2x3 = R11,0 = 44bcb828

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(44355d4b ,  8) = ROL(4b5d3544(big endian),  8) = 5d35444b(big endian) = 4b44355d.

x0 = 44

x1 = bc

x2 = b8

x3 = 28

x0 = 4b

x1 = 44

x2 = 35

x3 = 5d

y2,0 = 44

y2,1 = bc

y2,2 = b8

y2,3 = 28

y2,0 = 4b

y2,1 = 44

y2,2 = 35

y2,3 = 5d

q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l1,3=14 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af l0,3=dc q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l1,1=8a q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0 l0,1=8b q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4

q1.in=28 a0=2 b0=8 a1=a b1=6 a2=9 b2=3 a3=a b3=8 a4=d b4=6 q1.out=6d l1,0=18 q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a l0,0=81 q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25

q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b l1,3=14 q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l0,3=dc q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=44 a0=4 b0=4 a1=0 b1=6 a2=2 b2=3 a3=1 b3=b a4=c b4=f q1.out=fc l1,2=9c q0.in=76 a0=7 b0=6 a1=1 b1=c a2=1 b2=7 a3=6 b3=2 a4=9 b4=f q0.out=f9 l0,2=53 q0.in=72 a0=7 b0=2 a1=5 b1=e a2=f b2=9 a3=6 b3=b a4=9 b4=0 q0.out=09

q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l1,1=8a q1.in=cd a0=c b0=d a1=1 b1=2 a2=8 b2=2 a3=a b3=9 a4=d b4=4 q1.out=4d l0,1=8b q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06

q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l1,0=18 q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l0,0=81 q0.in=29 a0=2 b0=9 a1=b b1=e a2=9 b2=9 a3=0 b3=d a4=b b4=5 q0.out=5b

y0 = d2	y1 = cd	y2 = b4	y3 = 25	y0 = 80	y1 = 09	y2 = 06	y3 = 5b
MDS input = Y = y0y1y2y3 = d2cdb425				MDS input = Y = y0y1y2y3 = 8009065b

MDS output = Z = z0z1z2z3 = 4bc2fb43

MDS output = Z = z0z1z2z3 = 71aa8dfa

z0 = 4b

z1 = c2

z2 = fb

z3 = 43

z0 = 71

z1 = aa

z2 = 8d

z3 = fa

T0 = g(R0) = 4bc2fb43

T1 = g(ROL(R1, 8)) = 71aa8dfa

F11,0 = (T0 + T1 + K30) mod 232 = (4bc2fb43 + 71aa8dfa + fd2d59b8) mod 232 = (43fbc24b(big endian) + fa8daa71(big endian) + b8592dfd(big endian)) mod 232 = f6e29ab9(big endian) = b99ae2f6.

F11,1 = (T0 + 2T1 + K31) mod 232 = (4bc2fb43 + 2[71aa8dfa] + 9c51af49) mod 232 = (43fbc24b(big endian) + 2[fa8daa71(big endian)] + 49af519c(big endian)) mod 232 = (43fbc24b(big endian) + f51b54e2(big endian) + 49af519c(big endian)) mod 232 = 82c668c9(big endian) = c968c682.

R12,0  =  ROR(R11, 2    F11,0,1) =  ROR(3693c600    b99ae2f6, 1) =  ROR(8f0924f6, 1) =  ROR(f624098f(big endian), 1) =  fb1204c7(big endian) =  c70412fb

R12,1  =  ROL(R11, 3,  1)    F11,1) =  ROL(9bcbd701,  1)    c968c682 =  ROL(01d7cb9b(big endian),  1)    c968c682 =  03af9736(big endian)    c968c682 =  3697af03   c968c682 =  ffff6981.

R12,2 = R11,0 = 44bcb828

R12,3 = R11,1 = 44355d4b

 

Encryption of block 4, round r=12

g input = X = x0x1x2x3 = R12,0 = c70412fb

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(ffff6981 ,  8) = ROL(8169ffff(big endian),  8) = 69ffff81(big endian) = 81ffff69.

x0 = c7

x1 = 04

x2 = 12

x3 = fb

x0 = 81

x1 = ff

x2 = ff

x3 = 69

y2,0 = c7

y2,1 = 04

y2,2 = 12

y2,3 = fb

y2,0 = 81

y2,1 = ff

y2,2 = ff

y2,3 = 69

q0.in=c7 a0=c b0=7 a1=b b1=7 a2=9 b2=5 a3=c b3=b a4=2 b4=0 q0.out=02 l1,3=14 q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,3=dc q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58

q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l1,2=9c q0.in=51 a0=5 b0=1 a1=4 b1=5 a2=6 b2=2 a3=4 b3=7 a4=6 b4=e q0.out=e6 l0,2=53 q0.in=6d a0=6 b0=d a1=b b1=8 a2=9 b2=f a3=6 b3=e a4=9 b4=c q0.out=c9

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,1=8a q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23 l0,1=8b q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56 l1,0=18 q1.in=42 a0=4 b0=2 a1=6 b1=5 a2=6 b2=c a3=a b3=0 a4=d b4=b q1.out=bd l0,0=81 q0.in=61 a0=6 b0=1 a1=7 b1=e a2=2 b2=9 a3=b b3=e a4=3 b4=c q0.out=c3

q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d l1,3=14 q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l0,3=dc q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e

q1.in=ff a0=f b0=f a1=0 b1=8 a2=2 b2=6 a3=4 b3=1 a4=1 b4=9 q1.out=91 l1,2=9c q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l0,2=53 q0.in=ad a0=a b0=d a1=7 b1=4 a2=2 b2=1 a3=3 b3=a a4=e b4=3 q0.out=3e

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f l1,0=18 q1.in=7b a0=7 b0=b a1=c b1=2 a2=0 b2=2 a3=2 b3=1 a4=7 b4=9 q1.out=97 l0,0=81 q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b

y0 = 58	y1 = c9	y2 = 79	y3 = c3	y0 = 7e	y1 = 3e	y2 = 5d	y3 = 6b
MDS input = Y = y0y1y2y3 = 58c979c3				MDS input = Y = y0y1y2y3 = 7e3e5d6b

MDS output = Z = z0z1z2z3 = 09497203

MDS output = Z = z0z1z2z3 = 6bae2cc1

z0 = 09

z1 = 49

z2 = 72

z3 = 03

z0 = 6b

z1 = ae

z2 = 2c

z3 = c1

T0 = g(R0) = 09497203

T1 = g(ROL(R1, 8)) = 6bae2cc1

F12,0 = (T0 + T1 + K32) mod 232 = (09497203 + 6bae2cc1 + 165703a2) mod 232 = (03724909(big endian) + c12cae6b(big endian) + a2035716(big endian)) mod 232 = 66a24e8a(big endian) = 8a4ea266.

F12,1 = (T0 + 2T1 + K33) mod 232 = (09497203 + 2[6bae2cc1] + bdabf862) mod 232 = (03724909(big endian) + 2[c12cae6b(big endian)] + 62f8abbd(big endian)) mod 232 = (03724909(big endian) + 82595cd6(big endian) + 62f8abbd(big endian)) mod 232 = e8c4519c(big endian) = 9c51c4e8.

R13,0  =  ROR(R12, 2    F12,0,1) =  ROR(44bcb828    8a4ea266, 1) =  ROR(cef21a4e, 1) =  ROR(4e1af2ce(big endian), 1) =  270d7967(big endian) =  67790d27

R13,1  =  ROL(R12, 3,  1)    F12,1) =  ROL(44355d4b,  1)    9c51c4e8 =  ROL(4b5d3544(big endian),  1)    9c51c4e8 =  96ba6a88(big endian)    9c51c4e8 =  886aba96   9c51c4e8 =  143b7e7e.

R13,2 = R12,0 = c70412fb

R13,3 = R12,1 = ffff6981

 

Encryption of block 4, round r=13

g input = X = x0x1x2x3 = R13,0 = 67790d27

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(143b7e7e ,  8) = ROL(7e7e3b14(big endian),  8) = 7e3b147e(big endian) = 7e143b7e.

x0 = 67

x1 = 79

x2 = 0d

x3 = 27

x0 = 7e

x1 = 14

x2 = 3b

x3 = 7e

y2,0 = 67

y2,1 = 79

y2,2 = 0d

y2,3 = 27

y2,0 = 7e

y2,1 = 14

y2,2 = 3b

y2,3 = 7e

q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l1,3=14 q0.in=a2 a0=a b0=2 a1=8 b1=b a2=0 b2=6 a3=6 b3=3 a4=9 b4=4 q0.out=49 l0,3=dc q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce

q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a l1,2=9c q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d l0,2=53 q0.in=86 a0=8 b0=6 a1=e b1=b a2=a b2=6 a3=c b3=9 a4=2 b4=b q0.out=b2

q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd l1,1=8a q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0 l0,1=8b q1.in=e3 a0=e b0=3 a1=d b1=7 a2=a b2=7 a3=d b3=1 a4=b b4=9 q1.out=9b

q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l1,0=18 q1.in=89 a0=8 b0=9 a1=1 b1=4 a2=8 b2=4 a3=c b3=a a4=2 b4=7 q1.out=72 l0,0=81 q0.in=ae a0=a b0=e a1=4 b1=d a2=6 b2=0 a3=6 b3=6 a4=9 b4=6 q0.out=69

q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l1,3=14 q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l0,3=dc q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c

q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37 l1,2=9c q0.in=bd a0=b b0=d a1=6 b1=d a2=3 b2=0 a3=3 b3=b a4=e b4=0 q0.out=0e l0,2=53 q0.in=85 a0=8 b0=5 a1=d b1=2 a2=c b2=b a3=7 b3=1 a4=0 b4=7 q0.out=70

q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l1,1=8a q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l0,1=8b q1.in=fd a0=f b0=d a1=2 b1=9 a2=b b2=d a3=6 b3=d a4=9 b4=0 q1.out=09

q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l1,0=18 q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b l0,0=81 q0.in=f7 a0=f b0=7 a1=8 b1=c a2=0 b2=7 a3=7 b3=b a4=0 b4=0 q0.out=00

y0 = ce	y1 = b2	y2 = 9b	y3 = 69	y0 = 1c	y1 = 70	y2 = 09	y3 = 00
MDS input = Y = y0y1y2y3 = ceb29b69				MDS input = Y = y0y1y2y3 = 1c700900

MDS output = Z = z0z1z2z3 = c7f9361f

MDS output = Z = z0z1z2z3 = 19ae7084

z0 = c7

z1 = f9

z2 = 36

z3 = 1f

z0 = 19

z1 = ae

z2 = 70

z3 = 84

T0 = g(R0) = c7f9361f

T1 = g(ROL(R1, 8)) = 19ae7084

F13,0 = (T0 + T1 + K34) mod 232 = (c7f9361f + 19ae7084 + 6ae813f4) mod 232 = (1f36f9c7(big endian) + 8470ae19(big endian) + f413e86a(big endian)) mod 232 = 97bb904a(big endian) = 4a90bb97.

F13,1 = (T0 + 2T1 + K35) mod 232 = (c7f9361f + 2[19ae7084] + f3d8d036) mod 232 = (1f36f9c7(big endian) + 2[8470ae19(big endian)] + 36d0d8f3(big endian)) mod 232 = (1f36f9c7(big endian) + 08e15c32(big endian) + 36d0d8f3(big endian)) mod 232 = 5ee92eec(big endian) = ec2ee95e.

R14,0  =  ROR(R13, 2    F13,0,1) =  ROR(c70412fb    4a90bb97, 1) =  ROR(8d94a96c, 1) =  ROR(6ca9948d(big endian), 1) =  b654ca46(big endian) =  46ca54b6

R14,1  =  ROL(R13, 3,  1)    F13,1) =  ROL(ffff6981,  1)    ec2ee95e =  ROL(8169ffff(big endian),  1)    ec2ee95e =  02d3ffff(big endian)    ec2ee95e =  ffffd302   ec2ee95e =  13d13a5c.

R14,2 = R13,0 = 67790d27

R14,3 = R13,1 = 143b7e7e

 

Encryption of block 4, round r=14

g input = X = x0x1x2x3 = R14,0 = 46ca54b6

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(13d13a5c ,  8) = ROL(5c3ad113(big endian),  8) = 3ad1135c(big endian) = 5c13d13a.

x0 = 46

x1 = ca

x2 = 54

x3 = b6

x0 = 5c

x1 = 13

x2 = d1

x3 = 3a

y2,0 = 46

y2,1 = ca

y2,2 = 54

y2,3 = b6

y2,0 = 5c

y2,1 = 13

y2,2 = d1

y2,3 = 3a

q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l1,3=14 q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l0,3=dc q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1

q1.in=ca a0=c b0=a a1=6 b1=9 a2=6 b2=d a3=b b3=8 a4=8 b4=6 q1.out=68 l1,2=9c q0.in=e2 a0=e b0=2 a1=c b1=f a2=e b2=d a3=3 b3=0 a4=e b4=d q0.out=de l0,2=53 q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4

q0.in=54 a0=5 b0=4 a1=1 b1=f a2=1 b2=d a3=c b3=7 a4=2 b4=e q0.out=e2 l1,1=8a q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l0,1=8b q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1

q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l1,0=18 q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,0=81 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91

q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4 l1,3=14 q0.in=cc a0=c b0=c a1=0 b1=a a2=8 b2=a a3=2 b3=d a4=5 b4=5 q0.out=55 l0,3=dc q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59

q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l1,2=9c q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8 l0,2=53 q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=d1 a0=d b0=1 a1=c b1=d a2=e b2=0 a3=e b3=e a4=7 b4=c q0.out=c7 l1,1=8a q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l0,1=8b q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81

q1.in=3a a0=3 b0=a a1=9 b1=e a2=1 b2=0 a3=1 b3=9 a4=c b4=4 q1.out=4c l1,0=18 q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l0,0=81 q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec

y0 = d1	y1 = f4	y2 = c1	y3 = 91	y0 = 59	y1 = 45	y2 = 81	y3 = ec
MDS input = Y = y0y1y2y3 = d1f4c191				MDS input = Y = y0y1y2y3 = 594581ec

MDS output = Z = z0z1z2z3 = 26e27807

MDS output = Z = z0z1z2z3 = ed6ea310

z0 = 26

z1 = e2

z2 = 78

z3 = 07

z0 = ed

z1 = 6e

z2 = a3

z3 = 10

T0 = g(R0) = 26e27807

T1 = g(ROL(R1, 8)) = ed6ea310

F14,0 = (T0 + T1 + K36) mod 232 = (26e27807 + ed6ea310 + e4ffcbcc) mod 232 = (0778e226(big endian) + 10a36eed(big endian) + cccbffe4(big endian)) mod 232 = e4e850f7(big endian) = f750e8e4.

F14,1 = (T0 + 2T1 + K37) mod 232 = (26e27807 + 2[ed6ea310] + fd60441f) mod 232 = (0778e226(big endian) + 2[10a36eed(big endian)] + 1f4460fd(big endian)) mod 232 = (0778e226(big endian) + 2146ddda(big endian) + 1f4460fd(big endian)) mod 232 = 480420fd(big endian) = fd200448.

R15,0  =  ROR(R14, 2    F14,0,1) =  ROR(67790d27    f750e8e4, 1) =  ROR(9029e5c3, 1) =  ROR(c3e52990(big endian), 1) =  61f294c8(big endian) =  c894f261

R15,1  =  ROL(R14, 3,  1)    F14,1) =  ROL(143b7e7e,  1)    fd200448 =  ROL(7e7e3b14(big endian),  1)    fd200448 =  fcfc7628(big endian)    fd200448 =  2876fcfc   fd200448 =  d556f8b4.

R15,2 = R14,0 = 46ca54b6

R15,3 = R14,1 = 13d13a5c

 

Encryption of block 4, round r=15

g input = X = x0x1x2x3 = R15,0 = c894f261

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(d556f8b4 ,  8) = ROL(b4f856d5(big endian),  8) = f856d5b4(big endian) = b4d556f8.

x0 = c8

x1 = 94

x2 = f2

x3 = 61

x0 = b4

x1 = d5

x2 = 56

x3 = f8

y2,0 = c8

y2,1 = 94

y2,2 = f2

y2,3 = 61

y2,0 = b4

y2,1 = d5

y2,2 = 56

y2,3 = f8

q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8 l1,3=14 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91 l0,3=dc q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6

q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec l1,2=9c q0.in=66 a0=6 b0=6 a1=0 b1=5 a2=8 b2=2 a3=a b3=9 a4=f b4=b q0.out=bf l0,2=53 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9

q0.in=f2 a0=f b0=2 a1=d b1=6 a2=c b2=3 a3=f b3=5 a4=1 b4=2 q0.out=21 l1,1=8a q1.in=bd a0=b b0=d a1=6 b1=d a2=6 b2=9 a3=f b3=a a4=f b4=7 q1.out=7f l0,1=8b q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,0=18 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,0=81 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l1,3=14 q0.in=e4 a0=e b0=4 a1=a b1=c a2=5 b2=7 a3=2 b3=6 a4=5 b4=6 q0.out=65 l0,3=dc q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89

q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8 l1,2=9c q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l0,2=53 q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9

q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l1,1=8a q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1 l0,1=8b q1.in=e2 a0=e b0=2 a1=c b1=f a2=0 b2=8 a3=8 b3=4 a4=0 b4=c q1.out=c0

q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16 l1,0=18 q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6 l0,0=81 q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37

y0 = d6	y1 = d9	y2 = 80	y3 = 5c	y0 = 89	y1 = a9	y2 = c0	y3 = 37
MDS input = Y = y0y1y2y3 = d6d9805c				MDS input = Y = y0y1y2y3 = 89a9c037

MDS output = Z = z0z1z2z3 = 50866c4e

MDS output = Z = z0z1z2z3 = 946f63ec

z0 = 50

z1 = 86

z2 = 6c

z3 = 4e

z0 = 94

z1 = 6f

z2 = 63

z3 = ec

T0 = g(R0) = 50866c4e

T1 = g(ROL(R1, 8)) = 946f63ec

F15,0 = (T0 + T1 + K38) mod 232 = (50866c4e + 946f63ec + aadffd38) mod 232 = (4e6c8650(big endian) + ec636f94(big endian) + 38fddfaa(big endian)) mod 232 = 73cdd58e(big endian) = 8ed5cd73.

F15,1 = (T0 + 2T1 + K39) mod 232 = (50866c4e + 2[946f63ec] + 56f4c1eb) mod 232 = (4e6c8650(big endian) + 2[ec636f94(big endian)] + ebc1f456(big endian)) mod 232 = (4e6c8650(big endian) + d8c6df28(big endian) + ebc1f456(big endian)) mod 232 = 12f559ce(big endian) = ce59f512.

R16,0  =  ROR(R15, 2    F15,0,1) =  ROR(46ca54b6    8ed5cd73, 1) =  ROR(c81f99c5, 1) =  ROR(c5991fc8(big endian), 1) =  62cc8fe4(big endian) =  e48fcc62

R16,1  =  ROL(R15, 3,  1)    F15,1) =  ROL(13d13a5c,  1)    ce59f512 =  ROL(5c3ad113(big endian),  1)    ce59f512 =  b875a226(big endian)    ce59f512 =  26a275b8   ce59f512 =  e8fb80aa.

R16,2 = R15,0 = c894f261

R16,3 = R15,1 = d556f8b4

 

Encryption of block 4 : Output Whiten

C0 = R16,2 mod 4    K0+4 = R16,2    K4 = c894f261    f57ea21f  =  3dea507e

C1 = R16,3 mod 4    K1+4 = R16,3    K5 = d556f8b4    e005f378  =  35530bcc

C2 = R16,4 mod 4    K2+4 = R16,0    K6 = e48fcc62    314b4d98  =  d5c481fa

C3 = R16,5 mod 4    K3+4 = R16,1    K7 = e8fb80aa    c9a88d6f  =  21530dc5

 

Encryption of block 4: Ciphertext result

c0 = [C0 2[8(0 mod 4)]] mod 28 = [3dea507e 20] mod 28 = [7e50ea3d(big endian) 20] mod 28 = 3d

c1 = [C0 2[8(1 mod 4)]] mod 28 = [3dea507e 28] mod 28 = [7e50ea3d(big endian) 28] mod 28 = ea

c2 = [C0 2[8(2 mod 4)]] mod 28 = [3dea507e 216] mod 28 = [7e50ea3d(big endian) 216] mod 28 = 50

c3 = [C0 2[8(3 mod 4)]] mod 28 = [3dea507e 224] mod 28 = [7e50ea3d(big endian) 224] mod 28 = 7e

c4 = [C1 2[8(4 mod 4)]] mod 28 = [35530bcc 20] mod 28 = [cc0b5335(big endian) 20] mod 28 = 35

c5 = [C1 2[8(5 mod 4)]] mod 28 = [35530bcc 28] mod 28 = [cc0b5335(big endian) 28] mod 28 = 53

c6 = [C1 2[8(6 mod 4)]] mod 28 = [35530bcc 216] mod 28 = [cc0b5335(big endian) 216] mod 28 = 0b

c7 = [C1 2[8(7 mod 4)]] mod 28 = [35530bcc 224] mod 28 = [cc0b5335(big endian) 224] mod 28 = cc

c8 = [C2 2[8(8 mod 4)]] mod 28 = [d5c481fa 20] mod 28 = [fa81c4d5(big endian) 20] mod 28 = d5

c9 = [C2 2[8(9 mod 4)]] mod 28 = [d5c481fa 28] mod 28 = [fa81c4d5(big endian) 28] mod 28 = c4

c10 = [C2 2[8(10 mod 4)]] mod 28 = [d5c481fa 216] mod 28 = [fa81c4d5(big endian) 216] mod 28 = 81

c11 = [C2 2[8(11 mod 4)]] mod 28 = [d5c481fa 224] mod 28 = [fa81c4d5(big endian) 224] mod 28 = fa

c12 = [C3 2[8(12 mod 4)]] mod 28 = [21530dc5 20] mod 28 = [c50d5321(big endian) 20] mod 28 = 21

c13 = [C3 2[8(13 mod 4)]] mod 28 = [21530dc5 28] mod 28 = [c50d5321(big endian) 28] mod 28 = 53

c14 = [C3 2[8(14 mod 4)]] mod 28 = [21530dc5 216] mod 28 = [c50d5321(big endian) 216] mod 28 = 0d

c15 = [C3 2[8(15 mod 4)]] mod 28 = [21530dc5 224] mod 28 = [c50d5321(big endian) 224] mod 28 = c5

Ciphertext block output = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = 3dea507e35530bccd5c481fa21530dc5

 

Decryption start for ciphertext block 1

ciphertext = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = 019f9809de1711858faac3a3ba20fbc3

C0 = c0c1c2c3 = 019f9809	C1 = c4c5c6c7 = de171185
C2 = c8c9c10c11 = 8faac3a3	C3 = c12c13c14c15 = ba20fbc3

 

Decryption Input Unwhiten for block 1

R16,0 = C0 K4 = 019f9809 f57ea21f = f4e13a16

R16,1 = C1 K5 = de171185 e005f378 = 3e12e2fd

R16,2 = C2 K6 = 8faac3a3 314b4d98 = bee18e3b

R16,3 = C3 K7 = ba20fbc3 c9a88d6f = 738876ac

 

Decryption of ciphertext block 1, round r=15

g input = X = x0x1x2x3 = R16,0 = f4e13a16

g input = X = x0x1x2x3 = ROL(R16,1,  8) = ROL(3e12e2fd ,  8) = ROL(fde2123e(big endian),  8) = e2123efd(big endian) = fd3e12e2.

x0 = f4

x1 = e1

x2 = 3a

x3 = 16

x0 = fd

x1 = 3e

x2 = 12

x3 = e2

y2,0 = f4

y2,1 = e1

y2,2 = 3a

y2,3 = 16

y2,0 = fd

y2,1 = 3e

y2,2 = 12

y2,3 = e2

q0.in=f4 a0=f b0=4 a1=b b1=5 a2=9 b2=2 a3=b b3=0 a4=3 b4=d q0.out=d3 l1,3=14 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17 l0,3=dc q1.in=96 a0=9 b0=6 a1=f b1=2 a2=5 b2=2 a3=7 b3=c a4=a b4=2 q1.out=2a

q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l1,2=9c q0.in=43 a0=4 b0=3 a1=7 b1=d a2=2 b2=0 a3=2 b3=2 a4=5 b4=f q0.out=f5 l0,2=53 q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86

q0.in=3a a0=3 b0=a a1=9 b1=e a2=b b2=9 a3=2 b3=f a4=5 b4=a q0.out=a5 l1,1=8a q1.in=39 a0=3 b0=9 a1=a b1=7 a2=9 b2=7 a3=e b3=a a4=3 b4=7 q1.out=73 l0,1=8b q1.in=20 a0=2 b0=0 a1=2 b1=2 a2=b b2=2 a3=9 b3=2 a4=e b4=5 q1.out=5e

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,0=18 q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l0,0=81 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e l1,3=14 q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l0,3=dc q1.in=a4 a0=a b0=4 a1=e b1=8 a2=c b2=6 a3=a b3=f a4=d b4=a q1.out=ad

q1.in=3e a0=3 b0=e a1=d b1=c a2=a b2=f a3=5 b3=5 a4=6 b4=3 q1.out=36 l1,2=9c q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b l0,2=53 q0.in=c0 a0=c b0=0 a1=c b1=c a2=e b2=7 a3=9 b3=5 a4=8 b4=2 q0.out=28

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,1=8a q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23 l0,1=8b q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=e2 a0=e b0=2 a1=c b1=f a2=0 b2=8 a3=8 b3=4 a4=0 b4=c q1.out=c0 l1,0=18 q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59 l0,0=81 q0.in=85 a0=8 b0=5 a1=d b1=2 a2=c b2=b a3=7 b3=1 a4=0 b4=7 q0.out=70

y0 = 2a	y1 = 86	y2 = 5e	y3 = 9a	y0 = ad	y1 = 28	y2 = 79	y3 = 70
MDS input = Y = y0y1y2y3 = 2a865e9a				MDS input = Y = y0y1y2y3 = ad287970

MDS output = Z = z0z1z2z3 = 8f8c89dd

MDS output = Z = z0z1z2z3 = ca2f31cf

z0 = 8f

z1 = 8c

z2 = 89

z3 = dd

z0 = ca

z1 = 2f

z2 = 31

z3 = cf

T0 = g(R0) = 8f8c89dd

T1 = g(ROL(R1, 8)) = ca2f31cf

F15,0 = (T0 + T1 + K38) mod 232 = (8f8c89dd + ca2f31cf + aadffd38) mod 232 = (dd898c8f(big endian) + cf312fca(big endian) + 38fddfaa(big endian)) mod 232 = e5b89c03(big endian) = 039cb8e5.

F15,1 = (T0 + 2T1 + K39) mod 232 = (8f8c89dd + 2[ca2f31cf] + 56f4c1eb) mod 232 = (dd898c8f(big endian) + 2[cf312fca(big endian)] + ebc1f456(big endian)) mod 232 = (dd898c8f(big endian) + 9e625f94(big endian) + ebc1f456(big endian)) mod 232 = 67ade079(big endian) = 79e0ad67.

R15,0  =  ROL(R16, 2,  1)    F15,0) =  ROL(bee18e3b,  1)   039cb8e5 =  ROL(3b8ee1be(big endian),  1)    039cb8e5 =  771dc37c(big endian)    039cb8e5 =  7cc31d77   039cb8e5 =  7f5fa592.

R15,1  =  ROR(R16, 3    F15,1,  1) =  ROR(738876ac    79e0ad67,  1) =  ROR(0a68dbcb, 1) =  ROR(cbdb680a(big endian),  1) =  65edb405(big endian) =  05b4ed65

R15,2 = R16,0 = f4e13a16

R15,3 = R16,1 = 3e12e2fd

 

Decryption of ciphertext block 1, round r=14

g input = X = x0x1x2x3 = R15,0 = 7f5fa592

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(05b4ed65 ,  8) = ROL(65edb405(big endian),  8) = edb40565(big endian) = 6505b4ed.

x0 = 7f

x1 = 5f

x2 = a5

x3 = 92

x0 = 65

x1 = 05

x2 = b4

x3 = ed

y2,0 = 7f

y2,1 = 5f

y2,2 = a5

y2,3 = 92

y2,0 = 65

y2,1 = 05

y2,2 = b4

y2,3 = ed

q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7 l1,3=14 q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l0,3=dc q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83

q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l1,2=9c q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,2=53 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=a5 a0=a b0=5 a1=f b1=0 a2=4 b2=e a3=a b3=3 a4=f b4=4 q0.out=4f l1,1=8a q1.in=d3 a0=d b0=3 a1=e b1=c a2=c b2=f a3=3 b3=3 a4=5 b4=1 q1.out=15 l0,1=8b q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62

q1.in=92 a0=9 b0=2 a1=b b1=0 a2=4 b2=1 a3=5 b3=c a4=6 b4=2 q1.out=26 l1,0=18 q1.in=32 a0=3 b0=2 a1=1 b1=a a2=8 b2=a a3=2 b3=d a4=7 b4=0 q1.out=07 l0,0=81 q0.in=db a0=d b0=b a1=6 b1=8 a2=3 b2=f a3=c b3=4 a4=2 b4=1 q0.out=12

q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l1,3=14 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72 l0,3=dc q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,2=9c q0.in=f1 a0=f b0=1 a1=e b1=f a2=a b2=d a3=7 b3=4 a4=0 b4=1 q0.out=10 l0,2=53 q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b

q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l1,1=8a q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l0,1=8b q1.in=f5 a0=f b0=5 a1=a b1=d a2=9 b2=9 a3=0 b3=d a4=4 b4=0 q1.out=04

q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l1,0=18 q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l0,0=81 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae

y0 = 83	y1 = 9a	y2 = 62	y3 = 12	y0 = b4	y1 = 1b	y2 = 04	y3 = ae
MDS input = Y = y0y1y2y3 = 839a6212				MDS input = Y = y0y1y2y3 = b41b04ae

MDS output = Z = z0z1z2z3 = aae5797f

MDS output = Z = z0z1z2z3 = ca7a52ee

z0 = aa

z1 = e5

z2 = 79

z3 = 7f

z0 = ca

z1 = 7a

z2 = 52

z3 = ee

T0 = g(R0) = aae5797f

T1 = g(ROL(R1, 8)) = ca7a52ee

F14,0 = (T0 + T1 + K36) mod 232 = (aae5797f + ca7a52ee + e4ffcbcc) mod 232 = (7f79e5aa(big endian) + ee527aca(big endian) + cccbffe4(big endian)) mod 232 = 3a986058(big endian) = 5860983a.

F14,1 = (T0 + 2T1 + K37) mod 232 = (aae5797f + 2[ca7a52ee] + fd60441f) mod 232 = (7f79e5aa(big endian) + 2[ee527aca(big endian)] + 1f4460fd(big endian)) mod 232 = (7f79e5aa(big endian) + dca4f594(big endian) + 1f4460fd(big endian)) mod 232 = 7b633c3b(big endian) = 3b3c637b.

R14,0  =  ROL(R15, 2,  1)    F14,0) =  ROL(f4e13a16,  1)   5860983a =  ROL(163ae1f4(big endian),  1)    5860983a =  2c75c3e8(big endian)    5860983a =  e8c3752c   5860983a =  b0a3ed16.

R14,1  =  ROR(R15, 3    F14,1,  1) =  ROR(3e12e2fd    3b3c637b,  1) =  ROR(052e8186, 1) =  ROR(86812e05(big endian),  1) =  c3409702(big endian) =  029740c3

R14,2 = R15,0 = 7f5fa592

R14,3 = R15,1 = 05b4ed65

 

Decryption of ciphertext block 1, round r=13

g input = X = x0x1x2x3 = R14,0 = b0a3ed16

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(029740c3 ,  8) = ROL(c3409702(big endian),  8) = 409702c3(big endian) = c3029740.

x0 = b0

x1 = a3

x2 = ed

x3 = 16

x0 = c3

x1 = 02

x2 = 97

x3 = 40

y2,0 = b0

y2,1 = a3

y2,2 = ed

y2,3 = 16

y2,0 = c3

y2,1 = 02

y2,2 = 97

y2,3 = 40

q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a l1,3=14 q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,3=dc q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,2=9c q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=53 q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l1,1=8a q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20 l0,1=8b q1.in=73 a0=7 b0=3 a1=4 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=8 q1.out=82

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,0=18 q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l0,0=81 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=c3 a0=c b0=3 a1=f b1=5 a2=4 b2=2 a3=6 b3=5 a4=9 b4=2 q0.out=29 l1,3=14 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01 l0,3=dc q1.in=80 a0=8 b0=0 a1=8 b1=8 a2=3 b2=6 a3=5 b3=8 a4=6 b4=6 q1.out=66

q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6 l1,2=9c q0.in=4c a0=4 b0=c a1=8 b1=2 a2=0 b2=b a3=b b3=d a4=3 b4=5 q0.out=53 l0,2=53 q0.in=d8 a0=d b0=8 a1=5 b1=1 a2=f b2=c a3=3 b3=1 a4=e b4=7 q0.out=7e

q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab l1,1=8a q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3 l0,1=8b q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l1,0=18 q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l0,0=81 q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4

y0 = c6	y1 = a1	y2 = 82	y3 = 9a	y0 = 66	y1 = 7e	y2 = d7	y3 = d4
MDS input = Y = y0y1y2y3 = c6a1829a				MDS input = Y = y0y1y2y3 = 667ed7d4

MDS output = Z = z0z1z2z3 = efb934de

MDS output = Z = z0z1z2z3 = 612671b4

z0 = ef

z1 = b9

z2 = 34

z3 = de

z0 = 61

z1 = 26

z2 = 71

z3 = b4

T0 = g(R0) = efb934de

T1 = g(ROL(R1, 8)) = 612671b4

F13,0 = (T0 + T1 + K34) mod 232 = (efb934de + 612671b4 + 6ae813f4) mod 232 = (de34b9ef(big endian) + b4712661(big endian) + f413e86a(big endian)) mod 232 = 86b9c8ba(big endian) = bac8b986.

F13,1 = (T0 + 2T1 + K35) mod 232 = (efb934de + 2[612671b4] + f3d8d036) mod 232 = (de34b9ef(big endian) + 2[b4712661(big endian)] + 36d0d8f3(big endian)) mod 232 = (de34b9ef(big endian) + 68e24cc2(big endian) + 36d0d8f3(big endian)) mod 232 = 7de7dfa4(big endian) = a4dfe77d.

R13,0  =  ROL(R14, 2,  1)    F13,0) =  ROL(7f5fa592,  1)   bac8b986 =  ROL(92a55f7f(big endian),  1)    bac8b986 =  254abeff(big endian)    bac8b986 =  ffbe4a25   bac8b986 =  4576f3a3.

R13,1  =  ROR(R14, 3    F13,1,  1) =  ROR(05b4ed65    a4dfe77d,  1) =  ROR(a16b0a18, 1) =  ROR(180a6ba1(big endian),  1) =  8c0535d0(big endian) =  d035058c

R13,2 = R14,0 = b0a3ed16

R13,3 = R14,1 = 029740c3

 

Decryption of ciphertext block 1, round r=12

g input = X = x0x1x2x3 = R13,0 = 4576f3a3

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(d035058c ,  8) = ROL(8c0535d0(big endian),  8) = 0535d08c(big endian) = 8cd03505.

x0 = 45

x1 = 76

x2 = f3

x3 = a3

x0 = 8c

x1 = d0

x2 = 35

x3 = 05

y2,0 = 45

y2,1 = 76

y2,2 = f3

y2,3 = a3

y2,0 = 8c

y2,1 = d0

y2,2 = 35

y2,3 = 05

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,3=14 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l0,3=dc q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l1,2=9c q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb l0,2=53 q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81

q0.in=f3 a0=f b0=3 a1=c b1=e a2=e b2=9 a3=7 b3=2 a4=0 b4=f q0.out=f0 l1,1=8a q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,1=8b q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,0=18 q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,0=81 q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b

q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31 l1,3=14 q0.in=29 a0=2 b0=9 a1=b b1=e a2=9 b2=9 a3=0 b3=d a4=b b4=5 q0.out=5b l0,3=dc q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df

q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l1,2=9c q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee l0,2=53 q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf

q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l1,1=8a q1.in=cd a0=c b0=d a1=1 b1=2 a2=8 b2=2 a3=a b3=9 a4=d b4=4 q1.out=4d l0,1=8b q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,0=18 q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2 l0,0=81 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

y0 = ca	y1 = 81	y2 = fd	y3 = 1b	y0 = df	y1 = cf	y2 = 06	y3 = e3
MDS input = Y = y0y1y2y3 = ca81fd1b				MDS input = Y = y0y1y2y3 = dfcf06e3

MDS output = Z = z0z1z2z3 = ae0a6509

MDS output = Z = z0z1z2z3 = 98943997

z0 = ae

z1 = 0a

z2 = 65

z3 = 09

z0 = 98

z1 = 94

z2 = 39

z3 = 97

T0 = g(R0) = ae0a6509

T1 = g(ROL(R1, 8)) = 98943997

F12,0 = (T0 + T1 + K32) mod 232 = (ae0a6509 + 98943997 + 165703a2) mod 232 = (09650aae(big endian) + 97399498(big endian) + a2035716(big endian)) mod 232 = 42a1f65c(big endian) = 5cf6a142.

F12,1 = (T0 + 2T1 + K33) mod 232 = (ae0a6509 + 2[98943997] + bdabf862) mod 232 = (09650aae(big endian) + 2[97399498(big endian)] + 62f8abbd(big endian)) mod 232 = (09650aae(big endian) + 2e732930(big endian) + 62f8abbd(big endian)) mod 232 = 9ad0df9b(big endian) = 9bdfd09a.

R12,0  =  ROL(R13, 2,  1)    F12,0) =  ROL(b0a3ed16,  1)   5cf6a142 =  ROL(16eda3b0(big endian),  1)    5cf6a142 =  2ddb4760(big endian)    5cf6a142 =  6047db2d   5cf6a142 =  3cb17a6f.

R12,1  =  ROR(R13, 3    F12,1,  1) =  ROR(029740c3    9bdfd09a,  1) =  ROR(99489059, 1) =  ROR(59904899(big endian),  1) =  acc8244c(big endian) =  4c24c8ac

R12,2 = R13,0 = 4576f3a3

R12,3 = R13,1 = d035058c

 

Decryption of ciphertext block 1, round r=11

g input = X = x0x1x2x3 = R12,0 = 3cb17a6f

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(4c24c8ac ,  8) = ROL(acc8244c(big endian),  8) = c8244cac(big endian) = ac4c24c8.

x0 = 3c

x1 = b1

x2 = 7a

x3 = 6f

x0 = ac

x1 = 4c

x2 = 24

x3 = c8

y2,0 = 3c

y2,1 = b1

y2,2 = 7a

y2,3 = 6f

y2,0 = ac

y2,1 = 4c

y2,2 = 24

y2,3 = c8

q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16 l1,3=14 q0.in=0e a0=0 b0=e a1=e b1=7 a2=a b2=5 a3=f b3=0 a4=1 b4=d q0.out=d1 l0,3=dc q1.in=50 a0=5 b0=0 a1=5 b1=d a2=7 b2=9 a3=e b3=3 a4=3 b4=1 q1.out=13

q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l1,2=9c q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5 l0,2=53 q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2 l1,0=18 q1.in=f6 a0=f b0=6 a1=9 b1=4 a2=1 b2=4 a3=5 b3=b a4=6 b4=f q1.out=f6 l0,0=81 q0.in=2a a0=2 b0=a a1=8 b1=7 a2=0 b2=5 a3=5 b3=a a4=d b4=3 q0.out=3d

q0.in=ac a0=a b0=c a1=6 b1=c a2=3 b2=7 a3=4 b3=0 a4=6 b4=d q0.out=d6 l1,3=14 q0.in=ce a0=c b0=e a1=2 b1=b a2=7 b2=6 a3=1 b3=c a4=a b4=8 q0.out=8a l0,3=dc q1.in=0b a0=0 b0=b a1=b b1=d a2=4 b2=9 a3=d b3=8 a4=b b4=6 q1.out=6b

q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l1,2=9c q0.in=f6 a0=f b0=6 a1=9 b1=4 a2=b b2=1 a3=a b3=b a4=f b4=0 q0.out=0f l0,2=53 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06

q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l1,1=8a q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l0,1=8b q1.in=63 a0=6 b0=3 a1=5 b1=f a2=7 b2=8 a3=f b3=b a4=f b4=f q1.out=ff

q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce l1,0=18 q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df l0,0=81 q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8

y0 = 13	y1 = 62	y2 = c7	y3 = 3d	y0 = 6b	y1 = 06	y2 = ff	y3 = e8
MDS input = Y = y0y1y2y3 = 1362c73d				MDS input = Y = y0y1y2y3 = 6b06ffe8

MDS output = Z = z0z1z2z3 = 9cf48f81

MDS output = Z = z0z1z2z3 = 2722f42f

z0 = 9c

z1 = f4

z2 = 8f

z3 = 81

z0 = 27

z1 = 22

z2 = f4

z3 = 2f

T0 = g(R0) = 9cf48f81

T1 = g(ROL(R1, 8)) = 2722f42f

F11,0 = (T0 + T1 + K30) mod 232 = (9cf48f81 + 2722f42f + fd2d59b8) mod 232 = (818ff49c(big endian) + 2ff42227(big endian) + b8592dfd(big endian)) mod 232 = 69dd44c0(big endian) = c044dd69.

F11,1 = (T0 + 2T1 + K31) mod 232 = (9cf48f81 + 2[2722f42f] + 9c51af49) mod 232 = (818ff49c(big endian) + 2[2ff42227(big endian)] + 49af519c(big endian)) mod 232 = (818ff49c(big endian) + 5fe8444e(big endian) + 49af519c(big endian)) mod 232 = 2b278a86(big endian) = 868a272b.

R11,0  =  ROL(R12, 2,  1)    F11,0) =  ROL(4576f3a3,  1)   c044dd69 =  ROL(a3f37645(big endian),  1)    c044dd69 =  47e6ec8b(big endian)    c044dd69 =  8bece647   c044dd69 =  4ba83b2e.

R11,1  =  ROR(R12, 3    F11,1,  1) =  ROR(d035058c    868a272b,  1) =  ROR(56bf22a7, 1) =  ROR(a722bf56(big endian),  1) =  53915fab(big endian) =  ab5f9153

R11,2 = R12,0 = 3cb17a6f

R11,3 = R12,1 = 4c24c8ac

 

Decryption of ciphertext block 1, round r=10

g input = X = x0x1x2x3 = R11,0 = 4ba83b2e

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(ab5f9153 ,  8) = ROL(53915fab(big endian),  8) = 915fab53(big endian) = 53ab5f91.

x0 = 4b

x1 = a8

x2 = 3b

x3 = 2e

x0 = 53

x1 = ab

x2 = 5f

x3 = 91

y2,0 = 4b

y2,1 = a8

y2,2 = 3b

y2,3 = 2e

y2,0 = 53

y2,1 = ab

y2,2 = 5f

y2,3 = 91

q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b l1,3=14 q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l0,3=dc q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l1,2=9c q0.in=92 a0=9 b0=2 a1=b b1=0 a2=9 b2=e a3=7 b3=6 a4=0 b4=6 q0.out=60 l0,2=53 q0.in=eb a0=e b0=b a1=5 b1=3 a2=f b2=8 a3=7 b3=3 a4=0 b4=4 q0.out=40

q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l1,1=8a q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l0,1=8b q1.in=fd a0=f b0=d a1=2 b1=9 a2=b b2=d a3=6 b3=d a4=9 b4=0 q1.out=09

q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2 l1,0=18 q1.in=c6 a0=c b0=6 a1=a b1=f a2=9 b2=8 a3=1 b3=5 a4=c b4=3 q1.out=3c l0,0=81 q0.in=e0 a0=e b0=0 a1=e b1=e a2=a b2=9 a3=3 b3=6 a4=e b4=6 q0.out=6e

q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45 l1,3=14 q0.in=5d a0=5 b0=d a1=8 b1=3 a2=0 b2=8 a3=8 b3=4 a4=c b4=1 q0.out=1c l0,3=dc q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=5f a0=5 b0=f a1=a b1=2 a2=5 b2=b a3=e b3=0 a4=7 b4=d q0.out=d7 l1,1=8a q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10 l0,1=8b q1.in=43 a0=4 b0=3 a1=7 b1=d a2=e b2=9 a3=7 b3=2 a4=a b4=5 q1.out=5a

q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l1,0=18 q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,0=81 q0.in=41 a0=4 b0=1 a1=5 b1=c a2=f b2=7 a3=8 b3=c a4=c b4=8 q0.out=8c

y0 = 80	y1 = 40	y2 = 09	y3 = 6e	y0 = 1a	y1 = 72	y2 = 5a	y3 = 8c
MDS input = Y = y0y1y2y3 = 8040096e				MDS input = Y = y0y1y2y3 = 1a725a8c

MDS output = Z = z0z1z2z3 = 605f4f80

MDS output = Z = z0z1z2z3 = ae12ccad

z0 = 60

z1 = 5f

z2 = 4f

z3 = 80

z0 = ae

z1 = 12

z2 = cc

z3 = ad

T0 = g(R0) = 605f4f80

T1 = g(ROL(R1, 8)) = ae12ccad

F10,0 = (T0 + T1 + K28) mod 232 = (605f4f80 + ae12ccad + fdcb3639) mod 232 = (804f5f60(big endian) + adcc12ae(big endian) + 3936cbfd(big endian)) mod 232 = 67523e0b(big endian) = 0b3e5267.

F10,1 = (T0 + 2T1 + K29) mod 232 = (605f4f80 + 2[ae12ccad] + d853ba91) mod 232 = (804f5f60(big endian) + 2[adcc12ae(big endian)] + 91ba53d8(big endian)) mod 232 = (804f5f60(big endian) + 5b98255c(big endian) + 91ba53d8(big endian)) mod 232 = 6da1d894(big endian) = 94d8a16d.

R10,0  =  ROL(R11, 2,  1)    F10,0) =  ROL(3cb17a6f,  1)   0b3e5267 =  ROL(6f7ab13c(big endian),  1)    0b3e5267 =  def56278(big endian)    0b3e5267 =  7862f5de   0b3e5267 =  735ca7b9.

R10,1  =  ROR(R11, 3    F10,1,  1) =  ROR(4c24c8ac    94d8a16d,  1) =  ROR(d8fc69c1, 1) =  ROR(c169fcd8(big endian),  1) =  60b4fe6c(big endian) =  6cfeb460

R10,2 = R11,0 = 4ba83b2e

R10,3 = R11,1 = ab5f9153

 

Decryption of ciphertext block 1, round r=9

g input = X = x0x1x2x3 = R10,0 = 735ca7b9

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(6cfeb460 ,  8) = ROL(60b4fe6c(big endian),  8) = b4fe6c60(big endian) = 606cfeb4.

x0 = 73

x1 = 5c

x2 = a7

x3 = b9

x0 = 60

x1 = 6c

x2 = fe

x3 = b4

y2,0 = 73

y2,1 = 5c

y2,2 = a7

y2,3 = b9

y2,0 = 60

y2,1 = 6c

y2,2 = fe

y2,3 = b4

q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l1,3=14 q0.in=b5 a0=b b0=5 a1=e b1=9 a2=a b2=4 a3=e b3=8 a4=7 b4=9 q0.out=97 l0,3=dc q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1

q1.in=5c a0=5 b0=c a1=9 b1=b a2=1 b2=5 a3=4 b3=3 a4=1 b4=1 q1.out=11 l1,2=9c q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b l0,2=53 q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20

q0.in=a7 a0=a b0=7 a1=d b1=1 a2=c b2=c a3=0 b3=a a4=b b4=3 q0.out=3b l1,1=8a q1.in=a7 a0=a b0=7 a1=d b1=1 a2=a b2=e a3=4 b3=d a4=1 b4=0 q1.out=01 l0,1=8b q1.in=52 a0=5 b0=2 a1=7 b1=c a2=e b2=f a3=1 b3=1 a4=c b4=9 q1.out=9c

q1.in=b9 a0=b b0=9 a1=2 b1=f a2=b b2=8 a3=3 b3=7 a4=5 b4=e q1.out=e5 l1,0=18 q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61 l0,0=81 q0.in=bd a0=b b0=d a1=6 b1=d a2=3 b2=0 a3=3 b3=b a4=e b4=0 q0.out=0e

q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb l1,3=14 q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68 l0,3=dc q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2

q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l1,2=9c q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0 l0,2=53 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be

q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1 l1,1=8a q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l0,1=8b q1.in=83 a0=8 b0=3 a1=b b1=1 a2=4 b2=e a3=a b3=3 a4=d b4=1 q1.out=1d

q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l1,0=18 q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,0=81 q0.in=9c a0=9 b0=c a1=5 b1=7 a2=f b2=5 a3=a b3=d a4=f b4=5 q0.out=5f

y0 = f1	y1 = 20	y2 = 9c	y3 = 0e	y0 = a2	y1 = be	y2 = 1d	y3 = 5f
MDS input = Y = y0y1y2y3 = f1209c0e				MDS input = Y = y0y1y2y3 = a2be1d5f

MDS output = Z = z0z1z2z3 = cb545137

MDS output = Z = z0z1z2z3 = 3ee16a8d

z0 = cb

z1 = 54

z2 = 51

z3 = 37

z0 = 3e

z1 = e1

z2 = 6a

z3 = 8d

T0 = g(R0) = cb545137

T1 = g(ROL(R1, 8)) = 3ee16a8d

F9,0 = (T0 + T1 + K26) mod 232 = (cb545137 + 3ee16a8d + d5b22d8a) mod 232 = (375154cb(big endian) + 8d6ae13e(big endian) + 8a2db2d5(big endian)) mod 232 = 4ee9e8de(big endian) = dee8e94e.

F9,1 = (T0 + 2T1 + K27) mod 232 = (cb545137 + 2[3ee16a8d] + 66325910) mod 232 = (375154cb(big endian) + 2[8d6ae13e(big endian)] + 10593266(big endian)) mod 232 = (375154cb(big endian) + 1ad5c27c(big endian) + 10593266(big endian)) mod 232 = 628049ad(big endian) = ad498062.

R9,0  =  ROL(R10, 2,  1)    F9,0) =  ROL(4ba83b2e,  1)   dee8e94e =  ROL(2e3ba84b(big endian),  1)    dee8e94e =  5c775096(big endian)    dee8e94e =  9650775c   dee8e94e =  48b89e12.

R9,1  =  ROR(R10, 3    F9,1,  1) =  ROR(ab5f9153    ad498062,  1) =  ROR(06161131, 1) =  ROR(31111606(big endian),  1) =  18888b03(big endian) =  038b8818

R9,2 = R10,0 = 735ca7b9

R9,3 = R10,1 = 6cfeb460

 

Decryption of ciphertext block 1, round r=8

g input = X = x0x1x2x3 = R9,0 = 48b89e12

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(038b8818 ,  8) = ROL(18888b03(big endian),  8) = 888b0318(big endian) = 18038b88.

x0 = 48

x1 = b8

x2 = 9e

x3 = 12

x0 = 18

x1 = 03

x2 = 8b

x3 = 88

y2,0 = 48

y2,1 = b8

y2,2 = 9e

y2,3 = 12

y2,0 = 18

y2,1 = 03

y2,2 = 8b

y2,3 = 88

q0.in=48 a0=4 b0=8 a1=c b1=0 a2=e b2=e a3=0 b3=9 a4=b b4=b q0.out=bb l1,3=14 q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee l0,3=dc q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2

q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l1,2=9c q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l0,2=53 q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e

q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l1,1=8a q1.in=96 a0=9 b0=6 a1=f b1=2 a2=5 b2=2 a3=7 b3=c a4=a b4=2 q1.out=2a l0,1=8b q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a

q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8 l1,0=18 q1.in=cc a0=c b0=c a1=0 b1=a a2=2 b2=a a3=8 b3=7 a4=0 b4=e q1.out=e0 l0,0=81 q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16

q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l1,3=14 q0.in=5b a0=5 b0=b a1=e b1=0 a2=a b2=e a3=4 b3=d a4=6 b4=5 q0.out=56 l0,3=dc q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,2=9c q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l0,2=53 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd

q0.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=2 a3=f b3=4 a4=1 b4=1 q0.out=11 l1,1=8a q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1 l0,1=8b q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1

q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b l1,0=18 q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l0,0=81 q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68

y0 = e2	y1 = 5e	y2 = 9a	y3 = 16	y0 = 9e	y1 = dd	y2 = a1	y3 = 68
MDS input = Y = y0y1y2y3 = e25e9a16				MDS input = Y = y0y1y2y3 = 9edda168

MDS output = Z = z0z1z2z3 = 9fefd4a3

MDS output = Z = z0z1z2z3 = 553815da

z0 = 9f

z1 = ef

z2 = d4

z3 = a3

z0 = 55

z1 = 38

z2 = 15

z3 = da

T0 = g(R0) = 9fefd4a3

T1 = g(ROL(R1, 8)) = 553815da

F8,0 = (T0 + T1 + K24) mod 232 = (9fefd4a3 + 553815da + 97054619) mod 232 = (a3d4ef9f(big endian) + da153855(big endian) + 19460597(big endian)) mod 232 = 97302d8b(big endian) = 8b2d3097.

F8,1 = (T0 + 2T1 + K25) mod 232 = (9fefd4a3 + 2[553815da] + ccf7f077) mod 232 = (a3d4ef9f(big endian) + 2[da153855(big endian)] + 77f0f7cc(big endian)) mod 232 = (a3d4ef9f(big endian) + b42a70aa(big endian) + 77f0f7cc(big endian)) mod 232 = cff05815(big endian) = 1558f0cf.

R8,0  =  ROL(R9, 2,  1)    F8,0) =  ROL(735ca7b9,  1)   8b2d3097 =  ROL(b9a75c73(big endian),  1)    8b2d3097 =  734eb8e7(big endian)    8b2d3097 =  e7b84e73   8b2d3097 =  6c957ee4.

R8,1  =  ROR(R9, 3    F8,1,  1) =  ROR(6cfeb460    1558f0cf,  1) =  ROR(79a644af, 1) =  ROR(af44a679(big endian),  1) =  d7a2533c(big endian) =  3c53a2d7

R8,2 = R9,0 = 48b89e12

R8,3 = R9,1 = 038b8818

 

Decryption of ciphertext block 1, round r=7

g input = X = x0x1x2x3 = R8,0 = 6c957ee4

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(3c53a2d7 ,  8) = ROL(d7a2533c(big endian),  8) = a2533cd7(big endian) = d73c53a2.

x0 = 6c

x1 = 95

x2 = 7e

x3 = e4

x0 = d7

x1 = 3c

x2 = 53

x3 = a2

y2,0 = 6c

y2,1 = 95

y2,2 = 7e

y2,3 = e4

y2,0 = d7

y2,1 = 3c

y2,2 = 53

y2,3 = a2

q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l1,3=14 q0.in=2b a0=2 b0=b a1=9 b1=f a2=b b2=d a3=6 b3=d a4=9 b4=5 q0.out=59 l0,3=dc q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e

q1.in=95 a0=9 b0=5 a1=c b1=b a2=0 b2=5 a3=5 b3=a a4=6 b4=7 q1.out=76 l1,2=9c q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a l0,2=53 q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14

q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l1,1=8a q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l0,1=8b q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89 l1,0=18 q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l0,0=81 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72 l1,3=14 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39 l0,3=dc q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d

q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92 l1,2=9c q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l0,2=53 q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8

q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45 l1,1=8a q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,1=8b q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37

q1.in=a2 a0=a b0=2 a1=8 b1=b a2=3 b2=5 a3=6 b3=1 a4=9 b4=9 q1.out=99 l1,0=18 q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1 l0,0=81 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd

y0 = 6e	y1 = 14	y2 = 1f	y3 = 4c	y0 = 8d	y1 = b8	y2 = 37	y3 = dd
MDS input = Y = y0y1y2y3 = 6e141f4c				MDS input = Y = y0y1y2y3 = 8db837dd

MDS output = Z = z0z1z2z3 = dcdb81f0

MDS output = Z = z0z1z2z3 = 2398cd75

z0 = dc

z1 = db

z2 = 81

z3 = f0

z0 = 23

z1 = 98

z2 = cd

z3 = 75

T0 = g(R0) = dcdb81f0

T1 = g(ROL(R1, 8)) = 2398cd75

F7,0 = (T0 + T1 + K22) mod 232 = (dcdb81f0 + 2398cd75 + 25d0b3fc) mod 232 = (f081dbdc(big endian) + 75cd9823(big endian) + fcb3d025(big endian)) mod 232 = 63034424(big endian) = 24440363.

F7,1 = (T0 + 2T1 + K23) mod 232 = (dcdb81f0 + 2[2398cd75] + eb1e6ea6) mod 232 = (f081dbdc(big endian) + 2[75cd9823(big endian)] + a66e1eeb(big endian)) mod 232 = (f081dbdc(big endian) + eb9b3046(big endian) + a66e1eeb(big endian)) mod 232 = 828b2b0d(big endian) = 0d2b8b82.

R7,0  =  ROL(R8, 2,  1)    F7,0) =  ROL(48b89e12,  1)   24440363 =  ROL(129eb848(big endian),  1)    24440363 =  253d7090(big endian)    24440363 =  90703d25   24440363 =  b4343e46.

R7,1  =  ROR(R8, 3    F7,1,  1) =  ROR(038b8818    0d2b8b82,  1) =  ROR(0ea0039a, 1) =  ROR(9a03a00e(big endian),  1) =  4d01d007(big endian) =  07d0014d

R7,2 = R8,0 = 6c957ee4

R7,3 = R8,1 = 3c53a2d7

 

Decryption of ciphertext block 1, round r=6

g input = X = x0x1x2x3 = R7,0 = b4343e46

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(07d0014d ,  8) = ROL(4d01d007(big endian),  8) = 01d0074d(big endian) = 4d07d001.

x0 = b4

x1 = 34

x2 = 3e

x3 = 46

x0 = 4d

x1 = 07

x2 = d0

x3 = 01

y2,0 = b4

y2,1 = 34

y2,2 = 3e

y2,3 = 46

y2,0 = 4d

y2,1 = 07

y2,2 = d0

y2,3 = 01

q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l1,3=14 q0.in=e4 a0=e b0=4 a1=a b1=c a2=5 b2=7 a3=2 b3=6 a4=5 b4=6 q0.out=65 l0,3=dc q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89

q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5 l1,2=9c q0.in=3f a0=3 b0=f a1=c b1=4 a2=e b2=1 a3=f b3=6 a4=1 b4=6 q0.out=61 l0,2=53 q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b

q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3 l1,1=8a q1.in=7f a0=7 b0=f a1=8 b1=0 a2=3 b2=1 a3=2 b3=3 a4=7 b4=1 q1.out=17 l0,1=8b q1.in=44 a0=4 b0=4 a1=0 b1=6 a2=2 b2=3 a3=1 b3=b a4=c b4=f q1.out=fc

q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62 l1,0=18 q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l0,0=81 q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b

q0.in=4d a0=4 b0=d a1=9 b1=a a2=b b2=a a3=1 b3=6 a4=a b4=6 q0.out=6a l1,3=14 q0.in=72 a0=7 b0=2 a1=5 b1=e a2=f b2=9 a3=6 b3=b a4=9 b4=0 q0.out=09 l0,3=dc q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b

q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l1,2=9c q0.in=42 a0=4 b0=2 a1=6 b1=5 a2=3 b2=2 a3=1 b3=a a4=a b4=3 q0.out=3a l0,2=53 q0.in=b1 a0=b b0=1 a1=a b1=b a2=5 b2=6 a3=3 b3=e a4=e b4=c q0.out=ce

q0.in=d0 a0=d b0=0 a1=d b1=5 a2=c b2=2 a3=e b3=d a4=7 b4=5 q0.out=57 l1,1=8a q1.in=cb a0=c b0=b a1=7 b1=1 a2=e b2=e a3=0 b3=9 a4=4 b4=4 q1.out=44 l0,1=8b q1.in=17 a0=1 b0=7 a1=6 b1=2 a2=6 b2=2 a3=4 b3=7 a4=1 b4=e q1.out=e1

q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l1,0=18 q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab l0,0=81 q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8

y0 = 89	y1 = 2b	y2 = fc	y3 = 9b	y0 = 0b	y1 = ce	y2 = e1	y3 = d8
MDS input = Y = y0y1y2y3 = 892bfc9b				MDS input = Y = y0y1y2y3 = 0bcee1d8

MDS output = Z = z0z1z2z3 = 77b998c4

MDS output = Z = z0z1z2z3 = 48567c31

z0 = 77

z1 = b9

z2 = 98

z3 = c4

z0 = 48

z1 = 56

z2 = 7c

z3 = 31

T0 = g(R0) = 77b998c4

T1 = g(ROL(R1, 8)) = 48567c31

F6,0 = (T0 + T1 + K20) mod 232 = (77b998c4 + 48567c31 + 7b65df4c) mod 232 = (c498b977(big endian) + 317c5648(big endian) + 4cdf657b(big endian)) mod 232 = 42f4753a(big endian) = 3a75f442.

F6,1 = (T0 + 2T1 + K21) mod 232 = (77b998c4 + 2[48567c31] + 2189e236) mod 232 = (c498b977(big endian) + 2[317c5648(big endian)] + 36e28921(big endian)) mod 232 = (c498b977(big endian) + 62f8ac90(big endian) + 36e28921(big endian)) mod 232 = 5e73ef28(big endian) = 28ef735e.

R6,0  =  ROL(R7, 2,  1)    F6,0) =  ROL(6c957ee4,  1)   3a75f442 =  ROL(e47e956c(big endian),  1)    3a75f442 =  c8fd2ad9(big endian)    3a75f442 =  d92afdc8   3a75f442 =  e35f098a.

R6,1  =  ROR(R7, 3    F6,1,  1) =  ROR(3c53a2d7    28ef735e,  1) =  ROR(14bcd189, 1) =  ROR(89d1bc14(big endian),  1) =  44e8de0a(big endian) =  0adee844

R6,2 = R7,0 = b4343e46

R6,3 = R7,1 = 07d0014d

 

Decryption of ciphertext block 1, round r=5

g input = X = x0x1x2x3 = R6,0 = e35f098a

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(0adee844 ,  8) = ROL(44e8de0a(big endian),  8) = e8de0a44(big endian) = 440adee8.

x0 = e3

x1 = 5f

x2 = 09

x3 = 8a

x0 = 44

x1 = 0a

x2 = de

x3 = e8

y2,0 = e3

y2,1 = 5f

y2,2 = 09

y2,3 = 8a

y2,0 = 44

y2,1 = 0a

y2,2 = de

y2,3 = e8

q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68 l1,3=14 q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81 l0,3=dc q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75

q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l1,2=9c q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l0,2=53 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a

q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l1,1=8a q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8 l0,1=8b q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57

q1.in=8a a0=8 b0=a a1=2 b1=d a2=b b2=9 a3=2 b3=f a4=7 b4=a q1.out=a7 l1,0=18 q1.in=b3 a0=b b0=3 a1=8 b1=a a2=3 b2=a a3=9 b3=e a4=e b4=8 q1.out=8e l0,0=81 q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd

q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l1,3=14 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af l0,3=dc q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2

q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6 l1,2=9c q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l0,2=53 q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac

q0.in=de a0=d b0=e a1=3 b1=2 a2=d b2=b a3=6 b3=8 a4=9 b4=9 q0.out=99 l1,1=8a q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l0,1=8b q1.in=28 a0=2 b0=8 a1=a b1=6 a2=9 b2=3 a3=a b3=8 a4=d b4=6 q1.out=6d

q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l1,0=18 q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l0,0=81 q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23

y0 = 75	y1 = 9a	y2 = 57	y3 = bd	y0 = d2	y1 = ac	y2 = 6d	y3 = 23
MDS input = Y = y0y1y2y3 = 759a57bd				MDS input = Y = y0y1y2y3 = d2ac6d23

MDS output = Z = z0z1z2z3 = 54f9c1dd

MDS output = Z = z0z1z2z3 = ea0eb1fc

z0 = 54

z1 = f9

z2 = c1

z3 = dd

z0 = ea

z1 = 0e

z2 = b1

z3 = fc

T0 = g(R0) = 54f9c1dd

T1 = g(ROL(R1, 8)) = ea0eb1fc

F5,0 = (T0 + T1 + K18) mod 232 = (54f9c1dd + ea0eb1fc + d542f0e2) mod 232 = (ddc1f954(big endian) + fcb10eea(big endian) + e2f042d5(big endian)) mod 232 = bd634b13(big endian) = 134b63bd.

F5,1 = (T0 + 2T1 + K19) mod 232 = (54f9c1dd + 2[ea0eb1fc] + 9f8b15e9) mod 232 = (ddc1f954(big endian) + 2[fcb10eea(big endian)] + e9158b9f(big endian)) mod 232 = (ddc1f954(big endian) + f9621dd4(big endian) + e9158b9f(big endian)) mod 232 = c039a2c7(big endian) = c7a239c0.

R5,0  =  ROL(R6, 2,  1)    F5,0) =  ROL(b4343e46,  1)   134b63bd =  ROL(463e34b4(big endian),  1)    134b63bd =  8c7c6968(big endian)    134b63bd =  68697c8c   134b63bd =  7b221f31.

R5,1  =  ROR(R6, 3    F5,1,  1) =  ROR(07d0014d    c7a239c0,  1) =  ROR(c072388d, 1) =  ROR(8d3872c0(big endian),  1) =  469c3960(big endian) =  60399c46

R5,2 = R6,0 = e35f098a

R5,3 = R6,1 = 0adee844

 

Decryption of ciphertext block 1, round r=4

g input = X = x0x1x2x3 = R5,0 = 7b221f31

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(60399c46 ,  8) = ROL(469c3960(big endian),  8) = 9c396046(big endian) = 4660399c.

x0 = 7b

x1 = 22

x2 = 1f

x3 = 31

x0 = 46

x1 = 60

x2 = 39

x3 = 9c

y2,0 = 7b

y2,1 = 22

y2,2 = 1f

y2,3 = 31

y2,0 = 46

y2,1 = 60

y2,2 = 39

y2,3 = 9c

q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l1,3=14 q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4 l0,3=dc q1.in=75 a0=7 b0=5 a1=2 b1=5 a2=b b2=c a3=7 b3=5 a4=a b4=3 q1.out=3a

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,2=9c q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l0,2=53 q0.in=0f a0=0 b0=f a1=f b1=f a2=4 b2=d a3=9 b3=a a4=8 b4=3 q0.out=38

q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48 l1,1=8a q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59 l0,1=8b q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6

q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l1,0=18 q1.in=90 a0=9 b0=0 a1=9 b1=1 a2=1 b2=e a3=f b3=e a4=f b4=8 q1.out=8f l0,0=81 q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l1,3=14 q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l0,3=dc q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,2=9c q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,2=53 q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5

q0.in=39 a0=3 b0=9 a1=a b1=7 a2=5 b2=5 a3=0 b3=7 a4=b b4=e q0.out=eb l1,1=8a q1.in=77 a0=7 b0=7 a1=0 b1=4 a2=2 b2=4 a3=6 b3=0 a4=9 b4=b q1.out=b9 l0,1=8b q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d

q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4 l1,0=18 q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,0=81 q0.in=f5 a0=f b0=5 a1=a b1=d a2=5 b2=0 a3=5 b3=d a4=d b4=5 q0.out=5d

y0 = 3a	y1 = 38	y2 = e6	y3 = 45	y0 = d1	y1 = e5	y2 = 0d	y3 = 5d
MDS input = Y = y0y1y2y3 = 3a38e645				MDS input = Y = y0y1y2y3 = d1e50d5d

MDS output = Z = z0z1z2z3 = 75f7d5b3

MDS output = Z = z0z1z2z3 = d5446270

z0 = 75

z1 = f7

z2 = d5

z3 = b3

z0 = d5

z1 = 44

z2 = 62

z3 = 70

T0 = g(R0) = 75f7d5b3

T1 = g(ROL(R1, 8)) = d5446270

F4,0 = (T0 + T1 + K16) mod 232 = (75f7d5b3 + d5446270 + 19c3630c) mod 232 = (b3d5f775(big endian) + 706244d5(big endian) + 0c63c319(big endian)) mod 232 = 309bff63(big endian) = 63ff9b30.

F4,1 = (T0 + 2T1 + K17) mod 232 = (75f7d5b3 + 2[d5446270] + 5bc0b2cc) mod 232 = (b3d5f775(big endian) + 2[706244d5(big endian)] + ccb2c05b(big endian)) mod 232 = (b3d5f775(big endian) + e0c489aa(big endian) + ccb2c05b(big endian)) mod 232 = 614d417a(big endian) = 7a414d61.

R4,0  =  ROL(R5, 2,  1)    F4,0) =  ROL(e35f098a,  1)   63ff9b30 =  ROL(8a095fe3(big endian),  1)    63ff9b30 =  1412bfc7(big endian)    63ff9b30 =  c7bf1214   63ff9b30 =  a4408924.

R4,1  =  ROR(R5, 3    F4,1,  1) =  ROR(0adee844    7a414d61,  1) =  ROR(709fa525, 1) =  ROR(25a59f70(big endian),  1) =  12d2cfb8(big endian) =  b8cfd212

R4,2 = R5,0 = 7b221f31

R4,3 = R5,1 = 60399c46

 

Decryption of ciphertext block 1, round r=3

g input = X = x0x1x2x3 = R4,0 = a4408924

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(b8cfd212 ,  8) = ROL(12d2cfb8(big endian),  8) = d2cfb812(big endian) = 12b8cfd2.

x0 = a4

x1 = 40

x2 = 89

x3 = 24

x0 = 12

x1 = b8

x2 = cf

x3 = d2

y2,0 = a4

y2,1 = 40

y2,2 = 89

y2,3 = 24

y2,0 = 12

y2,1 = b8

y2,2 = cf

y2,3 = d2

q0.in=a4 a0=a b0=4 a1=e b1=8 a2=a b2=f a3=5 b3=5 a4=d b4=2 q0.out=2d l1,3=14 q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l0,3=dc q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29

q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l1,2=9c q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,2=53 q0.in=40 a0=4 b0=0 a1=4 b1=4 a2=6 b2=1 a3=7 b3=e a4=0 b4=c q0.out=c0

q0.in=89 a0=8 b0=9 a1=1 b1=4 a2=1 b2=1 a3=0 b3=1 a4=b b4=7 q0.out=7b l1,1=8a q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab l0,1=8b q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16

q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l1,0=18 q1.in=9e a0=9 b0=e a1=7 b1=6 a2=e b2=3 a3=d b3=7 a4=b b4=e q1.out=eb l0,0=81 q0.in=37 a0=3 b0=7 a1=4 b1=0 a2=6 b2=e a3=8 b3=1 a4=c b4=7 q0.out=7c

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,3=14 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae l0,3=dc q1.in=2f a0=2 b0=f a1=d b1=d a2=a b2=9 a3=3 b3=6 a4=5 b4=d q1.out=d5

q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l1,2=9c q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l0,2=53 q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e

q0.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=8 a3=5 b3=1 a4=d b4=7 q0.out=7d l1,1=8a q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,1=8b q1.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=4 a3=9 b3=7 a4=e b4=e q1.out=ee

q1.in=d2 a0=d b0=2 a1=f b1=4 a2=5 b2=4 a3=1 b3=f a4=c b4=a q1.out=ac l1,0=18 q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l0,0=81 q0.in=51 a0=5 b0=1 a1=4 b1=5 a2=6 b2=2 a3=4 b3=7 a4=6 b4=e q0.out=e6

y0 = 29	y1 = c0	y2 = 16	y3 = 7c	y0 = d5	y1 = 5e	y2 = ee	y3 = e6
MDS input = Y = y0y1y2y3 = 29c0167c				MDS input = Y = y0y1y2y3 = d55eeee6

MDS output = Z = z0z1z2z3 = 7d3962d6

MDS output = Z = z0z1z2z3 = 0d986f47

z0 = 7d

z1 = 39

z2 = 62

z3 = d6

z0 = 0d

z1 = 98

z2 = 6f

z3 = 47

T0 = g(R0) = 7d3962d6

T1 = g(ROL(R1, 8)) = 0d986f47

F3,0 = (T0 + T1 + K14) mod 232 = (7d3962d6 + 0d986f47 + 281a4854) mod 232 = (d662397d(big endian) + 476f980d(big endian) + 54481a28(big endian)) mod 232 = 7219ebb2(big endian) = b2eb1972.

F3,1 = (T0 + 2T1 + K15) mod 232 = (7d3962d6 + 2[0d986f47] + a0ddfa24) mod 232 = (d662397d(big endian) + 2[476f980d(big endian)] + 24fadda0(big endian)) mod 232 = (d662397d(big endian) + 8edf301a(big endian) + 24fadda0(big endian)) mod 232 = 8a3c4737(big endian) = 37473c8a.

R3,0  =  ROL(R4, 2,  1)    F3,0) =  ROL(7b221f31,  1)   b2eb1972 =  ROL(311f227b(big endian),  1)    b2eb1972 =  623e44f6(big endian)    b2eb1972 =  f6443e62   b2eb1972 =  44af2710.

R3,1  =  ROR(R4, 3    F3,1,  1) =  ROR(60399c46    37473c8a,  1) =  ROR(577ea0cc, 1) =  ROR(cca07e57(big endian),  1) =  e6503f2b(big endian) =  2b3f50e6

R3,2 = R4,0 = a4408924

R3,3 = R4,1 = b8cfd212

 

Decryption of ciphertext block 1, round r=2

g input = X = x0x1x2x3 = R3,0 = 44af2710

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(2b3f50e6 ,  8) = ROL(e6503f2b(big endian),  8) = 503f2be6(big endian) = e62b3f50.

x0 = 44

x1 = af

x2 = 27

x3 = 10

x0 = e6

x1 = 2b

x2 = 3f

x3 = 50

y2,0 = 44

y2,1 = af

y2,2 = 27

y2,3 = 10

y2,0 = e6

y2,1 = 2b

y2,2 = 3f

y2,3 = 50

q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l1,3=14 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af l0,3=dc q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2

q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48 l1,2=9c q0.in=c2 a0=c b0=2 a1=e b1=d a2=a b2=0 a3=a b3=a a4=f b4=3 q0.out=3f l0,2=53 q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=8a q1.in=bf a0=b b0=f a1=4 b1=c a2=f b2=f a3=0 b3=8 a4=4 b4=6 q1.out=64 l0,1=8b q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l1,0=18 q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l0,0=81 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39

q0.in=e6 a0=e b0=6 a1=8 b1=d a2=0 b2=0 a3=0 b3=0 a4=b b4=d q0.out=db l1,3=14 q0.in=c3 a0=c b0=3 a1=f b1=5 a2=4 b2=2 a3=6 b3=5 a4=9 b4=2 q0.out=29 l0,3=dc q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18

q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e l1,2=9c q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,2=53 q0.in=8d a0=8 b0=d a1=5 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=c q0.out=c2

q0.in=3f a0=3 b0=f a1=c b1=4 a2=e b2=1 a3=f b3=6 a4=1 b4=6 q0.out=61 l1,1=8a q1.in=fd a0=f b0=d a1=2 b1=9 a2=b b2=d a3=6 b3=d a4=9 b4=0 q1.out=09 l0,1=8b q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85

q1.in=50 a0=5 b0=0 a1=5 b1=d a2=7 b2=9 a3=e b3=3 a4=3 b4=1 q1.out=13 l1,0=18 q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l0,0=81 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18

y0 = d2	y1 = fc	y2 = a3	y3 = 39	y0 = 18	y1 = c2	y2 = 85	y3 = 18
MDS input = Y = y0y1y2y3 = d2fca339				MDS input = Y = y0y1y2y3 = 18c28518

MDS output = Z = z0z1z2z3 = 67569e2a

MDS output = Z = z0z1z2z3 = df29c3c6

z0 = 67

z1 = 56

z2 = 9e

z3 = 2a

z0 = df

z1 = 29

z2 = c3

z3 = c6

T0 = g(R0) = 67569e2a

T1 = g(ROL(R1, 8)) = df29c3c6

F2,0 = (T0 + T1 + K12) mod 232 = (67569e2a + df29c3c6 + a38a1320) mod 232 = (2a9e5667(big endian) + c6c329df(big endian) + 20138aa3(big endian)) mod 232 = 11750ae9(big endian) = e90a7511.

F2,1 = (T0 + 2T1 + K13) mod 232 = (67569e2a + 2[df29c3c6] + 0813350e) mod 232 = (2a9e5667(big endian) + 2[c6c329df(big endian)] + 0e351308(big endian)) mod 232 = (2a9e5667(big endian) + 8d8653be(big endian) + 0e351308(big endian)) mod 232 = c659bd2d(big endian) = 2dbd59c6.

R2,0  =  ROL(R3, 2,  1)    F2,0) =  ROL(a4408924,  1)   e90a7511 =  ROL(248940a4(big endian),  1)    e90a7511 =  49128148(big endian)    e90a7511 =  48811249   e90a7511 =  a18b6758.

R2,1  =  ROR(R3, 3    F2,1,  1) =  ROR(b8cfd212    2dbd59c6,  1) =  ROR(95728bd4, 1) =  ROR(d48b7295(big endian),  1) =  ea45b94a(big endian) =  4ab945ea

R2,2 = R3,0 = 44af2710

R2,3 = R3,1 = 2b3f50e6

 

Decryption of ciphertext block 1, round r=1

g input = X = x0x1x2x3 = R2,0 = a18b6758

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(4ab945ea ,  8) = ROL(ea45b94a(big endian),  8) = 45b94aea(big endian) = ea4ab945.

x0 = a1

x1 = 8b

x2 = 67

x3 = 58

x0 = ea

x1 = 4a

x2 = b9

x3 = 45

y2,0 = a1

y2,1 = 8b

y2,2 = 67

y2,3 = 58

y2,0 = ea

y2,1 = 4a

y2,2 = b9

y2,3 = 45

q0.in=a1 a0=a b0=1 a1=b b1=2 a2=9 b2=b a3=2 b3=c a4=5 b4=8 q0.out=85 l1,3=14 q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93 l0,3=dc q1.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=6 a3=b b3=6 a4=8 b4=d q1.out=d8

q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l1,2=9c q0.in=96 a0=9 b0=6 a1=f b1=2 a2=4 b2=b a3=f b3=9 a4=1 b4=b q0.out=b1 l0,2=53 q0.in=3a a0=3 b0=a a1=9 b1=e a2=b b2=9 a3=2 b3=f a4=5 b4=a q0.out=a5

q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l1,1=8a q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc l0,1=8b q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9

q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l1,0=18 q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,0=81 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98

q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l1,3=14 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e l0,3=dc q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48

q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7 l1,2=9c q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08 l0,2=53 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed

q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l1,1=8a q1.in=e3 a0=e b0=3 a1=d b1=7 a2=a b2=7 a3=d b3=1 a4=b b4=9 q1.out=9b l0,1=8b q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce

q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l1,0=18 q1.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=9 a3=4 b3=9 a4=1 b4=4 q1.out=41 l0,0=81 q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93

y0 = d8	y1 = a5	y2 = a9	y3 = 98	y0 = 48	y1 = ed	y2 = ce	y3 = 93
MDS input = Y = y0y1y2y3 = d8a5a998				MDS input = Y = y0y1y2y3 = 48edce93

MDS output = Z = z0z1z2z3 = 8f7f0fa0

MDS output = Z = z0z1z2z3 = 16a998e4

z0 = 8f

z1 = 7f

z2 = 0f

z3 = a0

z0 = 16

z1 = a9

z2 = 98

z3 = e4

T0 = g(R0) = 8f7f0fa0

T1 = g(ROL(R1, 8)) = 16a998e4

F1,0 = (T0 + T1 + K10) mod 232 = (8f7f0fa0 + 16a998e4 + 22166ed7) mod 232 = (a00f7f8f(big endian) + e498a916(big endian) + d76e1622(big endian)) mod 232 = 5c163ec7(big endian) = c73e165c.

F1,1 = (T0 + 2T1 + K11) mod 232 = (8f7f0fa0 + 2[16a998e4] + 2547a011) mod 232 = (a00f7f8f(big endian) + 2[e498a916(big endian)] + 11a04725(big endian)) mod 232 = (a00f7f8f(big endian) + c931522c(big endian) + 11a04725(big endian)) mod 232 = 7ae118e0(big endian) = e018e17a.

R1,0  =  ROL(R2, 2,  1)    F1,0) =  ROL(44af2710,  1)   c73e165c =  ROL(1027af44(big endian),  1)    c73e165c =  204f5e88(big endian)    c73e165c =  885e4f20   c73e165c =  4f60597c.

R1,1  =  ROR(R2, 3    F1,1,  1) =  ROR(2b3f50e6    e018e17a,  1) =  ROR(cb27b19c, 1) =  ROR(9cb127cb(big endian),  1) =  ce5893e5(big endian) =  e59358ce

R1,2 = R2,0 = a18b6758

R1,3 = R2,1 = 4ab945ea

 

Decryption of ciphertext block 1, round r=0

g input = X = x0x1x2x3 = R1,0 = 4f60597c

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(e59358ce ,  8) = ROL(ce5893e5(big endian),  8) = 5893e5ce(big endian) = cee59358.

x0 = 4f

x1 = 60

x2 = 59

x3 = 7c

x0 = ce

x1 = e5

x2 = 93

x3 = 58

y2,0 = 4f

y2,1 = 60

y2,2 = 59

y2,3 = 7c

y2,0 = ce

y2,1 = e5

y2,2 = 93

y2,3 = 58

q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1 l1,3=14 q0.in=e9 a0=e b0=9 a1=7 b1=2 a2=2 b2=b a3=9 b3=f a4=8 b4=a q0.out=a8 l0,3=dc q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,2=9c q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,2=53 q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5

q0.in=59 a0=5 b0=9 a1=c b1=1 a2=e b2=c a3=2 b3=8 a4=5 b4=9 q0.out=95 l1,1=8a q1.in=09 a0=0 b0=9 a1=9 b1=c a2=1 b2=f a3=e b3=6 a4=3 b4=d q1.out=d3 l0,1=8b q1.in=80 a0=8 b0=0 a1=8 b1=8 a2=3 b2=6 a3=5 b3=8 a4=6 b4=6 q1.out=66

q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l1,0=18 q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08 l0,0=81 q0.in=d4 a0=d b0=4 a1=9 b1=7 a2=b b2=5 a3=e b3=9 a4=7 b4=b q0.out=b7

q0.in=ce a0=c b0=e a1=2 b1=b a2=7 b2=6 a3=1 b3=c a4=a b4=8 q0.out=8a l1,3=14 q0.in=92 a0=9 b0=2 a1=b b1=0 a2=9 b2=e a3=7 b3=6 a4=0 b4=6 q0.out=60 l0,3=dc q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9

q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4 l1,2=9c q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e l0,2=53 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

q0.in=93 a0=9 b0=3 a1=a b1=8 a2=5 b2=f a3=a b3=2 a4=f b4=f q0.out=ff l1,1=8a q1.in=63 a0=6 b0=3 a1=5 b1=f a2=7 b2=8 a3=f b3=b a4=f b4=f q1.out=ff l0,1=8b q1.in=ac a0=a b0=c a1=6 b1=c a2=6 b2=f a3=9 b3=9 a4=e b4=4 q1.out=4e

q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l1,0=18 q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,0=81 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98

y0 = c1	y1 = e5	y2 = 66	y3 = b7	y0 = c9	y1 = 5c	y2 = 4e	y3 = 98
MDS input = Y = y0y1y2y3 = c1e566b7				MDS input = Y = y0y1y2y3 = c95c4e98

MDS output = Z = z0z1z2z3 = 3ea40416

MDS output = Z = z0z1z2z3 = fb92865d

z0 = 3e

z1 = a4

z2 = 04

z3 = 16

z0 = fb

z1 = 92

z2 = 86

z3 = 5d

T0 = g(R0) = 3ea40416

T1 = g(ROL(R1, 8)) = fb92865d

F0,0 = (T0 + T1 + K8) mod 232 = (3ea40416 + fb92865d + f595a22f) mod 232 = (1604a43e(big endian) + 5d8692fb(big endian) + 2fa295f5(big endian)) mod 232 = a32dcd2e(big endian) = 2ecd2da3.

F0,1 = (T0 + 2T1 + K9) mod 232 = (3ea40416 + 2[fb92865d] + b3c6caca) mod 232 = (1604a43e(big endian) + 2[5d8692fb(big endian)] + cacac6b3(big endian)) mod 232 = (1604a43e(big endian) + bb0d25f6(big endian) + cacac6b3(big endian)) mod 232 = 9bdc90e7(big endian) = e790dc9b.

R0,0  =  ROL(R1, 2,  1)    F0,0) =  ROL(a18b6758,  1)   2ecd2da3 =  ROL(58678ba1(big endian),  1)    2ecd2da3 =  b0cf1742(big endian)    2ecd2da3 =  4217cfb0   2ecd2da3 =  6cdae213.

R0,1  =  ROR(R1, 3    F0,1,  1) =  ROR(4ab945ea    e790dc9b,  1) =  ROR(ad299971, 1) =  ROR(719929ad(big endian),  1) =  b8cc94d6(big endian) =  d694ccb8

R0,2 = R1,0 = 4f60597c

R0,3 = R1,1 = e59358ce

 

Decryption output unwhiten for block 1

P3 = R0,5 mod 4    K3 = R0,1    K3 = d694ccb8    ae0b98a1  =  789f5419

P2 = R0,4 mod 4    K2 = R0,0    K2 = 6cdae213    ea11ea78  =  86cb086b

P1 = R0,3 mod 4    K1 = R0,3    K1 = e59358ce    02229b50  =  e7b1c39e

P0 = R0,2 mod 4    K0 = R0,2    K0 = 4f60597c    9bf1826a  =  d491db16

 

Decryption of block 1 : Decryption CBC step: Xor of output unwhiten result with previous ciphertext block received

P0 = P '0 C0(previous round) = d491db16 00000000 = d491db16

P1 = P '1 C1(previous round) = e7b1c39e 00000000 = e7b1c39e

P2 = P '2 C2(previous round) = 86cb086b 00000000 = 86cb086b

P3 = P '3 C3(previous round) = 789f5419 00000000 = 789f5419

 

Plaintext result for decryption of block 1

p0 = [P0 2[8(0 mod 4)]] mod 28 = [d491db16 20] mod 28 = [16db91d4(big endian) 20] mod 28 = d4

p1 = [P0 2[8(1 mod 4)]] mod 28 = [d491db16 28] mod 28 = [16db91d4(big endian) 28] mod 28 = 91

p2 = [P0 2[8(2 mod 4)]] mod 28 = [d491db16 216] mod 28 = [16db91d4(big endian) 216] mod 28 = db

p3 = [P0 2[8(3 mod 4)]] mod 28 = [d491db16 224] mod 28 = [16db91d4(big endian) 224] mod 28 = 16

p4 = [P1 2[8(4 mod 4)]] mod 28 = [e7b1c39e 20] mod 28 = [9ec3b1e7(big endian) 20] mod 28 = e7

p5 = [P1 2[8(5 mod 4)]] mod 28 = [e7b1c39e 28] mod 28 = [9ec3b1e7(big endian) 28] mod 28 = b1

p6 = [P1 2[8(6 mod 4)]] mod 28 = [e7b1c39e 216] mod 28 = [9ec3b1e7(big endian) 216] mod 28 = c3

p7 = [P1 2[8(7 mod 4)]] mod 28 = [e7b1c39e 224] mod 28 = [9ec3b1e7(big endian) 224] mod 28 = 9e

p8 = [P2 2[8(8 mod 4)]] mod 28 = [86cb086b 20] mod 28 = [6b08cb86(big endian) 20] mod 28 = 86

p9 = [P2 2[8(9 mod 4)]] mod 28 = [86cb086b 28] mod 28 = [6b08cb86(big endian) 28] mod 28 = cb

p10 = [P2 2[8(10 mod 4)]] mod 28 = [86cb086b 216] mod 28 = [6b08cb86(big endian) 216] mod 28 = 08

p11 = [P2 2[8(11 mod 4)]] mod 28 = [86cb086b 224] mod 28 = [6b08cb86(big endian) 224] mod 28 = 6b

p12 = [P3 2[8(12 mod 4)]] mod 28 = [789f5419 20] mod 28 = [19549f78(big endian) 20] mod 28 = 78

p13 = [P3 2[8(13 mod 4)]] mod 28 = [789f5419 28] mod 28 = [19549f78(big endian) 28] mod 28 = 9f

p14 = [P3 2[8(14 mod 4)]] mod 28 = [789f5419 216] mod 28 = [19549f78(big endian) 216] mod 28 = 54

p15 = [P3 2[8(15 mod 4)]] mod 28 = [789f5419 224] mod 28 = [19549f78(big endian) 224] mod 28 = 19

Plaintext block output = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = d491db16e7b1c39e86cb086b789f5419

 

Decryption start for ciphertext block 2

ciphertext = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = 4e311045e36a2e3132c57a3c30f06fb3

C0 = c0c1c2c3 = 4e311045	C1 = c4c5c6c7 = e36a2e31
C2 = c8c9c10c11 = 32c57a3c	C3 = c12c13c14c15 = 30f06fb3

 

Decryption Input Unwhiten for block 2

R16,0 = C0 K4 = 4e311045 f57ea21f = bb4fb25a

R16,1 = C1 K5 = e36a2e31 e005f378 = 036fdd49

R16,2 = C2 K6 = 32c57a3c 314b4d98 = 038e37a4

R16,3 = C3 K7 = 30f06fb3 c9a88d6f = f958e2dc

 

Decryption of ciphertext block 2, round r=15

g input = X = x0x1x2x3 = R16,0 = bb4fb25a

g input = X = x0x1x2x3 = ROL(R16,1,  8) = ROL(036fdd49 ,  8) = ROL(49dd6f03(big endian),  8) = dd6f0349(big endian) = 49036fdd.

x0 = bb

x1 = 4f

x2 = b2

x3 = 5a

x0 = 49

x1 = 03

x2 = 6f

x3 = dd

y2,0 = bb

y2,1 = 4f

y2,2 = b2

y2,3 = 5a

y2,0 = 49

y2,1 = 03

y2,2 = 6f

y2,3 = dd

q0.in=bb a0=b b0=b a1=0 b1=e a2=8 b2=9 a3=1 b3=4 a4=a b4=1 q0.out=1a l1,3=14 q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3 l0,3=dc q1.in=32 a0=3 b0=2 a1=1 b1=a a2=8 b2=a a3=2 b3=d a4=7 b4=0 q1.out=07

q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l1,2=9c q0.in=06 a0=0 b0=6 a1=6 b1=3 a2=3 b2=8 a3=b b3=f a4=3 b4=a q0.out=a3 l0,2=53 q0.in=28 a0=2 b0=8 a1=a b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=1 q0.out=19

q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l1,1=8a q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70 l0,1=8b q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b

q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85 l1,0=18 q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l0,0=81 q0.in=ef a0=e b0=f a1=1 b1=1 a2=1 b2=c a3=d b3=f a4=4 b4=a q0.out=a4

q0.in=49 a0=4 b0=9 a1=d b1=8 a2=c b2=f a3=3 b3=3 a4=e b4=4 q0.out=4e l1,3=14 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l0,3=dc q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,2=9c q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l0,2=53 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd

q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l1,1=8a q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l0,1=8b q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95

q1.in=dd a0=d b0=d a1=0 b1=b a2=2 b2=5 a3=7 b3=8 a4=a b4=6 q1.out=6a l1,0=18 q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l0,0=81 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f

y0 = 07	y1 = 19	y2 = 5b	y3 = a4	y0 = a3	y1 = dd	y2 = 95	y3 = 8f
MDS input = Y = y0y1y2y3 = 07195ba4				MDS input = Y = y0y1y2y3 = a3dd958f

MDS output = Z = z0z1z2z3 = d48b9ef1

MDS output = Z = z0z1z2z3 = 6194140b

z0 = d4

z1 = 8b

z2 = 9e

z3 = f1

z0 = 61

z1 = 94

z2 = 14

z3 = 0b

T0 = g(R0) = d48b9ef1

T1 = g(ROL(R1, 8)) = 6194140b

F15,0 = (T0 + T1 + K38) mod 232 = (d48b9ef1 + 6194140b + aadffd38) mod 232 = (f19e8bd4(big endian) + 0b149461(big endian) + 38fddfaa(big endian)) mod 232 = 35b0ffdf(big endian) = dfffb035.

F15,1 = (T0 + 2T1 + K39) mod 232 = (d48b9ef1 + 2[6194140b] + 56f4c1eb) mod 232 = (f19e8bd4(big endian) + 2[0b149461(big endian)] + ebc1f456(big endian)) mod 232 = (f19e8bd4(big endian) + 162928c2(big endian) + ebc1f456(big endian)) mod 232 = f389a8ec(big endian) = eca889f3.

R15,0  =  ROL(R16, 2,  1)    F15,0) =  ROL(038e37a4,  1)   dfffb035 =  ROL(a4378e03(big endian),  1)    dfffb035 =  486f1c07(big endian)    dfffb035 =  071c6f48   dfffb035 =  d8e3df7d.

R15,1  =  ROR(R16, 3    F15,1,  1) =  ROR(f958e2dc    eca889f3,  1) =  ROR(15f06b2f, 1) =  ROR(2f6bf015(big endian),  1) =  97b5f80a(big endian) =  0af8b597

R15,2 = R16,0 = bb4fb25a

R15,3 = R16,1 = 036fdd49

 

Decryption of ciphertext block 2, round r=14

g input = X = x0x1x2x3 = R15,0 = d8e3df7d

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(0af8b597 ,  8) = ROL(97b5f80a(big endian),  8) = b5f80a97(big endian) = 970af8b5.

x0 = d8

x1 = e3

x2 = df

x3 = 7d

x0 = 97

x1 = 0a

x2 = f8

x3 = b5

y2,0 = d8

y2,1 = e3

y2,2 = df

y2,3 = 7d

y2,0 = 97

y2,1 = 0a

y2,2 = f8

y2,3 = b5

q0.in=d8 a0=d b0=8 a1=5 b1=1 a2=f b2=c a3=3 b3=1 a4=e b4=7 q0.out=7e l1,3=14 q0.in=66 a0=6 b0=6 a1=0 b1=5 a2=8 b2=2 a3=a b3=9 a4=f b4=b q0.out=bf l0,3=dc q1.in=3e a0=3 b0=e a1=d b1=c a2=a b2=f a3=5 b3=5 a4=6 b4=3 q1.out=36

q1.in=e3 a0=e b0=3 a1=d b1=7 a2=a b2=7 a3=d b3=1 a4=b b4=9 q1.out=9b l1,2=9c q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6 l0,2=53 q0.in=4d a0=4 b0=d a1=9 b1=a a2=b b2=a a3=1 b3=6 a4=a b4=6 q0.out=6a

q0.in=df a0=d b0=f a1=2 b1=a a2=7 b2=a a3=d b3=a a4=4 b4=3 q0.out=34 l1,1=8a q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l0,1=8b q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10

q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da l1,0=18 q1.in=ce a0=c b0=e a1=2 b1=b a2=b b2=5 a3=e b3=9 a4=3 b4=4 q1.out=43 l0,0=81 q0.in=9f a0=9 b0=f a1=6 b1=e a2=3 b2=9 a3=a b3=7 a4=f b4=e q0.out=ef

q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab l1,3=14 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f l0,3=dc q1.in=ae a0=a b0=e a1=4 b1=d a2=f b2=9 a3=6 b3=b a4=9 b4=f q1.out=f9

q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6 l1,2=9c q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l0,2=53 q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac

q0.in=f8 a0=f b0=8 a1=7 b1=3 a2=2 b2=8 a3=a b3=6 a4=f b4=6 q0.out=6f l1,1=8a q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4 l0,1=8b q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab

q1.in=b5 a0=b b0=5 a1=e b1=9 a2=c b2=d a3=1 b3=2 a4=c b4=5 q1.out=5c l1,0=18 q1.in=48 a0=4 b0=8 a1=c b1=0 a2=0 b2=1 a3=1 b3=8 a4=c b4=6 q1.out=6c l0,0=81 q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a

y0 = 36	y1 = 6a	y2 = 10	y3 = ef	y0 = f9	y1 = ac	y2 = ab	y3 = 2a
MDS input = Y = y0y1y2y3 = 366a10ef				MDS input = Y = y0y1y2y3 = f9acab2a

MDS output = Z = z0z1z2z3 = e98db9d8

MDS output = Z = z0z1z2z3 = d3e8f8e3

z0 = e9

z1 = 8d

z2 = b9

z3 = d8

z0 = d3

z1 = e8

z2 = f8

z3 = e3

T0 = g(R0) = e98db9d8

T1 = g(ROL(R1, 8)) = d3e8f8e3

F14,0 = (T0 + T1 + K36) mod 232 = (e98db9d8 + d3e8f8e3 + e4ffcbcc) mod 232 = (d8b98de9(big endian) + e3f8e8d3(big endian) + cccbffe4(big endian)) mod 232 = 897e76a0(big endian) = a0767e89.

F14,1 = (T0 + 2T1 + K37) mod 232 = (e98db9d8 + 2[d3e8f8e3] + fd60441f) mod 232 = (d8b98de9(big endian) + 2[e3f8e8d3(big endian)] + 1f4460fd(big endian)) mod 232 = (d8b98de9(big endian) + c7f1d1a6(big endian) + 1f4460fd(big endian)) mod 232 = bfefc08c(big endian) = 8cc0efbf.

R14,0  =  ROL(R15, 2,  1)    F14,0) =  ROL(bb4fb25a,  1)   a0767e89 =  ROL(5ab24fbb(big endian),  1)    a0767e89 =  b5649f76(big endian)    a0767e89 =  769f64b5   a0767e89 =  d6e91a3c.

R14,1  =  ROR(R15, 3    F14,1,  1) =  ROR(036fdd49    8cc0efbf,  1) =  ROR(8faf32f6, 1) =  ROR(f632af8f(big endian),  1) =  fb1957c7(big endian) =  c75719fb

R14,2 = R15,0 = d8e3df7d

R14,3 = R15,1 = 0af8b597

 

Decryption of ciphertext block 2, round r=13

g input = X = x0x1x2x3 = R14,0 = d6e91a3c

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(c75719fb ,  8) = ROL(fb1957c7(big endian),  8) = 1957c7fb(big endian) = fbc75719.

x0 = d6

x1 = e9

x2 = 1a

x3 = 3c

x0 = fb

x1 = c7

x2 = 57

x3 = 19

y2,0 = d6

y2,1 = e9

y2,2 = 1a

y2,3 = 3c

y2,0 = fb

y2,1 = c7

y2,2 = 57

y2,3 = 19

q0.in=d6 a0=d b0=6 a1=b b1=6 a2=9 b2=3 a3=a b3=8 a4=f b4=9 q0.out=9f l1,3=14 q0.in=87 a0=8 b0=7 a1=f b1=3 a2=4 b2=8 a3=c b3=0 a4=2 b4=d q0.out=d2 l0,3=dc q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2 l1,2=9c q0.in=28 a0=2 b0=8 a1=a b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=1 q0.out=19 l0,2=53 q0.in=92 a0=9 b0=2 a1=b b1=0 a2=9 b2=e a3=7 b3=6 a4=0 b4=6 q0.out=60

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,1=8a q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l0,1=8b q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c

q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92 l1,0=18 q1.in=86 a0=8 b0=6 a1=e b1=b a2=c b2=5 a3=9 b3=6 a4=e b4=d q1.out=de l0,0=81 q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3

q0.in=fb a0=f b0=b a1=4 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=4 q0.out=42 l1,3=14 q0.in=5a a0=5 b0=a a1=f b1=8 a2=4 b2=f a3=b b3=b a4=3 b4=0 q0.out=03 l0,3=dc q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1

q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5 l1,2=9c q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l0,2=53 q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92

q0.in=57 a0=5 b0=7 a1=2 b1=6 a2=7 b2=3 a3=4 b3=6 a4=6 b4=6 q0.out=66 l1,1=8a q1.in=fa a0=f b0=a a1=5 b1=2 a2=7 b2=2 a3=5 b3=e a4=6 b4=8 q1.out=86 l0,1=8b q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8

q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f l1,0=18 q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l0,0=81 q0.in=c7 a0=c b0=7 a1=b b1=7 a2=9 b2=5 a3=c b3=b a4=2 b4=0 q0.out=02

y0 = c7	y1 = 60	y2 = 7c	y3 = b3	y0 = a1	y1 = 92	y2 = a8	y3 = 02
MDS input = Y = y0y1y2y3 = c7607cb3				MDS input = Y = y0y1y2y3 = a192a802

MDS output = Z = z0z1z2z3 = 9dbe5783

MDS output = Z = z0z1z2z3 = de4c2ac5

z0 = 9d

z1 = be

z2 = 57

z3 = 83

z0 = de

z1 = 4c

z2 = 2a

z3 = c5

T0 = g(R0) = 9dbe5783

T1 = g(ROL(R1, 8)) = de4c2ac5

F13,0 = (T0 + T1 + K34) mod 232 = (9dbe5783 + de4c2ac5 + 6ae813f4) mod 232 = (8357be9d(big endian) + c52a4cde(big endian) + f413e86a(big endian)) mod 232 = 3c95f3e5(big endian) = e5f3953c.

F13,1 = (T0 + 2T1 + K35) mod 232 = (9dbe5783 + 2[de4c2ac5] + f3d8d036) mod 232 = (8357be9d(big endian) + 2[c52a4cde(big endian)] + 36d0d8f3(big endian)) mod 232 = (8357be9d(big endian) + 8a5499bc(big endian) + 36d0d8f3(big endian)) mod 232 = 447d314c(big endian) = 4c317d44.

R13,0  =  ROL(R14, 2,  1)    F13,0) =  ROL(d8e3df7d,  1)   e5f3953c =  ROL(7ddfe3d8(big endian),  1)    e5f3953c =  fbbfc7b0(big endian)    e5f3953c =  b0c7bffb   e5f3953c =  55342ac7.

R13,1  =  ROR(R14, 3    F13,1,  1) =  ROR(0af8b597    4c317d44,  1) =  ROR(46c9c8d3, 1) =  ROR(d3c8c946(big endian),  1) =  69e464a3(big endian) =  a364e469

R13,2 = R14,0 = d6e91a3c

R13,3 = R14,1 = c75719fb

 

Decryption of ciphertext block 2, round r=12

g input = X = x0x1x2x3 = R13,0 = 55342ac7

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(a364e469 ,  8) = ROL(69e464a3(big endian),  8) = e464a369(big endian) = 69a364e4.

x0 = 55

x1 = 34

x2 = 2a

x3 = c7

x0 = 69

x1 = a3

x2 = 64

x3 = e4

y2,0 = 55

y2,1 = 34

y2,2 = 2a

y2,3 = c7

y2,0 = 69

y2,1 = a3

y2,2 = 64

y2,3 = e4

q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4 l1,3=14 q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc l0,3=dc q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0

q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5 l1,2=9c q0.in=3f a0=3 b0=f a1=c b1=4 a2=e b2=1 a3=f b3=6 a4=1 b4=6 q0.out=61 l0,2=53 q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b

q0.in=2a a0=2 b0=a a1=8 b1=7 a2=0 b2=5 a3=5 b3=a a4=d b4=3 q0.out=3d l1,1=8a q1.in=a1 a0=a b0=1 a1=b b1=2 a2=4 b2=2 a3=6 b3=5 a4=9 b4=3 q1.out=39 l0,1=8b q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08

q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5 l1,0=18 q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l0,0=81 q0.in=2e a0=2 b0=e a1=c b1=5 a2=e b2=2 a3=c b3=f a4=2 b4=a q0.out=a2

q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l1,3=14 q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l0,3=dc q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,2=9c q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=53 q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9 l1,1=8a q1.in=75 a0=7 b0=5 a1=2 b1=5 a2=b b2=c a3=7 b3=5 a4=a b4=3 q1.out=3a l0,1=8b q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f

q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89 l1,0=18 q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l0,0=81 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

y0 = d0	y1 = 2b	y2 = 08	y3 = a2	y0 = d7	y1 = a1	y2 = 6f	y3 = 4c
MDS input = Y = y0y1y2y3 = d02b08a2				MDS input = Y = y0y1y2y3 = d7a16f4c

MDS output = Z = z0z1z2z3 = 8a262497

MDS output = Z = z0z1z2z3 = 256e1634

z0 = 8a

z1 = 26

z2 = 24

z3 = 97

z0 = 25

z1 = 6e

z2 = 16

z3 = 34

T0 = g(R0) = 8a262497

T1 = g(ROL(R1, 8)) = 256e1634

F12,0 = (T0 + T1 + K32) mod 232 = (8a262497 + 256e1634 + 165703a2) mod 232 = (9724268a(big endian) + 34166e25(big endian) + a2035716(big endian)) mod 232 = 6d3debc5(big endian) = c5eb3d6d.

F12,1 = (T0 + 2T1 + K33) mod 232 = (8a262497 + 2[256e1634] + bdabf862) mod 232 = (9724268a(big endian) + 2[34166e25(big endian)] + 62f8abbd(big endian)) mod 232 = (9724268a(big endian) + 682cdc4a(big endian) + 62f8abbd(big endian)) mod 232 = 6249ae91(big endian) = 91ae4962.

R12,0  =  ROL(R13, 2,  1)    F12,0) =  ROL(d6e91a3c,  1)   c5eb3d6d =  ROL(3c1ae9d6(big endian),  1)    c5eb3d6d =  7835d3ac(big endian)    c5eb3d6d =  acd33578   c5eb3d6d =  69380815.

R12,1  =  ROR(R13, 3    F12,1,  1) =  ROR(c75719fb    91ae4962,  1) =  ROR(56f95099, 1) =  ROR(9950f956(big endian),  1) =  4ca87cab(big endian) =  ab7ca84c

R12,2 = R13,0 = 55342ac7

R12,3 = R13,1 = a364e469

 

Decryption of ciphertext block 2, round r=11

g input = X = x0x1x2x3 = R12,0 = 69380815

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(ab7ca84c ,  8) = ROL(4ca87cab(big endian),  8) = a87cab4c(big endian) = 4cab7ca8.

x0 = 69

x1 = 38

x2 = 08

x3 = 15

x0 = 4c

x1 = ab

x2 = 7c

x3 = a8

y2,0 = 69

y2,1 = 38

y2,2 = 08

y2,3 = 15

y2,0 = 4c

y2,1 = ab

y2,2 = 7c

y2,3 = a8

q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l1,3=14 q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l0,3=dc q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=38 a0=3 b0=8 a1=b b1=f a2=4 b2=8 a3=c b3=0 a4=2 b4=b q1.out=b2 l1,2=9c q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,2=53 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae

q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l1,1=8a q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l0,1=8b q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18

q1.in=15 a0=1 b0=5 a1=4 b1=3 a2=f b2=b a3=4 b3=a a4=1 b4=7 q1.out=71 l1,0=18 q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77 l0,0=81 q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46

q0.in=4c a0=4 b0=c a1=8 b1=2 a2=0 b2=b a3=b b3=d a4=3 b4=5 q0.out=53 l1,3=14 q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b l0,3=dc q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=7c a0=7 b0=c a1=b b1=9 a2=9 b2=4 a3=d b3=3 a4=4 b4=4 q0.out=44 l1,1=8a q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e l0,1=8b q1.in=3d a0=3 b0=d a1=e b1=5 a2=c b2=c a3=0 b3=a a4=4 b4=7 q1.out=74

q1.in=a8 a0=a b0=8 a1=2 b1=e a2=b b2=0 a3=b b3=3 a4=8 b4=1 q1.out=18 l1,0=18 q1.in=0c a0=0 b0=c a1=c b1=6 a2=0 b2=3 a3=3 b3=9 a4=5 b4=4 q1.out=45 l0,0=81 q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c

y0 = d7	y1 = ae	y2 = 18	y3 = 46	y0 = 0d	y1 = 72	y2 = 74	y3 = 9c
MDS input = Y = y0y1y2y3 = d7ae1846				MDS input = Y = y0y1y2y3 = 0d72749c

MDS output = Z = z0z1z2z3 = 4c3e3a8c

MDS output = Z = z0z1z2z3 = 3c78bd7c

z0 = 4c

z1 = 3e

z2 = 3a

z3 = 8c

z0 = 3c

z1 = 78

z2 = bd

z3 = 7c

T0 = g(R0) = 4c3e3a8c

T1 = g(ROL(R1, 8)) = 3c78bd7c

F11,0 = (T0 + T1 + K30) mod 232 = (4c3e3a8c + 3c78bd7c + fd2d59b8) mod 232 = (8c3a3e4c(big endian) + 7cbd783c(big endian) + b8592dfd(big endian)) mod 232 = c150e485(big endian) = 85e450c1.

F11,1 = (T0 + 2T1 + K31) mod 232 = (4c3e3a8c + 2[3c78bd7c] + 9c51af49) mod 232 = (8c3a3e4c(big endian) + 2[7cbd783c(big endian)] + 49af519c(big endian)) mod 232 = (8c3a3e4c(big endian) + f97af078(big endian) + 49af519c(big endian)) mod 232 = cf648060(big endian) = 608064cf.

R11,0  =  ROL(R12, 2,  1)    F11,0) =  ROL(55342ac7,  1)   85e450c1 =  ROL(c72a3455(big endian),  1)    85e450c1 =  8e5468ab(big endian)    85e450c1 =  ab68548e   85e450c1 =  2e8c044f.

R11,1  =  ROR(R12, 3    F11,1,  1) =  ROR(a364e469    608064cf,  1) =  ROR(c3e480a6, 1) =  ROR(a680e4c3(big endian),  1) =  d3407261(big endian) =  617240d3

R11,2 = R12,0 = 69380815

R11,3 = R12,1 = ab7ca84c

 

Decryption of ciphertext block 2, round r=10

g input = X = x0x1x2x3 = R11,0 = 2e8c044f

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(617240d3 ,  8) = ROL(d3407261(big endian),  8) = 407261d3(big endian) = d3617240.

x0 = 2e

x1 = 8c

x2 = 04

x3 = 4f

x0 = d3

x1 = 61

x2 = 72

x3 = 40

y2,0 = 2e

y2,1 = 8c

y2,2 = 04

y2,3 = 4f

y2,0 = d3

y2,1 = 61

y2,2 = 72

y2,3 = 40

q0.in=2e a0=2 b0=e a1=c b1=5 a2=e b2=2 a3=c b3=f a4=2 b4=a q0.out=a2 l1,3=14 q0.in=ba a0=b b0=a a1=1 b1=6 a2=1 b2=3 a3=2 b3=0 a4=5 b4=d q0.out=d5 l0,3=dc q1.in=54 a0=5 b0=4 a1=1 b1=f a2=8 b2=8 a3=0 b3=c a4=4 b4=2 q1.out=24

q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef l1,2=9c q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l0,2=53 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l1,1=8a q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81 l0,1=8b q1.in=d2 a0=d b0=2 a1=f b1=4 a2=5 b2=4 a3=1 b3=f a4=c b4=a q1.out=ac

q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l1,0=18 q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81 l0,0=81 q0.in=5d a0=5 b0=d a1=8 b1=3 a2=0 b2=8 a3=8 b3=4 a4=c b4=1 q0.out=1c

q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74 l1,3=14 q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33 l0,3=dc q1.in=b2 a0=b b0=2 a1=9 b1=2 a2=1 b2=2 a3=3 b3=8 a4=5 b4=6 q1.out=65

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,2=9c q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l0,2=53 q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75

q0.in=72 a0=7 b0=2 a1=5 b1=e a2=f b2=9 a3=6 b3=b a4=9 b4=0 q0.out=09 l1,1=8a q1.in=95 a0=9 b0=5 a1=c b1=b a2=0 b2=5 a3=5 b3=a a4=6 b4=7 q1.out=76 l0,1=8b q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00

q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l1,0=18 q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l0,0=81 q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4

y0 = 24	y1 = 73	y2 = ac	y3 = 1c	y0 = 65	y1 = 75	y2 = 00	y3 = d4
MDS input = Y = y0y1y2y3 = 2473ac1c				MDS input = Y = y0y1y2y3 = 657500d4

MDS output = Z = z0z1z2z3 = b4ec0786

MDS output = Z = z0z1z2z3 = 384e1934

z0 = b4

z1 = ec

z2 = 07

z3 = 86

z0 = 38

z1 = 4e

z2 = 19

z3 = 34

T0 = g(R0) = b4ec0786

T1 = g(ROL(R1, 8)) = 384e1934

F10,0 = (T0 + T1 + K28) mod 232 = (b4ec0786 + 384e1934 + fdcb3639) mod 232 = (8607ecb4(big endian) + 34194e38(big endian) + 3936cbfd(big endian)) mod 232 = f35806e9(big endian) = e90658f3.

F10,1 = (T0 + 2T1 + K29) mod 232 = (b4ec0786 + 2[384e1934] + d853ba91) mod 232 = (8607ecb4(big endian) + 2[34194e38(big endian)] + 91ba53d8(big endian)) mod 232 = (8607ecb4(big endian) + 68329c70(big endian) + 91ba53d8(big endian)) mod 232 = 7ff4dcfc(big endian) = fcdcf47f.

R10,0  =  ROL(R11, 2,  1)    F10,0) =  ROL(69380815,  1)   e90658f3 =  ROL(15083869(big endian),  1)    e90658f3 =  2a1070d2(big endian)    e90658f3 =  d270102a   e90658f3 =  3b7648d9.

R10,1  =  ROR(R11, 3    F10,1,  1) =  ROR(ab7ca84c    fcdcf47f,  1) =  ROR(57a05c33, 1) =  ROR(335ca057(big endian),  1) =  99ae502b(big endian) =  2b50ae99

R10,2 = R11,0 = 2e8c044f

R10,3 = R11,1 = 617240d3

 

Decryption of ciphertext block 2, round r=9

g input = X = x0x1x2x3 = R10,0 = 3b7648d9

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(2b50ae99 ,  8) = ROL(99ae502b(big endian),  8) = ae502b99(big endian) = 992b50ae.

x0 = 3b

x1 = 76

x2 = 48

x3 = d9

x0 = 99

x1 = 2b

x2 = 50

x3 = ae

y2,0 = 3b

y2,1 = 76

y2,2 = 48

y2,3 = d9

y2,0 = 99

y2,1 = 2b

y2,2 = 50

y2,3 = ae

q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l1,3=14 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f l0,3=dc q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8

q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea l1,2=9c q0.in=60 a0=6 b0=0 a1=6 b1=6 a2=3 b2=3 a3=0 b3=2 a4=b b4=f q0.out=fb l0,2=53 q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81

q0.in=48 a0=4 b0=8 a1=c b1=0 a2=e b2=e a3=0 b3=9 a4=b b4=b q0.out=bb l1,1=8a q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,1=8b q1.in=ce a0=c b0=e a1=2 b1=b a2=b b2=5 a3=e b3=9 a4=3 b4=4 q1.out=43

q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l1,0=18 q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7 l0,0=81 q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26

q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l1,3=14 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,3=dc q1.in=87 a0=8 b0=7 a1=f b1=3 a2=5 b2=b a3=e b3=0 a4=3 b4=b q1.out=b3

q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e l1,2=9c q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,2=53 q0.in=8d a0=8 b0=d a1=5 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=c q0.out=c2

q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1 l1,1=8a q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da l0,1=8b q1.in=89 a0=8 b0=9 a1=1 b1=4 a2=8 b2=4 a3=c b3=a a4=2 b4=7 q1.out=72

q1.in=ae a0=a b0=e a1=4 b1=d a2=f b2=9 a3=6 b3=b a4=9 b4=f q1.out=f9 l1,0=18 q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l0,0=81 q0.in=de a0=d b0=e a1=3 b1=2 a2=d b2=b a3=6 b3=8 a4=9 b4=9 q0.out=99

y0 = e8	y1 = 81	y2 = 43	y3 = 26	y0 = b3	y1 = c2	y2 = 72	y3 = 99
MDS input = Y = y0y1y2y3 = e8814326				MDS input = Y = y0y1y2y3 = b3c27299

MDS output = Z = z0z1z2z3 = c1d39694

MDS output = Z = z0z1z2z3 = ab2cb558

z0 = c1

z1 = d3

z2 = 96

z3 = 94

z0 = ab

z1 = 2c

z2 = b5

z3 = 58

T0 = g(R0) = c1d39694

T1 = g(ROL(R1, 8)) = ab2cb558

F9,0 = (T0 + T1 + K26) mod 232 = (c1d39694 + ab2cb558 + d5b22d8a) mod 232 = (9496d3c1(big endian) + 58b52cab(big endian) + 8a2db2d5(big endian)) mod 232 = 7779b341(big endian) = 41b37977.

F9,1 = (T0 + 2T1 + K27) mod 232 = (c1d39694 + 2[ab2cb558] + 66325910) mod 232 = (9496d3c1(big endian) + 2[58b52cab(big endian)] + 10593266(big endian)) mod 232 = (9496d3c1(big endian) + b16a5956(big endian) + 10593266(big endian)) mod 232 = 565a5f7d(big endian) = 7d5f5a56.

R9,0  =  ROL(R10, 2,  1)    F9,0) =  ROL(2e8c044f,  1)   41b37977 =  ROL(4f048c2e(big endian),  1)    41b37977 =  9e09185c(big endian)    41b37977 =  5c18099e   41b37977 =  1dab70e9.

R9,1  =  ROR(R10, 3    F9,1,  1) =  ROR(617240d3    7d5f5a56,  1) =  ROR(1c2d1a85, 1) =  ROR(851a2d1c(big endian),  1) =  428d168e(big endian) =  8e168d42

R9,2 = R10,0 = 3b7648d9

R9,3 = R10,1 = 2b50ae99

 

Decryption of ciphertext block 2, round r=8

g input = X = x0x1x2x3 = R9,0 = 1dab70e9

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(8e168d42 ,  8) = ROL(428d168e(big endian),  8) = 8d168e42(big endian) = 428e168d.

x0 = 1d

x1 = ab

x2 = 70

x3 = e9

x0 = 42

x1 = 8e

x2 = 16

x3 = 8d

y2,0 = 1d

y2,1 = ab

y2,2 = 70

y2,3 = e9

y2,0 = 42

y2,1 = 8e

y2,2 = 16

y2,3 = 8d

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,3=14 q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78 l0,3=dc q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=70 a0=7 b0=0 a1=7 b1=f a2=2 b2=d a3=f b3=c a4=1 b4=8 q0.out=81 l1,1=8a q1.in=1d a0=1 b0=d a1=c b1=7 a2=0 b2=7 a3=7 b3=b a4=a b4=f q1.out=fa l0,1=8b q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23

q1.in=e9 a0=e b0=9 a1=7 b1=2 a2=e b2=2 a3=c b3=f a4=2 b4=a q1.out=a2 l1,0=18 q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l0,0=81 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06

q0.in=42 a0=4 b0=2 a1=6 b1=5 a2=3 b2=2 a3=1 b3=a a4=a b4=3 q0.out=3a l1,3=14 q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l0,3=dc q1.in=0a a0=0 b0=a a1=a b1=5 a2=9 b2=c a3=5 b3=7 a4=6 b4=e q1.out=e6

q1.in=8e a0=8 b0=e a1=6 b1=f a2=6 b2=8 a3=e b3=2 a4=3 b4=5 q1.out=53 l1,2=9c q0.in=d9 a0=d b0=9 a1=4 b1=9 a2=6 b2=4 a3=2 b3=4 a4=5 b4=1 q0.out=15 l0,2=53 q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a

q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec l1,1=8a q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l0,1=8b q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1

q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1 l1,0=18 q1.in=c5 a0=c b0=5 a1=9 b1=6 a2=1 b2=3 a3=2 b3=0 a4=7 b4=b q1.out=b7 l0,0=81 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af

y0 = 25	y1 = 72	y2 = 23	y3 = 06	y0 = e6	y1 = 0a	y2 = b1	y3 = af
MDS input = Y = y0y1y2y3 = 25722306				MDS input = Y = y0y1y2y3 = e60ab1af

MDS output = Z = z0z1z2z3 = b0f39971

MDS output = Z = z0z1z2z3 = f2569c53

z0 = b0

z1 = f3

z2 = 99

z3 = 71

z0 = f2

z1 = 56

z2 = 9c

z3 = 53

T0 = g(R0) = b0f39971

T1 = g(ROL(R1, 8)) = f2569c53

F8,0 = (T0 + T1 + K24) mod 232 = (b0f39971 + f2569c53 + 97054619) mod 232 = (7199f3b0(big endian) + 539c56f2(big endian) + 19460597(big endian)) mod 232 = de7c5039(big endian) = 39507cde.

F8,1 = (T0 + 2T1 + K25) mod 232 = (b0f39971 + 2[f2569c53] + ccf7f077) mod 232 = (7199f3b0(big endian) + 2[539c56f2(big endian)] + 77f0f7cc(big endian)) mod 232 = (7199f3b0(big endian) + a738ade4(big endian) + 77f0f7cc(big endian)) mod 232 = 90c39960(big endian) = 6099c390.

R8,0  =  ROL(R9, 2,  1)    F8,0) =  ROL(3b7648d9,  1)   39507cde =  ROL(d948763b(big endian),  1)    39507cde =  b290ec77(big endian)    39507cde =  77ec90b2   39507cde =  4ebcec6c.

R8,1  =  ROR(R9, 3    F8,1,  1) =  ROR(2b50ae99    6099c390,  1) =  ROR(4bc96d09, 1) =  ROR(096dc94b(big endian),  1) =  84b6e4a5(big endian) =  a5e4b684

R8,2 = R9,0 = 1dab70e9

R8,3 = R9,1 = 8e168d42

 

Decryption of ciphertext block 2, round r=7

g input = X = x0x1x2x3 = R8,0 = 4ebcec6c

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(a5e4b684 ,  8) = ROL(84b6e4a5(big endian),  8) = b6e4a584(big endian) = 84a5e4b6.

x0 = 4e

x1 = bc

x2 = ec

x3 = 6c

x0 = 84

x1 = a5

x2 = e4

x3 = b6

y2,0 = 4e

y2,1 = bc

y2,2 = ec

y2,3 = 6c

y2,0 = 84

y2,1 = a5

y2,2 = e4

y2,3 = b6

q0.in=4e a0=4 b0=e a1=a b1=3 a2=5 b2=8 a3=d b3=9 a4=4 b4=b q0.out=b4 l1,3=14 q0.in=ac a0=a b0=c a1=6 b1=c a2=3 b2=7 a3=4 b3=0 a4=6 b4=d q0.out=d6 l0,3=dc q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc l1,1=8a q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38 l0,1=8b q1.in=6b a0=6 b0=b a1=d b1=b a2=a b2=5 a3=f b3=0 a4=f b4=b q1.out=bf

q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l1,0=18 q1.in=54 a0=5 b0=4 a1=1 b1=f a2=8 b2=8 a3=0 b3=c a4=4 b4=2 q1.out=24 l0,0=81 q0.in=f8 a0=f b0=8 a1=7 b1=3 a2=2 b2=8 a3=a b3=6 a4=f b4=6 q0.out=6f

q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l1,3=14 q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l0,3=dc q1.in=15 a0=1 b0=5 a1=4 b1=3 a2=f b2=b a3=4 b3=a a4=1 b4=7 q1.out=71

q1.in=a5 a0=a b0=5 a1=f b1=0 a2=5 b2=1 a3=4 b3=5 a4=1 b4=3 q1.out=31 l1,2=9c q0.in=bb a0=b b0=b a1=0 b1=e a2=8 b2=9 a3=1 b3=4 a4=a b4=1 q0.out=1a l0,2=53 q0.in=91 a0=9 b0=1 a1=8 b1=9 a2=0 b2=4 a3=4 b3=2 a4=6 b4=f q0.out=f6

q0.in=e4 a0=e b0=4 a1=a b1=c a2=5 b2=7 a3=2 b3=6 a4=5 b4=6 q0.out=65 l1,1=8a q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,1=8b q1.in=76 a0=7 b0=6 a1=1 b1=c a2=8 b2=f a3=7 b3=7 a4=a b4=e q1.out=ea

q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l1,0=18 q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,0=81 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91

y0 = 70	y1 = cd	y2 = bf	y3 = 6f	y0 = 71	y1 = f6	y2 = ea	y3 = 91
MDS input = Y = y0y1y2y3 = 70cdbf6f				MDS input = Y = y0y1y2y3 = 71f6ea91

MDS output = Z = z0z1z2z3 = e2e05696

MDS output = Z = z0z1z2z3 = feb33db3

z0 = e2

z1 = e0

z2 = 56

z3 = 96

z0 = fe

z1 = b3

z2 = 3d

z3 = b3

T0 = g(R0) = e2e05696

T1 = g(ROL(R1, 8)) = feb33db3

F7,0 = (T0 + T1 + K22) mod 232 = (e2e05696 + feb33db3 + 25d0b3fc) mod 232 = (9656e0e2(big endian) + b33db3fe(big endian) + fcb3d025(big endian)) mod 232 = 46486505(big endian) = 05654846.

F7,1 = (T0 + 2T1 + K23) mod 232 = (e2e05696 + 2[feb33db3] + eb1e6ea6) mod 232 = (9656e0e2(big endian) + 2[b33db3fe(big endian)] + a66e1eeb(big endian)) mod 232 = (9656e0e2(big endian) + 667b67fc(big endian) + a66e1eeb(big endian)) mod 232 = a34067c9(big endian) = c96740a3.

R7,0  =  ROL(R8, 2,  1)    F7,0) =  ROL(1dab70e9,  1)   05654846 =  ROL(e970ab1d(big endian),  1)    05654846 =  d2e1563b(big endian)    05654846 =  3b56e1d2   05654846 =  3e33a994.

R7,1  =  ROR(R8, 3    F7,1,  1) =  ROR(8e168d42    c96740a3,  1) =  ROR(4771cde1, 1) =  ROR(e1cd7147(big endian),  1) =  f0e6b8a3(big endian) =  a3b8e6f0

R7,2 = R8,0 = 4ebcec6c

R7,3 = R8,1 = a5e4b684

 

Decryption of ciphertext block 2, round r=6

g input = X = x0x1x2x3 = R7,0 = 3e33a994

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(a3b8e6f0 ,  8) = ROL(f0e6b8a3(big endian),  8) = e6b8a3f0(big endian) = f0a3b8e6.

x0 = 3e

x1 = 33

x2 = a9

x3 = 94

x0 = f0

x1 = a3

x2 = b8

x3 = e6

y2,0 = 3e

y2,1 = 33

y2,2 = a9

y2,3 = 94

y2,0 = f0

y2,1 = a3

y2,2 = b8

y2,3 = e6

q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3 l1,3=14 q0.in=fb a0=f b0=b a1=4 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=4 q0.out=42 l0,3=dc q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe

q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14 l1,2=9c q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l0,2=53 q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d

q0.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=7 b4=8 q0.out=87 l1,1=8a q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l0,1=8b q1.in=48 a0=4 b0=8 a1=c b1=0 a2=0 b2=1 a3=1 b3=8 a4=c b4=6 q1.out=6c

q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec l1,0=18 q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16 l0,0=81 q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0

q0.in=f0 a0=f b0=0 a1=f b1=7 a2=4 b2=5 a3=1 b3=e a4=a b4=c q0.out=ca l1,3=14 q0.in=d2 a0=d b0=2 a1=f b1=4 a2=4 b2=1 a3=5 b3=c a4=d b4=8 q0.out=8d l0,3=dc q1.in=0c a0=0 b0=c a1=c b1=6 a2=0 b2=3 a3=3 b3=9 a4=5 b4=4 q1.out=45

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,2=9c q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l0,2=53 q0.in=80 a0=8 b0=0 a1=8 b1=8 a2=0 b2=f a3=f b3=f a4=1 b4=a q0.out=a1

q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l1,1=8a q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0 l0,1=8b q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4

q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l1,0=18 q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,0=81 q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d

y0 = fe	y1 = 1d	y2 = 6c	y3 = b0	y0 = 45	y1 = a1	y2 = b4	y3 = 9d
MDS input = Y = y0y1y2y3 = fe1d6cb0				MDS input = Y = y0y1y2y3 = 45a1b49d

MDS output = Z = z0z1z2z3 = ef7ee2ca

MDS output = Z = z0z1z2z3 = 0b67e51a

z0 = ef

z1 = 7e

z2 = e2

z3 = ca

z0 = 0b

z1 = 67

z2 = e5

z3 = 1a

T0 = g(R0) = ef7ee2ca

T1 = g(ROL(R1, 8)) = 0b67e51a

F6,0 = (T0 + T1 + K20) mod 232 = (ef7ee2ca + 0b67e51a + 7b65df4c) mod 232 = (cae27eef(big endian) + 1ae5670b(big endian) + 4cdf657b(big endian)) mod 232 = 32a74b75(big endian) = 754ba732.

F6,1 = (T0 + 2T1 + K21) mod 232 = (ef7ee2ca + 2[0b67e51a] + 2189e236) mod 232 = (cae27eef(big endian) + 2[1ae5670b(big endian)] + 36e28921(big endian)) mod 232 = (cae27eef(big endian) + 35cace16(big endian) + 36e28921(big endian)) mod 232 = 378fd626(big endian) = 26d68f37.

R6,0  =  ROL(R7, 2,  1)    F6,0) =  ROL(4ebcec6c,  1)   754ba732 =  ROL(6cecbc4e(big endian),  1)    754ba732 =  d9d9789c(big endian)    754ba732 =  9c78d9d9   754ba732 =  e9337eeb.

R6,1  =  ROR(R7, 3    F6,1,  1) =  ROR(a5e4b684    26d68f37,  1) =  ROR(833239b3, 1) =  ROR(b3393283(big endian),  1) =  d99c9941(big endian) =  41999cd9

R6,2 = R7,0 = 3e33a994

R6,3 = R7,1 = a3b8e6f0

 

Decryption of ciphertext block 2, round r=5

g input = X = x0x1x2x3 = R6,0 = e9337eeb

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(41999cd9 ,  8) = ROL(d99c9941(big endian),  8) = 9c9941d9(big endian) = d941999c.

x0 = e9

x1 = 33

x2 = 7e

x3 = eb

x0 = d9

x1 = 41

x2 = 99

x3 = 9c

y2,0 = e9

y2,1 = 33

y2,2 = 7e

y2,3 = eb

y2,0 = d9

y2,1 = 41

y2,2 = 99

y2,3 = 9c

q0.in=e9 a0=e b0=9 a1=7 b1=2 a2=2 b2=b a3=9 b3=f a4=8 b4=a q0.out=a8 l1,3=14 q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a l0,3=dc q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14 l1,2=9c q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l0,2=53 q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d

q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l1,1=8a q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l0,1=8b q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=eb a0=e b0=b a1=5 b1=3 a2=7 b2=b a3=c b3=2 a4=2 b4=5 q1.out=52 l1,0=18 q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62 l0,0=81 q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7

q0.in=d9 a0=d b0=9 a1=4 b1=9 a2=6 b2=4 a3=2 b3=4 a4=5 b4=1 q0.out=15 l1,3=14 q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd l0,3=dc q1.in=5c a0=5 b0=c a1=9 b1=b a2=1 b2=5 a3=4 b3=3 a4=1 b4=1 q1.out=11

q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0 l1,2=9c q0.in=3a a0=3 b0=a a1=9 b1=e a2=b b2=9 a3=2 b3=f a4=5 b4=a q0.out=a5 l0,2=53 q0.in=2e a0=2 b0=e a1=c b1=5 a2=e b2=2 a3=c b3=f a4=2 b4=a q0.out=a2

q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l1,1=8a q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l0,1=8b q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc

q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4 l1,0=18 q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,0=81 q0.in=f5 a0=f b0=5 a1=a b1=d a2=5 b2=0 a3=5 b3=d a4=d b4=5 q0.out=5d

y0 = 1f	y1 = 1d	y2 = 1f	y3 = a7	y0 = 11	y1 = a2	y2 = bc	y3 = 5d
MDS input = Y = y0y1y2y3 = 1f1d1fa7				MDS input = Y = y0y1y2y3 = 11a2bc5d

MDS output = Z = z0z1z2z3 = 73e6957d

MDS output = Z = z0z1z2z3 = fdb0fb8c

z0 = 73

z1 = e6

z2 = 95

z3 = 7d

z0 = fd

z1 = b0

z2 = fb

z3 = 8c

T0 = g(R0) = 73e6957d

T1 = g(ROL(R1, 8)) = fdb0fb8c

F5,0 = (T0 + T1 + K18) mod 232 = (73e6957d + fdb0fb8c + d542f0e2) mod 232 = (7d95e673(big endian) + 8cfbb0fd(big endian) + e2f042d5(big endian)) mod 232 = ed81da45(big endian) = 45da81ed.

F5,1 = (T0 + 2T1 + K19) mod 232 = (73e6957d + 2[fdb0fb8c] + 9f8b15e9) mod 232 = (7d95e673(big endian) + 2[8cfbb0fd(big endian)] + e9158b9f(big endian)) mod 232 = (7d95e673(big endian) + 19f761fa(big endian) + e9158b9f(big endian)) mod 232 = 80a2d40c(big endian) = 0cd4a280.

R5,0  =  ROL(R6, 2,  1)    F5,0) =  ROL(3e33a994,  1)   45da81ed =  ROL(94a9333e(big endian),  1)    45da81ed =  2952667d(big endian)    45da81ed =  7d665229   45da81ed =  38bcd3c4.

R5,1  =  ROR(R6, 3    F5,1,  1) =  ROR(a3b8e6f0    0cd4a280,  1) =  ROR(af6c4470, 1) =  ROR(70446caf(big endian),  1) =  b8223657(big endian) =  573622b8

R5,2 = R6,0 = e9337eeb

R5,3 = R6,1 = 41999cd9

 

Decryption of ciphertext block 2, round r=4

g input = X = x0x1x2x3 = R5,0 = 38bcd3c4

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(573622b8 ,  8) = ROL(b8223657(big endian),  8) = 223657b8(big endian) = b8573622.

x0 = 38

x1 = bc

x2 = d3

x3 = c4

x0 = b8

x1 = 57

x2 = 36

x3 = 22

y2,0 = 38

y2,1 = bc

y2,2 = d3

y2,3 = c4

y2,0 = b8

y2,1 = 57

y2,2 = 36

y2,3 = 22

q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l1,3=14 q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7 l0,3=dc q1.in=26 a0=2 b0=6 a1=4 b1=1 a2=f b2=e a3=1 b3=0 a4=c b4=b q1.out=bc

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74 l1,1=8a q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l0,1=8b q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0

q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l1,0=18 q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,0=81 q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7

q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l1,3=14 q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l0,3=dc q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da

q1.in=57 a0=5 b0=7 a1=2 b1=6 a2=b b2=3 a3=8 b3=a a4=0 b4=7 q1.out=70 l1,2=9c q0.in=fa a0=f b0=a a1=5 b1=2 a2=f b2=b a3=4 b3=a a4=6 b4=3 q0.out=36 l0,2=53 q0.in=bd a0=b b0=d a1=6 b1=d a2=3 b2=0 a3=3 b3=b a4=e b4=0 q0.out=0e

q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b l1,1=8a q1.in=07 a0=0 b0=7 a1=7 b1=b a2=e b2=5 a3=b b3=4 a4=8 b4=c q1.out=c8 l0,1=8b q1.in=9b a0=9 b0=b a1=2 b1=c a2=b b2=f a3=4 b3=c a4=1 b4=2 q1.out=21

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,0=18 q1.in=ba a0=b b0=a a1=1 b1=6 a2=8 b2=3 a3=b b3=1 a4=8 b4=9 q1.out=98 l0,0=81 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

y0 = bc	y1 = cd	y2 = b0	y3 = f7	y0 = da	y1 = 0e	y2 = 21	y3 = 73
MDS input = Y = y0y1y2y3 = bccdb0f7				MDS input = Y = y0y1y2y3 = da0e2173

MDS output = Z = z0z1z2z3 = 72d632e0

MDS output = Z = z0z1z2z3 = 9642a16d

z0 = 72

z1 = d6

z2 = 32

z3 = e0

z0 = 96

z1 = 42

z2 = a1

z3 = 6d

T0 = g(R0) = 72d632e0

T1 = g(ROL(R1, 8)) = 9642a16d

F4,0 = (T0 + T1 + K16) mod 232 = (72d632e0 + 9642a16d + 19c3630c) mod 232 = (e032d672(big endian) + 6da14296(big endian) + 0c63c319(big endian)) mod 232 = 5a37dc21(big endian) = 21dc375a.

F4,1 = (T0 + 2T1 + K17) mod 232 = (72d632e0 + 2[9642a16d] + 5bc0b2cc) mod 232 = (e032d672(big endian) + 2[6da14296(big endian)] + ccb2c05b(big endian)) mod 232 = (e032d672(big endian) + db42852c(big endian) + ccb2c05b(big endian)) mod 232 = 88281bf9(big endian) = f91b2888.

R4,0  =  ROL(R5, 2,  1)    F4,0) =  ROL(e9337eeb,  1)   21dc375a =  ROL(eb7e33e9(big endian),  1)    21dc375a =  d6fc67d3(big endian)    21dc375a =  d367fcd6   21dc375a =  f2bbcb8c.

R4,1  =  ROR(R5, 3    F4,1,  1) =  ROR(41999cd9    f91b2888,  1) =  ROR(b882b451, 1) =  ROR(51b482b8(big endian),  1) =  28da415c(big endian) =  5c41da28

R4,2 = R5,0 = 38bcd3c4

R4,3 = R5,1 = 573622b8

 

Decryption of ciphertext block 2, round r=3

g input = X = x0x1x2x3 = R4,0 = f2bbcb8c

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(5c41da28 ,  8) = ROL(28da415c(big endian),  8) = da415c28(big endian) = 285c41da.

x0 = f2

x1 = bb

x2 = cb

x3 = 8c

x0 = 28

x1 = 5c

x2 = 41

x3 = da

y2,0 = f2

y2,1 = bb

y2,2 = cb

y2,3 = 8c

y2,0 = 28

y2,1 = 5c

y2,2 = 41

y2,3 = da

q0.in=f2 a0=f b0=2 a1=d b1=6 a2=c b2=3 a3=f b3=5 a4=1 b4=2 q0.out=21 l1,3=14 q0.in=39 a0=3 b0=9 a1=a b1=7 a2=5 b2=5 a3=0 b3=7 a4=b b4=e q0.out=eb l0,3=dc q1.in=6a a0=6 b0=a a1=c b1=3 a2=0 b2=b a3=b b3=d a4=8 b4=0 q1.out=08

q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l1,2=9c q0.in=dd a0=d b0=d a1=0 b1=b a2=8 b2=6 a3=e b3=b a4=7 b4=0 q0.out=07 l0,2=53 q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31

q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17 l1,1=8a q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l0,1=8b q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c

q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef l1,0=18 q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56 l0,0=81 q0.in=8a a0=8 b0=a a1=2 b1=d a2=7 b2=0 a3=7 b3=f a4=0 b4=a q0.out=a0

q0.in=28 a0=2 b0=8 a1=a b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=1 q0.out=19 l1,3=14 q0.in=01 a0=0 b0=1 a1=1 b1=8 a2=1 b2=f a3=e b3=6 a4=7 b4=6 q0.out=67 l0,3=dc q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed

q1.in=5c a0=5 b0=c a1=9 b1=b a2=1 b2=5 a3=4 b3=3 a4=1 b4=1 q1.out=11 l1,2=9c q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b l0,2=53 q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20

q0.in=41 a0=4 b0=1 a1=5 b1=c a2=f b2=7 a3=8 b3=c a4=c b4=8 q0.out=8c l1,1=8a q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l0,1=8b q1.in=85 a0=8 b0=5 a1=d b1=2 a2=a b2=2 a3=8 b3=b a4=0 b4=f q1.out=f0

q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df l1,0=18 q1.in=cb a0=c b0=b a1=7 b1=1 a2=e b2=e a3=0 b3=9 a4=4 b4=4 q1.out=44 l0,0=81 q0.in=98 a0=9 b0=8 a1=1 b1=5 a2=1 b2=2 a3=3 b3=8 a4=e b4=9 q0.out=9e

y0 = 08	y1 = 31	y2 = 8c	y3 = a0	y0 = ed	y1 = 20	y2 = f0	y3 = 9e
MDS input = Y = y0y1y2y3 = 08318ca0				MDS input = Y = y0y1y2y3 = ed20f09e

MDS output = Z = z0z1z2z3 = e4883d5e

MDS output = Z = z0z1z2z3 = 149ed4d7

z0 = e4

z1 = 88

z2 = 3d

z3 = 5e

z0 = 14

z1 = 9e

z2 = d4

z3 = d7

T0 = g(R0) = e4883d5e

T1 = g(ROL(R1, 8)) = 149ed4d7

F3,0 = (T0 + T1 + K14) mod 232 = (e4883d5e + 149ed4d7 + 281a4854) mod 232 = (5e3d88e4(big endian) + d7d49e14(big endian) + 54481a28(big endian)) mod 232 = 8a5a4120(big endian) = 20415a8a.

F3,1 = (T0 + 2T1 + K15) mod 232 = (e4883d5e + 2[149ed4d7] + a0ddfa24) mod 232 = (5e3d88e4(big endian) + 2[d7d49e14(big endian)] + 24fadda0(big endian)) mod 232 = (5e3d88e4(big endian) + afa93c28(big endian) + 24fadda0(big endian)) mod 232 = 32e1a2ac(big endian) = aca2e132.

R3,0  =  ROL(R4, 2,  1)    F3,0) =  ROL(38bcd3c4,  1)   20415a8a =  ROL(c4d3bc38(big endian),  1)    20415a8a =  89a77871(big endian)    20415a8a =  7178a789   20415a8a =  5139fd03.

R3,1  =  ROR(R4, 3    F3,1,  1) =  ROR(573622b8    aca2e132,  1) =  ROR(fb94c38a, 1) =  ROR(8ac394fb(big endian),  1) =  c561ca7d(big endian) =  7dca61c5

R3,2 = R4,0 = f2bbcb8c

R3,3 = R4,1 = 5c41da28

 

Decryption of ciphertext block 2, round r=2

g input = X = x0x1x2x3 = R3,0 = 5139fd03

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(7dca61c5 ,  8) = ROL(c561ca7d(big endian),  8) = 61ca7dc5(big endian) = c57dca61.

x0 = 51

x1 = 39

x2 = fd

x3 = 03

x0 = c5

x1 = 7d

x2 = ca

x3 = 61

y2,0 = 51

y2,1 = 39

y2,2 = fd

y2,3 = 03

y2,0 = c5

y2,1 = 7d

y2,2 = ca

y2,3 = 61

q0.in=51 a0=5 b0=1 a1=4 b1=5 a2=6 b2=2 a3=4 b3=7 a4=6 b4=e q0.out=e6 l1,3=14 q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1 l0,3=dc q1.in=40 a0=4 b0=0 a1=4 b1=4 a2=f b2=4 a3=b b3=5 a4=8 b4=3 q1.out=38

q1.in=39 a0=3 b0=9 a1=a b1=7 a2=9 b2=7 a3=e b3=a a4=3 b4=7 q1.out=73 l1,2=9c q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d l0,2=53 q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec

q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e l1,1=8a q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l0,1=8b q1.in=e5 a0=e b0=5 a1=b b1=4 a2=4 b2=4 a3=0 b3=6 a4=4 b4=d q1.out=d4

q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4 l1,0=18 q1.in=e0 a0=e b0=0 a1=e b1=e a2=c b2=0 a3=c b3=c a4=2 b4=2 q1.out=22 l0,0=81 q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1

q0.in=c5 a0=c b0=5 a1=9 b1=6 a2=b b2=3 a3=8 b3=a a4=c b4=3 q0.out=3c l1,3=14 q0.in=24 a0=2 b0=4 a1=6 b1=0 a2=3 b2=e a3=d b3=c a4=4 b4=8 q0.out=84 l0,3=dc q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b

q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da l1,2=9c q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1 l0,2=53 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39

q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0 l1,1=8a q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l0,1=8b q1.in=d3 a0=d b0=3 a1=e b1=c a2=c b2=f a3=3 b3=3 a4=5 b4=1 q1.out=15

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,0=18 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,0=81 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

y0 = 38	y1 = ec	y2 = d4	y3 = c1	y0 = 7b	y1 = 39	y2 = 15	y3 = 5c
MDS input = Y = y0y1y2y3 = 38ecd4c1				MDS input = Y = y0y1y2y3 = 7b39155c

MDS output = Z = z0z1z2z3 = d3dd56e6

MDS output = Z = z0z1z2z3 = bfe61f84

z0 = d3

z1 = dd

z2 = 56

z3 = e6

z0 = bf

z1 = e6

z2 = 1f

z3 = 84

T0 = g(R0) = d3dd56e6

T1 = g(ROL(R1, 8)) = bfe61f84

F2,0 = (T0 + T1 + K12) mod 232 = (d3dd56e6 + bfe61f84 + a38a1320) mod 232 = (e656ddd3(big endian) + 841fe6bf(big endian) + 20138aa3(big endian)) mod 232 = 8a8a4f35(big endian) = 354f8a8a.

F2,1 = (T0 + 2T1 + K13) mod 232 = (d3dd56e6 + 2[bfe61f84] + 0813350e) mod 232 = (e656ddd3(big endian) + 2[841fe6bf(big endian)] + 0e351308(big endian)) mod 232 = (e656ddd3(big endian) + 083fcd7e(big endian) + 0e351308(big endian)) mod 232 = fccbbe59(big endian) = 59becbfc.

R2,0  =  ROL(R3, 2,  1)    F2,0) =  ROL(f2bbcb8c,  1)   354f8a8a =  ROL(8ccbbbf2(big endian),  1)    354f8a8a =  199777e5(big endian)    354f8a8a =  e5779719   354f8a8a =  d0381d93.

R2,1  =  ROR(R3, 3    F2,1,  1) =  ROR(5c41da28    59becbfc,  1) =  ROR(05ff11d4, 1) =  ROR(d411ff05(big endian),  1) =  ea08ff82(big endian) =  82ff08ea

R2,2 = R3,0 = 5139fd03

R2,3 = R3,1 = 7dca61c5

 

Decryption of ciphertext block 2, round r=1

g input = X = x0x1x2x3 = R2,0 = d0381d93

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(82ff08ea ,  8) = ROL(ea08ff82(big endian),  8) = 08ff82ea(big endian) = ea82ff08.

x0 = d0

x1 = 38

x2 = 1d

x3 = 93

x0 = ea

x1 = 82

x2 = ff

x3 = 08

y2,0 = d0

y2,1 = 38

y2,2 = 1d

y2,3 = 93

y2,0 = ea

y2,1 = 82

y2,2 = ff

y2,3 = 08

q0.in=d0 a0=d b0=0 a1=d b1=5 a2=c b2=2 a3=e b3=d a4=7 b4=5 q0.out=57 l1,3=14 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1 l0,3=dc q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=38 a0=3 b0=8 a1=b b1=f a2=4 b2=8 a3=c b3=0 a4=2 b4=b q1.out=b2 l1,2=9c q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,2=53 q0.in=2d a0=2 b0=d a1=f b1=c a2=4 b2=7 a3=3 b3=f a4=e b4=a q0.out=ae

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,1=8a q1.in=8f a0=8 b0=f a1=7 b1=7 a2=e b2=7 a3=9 b3=5 a4=e b4=3 q1.out=3e l0,1=8b q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,0=18 q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10 l0,0=81 q0.in=cc a0=c b0=c a1=0 b1=a a2=8 b2=a a3=2 b3=d a4=5 b4=5 q0.out=55

q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l1,3=14 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e l0,3=dc q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48

q1.in=82 a0=8 b0=2 a1=a b1=9 a2=9 b2=d a3=4 b3=f a4=1 b4=a q1.out=a1 l1,2=9c q0.in=2b a0=2 b0=b a1=9 b1=f a2=b b2=d a3=6 b3=d a4=9 b4=5 q0.out=59 l0,2=53 q0.in=d2 a0=d b0=2 a1=f b1=4 a2=4 b2=1 a3=5 b3=c a4=d b4=8 q0.out=8d

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l1,0=18 q1.in=5e a0=5 b0=e a1=b b1=a a2=4 b2=a a3=e b3=1 a4=3 b4=9 q1.out=93 l0,0=81 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

y0 = 79	y1 = ae	y2 = e7	y3 = 55	y0 = 48	y1 = 8d	y2 = 5d	y3 = f1
MDS input = Y = y0y1y2y3 = 79aee755				MDS input = Y = y0y1y2y3 = 488d5df1

MDS output = Z = z0z1z2z3 = 35f9e7f6

MDS output = Z = z0z1z2z3 = c9278cee

z0 = 35

z1 = f9

z2 = e7

z3 = f6

z0 = c9

z1 = 27

z2 = 8c

z3 = ee

T0 = g(R0) = 35f9e7f6

T1 = g(ROL(R1, 8)) = c9278cee

F1,0 = (T0 + T1 + K10) mod 232 = (35f9e7f6 + c9278cee + 22166ed7) mod 232 = (f6e7f935(big endian) + ee8c27c9(big endian) + d76e1622(big endian)) mod 232 = bce23720(big endian) = 2037e2bc.

F1,1 = (T0 + 2T1 + K11) mod 232 = (35f9e7f6 + 2[c9278cee] + 2547a011) mod 232 = (f6e7f935(big endian) + 2[ee8c27c9(big endian)] + 11a04725(big endian)) mod 232 = (f6e7f935(big endian) + dd184f92(big endian) + 11a04725(big endian)) mod 232 = e5a08fec(big endian) = ec8fa0e5.

R1,0  =  ROL(R2, 2,  1)    F1,0) =  ROL(5139fd03,  1)   2037e2bc =  ROL(03fd3951(big endian),  1)    2037e2bc =  07fa72a2(big endian)    2037e2bc =  a272fa07   2037e2bc =  824518bb.

R1,1  =  ROR(R2, 3    F1,1,  1) =  ROR(7dca61c5    ec8fa0e5,  1) =  ROR(9145c120, 1) =  ROR(20c14591(big endian),  1) =  9060a2c8(big endian) =  c8a26090

R1,2 = R2,0 = d0381d93

R1,3 = R2,1 = 82ff08ea

 

Decryption of ciphertext block 2, round r=0

g input = X = x0x1x2x3 = R1,0 = 824518bb

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(c8a26090 ,  8) = ROL(9060a2c8(big endian),  8) = 60a2c890(big endian) = 90c8a260.

x0 = 82

x1 = 45

x2 = 18

x3 = bb

x0 = 90

x1 = c8

x2 = a2

x3 = 60

y2,0 = 82

y2,1 = 45

y2,2 = 18

y2,3 = bb

y2,0 = 90

y2,1 = c8

y2,2 = a2

y2,3 = 60

q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa l1,3=14 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,3=dc q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7

q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l1,2=9c q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l0,2=53 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91

q0.in=18 a0=1 b0=8 a1=9 b1=d a2=b b2=0 a3=b b3=3 a4=3 b4=4 q0.out=43 l1,1=8a q1.in=df a0=d b0=f a1=2 b1=a a2=b b2=a a3=1 b3=6 a4=c b4=d q1.out=dc l0,1=8b q1.in=8f a0=8 b0=f a1=7 b1=7 a2=e b2=7 a3=9 b3=5 a4=e b4=3 q1.out=3e

q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l1,0=18 q1.in=43 a0=4 b0=3 a1=7 b1=d a2=e b2=9 a3=7 b3=2 a4=a b4=5 q1.out=5a l0,0=81 q0.in=86 a0=8 b0=6 a1=e b1=b a2=a b2=6 a3=c b3=9 a4=2 b4=b q0.out=b2

q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20 l1,3=14 q0.in=38 a0=3 b0=8 a1=b b1=f a2=9 b2=d a3=4 b3=f a4=6 b4=a q0.out=a6 l0,3=dc q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d

q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce l1,2=9c q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l0,2=53 q0.in=f8 a0=f b0=8 a1=7 b1=3 a2=2 b2=8 a3=a b3=6 a4=f b4=6 q0.out=6f

q0.in=a2 a0=a b0=2 a1=8 b1=b a2=0 b2=6 a3=6 b3=3 a4=9 b4=4 q0.out=49 l1,1=8a q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8 l0,1=8b q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,0=18 q1.in=b2 a0=b b0=2 a1=9 b1=2 a2=1 b2=2 a3=3 b3=8 a4=5 b4=6 q1.out=65 l0,0=81 q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f

y0 = f7	y1 = 91	y2 = 3e	y3 = b2	y0 = 9d	y1 = 6f	y2 = 56	y3 = 7f
MDS input = Y = y0y1y2y3 = f7913eb2				MDS input = Y = y0y1y2y3 = 9d6f567f

MDS output = Z = z0z1z2z3 = 4b1f49ca

MDS output = Z = z0z1z2z3 = fd5ad327

z0 = 4b

z1 = 1f

z2 = 49

z3 = ca

z0 = fd

z1 = 5a

z2 = d3

z3 = 27

T0 = g(R0) = 4b1f49ca

T1 = g(ROL(R1, 8)) = fd5ad327

F0,0 = (T0 + T1 + K8) mod 232 = (4b1f49ca + fd5ad327 + f595a22f) mod 232 = (ca491f4b(big endian) + 27d35afd(big endian) + 2fa295f5(big endian)) mod 232 = 21bf103d(big endian) = 3d10bf21.

F0,1 = (T0 + 2T1 + K9) mod 232 = (4b1f49ca + 2[fd5ad327] + b3c6caca) mod 232 = (ca491f4b(big endian) + 2[27d35afd(big endian)] + cacac6b3(big endian)) mod 232 = (ca491f4b(big endian) + 4fa6b5fa(big endian) + cacac6b3(big endian)) mod 232 = e4ba9bf8(big endian) = f89bbae4.

R0,0  =  ROL(R1, 2,  1)    F0,0) =  ROL(d0381d93,  1)   3d10bf21 =  ROL(931d38d0(big endian),  1)    3d10bf21 =  263a71a1(big endian)    3d10bf21 =  a1713a26   3d10bf21 =  9c618507.

R0,1  =  ROR(R1, 3    F0,1,  1) =  ROR(82ff08ea    f89bbae4,  1) =  ROR(7a64b20e, 1) =  ROR(0eb2647a(big endian),  1) =  0759323d(big endian) =  3d325907

R0,2 = R1,0 = 824518bb

R0,3 = R1,1 = c8a26090

 

Decryption output unwhiten for block 2

P3 = R0,5 mod 4    K3 = R0,1    K3 = 3d325907    ae0b98a1  =  9339c1a6

P2 = R0,4 mod 4    K2 = R0,0    K2 = 9c618507    ea11ea78  =  76706f7f

P1 = R0,3 mod 4    K1 = R0,3    K1 = c8a26090    02229b50  =  ca80fbc0

P0 = R0,2 mod 4    K0 = R0,2    K0 = 824518bb    9bf1826a  =  19b49ad1

 

Decryption of block 2 : Decryption CBC step: Xor of output unwhiten result with previous ciphertext block received

P0 = P '0 C0(previous round) = 19b49ad1 019f9809 = 182b02d8

P1 = P '1 C1(previous round) = ca80fbc0 de171185 = 1497ea45

P2 = P '2 C2(previous round) = 76706f7f 8faac3a3 = f9daacdc

P3 = P '3 C3(previous round) = 9339c1a6 ba20fbc3 = 29193a65

 

Plaintext result for decryption of block 2

p0 = [P0 2[8(0 mod 4)]] mod 28 = [182b02d8 20] mod 28 = [d8022b18(big endian) 20] mod 28 = 18

p1 = [P0 2[8(1 mod 4)]] mod 28 = [182b02d8 28] mod 28 = [d8022b18(big endian) 28] mod 28 = 2b

p2 = [P0 2[8(2 mod 4)]] mod 28 = [182b02d8 216] mod 28 = [d8022b18(big endian) 216] mod 28 = 02

p3 = [P0 2[8(3 mod 4)]] mod 28 = [182b02d8 224] mod 28 = [d8022b18(big endian) 224] mod 28 = d8

p4 = [P1 2[8(4 mod 4)]] mod 28 = [1497ea45 20] mod 28 = [45ea9714(big endian) 20] mod 28 = 14

p5 = [P1 2[8(5 mod 4)]] mod 28 = [1497ea45 28] mod 28 = [45ea9714(big endian) 28] mod 28 = 97

p6 = [P1 2[8(6 mod 4)]] mod 28 = [1497ea45 216] mod 28 = [45ea9714(big endian) 216] mod 28 = ea

p7 = [P1 2[8(7 mod 4)]] mod 28 = [1497ea45 224] mod 28 = [45ea9714(big endian) 224] mod 28 = 45

p8 = [P2 2[8(8 mod 4)]] mod 28 = [f9daacdc 20] mod 28 = [dcacdaf9(big endian) 20] mod 28 = f9

p9 = [P2 2[8(9 mod 4)]] mod 28 = [f9daacdc 28] mod 28 = [dcacdaf9(big endian) 28] mod 28 = da

p10 = [P2 2[8(10 mod 4)]] mod 28 = [f9daacdc 216] mod 28 = [dcacdaf9(big endian) 216] mod 28 = ac

p11 = [P2 2[8(11 mod 4)]] mod 28 = [f9daacdc 224] mod 28 = [dcacdaf9(big endian) 224] mod 28 = dc

p12 = [P3 2[8(12 mod 4)]] mod 28 = [29193a65 20] mod 28 = [653a1929(big endian) 20] mod 28 = 29

p13 = [P3 2[8(13 mod 4)]] mod 28 = [29193a65 28] mod 28 = [653a1929(big endian) 28] mod 28 = 19

p14 = [P3 2[8(14 mod 4)]] mod 28 = [29193a65 216] mod 28 = [653a1929(big endian) 216] mod 28 = 3a

p15 = [P3 2[8(15 mod 4)]] mod 28 = [29193a65 224] mod 28 = [653a1929(big endian) 224] mod 28 = 65

Plaintext block output = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = 182b02d81497ea45f9daacdc29193a65

 

Decryption start for ciphertext block 3

ciphertext = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = f7ed5965f624a805a73f6c7c1001a29b

C0 = c0c1c2c3 = f7ed5965	C1 = c4c5c6c7 = f624a805
C2 = c8c9c10c11 = a73f6c7c	C3 = c12c13c14c15 = 1001a29b

 

Decryption Input Unwhiten for block 3

R16,0 = C0 K4 = f7ed5965 f57ea21f = 0293fb7a

R16,1 = C1 K5 = f624a805 e005f378 = 16215b7d

R16,2 = C2 K6 = a73f6c7c 314b4d98 = 967421e4

R16,3 = C3 K7 = 1001a29b c9a88d6f = d9a92ff4

 

Decryption of ciphertext block 3, round r=15

g input = X = x0x1x2x3 = R16,0 = 0293fb7a

g input = X = x0x1x2x3 = ROL(R16,1,  8) = ROL(16215b7d ,  8) = ROL(7d5b2116(big endian),  8) = 5b21167d(big endian) = 7d16215b.

x0 = 02

x1 = 93

x2 = fb

x3 = 7a

x0 = 7d

x1 = 16

x2 = 21

x3 = 5b

y2,0 = 02

y2,1 = 93

y2,2 = fb

y2,3 = 7a

y2,0 = 7d

y2,1 = 16

y2,2 = 21

y2,3 = 5b

q0.in=02 a0=0 b0=2 a1=2 b1=1 a2=7 b2=c a3=b b3=9 a4=3 b4=b q0.out=b3 l1,3=14 q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l0,3=dc q1.in=c7 a0=c b0=7 a1=b b1=7 a2=4 b2=7 a3=3 b3=f a4=5 b4=a q1.out=a5

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,2=9c q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l0,2=53 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

q0.in=fb a0=f b0=b a1=4 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=4 q0.out=42 l1,1=8a q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf l0,1=8b q1.in=9c a0=9 b0=c a1=5 b1=7 a2=7 b2=7 a3=0 b3=4 a4=4 b4=c q1.out=c4

q1.in=7a a0=7 b0=a a1=d b1=a a2=a b2=a a3=0 b3=f a4=4 b4=a q1.out=a4 l1,0=18 q1.in=b0 a0=b b0=0 a1=b b1=3 a2=4 b2=b a3=f b3=9 a4=f b4=4 q1.out=4f l0,0=81 q0.in=93 a0=9 b0=3 a1=a b1=8 a2=5 b2=f a3=a b3=2 a4=f b4=f q0.out=ff

q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08 l1,3=14 q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d l0,3=dc q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=9c q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l0,2=53 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=0 b4=d q0.out=d0 l1,1=8a q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,1=8b q1.in=2f a0=2 b0=f a1=d b1=d a2=a b2=9 a3=3 b3=6 a4=5 b4=d q1.out=d5

q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l1,0=18 q1.in=df a0=d b0=f a1=2 b1=a a2=b b2=a a3=1 b3=6 a4=c b4=d q1.out=dc l0,0=81 q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9

y0 = a5	y1 = f1	y2 = c4	y3 = ff	y0 = ef	y1 = 4c	y2 = d5	y3 = a9
MDS input = Y = y0y1y2y3 = a5f1c4ff				MDS input = Y = y0y1y2y3 = ef4cd5a9

MDS output = Z = z0z1z2z3 = 25e58678

MDS output = Z = z0z1z2z3 = f58e4a08

z0 = 25

z1 = e5

z2 = 86

z3 = 78

z0 = f5

z1 = 8e

z2 = 4a

z3 = 08

T0 = g(R0) = 25e58678

T1 = g(ROL(R1, 8)) = f58e4a08

F15,0 = (T0 + T1 + K38) mod 232 = (25e58678 + f58e4a08 + aadffd38) mod 232 = (7886e525(big endian) + 084a8ef5(big endian) + 38fddfaa(big endian)) mod 232 = b9cf53c4(big endian) = c453cfb9.

F15,1 = (T0 + 2T1 + K39) mod 232 = (25e58678 + 2[f58e4a08] + 56f4c1eb) mod 232 = (7886e525(big endian) + 2[084a8ef5(big endian)] + ebc1f456(big endian)) mod 232 = (7886e525(big endian) + 10951dea(big endian) + ebc1f456(big endian)) mod 232 = 74ddf765(big endian) = 65f7dd74.

R15,0  =  ROL(R16, 2,  1)    F15,0) =  ROL(967421e4,  1)   c453cfb9 =  ROL(e4217496(big endian),  1)    c453cfb9 =  c842e92d(big endian)    c453cfb9 =  2de942c8   c453cfb9 =  e9ba8d71.

R15,1  =  ROR(R16, 3    F15,1,  1) =  ROR(d9a92ff4    65f7dd74,  1) =  ROR(bc5ef280, 1) =  ROR(80f25ebc(big endian),  1) =  40792f5e(big endian) =  5e2f7940

R15,2 = R16,0 = 0293fb7a

R15,3 = R16,1 = 16215b7d

 

Decryption of ciphertext block 3, round r=14

g input = X = x0x1x2x3 = R15,0 = e9ba8d71

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(5e2f7940 ,  8) = ROL(40792f5e(big endian),  8) = 792f5e40(big endian) = 405e2f79.

x0 = e9

x1 = ba

x2 = 8d

x3 = 71

x0 = 40

x1 = 5e

x2 = 2f

x3 = 79

y2,0 = e9

y2,1 = ba

y2,2 = 8d

y2,3 = 71

y2,0 = 40

y2,1 = 5e

y2,2 = 2f

y2,3 = 79

q0.in=e9 a0=e b0=9 a1=7 b1=2 a2=2 b2=b a3=9 b3=f a4=8 b4=a q0.out=a8 l1,3=14 q0.in=b0 a0=b b0=0 a1=b b1=3 a2=9 b2=8 a3=1 b3=5 a4=a b4=2 q0.out=2a l0,3=dc q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f

q1.in=ba a0=b b0=a a1=1 b1=6 a2=8 b2=3 a3=b b3=1 a4=8 b4=9 q1.out=98 l1,2=9c q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l0,2=53 q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7

q0.in=8d a0=8 b0=d a1=5 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=c q0.out=c2 l1,1=8a q1.in=5e a0=5 b0=e a1=b b1=a a2=4 b2=a a3=e b3=1 a4=3 b4=9 q1.out=93 l0,1=8b q1.in=c0 a0=c b0=0 a1=c b1=c a2=0 b2=f a3=f b3=f a4=f b4=a q1.out=af

q1.in=71 a0=7 b0=1 a1=6 b1=7 a2=6 b2=7 a3=1 b3=d a4=c b4=0 q1.out=0c l1,0=18 q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l0,0=81 q0.in=ec a0=e b0=c a1=2 b1=8 a2=7 b2=f a3=8 b3=0 a4=c b4=d q0.out=dc

q0.in=40 a0=4 b0=0 a1=4 b1=4 a2=6 b2=1 a3=7 b3=e a4=0 b4=c q0.out=c0 l1,3=14 q0.in=d8 a0=d b0=8 a1=5 b1=1 a2=f b2=c a3=3 b3=1 a4=e b4=7 q0.out=7e l0,3=dc q1.in=ff a0=f b0=f a1=0 b1=8 a2=2 b2=6 a3=4 b3=1 a4=1 b4=9 q1.out=91

q1.in=5e a0=5 b0=e a1=b b1=a a2=4 b2=a a3=e b3=1 a4=3 b4=9 q1.out=93 l1,2=9c q0.in=19 a0=1 b0=9 a1=8 b1=5 a2=0 b2=2 a3=2 b3=1 a4=5 b4=7 q0.out=75 l0,2=53 q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1

q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l1,1=8a q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l0,1=8b q1.in=55 a0=5 b0=5 a1=0 b1=7 a2=2 b2=7 a3=5 b3=9 a4=6 b4=4 q1.out=46

q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a l1,0=18 q1.in=8e a0=8 b0=e a1=6 b1=f a2=6 b2=8 a3=e b3=2 a4=3 b4=5 q1.out=53 l0,0=81 q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90

y0 = 1f	y1 = a7	y2 = af	y3 = dc	y0 = 91	y1 = c1	y2 = 46	y3 = 90
MDS input = Y = y0y1y2y3 = 1fa7afdc				MDS input = Y = y0y1y2y3 = 91c14690

MDS output = Z = z0z1z2z3 = 19240788

MDS output = Z = z0z1z2z3 = b9c002a6

z0 = 19

z1 = 24

z2 = 07

z3 = 88

z0 = b9

z1 = c0

z2 = 02

z3 = a6

T0 = g(R0) = 19240788

T1 = g(ROL(R1, 8)) = b9c002a6

F14,0 = (T0 + T1 + K36) mod 232 = (19240788 + b9c002a6 + e4ffcbcc) mod 232 = (88072419(big endian) + a602c0b9(big endian) + cccbffe4(big endian)) mod 232 = fad5e4b6(big endian) = b6e4d5fa.

F14,1 = (T0 + 2T1 + K37) mod 232 = (19240788 + 2[b9c002a6] + fd60441f) mod 232 = (88072419(big endian) + 2[a602c0b9(big endian)] + 1f4460fd(big endian)) mod 232 = (88072419(big endian) + 4c058172(big endian) + 1f4460fd(big endian)) mod 232 = f3510688(big endian) = 880651f3.

R14,0  =  ROL(R15, 2,  1)    F14,0) =  ROL(0293fb7a,  1)   b6e4d5fa =  ROL(7afb9302(big endian),  1)    b6e4d5fa =  f5f72604(big endian)    b6e4d5fa =  0426f7f5   b6e4d5fa =  b2c2220f.

R14,1  =  ROR(R15, 3    F14,1,  1) =  ROR(16215b7d    880651f3,  1) =  ROR(9e270a8e, 1) =  ROR(8e0a279e(big endian),  1) =  470513cf(big endian) =  cf130547

R14,2 = R15,0 = e9ba8d71

R14,3 = R15,1 = 5e2f7940

 

Decryption of ciphertext block 3, round r=13

g input = X = x0x1x2x3 = R14,0 = b2c2220f

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(cf130547 ,  8) = ROL(470513cf(big endian),  8) = 0513cf47(big endian) = 47cf1305.

x0 = b2

x1 = c2

x2 = 22

x3 = 0f

x0 = 47

x1 = cf

x2 = 13

x3 = 05

y2,0 = b2

y2,1 = c2

y2,2 = 22

y2,3 = 0f

y2,0 = 47

y2,1 = cf

y2,2 = 13

y2,3 = 05

q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l1,3=14 q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74 l0,3=dc q1.in=f5 a0=f b0=5 a1=a b1=d a2=9 b2=9 a3=0 b3=d a4=4 b4=0 q1.out=04

q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l1,2=9c q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16 l0,2=53 q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93

q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l1,1=8a q1.in=17 a0=1 b0=7 a1=6 b1=2 a2=6 b2=2 a3=4 b3=7 a4=1 b4=e q1.out=e1 l0,1=8b q1.in=b2 a0=b b0=2 a1=9 b1=2 a2=1 b2=2 a3=3 b3=8 a4=5 b4=6 q1.out=65

q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l1,0=18 q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l0,0=81 q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9

q0.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=d a3=0 b3=b a4=b b4=0 q0.out=0b l1,3=14 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l0,3=dc q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f

q1.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=b a3=6 b3=8 a4=9 b4=6 q1.out=69 l1,2=9c q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68 l0,2=53 q0.in=e3 a0=e b0=3 a1=d b1=7 a2=c b2=5 a3=9 b3=6 a4=8 b4=6 q0.out=68

q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l1,1=8a q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l0,1=8b q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b

q1.in=05 a0=0 b0=5 a1=5 b1=a a2=7 b2=a a3=d b3=a a4=b b4=7 q1.out=7b l1,0=18 q1.in=6f a0=6 b0=f a1=9 b1=9 a2=1 b2=d a3=c b3=7 a4=2 b4=e q1.out=e2 l0,0=81 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

y0 = 04	y1 = 93	y2 = 65	y3 = e9	y0 = 0f	y1 = 68	y2 = 0b	y3 = e3
MDS input = Y = y0y1y2y3 = 049365e9				MDS input = Y = y0y1y2y3 = 0f680be3

MDS output = Z = z0z1z2z3 = 0fe872bd

MDS output = Z = z0z1z2z3 = 9b11d85a

z0 = 0f

z1 = e8

z2 = 72

z3 = bd

z0 = 9b

z1 = 11

z2 = d8

z3 = 5a

T0 = g(R0) = 0fe872bd

T1 = g(ROL(R1, 8)) = 9b11d85a

F13,0 = (T0 + T1 + K34) mod 232 = (0fe872bd + 9b11d85a + 6ae813f4) mod 232 = (bd72e80f(big endian) + 5ad8119b(big endian) + f413e86a(big endian)) mod 232 = 0c5ee214(big endian) = 14e25e0c.

F13,1 = (T0 + 2T1 + K35) mod 232 = (0fe872bd + 2[9b11d85a] + f3d8d036) mod 232 = (bd72e80f(big endian) + 2[5ad8119b(big endian)] + 36d0d8f3(big endian)) mod 232 = (bd72e80f(big endian) + b5b02336(big endian) + 36d0d8f3(big endian)) mod 232 = a9f3e438(big endian) = 38e4f3a9.

R13,0  =  ROL(R14, 2,  1)    F13,0) =  ROL(e9ba8d71,  1)   14e25e0c =  ROL(718dbae9(big endian),  1)    14e25e0c =  e31b75d2(big endian)    14e25e0c =  d2751be3   14e25e0c =  c69745ef.

R13,1  =  ROR(R14, 3    F13,1,  1) =  ROR(5e2f7940    38e4f3a9,  1) =  ROR(66cb8ae9, 1) =  ROR(e98acb66(big endian),  1) =  74c565b3(big endian) =  b365c574

R13,2 = R14,0 = b2c2220f

R13,3 = R14,1 = cf130547

 

Decryption of ciphertext block 3, round r=12

g input = X = x0x1x2x3 = R13,0 = c69745ef

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(b365c574 ,  8) = ROL(74c565b3(big endian),  8) = c565b374(big endian) = 74b365c5.

x0 = c6

x1 = 97

x2 = 45

x3 = ef

x0 = 74

x1 = b3

x2 = 65

x3 = c5

y2,0 = c6

y2,1 = 97

y2,2 = 45

y2,3 = ef

y2,0 = 74

y2,1 = b3

y2,2 = 65

y2,3 = c5

q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c l1,3=14 q0.in=54 a0=5 b0=4 a1=1 b1=f a2=1 b2=d a3=c b3=7 a4=2 b4=e q0.out=e2 l0,3=dc q1.in=63 a0=6 b0=3 a1=5 b1=f a2=7 b2=8 a3=f b3=b a4=f b4=f q1.out=ff

q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l1,2=9c q0.in=c3 a0=c b0=3 a1=f b1=5 a2=4 b2=2 a3=6 b3=5 a4=9 b4=2 q0.out=29 l0,2=53 q0.in=a2 a0=a b0=2 a1=8 b1=b a2=0 b2=6 a3=6 b3=3 a4=9 b4=4 q0.out=49

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,1=8a q1.in=b0 a0=b b0=0 a1=b b1=3 a2=4 b2=b a3=f b3=9 a4=f b4=4 q1.out=4f l0,1=8b q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87

q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9 l1,0=18 q1.in=bd a0=b b0=d a1=6 b1=d a2=6 b2=9 a3=f b3=a a4=f b4=7 q1.out=7f l0,0=81 q0.in=a3 a0=a b0=3 a1=9 b1=3 a2=b b2=8 a3=3 b3=7 a4=e b4=e q0.out=ee

q0.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=0 a3=d b3=5 a4=4 b4=2 q0.out=24 l1,3=14 q0.in=3c a0=3 b0=c a1=f b1=d a2=4 b2=0 a3=4 b3=4 a4=6 b4=1 q0.out=16 l0,3=dc q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49

q1.in=b3 a0=b b0=3 a1=8 b1=a a2=3 b2=a a3=9 b3=e a4=e b4=8 q1.out=8e l1,2=9c q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l0,2=53 q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90

q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l1,1=8a q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7 l0,1=8b q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec

q1.in=c5 a0=c b0=5 a1=9 b1=6 a2=1 b2=3 a3=2 b3=0 a4=7 b4=b q1.out=b7 l1,0=18 q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l0,0=81 q0.in=11 a0=1 b0=1 a1=0 b1=1 a2=8 b2=c a3=4 b3=e a4=6 b4=c q0.out=c6

y0 = ff	y1 = 49	y2 = 87	y3 = ee	y0 = 49	y1 = 90	y2 = ec	y3 = c6
MDS input = Y = y0y1y2y3 = ff4987ee				MDS input = Y = y0y1y2y3 = 4990ecc6

MDS output = Z = z0z1z2z3 = 47ee7572

MDS output = Z = z0z1z2z3 = 219ae9e3

z0 = 47

z1 = ee

z2 = 75

z3 = 72

z0 = 21

z1 = 9a

z2 = e9

z3 = e3

T0 = g(R0) = 47ee7572

T1 = g(ROL(R1, 8)) = 219ae9e3

F12,0 = (T0 + T1 + K32) mod 232 = (47ee7572 + 219ae9e3 + 165703a2) mod 232 = (7275ee47(big endian) + e3e99a21(big endian) + a2035716(big endian)) mod 232 = f862df7e(big endian) = 7edf62f8.

F12,1 = (T0 + 2T1 + K33) mod 232 = (47ee7572 + 2[219ae9e3] + bdabf862) mod 232 = (7275ee47(big endian) + 2[e3e99a21(big endian)] + 62f8abbd(big endian)) mod 232 = (7275ee47(big endian) + c7d33442(big endian) + 62f8abbd(big endian)) mod 232 = 9d41ce46(big endian) = 46ce419d.

R12,0  =  ROL(R13, 2,  1)    F12,0) =  ROL(b2c2220f,  1)   7edf62f8 =  ROL(0f22c2b2(big endian),  1)    7edf62f8 =  1e458564(big endian)    7edf62f8 =  6485451e   7edf62f8 =  1a5a27e6.

R12,1  =  ROR(R13, 3    F12,1,  1) =  ROR(cf130547    46ce419d,  1) =  ROR(89dd44da, 1) =  ROR(da44dd89(big endian),  1) =  ed226ec4(big endian) =  c46e22ed

R12,2 = R13,0 = c69745ef

R12,3 = R13,1 = b365c574

 

Decryption of ciphertext block 3, round r=11

g input = X = x0x1x2x3 = R12,0 = 1a5a27e6

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(c46e22ed ,  8) = ROL(ed226ec4(big endian),  8) = 226ec4ed(big endian) = edc46e22.

x0 = 1a

x1 = 5a

x2 = 27

x3 = e6

x0 = ed

x1 = c4

x2 = 6e

x3 = 22

y2,0 = 1a

y2,1 = 5a

y2,2 = 27

y2,3 = e6

y2,0 = ed

y2,1 = c4

y2,2 = 6e

y2,3 = 22

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,3=14 q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l0,3=dc q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4

q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85 l1,2=9c q0.in=0f a0=0 b0=f a1=f b1=f a2=4 b2=d a3=9 b3=a a4=8 b4=3 q0.out=38 l0,2=53 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=8a q1.in=bf a0=b b0=f a1=4 b1=c a2=f b2=f a3=0 b3=8 a4=4 b4=6 q1.out=64 l0,1=8b q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l1,0=18 q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l0,0=81 q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d

q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l1,3=14 q0.in=e6 a0=e b0=6 a1=8 b1=d a2=0 b2=0 a3=0 b3=0 a4=b b4=d q0.out=db l0,3=dc q1.in=5a a0=5 b0=a a1=f b1=8 a2=5 b2=6 a3=3 b3=e a4=5 b4=8 q1.out=85

q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l1,2=9c q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7 l0,2=53 q0.in=6c a0=6 b0=c a1=a b1=0 a2=5 b2=e a3=b b3=a a4=3 b4=3 q0.out=33

q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62 l1,1=8a q1.in=fe a0=f b0=e a1=1 b1=0 a2=8 b2=1 a3=9 b3=0 a4=e b4=b q1.out=be l0,1=8b q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02

q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l1,0=18 q1.in=ba a0=b b0=a a1=1 b1=6 a2=8 b2=3 a3=b b3=1 a4=8 b4=9 q1.out=98 l0,0=81 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

y0 = f4	y1 = 2f	y2 = a3	y3 = 9d	y0 = 85	y1 = 33	y2 = 02	y3 = 73
MDS input = Y = y0y1y2y3 = f42fa39d				MDS input = Y = y0y1y2y3 = 85330273

MDS output = Z = z0z1z2z3 = 18bdc0fc

MDS output = Z = z0z1z2z3 = ce46d70d

z0 = 18

z1 = bd

z2 = c0

z3 = fc

z0 = ce

z1 = 46

z2 = d7

z3 = 0d

T0 = g(R0) = 18bdc0fc

T1 = g(ROL(R1, 8)) = ce46d70d

F11,0 = (T0 + T1 + K30) mod 232 = (18bdc0fc + ce46d70d + fd2d59b8) mod 232 = (fcc0bd18(big endian) + 0dd746ce(big endian) + b8592dfd(big endian)) mod 232 = c2f131e3(big endian) = e331f1c2.

F11,1 = (T0 + 2T1 + K31) mod 232 = (18bdc0fc + 2[ce46d70d] + 9c51af49) mod 232 = (fcc0bd18(big endian) + 2[0dd746ce(big endian)] + 49af519c(big endian)) mod 232 = (fcc0bd18(big endian) + 1bae8d9c(big endian) + 49af519c(big endian)) mod 232 = 621e9c50(big endian) = 509c1e62.

R11,0  =  ROL(R12, 2,  1)    F11,0) =  ROL(c69745ef,  1)   e331f1c2 =  ROL(ef4597c6(big endian),  1)    e331f1c2 =  de8b2f8d(big endian)    e331f1c2 =  8d2f8bde   e331f1c2 =  6e1e7a1c.

R11,1  =  ROR(R12, 3    F11,1,  1) =  ROR(b365c574    509c1e62,  1) =  ROR(e3f9db16, 1) =  ROR(16dbf9e3(big endian),  1) =  8b6dfcf1(big endian) =  f1fc6d8b

R11,2 = R12,0 = 1a5a27e6

R11,3 = R12,1 = c46e22ed

 

Decryption of ciphertext block 3, round r=10

g input = X = x0x1x2x3 = R11,0 = 6e1e7a1c

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(f1fc6d8b ,  8) = ROL(8b6dfcf1(big endian),  8) = 6dfcf18b(big endian) = 8bf1fc6d.

x0 = 6e

x1 = 1e

x2 = 7a

x3 = 1c

x0 = 8b

x1 = f1

x2 = fc

x3 = 6d

y2,0 = 6e

y2,1 = 1e

y2,2 = 7a

y2,3 = 1c

y2,0 = 8b

y2,1 = f1

y2,2 = fc

y2,3 = 6d

q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62 l1,3=14 q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l0,3=dc q1.in=38 a0=3 b0=8 a1=b b1=f a2=4 b2=8 a3=c b3=0 a4=2 b4=b q1.out=b2

q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l1,2=9c q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31 l0,2=53 q0.in=ba a0=b b0=a a1=1 b1=6 a2=1 b2=3 a3=2 b3=0 a4=5 b4=d q0.out=d5

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=1c a0=1 b0=c a1=d b1=f a2=a b2=8 a3=2 b3=e a4=7 b4=8 q1.out=87 l1,0=18 q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l0,0=81 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed

q0.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=2 a3=f b3=4 a4=1 b4=1 q0.out=11 l1,3=14 q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l0,3=dc q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd

q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61 l1,2=9c q0.in=eb a0=e b0=b a1=5 b1=3 a2=f b2=8 a3=7 b3=3 a4=0 b4=4 q0.out=40 l0,2=53 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17

q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a l1,1=8a q1.in=d6 a0=d b0=6 a1=b b1=6 a2=4 b2=3 a3=7 b3=d a4=a b4=0 q1.out=0a l0,1=8b q1.in=59 a0=5 b0=9 a1=c b1=1 a2=0 b2=e a3=e b3=7 a4=3 b4=e q1.out=e3

q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7 l1,0=18 q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4 l0,0=81 q0.in=68 a0=6 b0=8 a1=e b1=2 a2=a b2=b a3=1 b3=7 a4=a b4=e q0.out=ea

y0 = b2	y1 = d5	y2 = c7	y3 = ed	y0 = fd	y1 = 17	y2 = e3	y3 = ea
MDS input = Y = y0y1y2y3 = b2d5c7ed				MDS input = Y = y0y1y2y3 = fd17e3ea

MDS output = Z = z0z1z2z3 = 426c40e5

MDS output = Z = z0z1z2z3 = efc15cd1

z0 = 42

z1 = 6c

z2 = 40

z3 = e5

z0 = ef

z1 = c1

z2 = 5c

z3 = d1

T0 = g(R0) = 426c40e5

T1 = g(ROL(R1, 8)) = efc15cd1

F10,0 = (T0 + T1 + K28) mod 232 = (426c40e5 + efc15cd1 + fdcb3639) mod 232 = (e5406c42(big endian) + d15cc1ef(big endian) + 3936cbfd(big endian)) mod 232 = efd3fa2e(big endian) = 2efad3ef.

F10,1 = (T0 + 2T1 + K29) mod 232 = (426c40e5 + 2[efc15cd1] + d853ba91) mod 232 = (e5406c42(big endian) + 2[d15cc1ef(big endian)] + 91ba53d8(big endian)) mod 232 = (e5406c42(big endian) + a2b983de(big endian) + 91ba53d8(big endian)) mod 232 = 19b443f8(big endian) = f843b419.

R10,0  =  ROL(R11, 2,  1)    F10,0) =  ROL(1a5a27e6,  1)   2efad3ef =  ROL(e6275a1a(big endian),  1)    2efad3ef =  cc4eb435(big endian)    2efad3ef =  35b44ecc   2efad3ef =  1b4e9d23.

R10,1  =  ROR(R11, 3    F10,1,  1) =  ROR(c46e22ed    f843b419,  1) =  ROR(3c2d96f4, 1) =  ROR(f4962d3c(big endian),  1) =  7a4b169e(big endian) =  9e164b7a

R10,2 = R11,0 = 6e1e7a1c

R10,3 = R11,1 = f1fc6d8b

 

Decryption of ciphertext block 3, round r=9

g input = X = x0x1x2x3 = R10,0 = 1b4e9d23

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(9e164b7a ,  8) = ROL(7a4b169e(big endian),  8) = 4b169e7a(big endian) = 7a9e164b.

x0 = 1b

x1 = 4e

x2 = 9d

x3 = 23

x0 = 7a

x1 = 9e

x2 = 16

x3 = 4b

y2,0 = 1b

y2,1 = 4e

y2,2 = 9d

y2,3 = 23

y2,0 = 7a

y2,1 = 9e

y2,2 = 16

y2,3 = 4b

q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l1,3=14 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3 l0,3=dc q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20

q1.in=4e a0=4 b0=e a1=a b1=3 a2=9 b2=b a3=2 b3=c a4=7 b4=2 q1.out=27 l1,2=9c q0.in=ad a0=a b0=d a1=7 b1=4 a2=2 b2=1 a3=3 b3=a a4=e b4=3 q0.out=3e l0,2=53 q0.in=b5 a0=b b0=5 a1=e b1=9 a2=a b2=4 a3=e b3=8 a4=7 b4=9 q0.out=97

q0.in=9d a0=9 b0=d a1=4 b1=f a2=6 b2=d a3=b b3=8 a4=3 b4=9 q0.out=93 l1,1=8a q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l0,1=8b q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30

q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b l1,0=18 q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c l0,0=81 q0.in=50 a0=5 b0=0 a1=5 b1=d a2=f b2=0 a3=f b3=7 a4=1 b4=e q0.out=e1

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,3=14 q0.in=a1 a0=a b0=1 a1=b b1=2 a2=9 b2=b a3=2 b3=c a4=5 b4=8 q0.out=85 l0,3=dc q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db

q1.in=9e a0=9 b0=e a1=7 b1=6 a2=e b2=3 a3=d b3=7 a4=b b4=e q1.out=eb l1,2=9c q0.in=61 a0=6 b0=1 a1=7 b1=e a2=2 b2=9 a3=b b3=e a4=3 b4=c q0.out=c3 l0,2=53 q0.in=48 a0=4 b0=8 a1=c b1=0 a2=e b2=e a3=0 b3=9 a4=b b4=b q0.out=bb

q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec l1,1=8a q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l0,1=8b q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1

q1.in=4b a0=4 b0=b a1=f b1=9 a2=5 b2=d a3=8 b3=3 a4=0 b4=1 q1.out=10 l1,0=18 q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l0,0=81 q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76

y0 = 20	y1 = 97	y2 = 30	y3 = e1	y0 = db	y1 = bb	y2 = b1	y3 = 76
MDS input = Y = y0y1y2y3 = 209730e1				MDS input = Y = y0y1y2y3 = dbbbb176

MDS output = Z = z0z1z2z3 = 3c4e1308

MDS output = Z = z0z1z2z3 = 51ccf495

z0 = 3c

z1 = 4e

z2 = 13

z3 = 08

z0 = 51

z1 = cc

z2 = f4

z3 = 95

T0 = g(R0) = 3c4e1308

T1 = g(ROL(R1, 8)) = 51ccf495

F9,0 = (T0 + T1 + K26) mod 232 = (3c4e1308 + 51ccf495 + d5b22d8a) mod 232 = (08134e3c(big endian) + 95f4cc51(big endian) + 8a2db2d5(big endian)) mod 232 = 2835cd62(big endian) = 62cd3528.

F9,1 = (T0 + 2T1 + K27) mod 232 = (3c4e1308 + 2[51ccf495] + 66325910) mod 232 = (08134e3c(big endian) + 2[95f4cc51(big endian)] + 10593266(big endian)) mod 232 = (08134e3c(big endian) + 2be998a2(big endian) + 10593266(big endian)) mod 232 = 44561944(big endian) = 44195644.

R9,0  =  ROL(R10, 2,  1)    F9,0) =  ROL(6e1e7a1c,  1)   62cd3528 =  ROL(1c7a1e6e(big endian),  1)    62cd3528 =  38f43cdc(big endian)    62cd3528 =  dc3cf438   62cd3528 =  bef1c110.

R9,1  =  ROR(R10, 3    F9,1,  1) =  ROR(f1fc6d8b    44195644,  1) =  ROR(b5e53bcf, 1) =  ROR(cf3be5b5(big endian),  1) =  e79df2da(big endian) =  daf29de7

R9,2 = R10,0 = 1b4e9d23

R9,3 = R10,1 = 9e164b7a

 

Decryption of ciphertext block 3, round r=8

g input = X = x0x1x2x3 = R9,0 = bef1c110

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(daf29de7 ,  8) = ROL(e79df2da(big endian),  8) = 9df2dae7(big endian) = e7daf29d.

x0 = be

x1 = f1

x2 = c1

x3 = 10

x0 = e7

x1 = da

x2 = f2

x3 = 9d

y2,0 = be

y2,1 = f1

y2,2 = c1

y2,3 = 10

y2,0 = e7

y2,1 = da

y2,2 = f2

y2,3 = 9d

q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7 l1,3=14 q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l0,3=dc q1.in=db a0=d b0=b a1=6 b1=8 a2=6 b2=6 a3=0 b3=5 a4=4 b4=3 q1.out=34

q1.in=f1 a0=f b0=1 a1=e b1=f a2=c b2=8 a3=4 b3=8 a4=1 b4=6 q1.out=61 l1,2=9c q0.in=eb a0=e b0=b a1=5 b1=3 a2=f b2=8 a3=7 b3=3 a4=0 b4=4 q0.out=40 l0,2=53 q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17

q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14 l1,1=8a q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b l0,1=8b q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6 l1,0=18 q1.in=c2 a0=c b0=2 a1=e b1=d a2=c b2=9 a3=5 b3=0 a4=6 b4=b q1.out=b6 l0,0=81 q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39

q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8 l1,3=14 q0.in=e0 a0=e b0=0 a1=e b1=e a2=a b2=9 a3=3 b3=6 a4=e b4=6 q0.out=6e l0,3=dc q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9

q1.in=da a0=d b0=a a1=7 b1=0 a2=e b2=1 a3=f b3=6 a4=f b4=d q1.out=df l1,2=9c q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4 l0,2=53 q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7

q0.in=f2 a0=f b0=2 a1=d b1=6 a2=c b2=3 a3=f b3=5 a4=1 b4=2 q0.out=21 l1,1=8a q1.in=bd a0=b b0=d a1=6 b1=d a2=6 b2=9 a3=f b3=a a4=f b4=7 q1.out=7f l0,1=8b q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l1,0=18 q1.in=0e a0=0 b0=e a1=e b1=7 a2=c b2=7 a3=b b3=7 a4=8 b4=e q1.out=e8 l0,0=81 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9

y0 = 34	y1 = 17	y2 = ca	y3 = 39	y0 = a9	y1 = e7	y2 = 80	y3 = d9
MDS input = Y = y0y1y2y3 = 3417ca39				MDS input = Y = y0y1y2y3 = a9e780d9

MDS output = Z = z0z1z2z3 = 566ad070

MDS output = Z = z0z1z2z3 = 4b17e48b

z0 = 56

z1 = 6a

z2 = d0

z3 = 70

z0 = 4b

z1 = 17

z2 = e4

z3 = 8b

T0 = g(R0) = 566ad070

T1 = g(ROL(R1, 8)) = 4b17e48b

F8,0 = (T0 + T1 + K24) mod 232 = (566ad070 + 4b17e48b + 97054619) mod 232 = (70d06a56(big endian) + 8be4174b(big endian) + 19460597(big endian)) mod 232 = 15fa8738(big endian) = 3887fa15.

F8,1 = (T0 + 2T1 + K25) mod 232 = (566ad070 + 2[4b17e48b] + ccf7f077) mod 232 = (70d06a56(big endian) + 2[8be4174b(big endian)] + 77f0f7cc(big endian)) mod 232 = (70d06a56(big endian) + 17c82e96(big endian) + 77f0f7cc(big endian)) mod 232 = 008990b8(big endian) = b8908900.

R8,0  =  ROL(R9, 2,  1)    F8,0) =  ROL(1b4e9d23,  1)   3887fa15 =  ROL(239d4e1b(big endian),  1)    3887fa15 =  473a9c36(big endian)    3887fa15 =  369c3a47   3887fa15 =  0e1bc052.

R8,1  =  ROR(R9, 3    F8,1,  1) =  ROR(9e164b7a    b8908900,  1) =  ROR(2686c27a, 1) =  ROR(7ac28626(big endian),  1) =  3d614313(big endian) =  1343613d

R8,2 = R9,0 = bef1c110

R8,3 = R9,1 = daf29de7

 

Decryption of ciphertext block 3, round r=7

g input = X = x0x1x2x3 = R8,0 = 0e1bc052

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(1343613d ,  8) = ROL(3d614313(big endian),  8) = 6143133d(big endian) = 3d134361.

x0 = 0e

x1 = 1b

x2 = c0

x3 = 52

x0 = 3d

x1 = 13

x2 = 43

x3 = 61

y2,0 = 0e

y2,1 = 1b

y2,2 = c0

y2,3 = 52

y2,0 = 3d

y2,1 = 13

y2,2 = 43

y2,3 = 61

q0.in=0e a0=0 b0=e a1=e b1=7 a2=a b2=5 a3=f b3=0 a4=1 b4=d q0.out=d1 l1,3=14 q0.in=c9 a0=c b0=9 a1=5 b1=0 a2=f b2=e a3=1 b3=0 a4=a b4=d q0.out=da l0,3=dc q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb

q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b l1,2=9c q0.in=91 a0=9 b0=1 a1=8 b1=9 a2=0 b2=4 a3=4 b3=2 a4=6 b4=f q0.out=f6 l0,2=53 q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08

q0.in=c0 a0=c b0=0 a1=c b1=c a2=e b2=7 a3=9 b3=5 a4=8 b4=2 q0.out=28 l1,1=8a q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l0,1=8b q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e

q1.in=52 a0=5 b0=2 a1=7 b1=c a2=e b2=f a3=1 b3=1 a4=c b4=9 q1.out=9c l1,0=18 q1.in=88 a0=8 b0=8 a1=0 b1=c a2=2 b2=f a3=d b3=d a4=b b4=0 q1.out=0b l0,0=81 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l1,3=14 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18 l0,3=dc q1.in=99 a0=9 b0=9 a1=0 b1=d a2=2 b2=9 a3=b b3=e a4=8 b4=8 q1.out=88

q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l1,2=9c q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8 l0,2=53 q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=43 a0=4 b0=3 a1=7 b1=d a2=2 b2=0 a3=2 b3=2 a4=5 b4=f q0.out=f5 l1,1=8a q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f l0,1=8b q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,0=18 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,0=81 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

y0 = cb	y1 = 08	y2 = 0e	y3 = 72	y0 = 88	y1 = 45	y2 = 92	y3 = 5c
MDS input = Y = y0y1y2y3 = cb080e72				MDS input = Y = y0y1y2y3 = 8845925c

MDS output = Z = z0z1z2z3 = a6d521aa

MDS output = Z = z0z1z2z3 = 592517ab

z0 = a6

z1 = d5

z2 = 21

z3 = aa

z0 = 59

z1 = 25

z2 = 17

z3 = ab

T0 = g(R0) = a6d521aa

T1 = g(ROL(R1, 8)) = 592517ab

F7,0 = (T0 + T1 + K22) mod 232 = (a6d521aa + 592517ab + 25d0b3fc) mod 232 = (aa21d5a6(big endian) + ab172559(big endian) + fcb3d025(big endian)) mod 232 = 51eccb24(big endian) = 24cbec51.

F7,1 = (T0 + 2T1 + K23) mod 232 = (a6d521aa + 2[592517ab] + eb1e6ea6) mod 232 = (aa21d5a6(big endian) + 2[ab172559(big endian)] + a66e1eeb(big endian)) mod 232 = (aa21d5a6(big endian) + 562e4ab2(big endian) + a66e1eeb(big endian)) mod 232 = a6be3f43(big endian) = 433fbea6.

R7,0  =  ROL(R8, 2,  1)    F7,0) =  ROL(bef1c110,  1)   24cbec51 =  ROL(10c1f1be(big endian),  1)    24cbec51 =  2183e37c(big endian)    24cbec51 =  7ce38321   24cbec51 =  58286f70.

R7,1  =  ROR(R8, 3    F7,1,  1) =  ROR(daf29de7    433fbea6,  1) =  ROR(99cd2341, 1) =  ROR(4123cd99(big endian),  1) =  a091e6cc(big endian) =  cce691a0

R7,2 = R8,0 = 0e1bc052

R7,3 = R8,1 = 1343613d

 

Decryption of ciphertext block 3, round r=6

g input = X = x0x1x2x3 = R7,0 = 58286f70

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(cce691a0 ,  8) = ROL(a091e6cc(big endian),  8) = 91e6cca0(big endian) = a0cce691.

x0 = 58

x1 = 28

x2 = 6f

x3 = 70

x0 = a0

x1 = cc

x2 = e6

x3 = 91

y2,0 = 58

y2,1 = 28

y2,2 = 6f

y2,3 = 70

y2,0 = a0

y2,1 = cc

y2,2 = e6

y2,3 = 91

q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc l1,3=14 q0.in=d4 a0=d b0=4 a1=9 b1=7 a2=b b2=5 a3=e b3=9 a4=7 b4=b q0.out=b7 l0,3=dc q1.in=36 a0=3 b0=6 a1=5 b1=8 a2=7 b2=6 a3=1 b3=c a4=c b4=2 q1.out=2c

q1.in=28 a0=2 b0=8 a1=a b1=6 a2=9 b2=3 a3=a b3=8 a4=d b4=6 q1.out=6d l1,2=9c q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8 l0,2=53 q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad

q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l1,1=8a q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l0,1=8b q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95

q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l1,0=18 q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7 l0,0=81 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be

q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91 l1,3=14 q0.in=89 a0=8 b0=9 a1=1 b1=4 a2=1 b2=1 a3=0 b3=1 a4=b b4=7 q0.out=7b l0,3=dc q1.in=fa a0=f b0=a a1=5 b1=2 a2=7 b2=2 a3=5 b3=e a4=6 b4=8 q1.out=86

q1.in=cc a0=c b0=c a1=0 b1=a a2=2 b2=a a3=8 b3=7 a4=0 b4=e q1.out=e0 l1,2=9c q0.in=6a a0=6 b0=a a1=c b1=3 a2=e b2=8 a3=6 b3=a a4=9 b4=3 q0.out=39 l0,2=53 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb

q0.in=e6 a0=e b0=6 a1=8 b1=d a2=0 b2=0 a3=0 b3=0 a4=b b4=d q0.out=db l1,1=8a q1.in=47 a0=4 b0=7 a1=3 b1=f a2=d b2=8 a3=5 b3=1 a4=6 b4=9 q1.out=96 l0,1=8b q1.in=c5 a0=c b0=5 a1=9 b1=6 a2=1 b2=3 a3=2 b3=0 a4=7 b4=b q1.out=b7

q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l1,0=18 q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l0,0=81 q0.in=41 a0=4 b0=1 a1=5 b1=c a2=f b2=7 a3=8 b3=c a4=c b4=8 q0.out=8c

y0 = 2c	y1 = ad	y2 = 95	y3 = be	y0 = 86	y1 = cb	y2 = b7	y3 = 8c
MDS input = Y = y0y1y2y3 = 2cad95be				MDS input = Y = y0y1y2y3 = 86cbb78c

MDS output = Z = z0z1z2z3 = ddb302ad

MDS output = Z = z0z1z2z3 = 9bc219af

z0 = dd

z1 = b3

z2 = 02

z3 = ad

z0 = 9b

z1 = c2

z2 = 19

z3 = af

T0 = g(R0) = ddb302ad

T1 = g(ROL(R1, 8)) = 9bc219af

F6,0 = (T0 + T1 + K20) mod 232 = (ddb302ad + 9bc219af + 7b65df4c) mod 232 = (ad02b3dd(big endian) + af19c29b(big endian) + 4cdf657b(big endian)) mod 232 = a8fbdbf3(big endian) = f3dbfba8.

F6,1 = (T0 + 2T1 + K21) mod 232 = (ddb302ad + 2[9bc219af] + 2189e236) mod 232 = (ad02b3dd(big endian) + 2[af19c29b(big endian)] + 36e28921(big endian)) mod 232 = (ad02b3dd(big endian) + 5e338536(big endian) + 36e28921(big endian)) mod 232 = 4218c234(big endian) = 34c21842.

R6,0  =  ROL(R7, 2,  1)    F6,0) =  ROL(0e1bc052,  1)   f3dbfba8 =  ROL(52c01b0e(big endian),  1)    f3dbfba8 =  a580361c(big endian)    f3dbfba8 =  1c3680a5   f3dbfba8 =  efed7b0d.

R6,1  =  ROR(R7, 3    F6,1,  1) =  ROR(1343613d    34c21842,  1) =  ROR(2781797f, 1) =  ROR(7f798127(big endian),  1) =  bfbcc093(big endian) =  93c0bcbf

R6,2 = R7,0 = 58286f70

R6,3 = R7,1 = cce691a0

 

Decryption of ciphertext block 3, round r=5

g input = X = x0x1x2x3 = R6,0 = efed7b0d

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(93c0bcbf ,  8) = ROL(bfbcc093(big endian),  8) = bcc093bf(big endian) = bf93c0bc.

x0 = ef

x1 = ed

x2 = 7b

x3 = 0d

x0 = bf

x1 = 93

x2 = c0

x3 = bc

y2,0 = ef

y2,1 = ed

y2,2 = 7b

y2,3 = 0d

y2,0 = bf

y2,1 = 93

y2,2 = c0

y2,3 = bc

q0.in=ef a0=e b0=f a1=1 b1=1 a2=1 b2=c a3=d b3=f a4=4 b4=a q0.out=a4 l1,3=14 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b l0,3=dc q1.in=ca a0=c b0=a a1=6 b1=9 a2=6 b2=d a3=b b3=8 a4=8 b4=6 q1.out=68

q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02 l1,2=9c q0.in=88 a0=8 b0=8 a1=0 b1=c a2=8 b2=7 a3=f b3=3 a4=1 b4=4 q0.out=41 l0,2=53 q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0

q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l1,1=8a q1.in=d1 a0=d b0=1 a1=c b1=d a2=0 b2=9 a3=9 b3=c a4=e b4=2 q1.out=2e l0,1=8b q1.in=7d a0=7 b0=d a1=a b1=1 a2=9 b2=e a3=7 b3=6 a4=a b4=d q1.out=da

q1.in=0d a0=0 b0=d a1=d b1=e a2=a b2=0 a3=a b3=a a4=d b4=7 q1.out=7d l1,0=18 q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f l0,0=81 q0.in=b3 a0=b b0=3 a1=8 b1=a a2=0 b2=a a3=a b3=5 a4=f b4=2 q0.out=2f

q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l1,3=14 q0.in=42 a0=4 b0=2 a1=6 b1=5 a2=3 b2=2 a3=1 b3=a a4=a b4=3 q0.out=3a l0,3=dc q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,2=9c q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l0,2=53 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

q0.in=c0 a0=c b0=0 a1=c b1=c a2=e b2=7 a3=9 b3=5 a4=8 b4=2 q0.out=28 l1,1=8a q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l0,1=8b q1.in=2b a0=2 b0=b a1=9 b1=f a2=1 b2=8 a3=9 b3=d a4=e b4=0 q1.out=0e

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,0=18 q1.in=73 a0=7 b0=3 a1=4 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=8 q1.out=82 l0,0=81 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e

y0 = 68	y1 = b0	y2 = da	y3 = 2f	y0 = 57	y1 = f1	y2 = 0e	y3 = 1e
MDS input = Y = y0y1y2y3 = 68b0da2f				MDS input = Y = y0y1y2y3 = 57f10e1e

MDS output = Z = z0z1z2z3 = 3eac6909

MDS output = Z = z0z1z2z3 = 185708d1

z0 = 3e

z1 = ac

z2 = 69

z3 = 09

z0 = 18

z1 = 57

z2 = 08

z3 = d1

T0 = g(R0) = 3eac6909

T1 = g(ROL(R1, 8)) = 185708d1

F5,0 = (T0 + T1 + K18) mod 232 = (3eac6909 + 185708d1 + d542f0e2) mod 232 = (0969ac3e(big endian) + d1085718(big endian) + e2f042d5(big endian)) mod 232 = bd62462b(big endian) = 2b4662bd.

F5,1 = (T0 + 2T1 + K19) mod 232 = (3eac6909 + 2[185708d1] + 9f8b15e9) mod 232 = (0969ac3e(big endian) + 2[d1085718(big endian)] + e9158b9f(big endian)) mod 232 = (0969ac3e(big endian) + a210ae30(big endian) + e9158b9f(big endian)) mod 232 = 948fe60d(big endian) = 0de68f94.

R5,0  =  ROL(R6, 2,  1)    F5,0) =  ROL(58286f70,  1)   2b4662bd =  ROL(706f2858(big endian),  1)    2b4662bd =  e0de50b0(big endian)    2b4662bd =  b050dee0   2b4662bd =  9b16bc5d.

R5,1  =  ROR(R6, 3    F5,1,  1) =  ROR(cce691a0    0de68f94,  1) =  ROR(c1001e34, 1) =  ROR(341e00c1(big endian),  1) =  9a0f0060(big endian) =  60000f9a

R5,2 = R6,0 = efed7b0d

R5,3 = R6,1 = 93c0bcbf

 

Decryption of ciphertext block 3, round r=4

g input = X = x0x1x2x3 = R5,0 = 9b16bc5d

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(60000f9a ,  8) = ROL(9a0f0060(big endian),  8) = 0f00609a(big endian) = 9a60000f.

x0 = 9b

x1 = 16

x2 = bc

x3 = 5d

x0 = 9a

x1 = 60

x2 = 00

x3 = 0f

y2,0 = 9b

y2,1 = 16

y2,2 = bc

y2,3 = 5d

y2,0 = 9a

y2,1 = 60

y2,2 = 00

y2,3 = 0f

q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b l1,3=14 q0.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=4 a3=9 b3=7 a4=8 b4=e q0.out=e8 l0,3=dc q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=9c q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l0,2=53 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b l1,1=8a q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e l0,1=8b q1.in=cd a0=c b0=d a1=1 b1=2 a2=8 b2=2 a3=a b3=9 a4=d b4=4 q1.out=4d

q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l1,0=18 q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l0,0=81 q0.in=29 a0=2 b0=9 a1=b b1=e a2=9 b2=9 a3=0 b3=d a4=b b4=5 q0.out=5b

q0.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=1 a3=c b3=d a4=2 b4=5 q0.out=52 l1,3=14 q0.in=4a a0=4 b0=a a1=e b1=1 a2=a b2=c a3=6 b3=c a4=9 b4=8 q0.out=89 l0,3=dc q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a

q1.in=60 a0=6 b0=0 a1=6 b1=6 a2=6 b2=3 a3=5 b3=f a4=6 b4=a q1.out=a6 l1,2=9c q0.in=2c a0=2 b0=c a1=e b1=4 a2=a b2=1 a3=b b3=2 a4=3 b4=f q0.out=f3 l0,2=53 q0.in=78 a0=7 b0=8 a1=f b1=b a2=4 b2=6 a3=2 b3=7 a4=5 b4=e q0.out=e5

q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9 l1,1=8a q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l0,1=8b q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe

q1.in=0f a0=0 b0=f a1=f b1=f a2=5 b2=8 a3=d b3=9 a4=b b4=4 q1.out=4b l1,0=18 q1.in=5f a0=5 b0=f a1=a b1=2 a2=9 b2=2 a3=b b3=0 a4=8 b4=b q1.out=b8 l0,0=81 q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9

y0 = 6f	y1 = 4c	y2 = 4d	y3 = 5b	y0 = 4a	y1 = e5	y2 = fe	y3 = e9
MDS input = Y = y0y1y2y3 = 6f4c4d5b				MDS input = Y = y0y1y2y3 = 4ae5fee9

MDS output = Z = z0z1z2z3 = b12e3160

MDS output = Z = z0z1z2z3 = f64ff8af

z0 = b1

z1 = 2e

z2 = 31

z3 = 60

z0 = f6

z1 = 4f

z2 = f8

z3 = af

T0 = g(R0) = b12e3160

T1 = g(ROL(R1, 8)) = f64ff8af

F4,0 = (T0 + T1 + K16) mod 232 = (b12e3160 + f64ff8af + 19c3630c) mod 232 = (60312eb1(big endian) + aff84ff6(big endian) + 0c63c319(big endian)) mod 232 = 1c8d41c0(big endian) = c0418d1c.

F4,1 = (T0 + 2T1 + K17) mod 232 = (b12e3160 + 2[f64ff8af] + 5bc0b2cc) mod 232 = (60312eb1(big endian) + 2[aff84ff6(big endian)] + ccb2c05b(big endian)) mod 232 = (60312eb1(big endian) + 5ff09fec(big endian) + ccb2c05b(big endian)) mod 232 = 8cd48ef8(big endian) = f88ed48c.

R4,0  =  ROL(R5, 2,  1)    F4,0) =  ROL(efed7b0d,  1)   c0418d1c =  ROL(0d7bedef(big endian),  1)    c0418d1c =  1af7dbde(big endian)    c0418d1c =  dedbf71a   c0418d1c =  1e9a7a06.

R4,1  =  ROR(R5, 3    F4,1,  1) =  ROR(93c0bcbf    f88ed48c,  1) =  ROR(6b4e6833, 1) =  ROR(33684e6b(big endian),  1) =  99b42735(big endian) =  3527b499

R4,2 = R5,0 = 9b16bc5d

R4,3 = R5,1 = 60000f9a

 

Decryption of ciphertext block 3, round r=3

g input = X = x0x1x2x3 = R4,0 = 1e9a7a06

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(3527b499 ,  8) = ROL(99b42735(big endian),  8) = b4273599(big endian) = 993527b4.

x0 = 1e

x1 = 9a

x2 = 7a

x3 = 06

x0 = 99

x1 = 35

x2 = 27

x3 = b4

y2,0 = 1e

y2,1 = 9a

y2,2 = 7a

y2,3 = 06

y2,0 = 99

y2,1 = 35

y2,2 = 27

y2,3 = b4

q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l1,3=14 q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31 l0,3=dc q1.in=b0 a0=b b0=0 a1=b b1=3 a2=4 b2=b a3=f b3=9 a4=f b4=4 q1.out=4f

q1.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=4 a3=9 b3=7 a4=e b4=e q1.out=ee l1,2=9c q0.in=64 a0=6 b0=4 a1=2 b1=4 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q0.out=e9 l0,2=53 q0.in=62 a0=6 b0=2 a1=4 b1=7 a2=6 b2=5 a3=3 b3=c a4=e b4=8 q0.out=8e

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=06 a0=0 b0=6 a1=6 b1=3 a2=6 b2=b a3=d b3=b a4=b b4=f q1.out=fb l1,0=18 q1.in=ef a0=e b0=f a1=1 b1=1 a2=8 b2=e a3=6 b3=f a4=9 b4=a q1.out=a9 l0,0=81 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=99 a0=9 b0=9 a1=0 b1=d a2=8 b2=0 a3=8 b3=8 a4=c b4=9 q0.out=9c l1,3=14 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06 l0,3=dc q1.in=87 a0=8 b0=7 a1=f b1=3 a2=5 b2=b a3=e b3=0 a4=3 b4=b q1.out=b3

q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l1,2=9c q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,2=53 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b

q0.in=27 a0=2 b0=7 a1=5 b1=9 a2=f b2=4 a3=b b3=5 a4=3 b4=2 q0.out=23 l1,1=8a q1.in=bf a0=b b0=f a1=4 b1=c a2=f b2=f a3=0 b3=8 a4=4 b4=6 q1.out=64 l0,1=8b q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=b4 a0=b b0=4 a1=f b1=1 a2=5 b2=e a3=b b3=a a4=8 b4=7 q1.out=78 l1,0=18 q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40 l0,0=81 q0.in=9c a0=9 b0=c a1=5 b1=7 a2=f b2=5 a3=a b3=d a4=f b4=5 q0.out=5f

y0 = 4f	y1 = 8e	y2 = c7	y3 = cd	y0 = b3	y1 = 4b	y2 = a3	y3 = 5f
MDS input = Y = y0y1y2y3 = 4f8ec7cd				MDS input = Y = y0y1y2y3 = b34ba35f

MDS output = Z = z0z1z2z3 = adee89c4

MDS output = Z = z0z1z2z3 = 5688b5f1

z0 = ad

z1 = ee

z2 = 89

z3 = c4

z0 = 56

z1 = 88

z2 = b5

z3 = f1

T0 = g(R0) = adee89c4

T1 = g(ROL(R1, 8)) = 5688b5f1

F3,0 = (T0 + T1 + K14) mod 232 = (adee89c4 + 5688b5f1 + 281a4854) mod 232 = (c489eead(big endian) + f1b58856(big endian) + 54481a28(big endian)) mod 232 = 0a87912b(big endian) = 2b91870a.

F3,1 = (T0 + 2T1 + K15) mod 232 = (adee89c4 + 2[5688b5f1] + a0ddfa24) mod 232 = (c489eead(big endian) + 2[f1b58856(big endian)] + 24fadda0(big endian)) mod 232 = (c489eead(big endian) + e36b10ac(big endian) + 24fadda0(big endian)) mod 232 = ccefdcf9(big endian) = f9dcefcc.

R3,0  =  ROL(R4, 2,  1)    F3,0) =  ROL(9b16bc5d,  1)   2b91870a =  ROL(5dbc169b(big endian),  1)    2b91870a =  bb782d36(big endian)    2b91870a =  362d78bb   2b91870a =  1dbcffb1.

R3,1  =  ROR(R4, 3    F3,1,  1) =  ROR(60000f9a    f9dcefcc,  1) =  ROR(99dce056, 1) =  ROR(56e0dc99(big endian),  1) =  ab706e4c(big endian) =  4c6e70ab

R3,2 = R4,0 = 1e9a7a06

R3,3 = R4,1 = 3527b499

 

Decryption of ciphertext block 3, round r=2

g input = X = x0x1x2x3 = R3,0 = 1dbcffb1

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(4c6e70ab ,  8) = ROL(ab706e4c(big endian),  8) = 706e4cab(big endian) = ab4c6e70.

x0 = 1d

x1 = bc

x2 = ff

x3 = b1

x0 = ab

x1 = 4c

x2 = 6e

x3 = 70

y2,0 = 1d

y2,1 = bc

y2,2 = ff

y2,3 = b1

y2,0 = ab

y2,1 = 4c

y2,2 = 6e

y2,3 = 70

q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13 l1,3=14 q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78 l0,3=dc q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l1,0=18 q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l0,0=81 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01

q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l1,3=14 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e l0,3=dc q1.in=9f a0=9 b0=f a1=6 b1=e a2=6 b2=0 a3=6 b3=6 a4=9 b4=d q1.out=d9

q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l1,2=9c q0.in=f6 a0=f b0=6 a1=9 b1=4 a2=b b2=1 a3=a b3=b a4=f b4=0 q0.out=0f l0,2=53 q0.in=84 a0=8 b0=4 a1=c b1=a a2=e b2=a a3=4 b3=b a4=6 b4=0 q0.out=06

q0.in=6e a0=6 b0=e a1=8 b1=1 a2=0 b2=c a3=c b3=6 a4=2 b4=6 q0.out=62 l1,1=8a q1.in=fe a0=f b0=e a1=1 b1=0 a2=8 b2=1 a3=9 b3=0 a4=e b4=b q1.out=be l0,1=8b q1.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=1 a3=c b3=d a4=2 b4=0 q1.out=02

q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79 l1,0=18 q1.in=6d a0=6 b0=d a1=b b1=8 a2=4 b2=6 a3=2 b3=7 a4=7 b4=e q1.out=e7 l0,0=81 q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be

y0 = 25	y1 = cd	y2 = 5d	y3 = 01	y0 = d9	y1 = 06	y2 = 02	y3 = be
MDS input = Y = y0y1y2y3 = 25cd5d01				MDS input = Y = y0y1y2y3 = d90602be

MDS output = Z = z0z1z2z3 = 188bc6cc

MDS output = Z = z0z1z2z3 = fa0ca6f9

z0 = 18

z1 = 8b

z2 = c6

z3 = cc

z0 = fa

z1 = 0c

z2 = a6

z3 = f9

T0 = g(R0) = 188bc6cc

T1 = g(ROL(R1, 8)) = fa0ca6f9

F2,0 = (T0 + T1 + K12) mod 232 = (188bc6cc + fa0ca6f9 + a38a1320) mod 232 = (ccc68b18(big endian) + f9a60cfa(big endian) + 20138aa3(big endian)) mod 232 = e68022b5(big endian) = b52280e6.

F2,1 = (T0 + 2T1 + K13) mod 232 = (188bc6cc + 2[fa0ca6f9] + 0813350e) mod 232 = (ccc68b18(big endian) + 2[f9a60cfa(big endian)] + 0e351308(big endian)) mod 232 = (ccc68b18(big endian) + f34c19f4(big endian) + 0e351308(big endian)) mod 232 = ce47b814(big endian) = 14b847ce.

R2,0  =  ROL(R3, 2,  1)    F2,0) =  ROL(1e9a7a06,  1)   b52280e6 =  ROL(067a9a1e(big endian),  1)    b52280e6 =  0cf5343c(big endian)    b52280e6 =  3c34f50c   b52280e6 =  891675ea.

R2,1  =  ROR(R3, 3    F2,1,  1) =  ROR(3527b499    14b847ce,  1) =  ROR(219ff357, 1) =  ROR(57f39f21(big endian),  1) =  abf9cf90(big endian) =  90cff9ab

R2,2 = R3,0 = 1dbcffb1

R2,3 = R3,1 = 4c6e70ab

 

Decryption of ciphertext block 3, round r=1

g input = X = x0x1x2x3 = R2,0 = 891675ea

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(90cff9ab ,  8) = ROL(abf9cf90(big endian),  8) = f9cf90ab(big endian) = ab90cff9.

x0 = 89

x1 = 16

x2 = 75

x3 = ea

x0 = ab

x1 = 90

x2 = cf

x3 = f9

y2,0 = 89

y2,1 = 16

y2,2 = 75

y2,3 = ea

y2,0 = ab

y2,1 = 90

y2,2 = cf

y2,3 = f9

q0.in=89 a0=8 b0=9 a1=1 b1=4 a2=1 b2=1 a3=0 b3=1 a4=b b4=7 q0.out=7b l1,3=14 q0.in=63 a0=6 b0=3 a1=5 b1=f a2=f b2=d a3=2 b3=9 a4=5 b4=b q0.out=b5 l0,3=dc q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5

q1.in=16 a0=1 b0=6 a1=7 b1=a a2=e b2=a a3=4 b3=b a4=1 b4=f q1.out=f1 l1,2=9c q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d l0,2=53 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd l1,1=8a q1.in=51 a0=5 b0=1 a1=4 b1=5 a2=f b2=c a3=3 b3=1 a4=5 b4=9 q1.out=95 l0,1=8b q1.in=c6 a0=c b0=6 a1=a b1=f a2=9 b2=8 a3=1 b3=5 a4=c b4=3 q1.out=3c

q1.in=ea a0=e b0=a a1=4 b1=b a2=f b2=5 a3=a b3=d a4=d b4=0 q1.out=0d l1,0=18 q1.in=19 a0=1 b0=9 a1=8 b1=5 a2=3 b2=c a3=f b3=d a4=f b4=0 q1.out=0f l0,0=81 q0.in=d3 a0=d b0=3 a1=e b1=c a2=a b2=7 a3=d b3=1 a4=4 b4=7 q0.out=74

q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l1,3=14 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e l0,3=dc q1.in=9f a0=9 b0=f a1=6 b1=e a2=6 b2=0 a3=6 b3=6 a4=9 b4=d q1.out=d9

q1.in=90 a0=9 b0=0 a1=9 b1=1 a2=1 b2=e a3=f b3=e a4=f b4=8 q1.out=8f l1,2=9c q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l0,2=53 q0.in=76 a0=7 b0=6 a1=1 b1=c a2=1 b2=7 a3=6 b3=2 a4=9 b4=f q0.out=f9

q0.in=cf a0=c b0=f a1=3 b1=3 a2=d b2=8 a3=5 b3=1 a4=d b4=7 q0.out=7d l1,1=8a q1.in=e1 a0=e b0=1 a1=f b1=6 a2=5 b2=3 a3=6 b3=4 a4=9 b4=c q1.out=c9 l0,1=8b q1.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=4 a3=9 b3=7 a4=e b4=e q1.out=ee

q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l1,0=18 q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,0=81 q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc

y0 = b5	y1 = 4c	y2 = 3c	y3 = 74	y0 = d9	y1 = f9	y2 = ee	y3 = cc
MDS input = Y = y0y1y2y3 = b54c3c74				MDS input = Y = y0y1y2y3 = d9f9eecc

MDS output = Z = z0z1z2z3 = 96e21c24

MDS output = Z = z0z1z2z3 = 123a877d

z0 = 96

z1 = e2

z2 = 1c

z3 = 24

z0 = 12

z1 = 3a

z2 = 87

z3 = 7d

T0 = g(R0) = 96e21c24

T1 = g(ROL(R1, 8)) = 123a877d

F1,0 = (T0 + T1 + K10) mod 232 = (96e21c24 + 123a877d + 22166ed7) mod 232 = (241ce296(big endian) + 7d873a12(big endian) + d76e1622(big endian)) mod 232 = 791232ca(big endian) = ca321279.

F1,1 = (T0 + 2T1 + K11) mod 232 = (96e21c24 + 2[123a877d] + 2547a011) mod 232 = (241ce296(big endian) + 2[7d873a12(big endian)] + 11a04725(big endian)) mod 232 = (241ce296(big endian) + fb0e7424(big endian) + 11a04725(big endian)) mod 232 = 30cb9ddf(big endian) = df9dcb30.

R1,0  =  ROL(R2, 2,  1)    F1,0) =  ROL(1dbcffb1,  1)   ca321279 =  ROL(b1ffbc1d(big endian),  1)    ca321279 =  63ff783b(big endian)    ca321279 =  3b78ff63   ca321279 =  f14aed1a.

R1,1  =  ROR(R2, 3    F1,1,  1) =  ROR(4c6e70ab    df9dcb30,  1) =  ROR(93f3bb9b, 1) =  ROR(9bbbf393(big endian),  1) =  cdddf9c9(big endian) =  c9f9ddcd

R1,2 = R2,0 = 891675ea

R1,3 = R2,1 = 90cff9ab

 

Decryption of ciphertext block 3, round r=0

g input = X = x0x1x2x3 = R1,0 = f14aed1a

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(c9f9ddcd ,  8) = ROL(cdddf9c9(big endian),  8) = ddf9c9cd(big endian) = cdc9f9dd.

x0 = f1

x1 = 4a

x2 = ed

x3 = 1a

x0 = cd

x1 = c9

x2 = f9

x3 = dd

y2,0 = f1

y2,1 = 4a

y2,2 = ed

y2,3 = 1a

y2,0 = cd

y2,1 = c9

y2,2 = f9

y2,3 = dd

q0.in=f1 a0=f b0=1 a1=e b1=f a2=a b2=d a3=7 b3=4 a4=0 b4=1 q0.out=10 l1,3=14 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l0,3=dc q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b

q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7 l1,2=9c q0.in=7d a0=7 b0=d a1=a b1=1 a2=5 b2=c a3=9 b3=b a4=8 b4=0 q0.out=08 l0,2=53 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed

q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l1,1=8a q1.in=62 a0=6 b0=2 a1=4 b1=7 a2=f b2=7 a3=8 b3=c a4=0 b4=2 q1.out=20 l0,1=8b q1.in=73 a0=7 b0=3 a1=4 b1=6 a2=f b2=3 a3=c b3=e a4=2 b4=8 q1.out=82

q1.in=1a a0=1 b0=a a1=b b1=c a2=4 b2=f a3=b b3=b a4=8 b4=f q1.out=f8 l1,0=18 q1.in=ec a0=e b0=c a1=2 b1=8 a2=b b2=6 a3=d b3=0 a4=b b4=b q1.out=bb l0,0=81 q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba

q0.in=cd a0=c b0=d a1=1 b1=2 a2=1 b2=b a3=a b3=4 a4=f b4=1 q0.out=1f l1,3=14 q0.in=07 a0=0 b0=7 a1=7 b1=b a2=2 b2=6 a3=4 b3=1 a4=6 b4=7 q0.out=76 l0,3=dc q1.in=f7 a0=f b0=7 a1=8 b1=c a2=3 b2=f a3=c b3=4 a4=2 b4=c q1.out=c2

q1.in=c9 a0=c b0=9 a1=5 b1=0 a2=7 b2=1 a3=6 b3=7 a4=9 b4=e q1.out=e9 l1,2=9c q0.in=63 a0=6 b0=3 a1=5 b1=f a2=f b2=d a3=2 b3=9 a4=5 b4=b q0.out=b5 l0,2=53 q0.in=3e a0=3 b0=e a1=d b1=c a2=c b2=7 a3=b b3=7 a4=3 b4=e q0.out=e3

q0.in=f9 a0=f b0=9 a1=6 b1=b a2=3 b2=6 a3=5 b3=8 a4=d b4=9 q0.out=9d l1,1=8a q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l0,1=8b q1.in=a0 a0=a b0=0 a1=a b1=a a2=9 b2=a a3=3 b3=4 a4=5 b4=c q1.out=c5

q1.in=dd a0=d b0=d a1=0 b1=b a2=2 b2=5 a3=7 b3=8 a4=a b4=6 q1.out=6a l1,0=18 q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l0,0=81 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f

y0 = 1b	y1 = ed	y2 = 82	y3 = ba	y0 = c2	y1 = e3	y2 = c5	y3 = 8f
MDS input = Y = y0y1y2y3 = 1bed82ba				MDS input = Y = y0y1y2y3 = c2e3c58f

MDS output = Z = z0z1z2z3 = 635039d0

MDS output = Z = z0z1z2z3 = de4166fe

z0 = 63

z1 = 50

z2 = 39

z3 = d0

z0 = de

z1 = 41

z2 = 66

z3 = fe

T0 = g(R0) = 635039d0

T1 = g(ROL(R1, 8)) = de4166fe

F0,0 = (T0 + T1 + K8) mod 232 = (635039d0 + de4166fe + f595a22f) mod 232 = (d0395063(big endian) + fe6641de(big endian) + 2fa295f5(big endian)) mod 232 = fe422836(big endian) = 362842fe.

F0,1 = (T0 + 2T1 + K9) mod 232 = (635039d0 + 2[de4166fe] + b3c6caca) mod 232 = (d0395063(big endian) + 2[fe6641de(big endian)] + cacac6b3(big endian)) mod 232 = (d0395063(big endian) + fccc83bc(big endian) + cacac6b3(big endian)) mod 232 = 97d09ad2(big endian) = d29ad097.

R0,0  =  ROL(R1, 2,  1)    F0,0) =  ROL(891675ea,  1)   362842fe =  ROL(ea751689(big endian),  1)    362842fe =  d4ea2d13(big endian)    362842fe =  132dead4   362842fe =  2505a82a.

R0,1  =  ROR(R1, 3    F0,1,  1) =  ROR(90cff9ab    d29ad097,  1) =  ROR(4255293c, 1) =  ROR(3c295542(big endian),  1) =  1e14aaa1(big endian) =  a1aa141e

R0,2 = R1,0 = f14aed1a

R0,3 = R1,1 = c9f9ddcd

 

Decryption output unwhiten for block 3

P3 = R0,5 mod 4    K3 = R0,1    K3 = a1aa141e    ae0b98a1  =  0fa18cbf

P2 = R0,4 mod 4    K2 = R0,0    K2 = 2505a82a    ea11ea78  =  cf144252

P1 = R0,3 mod 4    K1 = R0,3    K1 = c9f9ddcd    02229b50  =  cbdb469d

P0 = R0,2 mod 4    K0 = R0,2    K0 = f14aed1a    9bf1826a  =  6abb6f70

 

Decryption of block 3 : Decryption CBC step: Xor of output unwhiten result with previous ciphertext block received

P0 = P '0 C0(previous round) = 6abb6f70 4e311045 = 248a7f35

P1 = P '1 C1(previous round) = cbdb469d e36a2e31 = 28b168ac

P2 = P '2 C2(previous round) = cf144252 32c57a3c = fdd1386e

P3 = P '3 C3(previous round) = 0fa18cbf 30f06fb3 = 3f51e30c

 

Plaintext result for decryption of block 3

p0 = [P0 2[8(0 mod 4)]] mod 28 = [248a7f35 20] mod 28 = [357f8a24(big endian) 20] mod 28 = 24

p1 = [P0 2[8(1 mod 4)]] mod 28 = [248a7f35 28] mod 28 = [357f8a24(big endian) 28] mod 28 = 8a

p2 = [P0 2[8(2 mod 4)]] mod 28 = [248a7f35 216] mod 28 = [357f8a24(big endian) 216] mod 28 = 7f

p3 = [P0 2[8(3 mod 4)]] mod 28 = [248a7f35 224] mod 28 = [357f8a24(big endian) 224] mod 28 = 35

p4 = [P1 2[8(4 mod 4)]] mod 28 = [28b168ac 20] mod 28 = [ac68b128(big endian) 20] mod 28 = 28

p5 = [P1 2[8(5 mod 4)]] mod 28 = [28b168ac 28] mod 28 = [ac68b128(big endian) 28] mod 28 = b1

p6 = [P1 2[8(6 mod 4)]] mod 28 = [28b168ac 216] mod 28 = [ac68b128(big endian) 216] mod 28 = 68

p7 = [P1 2[8(7 mod 4)]] mod 28 = [28b168ac 224] mod 28 = [ac68b128(big endian) 224] mod 28 = ac

p8 = [P2 2[8(8 mod 4)]] mod 28 = [fdd1386e 20] mod 28 = [6e38d1fd(big endian) 20] mod 28 = fd

p9 = [P2 2[8(9 mod 4)]] mod 28 = [fdd1386e 28] mod 28 = [6e38d1fd(big endian) 28] mod 28 = d1

p10 = [P2 2[8(10 mod 4)]] mod 28 = [fdd1386e 216] mod 28 = [6e38d1fd(big endian) 216] mod 28 = 38

p11 = [P2 2[8(11 mod 4)]] mod 28 = [fdd1386e 224] mod 28 = [6e38d1fd(big endian) 224] mod 28 = 6e

p12 = [P3 2[8(12 mod 4)]] mod 28 = [3f51e30c 20] mod 28 = [0ce3513f(big endian) 20] mod 28 = 3f

p13 = [P3 2[8(13 mod 4)]] mod 28 = [3f51e30c 28] mod 28 = [0ce3513f(big endian) 28] mod 28 = 51

p14 = [P3 2[8(14 mod 4)]] mod 28 = [3f51e30c 216] mod 28 = [0ce3513f(big endian) 216] mod 28 = e3

p15 = [P3 2[8(15 mod 4)]] mod 28 = [3f51e30c 224] mod 28 = [0ce3513f(big endian) 224] mod 28 = 0c

Plaintext block output = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = 248a7f3528b168acfdd1386e3f51e30c

 

Decryption start for ciphertext block 4

ciphertext = c0c1c2c3c4c5c6c7c8c9c10c11c12c13c14c15 = 3dea507e35530bccd5c481fa21530dc5

C0 = c0c1c2c3 = 3dea507e	C1 = c4c5c6c7 = 35530bcc
C2 = c8c9c10c11 = d5c481fa	C3 = c12c13c14c15 = 21530dc5

 

Decryption Input Unwhiten for block 4

R16,0 = C0 K4 = 3dea507e f57ea21f = c894f261

R16,1 = C1 K5 = 35530bcc e005f378 = d556f8b4

R16,2 = C2 K6 = d5c481fa 314b4d98 = e48fcc62

R16,3 = C3 K7 = 21530dc5 c9a88d6f = e8fb80aa

 

Decryption of ciphertext block 4, round r=15

g input = X = x0x1x2x3 = R16,0 = c894f261

g input = X = x0x1x2x3 = ROL(R16,1,  8) = ROL(d556f8b4 ,  8) = ROL(b4f856d5(big endian),  8) = f856d5b4(big endian) = b4d556f8.

x0 = c8

x1 = 94

x2 = f2

x3 = 61

x0 = b4

x1 = d5

x2 = 56

x3 = f8

y2,0 = c8

y2,1 = 94

y2,2 = f2

y2,3 = 61

y2,0 = b4

y2,1 = d5

y2,2 = 56

y2,3 = f8

q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8 l1,3=14 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91 l0,3=dc q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6

q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec l1,2=9c q0.in=66 a0=6 b0=6 a1=0 b1=5 a2=8 b2=2 a3=a b3=9 a4=f b4=b q0.out=bf l0,2=53 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9

q0.in=f2 a0=f b0=2 a1=d b1=6 a2=c b2=3 a3=f b3=5 a4=1 b4=2 q0.out=21 l1,1=8a q1.in=bd a0=b b0=d a1=6 b1=d a2=6 b2=9 a3=f b3=a a4=f b4=7 q1.out=7f l0,1=8b q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l1,0=18 q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l0,0=81 q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c

q0.in=b4 a0=b b0=4 a1=f b1=1 a2=4 b2=c a3=8 b3=2 a4=c b4=f q0.out=fc l1,3=14 q0.in=e4 a0=e b0=4 a1=a b1=c a2=5 b2=7 a3=2 b3=6 a4=5 b4=6 q0.out=65 l0,3=dc q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89

q1.in=d5 a0=d b0=5 a1=8 b1=f a2=3 b2=8 a3=b b3=f a4=8 b4=a q1.out=a8 l1,2=9c q0.in=22 a0=2 b0=2 a1=0 b1=3 a2=8 b2=8 a3=0 b3=c a4=b b4=8 q0.out=8b l0,2=53 q0.in=00 a0=0 b0=0 a1=0 b1=0 a2=8 b2=e a3=6 b3=f a4=9 b4=a q0.out=a9

q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l1,1=8a q1.in=2a a0=2 b0=a a1=8 b1=7 a2=3 b2=7 a3=4 b3=0 a4=1 b4=b q1.out=b1 l0,1=8b q1.in=e2 a0=e b0=2 a1=c b1=f a2=0 b2=8 a3=8 b3=4 a4=0 b4=c q1.out=c0

q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16 l1,0=18 q1.in=02 a0=0 b0=2 a1=2 b1=1 a2=b b2=e a3=5 b3=4 a4=6 b4=c q1.out=c6 l0,0=81 q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37

y0 = d6	y1 = d9	y2 = 80	y3 = 5c	y0 = 89	y1 = a9	y2 = c0	y3 = 37
MDS input = Y = y0y1y2y3 = d6d9805c				MDS input = Y = y0y1y2y3 = 89a9c037

MDS output = Z = z0z1z2z3 = 50866c4e

MDS output = Z = z0z1z2z3 = 946f63ec

z0 = 50

z1 = 86

z2 = 6c

z3 = 4e

z0 = 94

z1 = 6f

z2 = 63

z3 = ec

T0 = g(R0) = 50866c4e

T1 = g(ROL(R1, 8)) = 946f63ec

F15,0 = (T0 + T1 + K38) mod 232 = (50866c4e + 946f63ec + aadffd38) mod 232 = (4e6c8650(big endian) + ec636f94(big endian) + 38fddfaa(big endian)) mod 232 = 73cdd58e(big endian) = 8ed5cd73.

F15,1 = (T0 + 2T1 + K39) mod 232 = (50866c4e + 2[946f63ec] + 56f4c1eb) mod 232 = (4e6c8650(big endian) + 2[ec636f94(big endian)] + ebc1f456(big endian)) mod 232 = (4e6c8650(big endian) + d8c6df28(big endian) + ebc1f456(big endian)) mod 232 = 12f559ce(big endian) = ce59f512.

R15,0  =  ROL(R16, 2,  1)    F15,0) =  ROL(e48fcc62,  1)   8ed5cd73 =  ROL(62cc8fe4(big endian),  1)    8ed5cd73 =  c5991fc8(big endian)    8ed5cd73 =  c81f99c5   8ed5cd73 =  46ca54b6.

R15,1  =  ROR(R16, 3    F15,1,  1) =  ROR(e8fb80aa    ce59f512,  1) =  ROR(26a275b8, 1) =  ROR(b875a226(big endian),  1) =  5c3ad113(big endian) =  13d13a5c

R15,2 = R16,0 = c894f261

R15,3 = R16,1 = d556f8b4

 

Decryption of ciphertext block 4, round r=14

g input = X = x0x1x2x3 = R15,0 = 46ca54b6

g input = X = x0x1x2x3 = ROL(R15,1,  8) = ROL(13d13a5c ,  8) = ROL(5c3ad113(big endian),  8) = 3ad1135c(big endian) = 5c13d13a.

x0 = 46

x1 = ca

x2 = 54

x3 = b6

x0 = 5c

x1 = 13

x2 = d1

x3 = 3a

y2,0 = 46

y2,1 = ca

y2,2 = 54

y2,3 = b6

y2,0 = 5c

y2,1 = 13

y2,2 = d1

y2,3 = 3a

q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25 l1,3=14 q0.in=3d a0=3 b0=d a1=e b1=5 a2=a b2=2 a3=8 b3=b a4=c b4=0 q0.out=0c l0,3=dc q1.in=8d a0=8 b0=d a1=5 b1=6 a2=7 b2=3 a3=4 b3=6 a4=1 b4=d q1.out=d1

q1.in=ca a0=c b0=a a1=6 b1=9 a2=6 b2=d a3=b b3=8 a4=8 b4=6 q1.out=68 l1,2=9c q0.in=e2 a0=e b0=2 a1=c b1=f a2=e b2=d a3=3 b3=0 a4=e b4=d q0.out=de l0,2=53 q0.in=55 a0=5 b0=5 a1=0 b1=7 a2=8 b2=5 a3=d b3=2 a4=4 b4=f q0.out=f4

q0.in=54 a0=5 b0=4 a1=1 b1=f a2=1 b2=d a3=c b3=7 a4=2 b4=e q0.out=e2 l1,1=8a q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l0,1=8b q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1

q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58 l1,0=18 q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,0=81 q0.in=a0 a0=a b0=0 a1=a b1=a a2=5 b2=a a3=f b3=8 a4=1 b4=9 q0.out=91

q0.in=5c a0=5 b0=c a1=9 b1=b a2=b b2=6 a3=d b3=0 a4=4 b4=d q0.out=d4 l1,3=14 q0.in=cc a0=c b0=c a1=0 b1=a a2=8 b2=a a3=2 b3=d a4=5 b4=5 q0.out=55 l0,3=dc q1.in=d4 a0=d b0=4 a1=9 b1=7 a2=1 b2=7 a3=6 b3=2 a4=9 b4=5 q1.out=59

q1.in=13 a0=1 b0=3 a1=2 b1=0 a2=b b2=1 a3=a b3=b a4=d b4=f q1.out=fd l1,2=9c q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8 l0,2=53 q0.in=53 a0=5 b0=3 a1=6 b1=4 a2=3 b2=1 a3=2 b3=3 a4=5 b4=4 q0.out=45

q0.in=d1 a0=d b0=1 a1=c b1=d a2=e b2=0 a3=e b3=e a4=7 b4=c q0.out=c7 l1,1=8a q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l0,1=8b q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81

q1.in=3a a0=3 b0=a a1=9 b1=e a2=1 b2=0 a3=1 b3=9 a4=c b4=4 q1.out=4c l1,0=18 q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l0,0=81 q0.in=16 a0=1 b0=6 a1=7 b1=a a2=2 b2=a a3=8 b3=7 a4=c b4=e q0.out=ec

y0 = d1	y1 = f4	y2 = c1	y3 = 91	y0 = 59	y1 = 45	y2 = 81	y3 = ec
MDS input = Y = y0y1y2y3 = d1f4c191				MDS input = Y = y0y1y2y3 = 594581ec

MDS output = Z = z0z1z2z3 = 26e27807

MDS output = Z = z0z1z2z3 = ed6ea310

z0 = 26

z1 = e2

z2 = 78

z3 = 07

z0 = ed

z1 = 6e

z2 = a3

z3 = 10

T0 = g(R0) = 26e27807

T1 = g(ROL(R1, 8)) = ed6ea310

F14,0 = (T0 + T1 + K36) mod 232 = (26e27807 + ed6ea310 + e4ffcbcc) mod 232 = (0778e226(big endian) + 10a36eed(big endian) + cccbffe4(big endian)) mod 232 = e4e850f7(big endian) = f750e8e4.

F14,1 = (T0 + 2T1 + K37) mod 232 = (26e27807 + 2[ed6ea310] + fd60441f) mod 232 = (0778e226(big endian) + 2[10a36eed(big endian)] + 1f4460fd(big endian)) mod 232 = (0778e226(big endian) + 2146ddda(big endian) + 1f4460fd(big endian)) mod 232 = 480420fd(big endian) = fd200448.

R14,0  =  ROL(R15, 2,  1)    F14,0) =  ROL(c894f261,  1)   f750e8e4 =  ROL(61f294c8(big endian),  1)    f750e8e4 =  c3e52990(big endian)    f750e8e4 =  9029e5c3   f750e8e4 =  67790d27.

R14,1  =  ROR(R15, 3    F14,1,  1) =  ROR(d556f8b4    fd200448,  1) =  ROR(2876fcfc, 1) =  ROR(fcfc7628(big endian),  1) =  7e7e3b14(big endian) =  143b7e7e

R14,2 = R15,0 = 46ca54b6

R14,3 = R15,1 = 13d13a5c

 

Decryption of ciphertext block 4, round r=13

g input = X = x0x1x2x3 = R14,0 = 67790d27

g input = X = x0x1x2x3 = ROL(R14,1,  8) = ROL(143b7e7e ,  8) = ROL(7e7e3b14(big endian),  8) = 7e3b147e(big endian) = 7e143b7e.

x0 = 67

x1 = 79

x2 = 0d

x3 = 27

x0 = 7e

x1 = 14

x2 = 3b

x3 = 7e

y2,0 = 67

y2,1 = 79

y2,2 = 0d

y2,3 = 27

y2,0 = 7e

y2,1 = 14

y2,2 = 3b

y2,3 = 7e

q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l1,3=14 q0.in=a2 a0=a b0=2 a1=8 b1=b a2=0 b2=6 a3=6 b3=3 a4=9 b4=4 q0.out=49 l0,3=dc q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce

q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a l1,2=9c q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d l0,2=53 q0.in=86 a0=8 b0=6 a1=e b1=b a2=a b2=6 a3=c b3=9 a4=2 b4=b q0.out=b2

q0.in=0d a0=0 b0=d a1=d b1=e a2=c b2=9 a3=5 b3=0 a4=d b4=d q0.out=dd l1,1=8a q1.in=41 a0=4 b0=1 a1=5 b1=c a2=7 b2=f a3=8 b3=0 a4=0 b4=b q1.out=b0 l0,1=8b q1.in=e3 a0=e b0=3 a1=d b1=7 a2=a b2=7 a3=d b3=1 a4=b b4=9 q1.out=9b

q1.in=27 a0=2 b0=7 a1=5 b1=9 a2=7 b2=d a3=a b3=1 a4=d b4=9 q1.out=9d l1,0=18 q1.in=89 a0=8 b0=9 a1=1 b1=4 a2=8 b2=4 a3=c b3=a a4=2 b4=7 q1.out=72 l0,0=81 q0.in=ae a0=a b0=e a1=4 b1=d a2=6 b2=0 a3=6 b3=6 a4=9 b4=6 q0.out=69

q0.in=7e a0=7 b0=e a1=9 b1=8 a2=b b2=f a3=4 b3=c a4=6 b4=8 q0.out=86 l1,3=14 q0.in=9e a0=9 b0=e a1=7 b1=6 a2=2 b2=3 a3=1 b3=b a4=a b4=0 q0.out=0a l0,3=dc q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c

q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37 l1,2=9c q0.in=bd a0=b b0=d a1=6 b1=d a2=3 b2=0 a3=3 b3=b a4=e b4=0 q0.out=0e l0,2=53 q0.in=85 a0=8 b0=5 a1=d b1=2 a2=c b2=b a3=7 b3=1 a4=0 b4=7 q0.out=70

q0.in=3b a0=3 b0=b a1=8 b1=6 a2=0 b2=3 a3=3 b3=9 a4=e b4=b q0.out=be l1,1=8a q1.in=22 a0=2 b0=2 a1=0 b1=3 a2=2 b2=b a3=9 b3=f a4=e b4=a q1.out=ae l0,1=8b q1.in=fd a0=f b0=d a1=2 b1=9 a2=b b2=d a3=6 b3=d a4=9 b4=0 q1.out=09

q1.in=7e a0=7 b0=e a1=9 b1=8 a2=1 b2=6 a3=7 b3=a a4=a b4=7 q1.out=7a l1,0=18 q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b l0,0=81 q0.in=f7 a0=f b0=7 a1=8 b1=c a2=0 b2=7 a3=7 b3=b a4=0 b4=0 q0.out=00

y0 = ce	y1 = b2	y2 = 9b	y3 = 69	y0 = 1c	y1 = 70	y2 = 09	y3 = 00
MDS input = Y = y0y1y2y3 = ceb29b69				MDS input = Y = y0y1y2y3 = 1c700900

MDS output = Z = z0z1z2z3 = c7f9361f

MDS output = Z = z0z1z2z3 = 19ae7084

z0 = c7

z1 = f9

z2 = 36

z3 = 1f

z0 = 19

z1 = ae

z2 = 70

z3 = 84

T0 = g(R0) = c7f9361f

T1 = g(ROL(R1, 8)) = 19ae7084

F13,0 = (T0 + T1 + K34) mod 232 = (c7f9361f + 19ae7084 + 6ae813f4) mod 232 = (1f36f9c7(big endian) + 8470ae19(big endian) + f413e86a(big endian)) mod 232 = 97bb904a(big endian) = 4a90bb97.

F13,1 = (T0 + 2T1 + K35) mod 232 = (c7f9361f + 2[19ae7084] + f3d8d036) mod 232 = (1f36f9c7(big endian) + 2[8470ae19(big endian)] + 36d0d8f3(big endian)) mod 232 = (1f36f9c7(big endian) + 08e15c32(big endian) + 36d0d8f3(big endian)) mod 232 = 5ee92eec(big endian) = ec2ee95e.

R13,0  =  ROL(R14, 2,  1)    F13,0) =  ROL(46ca54b6,  1)   4a90bb97 =  ROL(b654ca46(big endian),  1)    4a90bb97 =  6ca9948d(big endian)    4a90bb97 =  8d94a96c   4a90bb97 =  c70412fb.

R13,1  =  ROR(R14, 3    F13,1,  1) =  ROR(13d13a5c    ec2ee95e,  1) =  ROR(ffffd302, 1) =  ROR(02d3ffff(big endian),  1) =  8169ffff(big endian) =  ffff6981

R13,2 = R14,0 = 67790d27

R13,3 = R14,1 = 143b7e7e

 

Decryption of ciphertext block 4, round r=12

g input = X = x0x1x2x3 = R13,0 = c70412fb

g input = X = x0x1x2x3 = ROL(R13,1,  8) = ROL(ffff6981 ,  8) = ROL(8169ffff(big endian),  8) = 69ffff81(big endian) = 81ffff69.

x0 = c7

x1 = 04

x2 = 12

x3 = fb

x0 = 81

x1 = ff

x2 = ff

x3 = 69

y2,0 = c7

y2,1 = 04

y2,2 = 12

y2,3 = fb

y2,0 = 81

y2,1 = ff

y2,2 = ff

y2,3 = 69

q0.in=c7 a0=c b0=7 a1=b b1=7 a2=9 b2=5 a3=c b3=b a4=2 b4=0 q0.out=02 l1,3=14 q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,3=dc q1.in=b6 a0=b b0=6 a1=d b1=0 a2=a b2=1 a3=b b3=2 a4=8 b4=5 q1.out=58

q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db l1,2=9c q0.in=51 a0=5 b0=1 a1=4 b1=5 a2=6 b2=2 a3=4 b3=7 a4=6 b4=e q0.out=e6 l0,2=53 q0.in=6d a0=6 b0=d a1=b b1=8 a2=9 b2=f a3=6 b3=e a4=9 b4=c q0.out=c9

q0.in=12 a0=1 b0=2 a1=3 b1=8 a2=d b2=f a3=2 b3=a a4=5 b4=3 q0.out=35 l1,1=8a q1.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=3 b4=2 q1.out=23 l0,1=8b q1.in=70 a0=7 b0=0 a1=7 b1=f a2=e b2=8 a3=6 b3=a a4=9 b4=7 q1.out=79

q1.in=fb a0=f b0=b a1=4 b1=a a2=f b2=a a3=5 b3=2 a4=6 b4=5 q1.out=56 l1,0=18 q1.in=42 a0=4 b0=2 a1=6 b1=5 a2=6 b2=c a3=a b3=0 a4=d b4=b q1.out=bd l0,0=81 q0.in=61 a0=6 b0=1 a1=7 b1=e a2=2 b2=9 a3=b b3=e a4=3 b4=c q0.out=c3

q0.in=81 a0=8 b0=1 a1=9 b1=0 a2=b b2=e a3=5 b3=4 a4=d b4=1 q0.out=1d l1,3=14 q0.in=05 a0=0 b0=5 a1=5 b1=a a2=f b2=a a3=5 b3=2 a4=d b4=f q0.out=fd l0,3=dc q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e

q1.in=ff a0=f b0=f a1=0 b1=8 a2=2 b2=6 a3=4 b3=1 a4=1 b4=9 q1.out=91 l1,2=9c q0.in=1b a0=1 b0=b a1=a b1=4 a2=5 b2=1 a3=4 b3=5 a4=6 b4=2 q0.out=26 l0,2=53 q0.in=ad a0=a b0=d a1=7 b1=4 a2=2 b2=1 a3=3 b3=a a4=e b4=3 q0.out=3e

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=69 a0=6 b0=9 a1=f b1=a a2=5 b2=a a3=f b3=8 a4=f b4=6 q1.out=6f l1,0=18 q1.in=7b a0=7 b0=b a1=c b1=2 a2=0 b2=2 a3=2 b3=1 a4=7 b4=9 q1.out=97 l0,0=81 q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b

y0 = 58	y1 = c9	y2 = 79	y3 = c3	y0 = 7e	y1 = 3e	y2 = 5d	y3 = 6b
MDS input = Y = y0y1y2y3 = 58c979c3				MDS input = Y = y0y1y2y3 = 7e3e5d6b

MDS output = Z = z0z1z2z3 = 09497203

MDS output = Z = z0z1z2z3 = 6bae2cc1

z0 = 09

z1 = 49

z2 = 72

z3 = 03

z0 = 6b

z1 = ae

z2 = 2c

z3 = c1

T0 = g(R0) = 09497203

T1 = g(ROL(R1, 8)) = 6bae2cc1

F12,0 = (T0 + T1 + K32) mod 232 = (09497203 + 6bae2cc1 + 165703a2) mod 232 = (03724909(big endian) + c12cae6b(big endian) + a2035716(big endian)) mod 232 = 66a24e8a(big endian) = 8a4ea266.

F12,1 = (T0 + 2T1 + K33) mod 232 = (09497203 + 2[6bae2cc1] + bdabf862) mod 232 = (03724909(big endian) + 2[c12cae6b(big endian)] + 62f8abbd(big endian)) mod 232 = (03724909(big endian) + 82595cd6(big endian) + 62f8abbd(big endian)) mod 232 = e8c4519c(big endian) = 9c51c4e8.

R12,0  =  ROL(R13, 2,  1)    F12,0) =  ROL(67790d27,  1)   8a4ea266 =  ROL(270d7967(big endian),  1)    8a4ea266 =  4e1af2ce(big endian)    8a4ea266 =  cef21a4e   8a4ea266 =  44bcb828.

R12,1  =  ROR(R13, 3    F12,1,  1) =  ROR(143b7e7e    9c51c4e8,  1) =  ROR(886aba96, 1) =  ROR(96ba6a88(big endian),  1) =  4b5d3544(big endian) =  44355d4b

R12,2 = R13,0 = c70412fb

R12,3 = R13,1 = ffff6981

 

Decryption of ciphertext block 4, round r=11

g input = X = x0x1x2x3 = R12,0 = 44bcb828

g input = X = x0x1x2x3 = ROL(R12,1,  8) = ROL(44355d4b ,  8) = ROL(4b5d3544(big endian),  8) = 5d35444b(big endian) = 4b44355d.

x0 = 44

x1 = bc

x2 = b8

x3 = 28

x0 = 4b

x1 = 44

x2 = 35

x3 = 5d

y2,0 = 44

y2,1 = bc

y2,2 = b8

y2,3 = 28

y2,0 = 4b

y2,1 = 44

y2,2 = 35

y2,3 = 5d

q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73 l1,3=14 q0.in=6b a0=6 b0=b a1=d b1=b a2=c b2=6 a3=a b3=f a4=f b4=a q0.out=af l0,3=dc q1.in=2e a0=2 b0=e a1=c b1=5 a2=0 b2=c a3=c b3=6 a4=2 b4=d q1.out=d2

q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l1,2=9c q0.in=ed a0=e b0=d a1=3 b1=0 a2=d b2=e a3=3 b3=2 a4=e b4=f q0.out=fe l0,2=53 q0.in=75 a0=7 b0=5 a1=2 b1=5 a2=7 b2=2 a3=5 b3=e a4=d b4=c q0.out=cd

q0.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=5 a3=8 b3=f a4=c b4=a q0.out=ac l1,1=8a q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0 l0,1=8b q1.in=f3 a0=f b0=3 a1=c b1=e a2=0 b2=0 a3=0 b3=0 a4=4 b4=b q1.out=b4

q1.in=28 a0=2 b0=8 a1=a b1=6 a2=9 b2=3 a3=a b3=8 a4=d b4=6 q1.out=6d l1,0=18 q1.in=79 a0=7 b0=9 a1=e b1=3 a2=c b2=b a3=7 b3=1 a4=a b4=9 q1.out=9a l0,0=81 q0.in=46 a0=4 b0=6 a1=2 b1=7 a2=7 b2=5 a3=2 b3=5 a4=5 b4=2 q0.out=25

q0.in=4b a0=4 b0=b a1=f b1=9 a2=4 b2=4 a3=0 b3=6 a4=b b4=6 q0.out=6b l1,3=14 q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l0,3=dc q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80

q1.in=44 a0=4 b0=4 a1=0 b1=6 a2=2 b2=3 a3=1 b3=b a4=c b4=f q1.out=fc l1,2=9c q0.in=76 a0=7 b0=6 a1=1 b1=c a2=1 b2=7 a3=6 b3=2 a4=9 b4=f q0.out=f9 l0,2=53 q0.in=72 a0=7 b0=2 a1=5 b1=e a2=f b2=9 a3=6 b3=b a4=9 b4=0 q0.out=09

q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l1,1=8a q1.in=cd a0=c b0=d a1=1 b1=2 a2=8 b2=2 a3=a b3=9 a4=d b4=4 q1.out=4d l0,1=8b q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06

q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l1,0=18 q1.in=c4 a0=c b0=4 a1=8 b1=e a2=3 b2=0 a3=3 b3=b a4=5 b4=f q1.out=f5 l0,0=81 q0.in=29 a0=2 b0=9 a1=b b1=e a2=9 b2=9 a3=0 b3=d a4=b b4=5 q0.out=5b

y0 = d2	y1 = cd	y2 = b4	y3 = 25	y0 = 80	y1 = 09	y2 = 06	y3 = 5b
MDS input = Y = y0y1y2y3 = d2cdb425				MDS input = Y = y0y1y2y3 = 8009065b

MDS output = Z = z0z1z2z3 = 4bc2fb43

MDS output = Z = z0z1z2z3 = 71aa8dfa

z0 = 4b

z1 = c2

z2 = fb

z3 = 43

z0 = 71

z1 = aa

z2 = 8d

z3 = fa

T0 = g(R0) = 4bc2fb43

T1 = g(ROL(R1, 8)) = 71aa8dfa

F11,0 = (T0 + T1 + K30) mod 232 = (4bc2fb43 + 71aa8dfa + fd2d59b8) mod 232 = (43fbc24b(big endian) + fa8daa71(big endian) + b8592dfd(big endian)) mod 232 = f6e29ab9(big endian) = b99ae2f6.

F11,1 = (T0 + 2T1 + K31) mod 232 = (4bc2fb43 + 2[71aa8dfa] + 9c51af49) mod 232 = (43fbc24b(big endian) + 2[fa8daa71(big endian)] + 49af519c(big endian)) mod 232 = (43fbc24b(big endian) + f51b54e2(big endian) + 49af519c(big endian)) mod 232 = 82c668c9(big endian) = c968c682.

R11,0  =  ROL(R12, 2,  1)    F11,0) =  ROL(c70412fb,  1)   b99ae2f6 =  ROL(fb1204c7(big endian),  1)    b99ae2f6 =  f624098f(big endian)    b99ae2f6 =  8f0924f6   b99ae2f6 =  3693c600.

R11,1  =  ROR(R12, 3    F11,1,  1) =  ROR(ffff6981    c968c682,  1) =  ROR(3697af03, 1) =  ROR(03af9736(big endian),  1) =  01d7cb9b(big endian) =  9bcbd701

R11,2 = R12,0 = 44bcb828

R11,3 = R12,1 = 44355d4b

 

Decryption of ciphertext block 4, round r=10

g input = X = x0x1x2x3 = R11,0 = 3693c600

g input = X = x0x1x2x3 = ROL(R11,1,  8) = ROL(9bcbd701 ,  8) = ROL(01d7cb9b(big endian),  8) = d7cb9b01(big endian) = 019bcbd7.

x0 = 36

x1 = 93

x2 = c6

x3 = 00

x0 = 01

x1 = 9b

x2 = cb

x3 = d7

y2,0 = 36

y2,1 = 93

y2,2 = c6

y2,3 = 00

y2,0 = 01

y2,1 = 9b

y2,2 = cb

y2,3 = d7

q0.in=36 a0=3 b0=6 a1=5 b1=8 a2=f b2=f a3=0 b3=8 a4=b b4=9 q0.out=9b l1,3=14 q0.in=83 a0=8 b0=3 a1=b b1=1 a2=9 b2=c a3=5 b3=7 a4=d b4=e q0.out=ed l0,3=dc q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40

q1.in=93 a0=9 b0=3 a1=a b1=8 a2=9 b2=6 a3=f b3=2 a4=f b4=5 q1.out=5f l1,2=9c q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l0,2=53 q0.in=4f a0=4 b0=f a1=b b1=b a2=9 b2=6 a3=f b3=2 a4=1 b4=f q0.out=f1

q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c l1,1=8a q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29 l0,1=8b q1.in=7a a0=7 b0=a a1=d b1=a a2=a b2=a a3=0 b3=f a4=4 b4=a q1.out=a4

q1.in=00 a0=0 b0=0 a1=0 b1=0 a2=2 b2=1 a3=3 b3=a a4=5 b4=7 q1.out=75 l1,0=18 q1.in=61 a0=6 b0=1 a1=7 b1=e a2=e b2=0 a3=e b3=e a4=3 b4=8 q1.out=83 l0,0=81 q0.in=5f a0=5 b0=f a1=a b1=2 a2=5 b2=b a3=e b3=0 a4=7 b4=d q0.out=d7

q0.in=01 a0=0 b0=1 a1=1 b1=8 a2=1 b2=f a3=e b3=6 a4=7 b4=6 q0.out=67 l1,3=14 q0.in=7f a0=7 b0=f a1=8 b1=0 a2=0 b2=e a3=e b3=7 a4=7 b4=e q0.out=e7 l0,3=dc q1.in=66 a0=6 b0=6 a1=0 b1=5 a2=2 b2=c a3=e b3=4 a4=3 b4=c q1.out=c3

q1.in=9b a0=9 b0=b a1=2 b1=c a2=b b2=f a3=4 b3=c a4=1 b4=2 q1.out=21 l1,2=9c q0.in=ab a0=a b0=b a1=1 b1=7 a2=1 b2=5 a3=4 b3=3 a4=6 b4=4 q0.out=46 l0,2=53 q0.in=cd a0=c b0=d a1=1 b1=2 a2=1 b2=b a3=a b3=4 a4=f b4=1 q0.out=1f

q0.in=cb a0=c b0=b a1=7 b1=1 a2=2 b2=c a3=e b3=4 a4=7 b4=1 q0.out=17 l1,1=8a q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l0,1=8b q1.in=4f a0=4 b0=f a1=b b1=b a2=4 b2=5 a3=1 b3=e a4=c b4=8 q1.out=8c

q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e l1,0=18 q1.in=8a a0=8 b0=a a1=2 b1=d a2=b b2=9 a3=2 b3=f a4=7 b4=a q1.out=a7 l0,0=81 q0.in=7b a0=7 b0=b a1=c b1=2 a2=e b2=b a3=5 b3=3 a4=d b4=4 q0.out=4d

y0 = 40	y1 = f1	y2 = a4	y3 = d7	y0 = c3	y1 = 1f	y2 = 8c	y3 = 4d
MDS input = Y = y0y1y2y3 = 40f1a4d7				MDS input = Y = y0y1y2y3 = c31f8c4d

MDS output = Z = z0z1z2z3 = 9a039052

MDS output = Z = z0z1z2z3 = 25f4243a

z0 = 9a

z1 = 03

z2 = 90

z3 = 52

z0 = 25

z1 = f4

z2 = 24

z3 = 3a

T0 = g(R0) = 9a039052

T1 = g(ROL(R1, 8)) = 25f4243a

F10,0 = (T0 + T1 + K28) mod 232 = (9a039052 + 25f4243a + fdcb3639) mod 232 = (5290039a(big endian) + 3a24f425(big endian) + 3936cbfd(big endian)) mod 232 = c5ebc3bc(big endian) = bcc3ebc5.

F10,1 = (T0 + 2T1 + K29) mod 232 = (9a039052 + 2[25f4243a] + d853ba91) mod 232 = (5290039a(big endian) + 2[3a24f425(big endian)] + 91ba53d8(big endian)) mod 232 = (5290039a(big endian) + 7449e84a(big endian) + 91ba53d8(big endian)) mod 232 = 58943fbc(big endian) = bc3f9458.

R10,0  =  ROL(R11, 2,  1)    F10,0) =  ROL(44bcb828,  1)   bcc3ebc5 =  ROL(28b8bc44(big endian),  1)    bcc3ebc5 =  51717888(big endian)    bcc3ebc5 =  88787151   bcc3ebc5 =  34bb9a94.

R10,1  =  ROR(R11, 3    F10,1,  1) =  ROR(44355d4b    bc3f9458,  1) =  ROR(f80ac913, 1) =  ROR(13c90af8(big endian),  1) =  09e4857c(big endian) =  7c85e409

R10,2 = R11,0 = 3693c600

R10,3 = R11,1 = 9bcbd701

 

Decryption of ciphertext block 4, round r=9

g input = X = x0x1x2x3 = R10,0 = 34bb9a94

g input = X = x0x1x2x3 = ROL(R10,1,  8) = ROL(7c85e409 ,  8) = ROL(09e4857c(big endian),  8) = e4857c09(big endian) = 097c85e4.

x0 = 34

x1 = bb

x2 = 9a

x3 = 94

x0 = 09

x1 = 7c

x2 = 85

x3 = e4

y2,0 = 34

y2,1 = bb

y2,2 = 9a

y2,3 = 94

y2,0 = 09

y2,1 = 7c

y2,2 = 85

y2,3 = e4

q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l1,3=14 q0.in=c1 a0=c b0=1 a1=d b1=4 a2=c b2=1 a3=d b3=4 a4=4 b4=1 q0.out=14 l0,3=dc q1.in=95 a0=9 b0=5 a1=c b1=b a2=0 b2=5 a3=5 b3=a a4=6 b4=7 q1.out=76

q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l1,2=9c q0.in=dd a0=d b0=d a1=0 b1=b a2=8 b2=6 a3=e b3=b a4=7 b4=0 q0.out=07 l0,2=53 q0.in=8c a0=8 b0=c a1=4 b1=e a2=6 b2=9 a3=f b3=a a4=1 b4=3 q0.out=31

q0.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=1 a3=c b3=d a4=2 b4=5 q0.out=52 l1,1=8a q1.in=ce a0=c b0=e a1=2 b1=b a2=b b2=5 a3=e b3=9 a4=3 b4=4 q1.out=43 l0,1=8b q1.in=10 a0=1 b0=0 a1=1 b1=9 a2=8 b2=d a3=5 b3=6 a4=6 b4=d q1.out=d6

q1.in=94 a0=9 b0=4 a1=d b1=3 a2=a b2=b a3=1 b3=7 a4=c b4=e q1.out=ec l1,0=18 q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16 l0,0=81 q0.in=ca a0=c b0=a a1=6 b1=9 a2=3 b2=4 a3=7 b3=9 a4=0 b4=b q0.out=b0

q0.in=09 a0=0 b0=9 a1=9 b1=c a2=b b2=7 a3=c b3=8 a4=2 b4=9 q0.out=92 l1,3=14 q0.in=8a a0=8 b0=a a1=2 b1=d a2=7 b2=0 a3=7 b3=f a4=0 b4=a q0.out=a0 l0,3=dc q1.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=a b4=b q1.out=ba

q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l1,2=9c q0.in=f4 a0=f b0=4 a1=b b1=5 a2=9 b2=2 a3=b b3=0 a4=3 b4=d q0.out=d3 l0,2=53 q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc

q0.in=85 a0=8 b0=5 a1=d b1=2 a2=c b2=b a3=7 b3=1 a4=0 b4=7 q0.out=70 l1,1=8a q1.in=ec a0=e b0=c a1=2 b1=8 a2=b b2=6 a3=d b3=0 a4=b b4=b q1.out=bb l0,1=8b q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12

q1.in=e4 a0=e b0=4 a1=a b1=c a2=9 b2=f a3=6 b3=e a4=9 b4=8 q1.out=89 l1,0=18 q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a l0,0=81 q0.in=c6 a0=c b0=6 a1=a b1=f a2=5 b2=d a3=8 b3=3 a4=c b4=4 q0.out=4c

y0 = 76	y1 = 31	y2 = d6	y3 = b0	y0 = ba	y1 = cc	y2 = 12	y3 = 4c
MDS input = Y = y0y1y2y3 = 7631d6b0				MDS input = Y = y0y1y2y3 = bacc124c

MDS output = Z = z0z1z2z3 = 76989175

MDS output = Z = z0z1z2z3 = de5ee945

z0 = 76

z1 = 98

z2 = 91

z3 = 75

z0 = de

z1 = 5e

z2 = e9

z3 = 45

T0 = g(R0) = 76989175

T1 = g(ROL(R1, 8)) = de5ee945

F9,0 = (T0 + T1 + K26) mod 232 = (76989175 + de5ee945 + d5b22d8a) mod 232 = (75919876(big endian) + 45e95ede(big endian) + 8a2db2d5(big endian)) mod 232 = 45a8aa29(big endian) = 29aaa845.

F9,1 = (T0 + 2T1 + K27) mod 232 = (76989175 + 2[de5ee945] + 66325910) mod 232 = (75919876(big endian) + 2[45e95ede(big endian)] + 10593266(big endian)) mod 232 = (75919876(big endian) + 8bd2bdbc(big endian) + 10593266(big endian)) mod 232 = 11bd8898(big endian) = 9888bd11.

R9,0  =  ROL(R10, 2,  1)    F9,0) =  ROL(3693c600,  1)   29aaa845 =  ROL(00c69336(big endian),  1)    29aaa845 =  018d266c(big endian)    29aaa845 =  6c268d01   29aaa845 =  458c2544.

R9,1  =  ROR(R10, 3    F9,1,  1) =  ROR(9bcbd701    9888bd11,  1) =  ROR(03436a10, 1) =  ROR(106a4303(big endian),  1) =  88352181(big endian) =  81213588

R9,2 = R10,0 = 34bb9a94

R9,3 = R10,1 = 7c85e409

 

Decryption of ciphertext block 4, round r=8

g input = X = x0x1x2x3 = R9,0 = 458c2544

g input = X = x0x1x2x3 = ROL(R9,1,  8) = ROL(81213588 ,  8) = ROL(88352181(big endian),  8) = 35218188(big endian) = 88812135.

x0 = 45

x1 = 8c

x2 = 25

x3 = 44

x0 = 88

x1 = 81

x2 = 21

x3 = 35

y2,0 = 45

y2,1 = 8c

y2,2 = 25

y2,3 = 44

y2,0 = 88

y2,1 = 81

y2,2 = 21

y2,3 = 35

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,3=14 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l0,3=dc q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=8c a0=8 b0=c a1=4 b1=e a2=f b2=0 a3=f b3=7 a4=f b4=e q1.out=ef l1,2=9c q0.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=7 a3=a b3=e a4=f b4=c q0.out=cf l0,2=53 q0.in=44 a0=4 b0=4 a1=0 b1=6 a2=8 b2=3 a3=b b3=1 a4=3 b4=7 q0.out=73

q0.in=25 a0=2 b0=5 a1=7 b1=8 a2=2 b2=f a3=d b3=d a4=4 b4=5 q0.out=54 l1,1=8a q1.in=c8 a0=c b0=8 a1=4 b1=8 a2=f b2=6 a3=9 b3=4 a4=e b4=c q1.out=ce l0,1=8b q1.in=9d a0=9 b0=d a1=4 b1=f a2=f b2=8 a3=7 b3=3 a4=a b4=1 q1.out=1a

q1.in=44 a0=4 b0=4 a1=0 b1=6 a2=2 b2=3 a3=1 b3=b a4=c b4=f q1.out=fc l1,0=18 q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l0,0=81 q0.in=ce a0=c b0=e a1=2 b1=b a2=7 b2=6 a3=1 b3=c a4=a b4=8 q0.out=8a

q0.in=88 a0=8 b0=8 a1=0 b1=c a2=8 b2=7 a3=f b3=3 a4=1 b4=4 q0.out=41 l1,3=14 q0.in=59 a0=5 b0=9 a1=c b1=1 a2=e b2=c a3=2 b3=8 a4=5 b4=9 q0.out=95 l0,3=dc q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37

q1.in=81 a0=8 b0=1 a1=9 b1=0 a2=1 b2=1 a3=0 b3=1 a4=4 b4=9 q1.out=94 l1,2=9c q0.in=1e a0=1 b0=e a1=f b1=e a2=4 b2=9 a3=d b3=8 a4=4 b4=9 q0.out=94 l0,2=53 q0.in=1f a0=1 b0=f a1=e b1=6 a2=a b2=3 a3=9 b3=3 a4=8 b4=4 q0.out=48

q0.in=21 a0=2 b0=1 a1=3 b1=a a2=d b2=a a3=7 b3=0 a4=0 b4=d q0.out=d0 l1,1=8a q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c l0,1=8b q1.in=2f a0=2 b0=f a1=d b1=d a2=a b2=9 a3=3 b3=6 a4=5 b4=d q1.out=d5

q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l1,0=18 q1.in=84 a0=8 b0=4 a1=c b1=a a2=0 b2=a a3=a b3=5 a4=d b4=3 q1.out=3d l0,0=81 q0.in=e1 a0=e b0=1 a1=f b1=6 a2=4 b2=3 a3=7 b3=d a4=0 b4=5 q0.out=50

y0 = ca	y1 = 73	y2 = 1a	y3 = 8a	y0 = 37	y1 = 48	y2 = d5	y3 = 50
MDS input = Y = y0y1y2y3 = ca731a8a				MDS input = Y = y0y1y2y3 = 3748d550

MDS output = Z = z0z1z2z3 = 726febe3

MDS output = Z = z0z1z2z3 = b79e9813

z0 = 72

z1 = 6f

z2 = eb

z3 = e3

z0 = b7

z1 = 9e

z2 = 98

z3 = 13

T0 = g(R0) = 726febe3

T1 = g(ROL(R1, 8)) = b79e9813

F8,0 = (T0 + T1 + K24) mod 232 = (726febe3 + b79e9813 + 97054619) mod 232 = (e3eb6f72(big endian) + 13989eb7(big endian) + 19460597(big endian)) mod 232 = 10ca13c0(big endian) = c013ca10.

F8,1 = (T0 + 2T1 + K25) mod 232 = (726febe3 + 2[b79e9813] + ccf7f077) mod 232 = (e3eb6f72(big endian) + 2[13989eb7(big endian)] + 77f0f7cc(big endian)) mod 232 = (e3eb6f72(big endian) + 27313d6e(big endian) + 77f0f7cc(big endian)) mod 232 = 830da4ac(big endian) = aca40d83.

R8,0  =  ROL(R9, 2,  1)    F8,0) =  ROL(34bb9a94,  1)   c013ca10 =  ROL(949abb34(big endian),  1)    c013ca10 =  29357669(big endian)    c013ca10 =  69763529   c013ca10 =  a965ff39.

R8,1  =  ROR(R9, 3    F8,1,  1) =  ROR(7c85e409    aca40d83,  1) =  ROR(d021e98a, 1) =  ROR(8ae921d0(big endian),  1) =  457490e8(big endian) =  e8907445

R8,2 = R9,0 = 458c2544

R8,3 = R9,1 = 81213588

 

Decryption of ciphertext block 4, round r=7

g input = X = x0x1x2x3 = R8,0 = a965ff39

g input = X = x0x1x2x3 = ROL(R8,1,  8) = ROL(e8907445 ,  8) = ROL(457490e8(big endian),  8) = 7490e845(big endian) = 45e89074.

x0 = a9

x1 = 65

x2 = ff

x3 = 39

x0 = 45

x1 = e8

x2 = 90

x3 = 74

y2,0 = a9

y2,1 = 65

y2,2 = ff

y2,3 = 39

y2,0 = 45

y2,1 = e8

y2,2 = 90

y2,3 = 74

q0.in=a9 a0=a b0=9 a1=3 b1=6 a2=d b2=3 a3=e b3=c a4=7 b4=8 q0.out=87 l1,3=14 q0.in=9f a0=9 b0=f a1=6 b1=e a2=3 b2=9 a3=a b3=7 a4=f b4=e q0.out=ef l0,3=dc q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b

q1.in=65 a0=6 b0=5 a1=3 b1=c a2=d b2=f a3=2 b3=a a4=7 b4=7 q1.out=77 l1,2=9c q0.in=fd a0=f b0=d a1=2 b1=9 a2=7 b2=4 a3=3 b3=d a4=e b4=5 q0.out=5e l0,2=53 q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4

q0.in=ff a0=f b0=f a1=0 b1=8 a2=8 b2=f a3=7 b3=7 a4=0 b4=e q0.out=e0 l1,1=8a q1.in=7c a0=7 b0=c a1=b b1=9 a2=4 b2=d a3=9 b3=a a4=e b4=7 q1.out=7e l0,1=8b q1.in=2d a0=2 b0=d a1=f b1=c a2=5 b2=f a3=a b3=2 a4=d b4=5 q1.out=5d

q1.in=39 a0=3 b0=9 a1=a b1=7 a2=9 b2=7 a3=e b3=a a4=3 b4=7 q1.out=73 l1,0=18 q1.in=67 a0=6 b0=7 a1=1 b1=d a2=8 b2=9 a3=1 b3=4 a4=c b4=c q1.out=cc l0,0=81 q0.in=10 a0=1 b0=0 a1=1 b1=9 a2=1 b2=4 a3=5 b3=b a4=d b4=0 q0.out=0d

q0.in=45 a0=4 b0=5 a1=1 b1=e a2=1 b2=9 a3=8 b3=5 a4=c b4=2 q0.out=2c l1,3=14 q0.in=34 a0=3 b0=4 a1=7 b1=9 a2=2 b2=4 a3=6 b3=0 a4=9 b4=d q0.out=d9 l0,3=dc q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca

q1.in=e8 a0=e b0=8 a1=6 b1=a a2=6 b2=a a3=c b3=3 a4=2 b4=1 q1.out=12 l1,2=9c q0.in=98 a0=9 b0=8 a1=1 b1=5 a2=1 b2=2 a3=3 b3=8 a4=e b4=9 q0.out=9e l0,2=53 q0.in=15 a0=1 b0=5 a1=4 b1=3 a2=6 b2=8 a3=e b3=2 a4=7 b4=f q0.out=f7

q0.in=90 a0=9 b0=0 a1=9 b1=1 a2=b b2=c a3=7 b3=5 a4=0 b4=2 q0.out=20 l1,1=8a q1.in=bc a0=b b0=c a1=7 b1=5 a2=e b2=c a3=2 b3=8 a4=7 b4=6 q1.out=67 l0,1=8b q1.in=34 a0=3 b0=4 a1=7 b1=9 a2=e b2=d a3=3 b3=0 a4=5 b4=b q1.out=b5

q1.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=9 a3=4 b3=9 a4=1 b4=4 q1.out=41 l1,0=18 q1.in=55 a0=5 b0=5 a1=0 b1=7 a2=2 b2=7 a3=5 b3=9 a4=6 b4=4 q1.out=46 l0,0=81 q0.in=9a a0=9 b0=a a1=3 b1=4 a2=d b2=1 a3=c b3=d a4=2 b4=5 q0.out=52

y0 = 2b	y1 = c4	y2 = 5d	y3 = 0d	y0 = ca	y1 = f7	y2 = b5	y3 = 52
MDS input = Y = y0y1y2y3 = 2bc45d0d				MDS input = Y = y0y1y2y3 = caf7b552

MDS output = Z = z0z1z2z3 = f8df2074

MDS output = Z = z0z1z2z3 = 11d96300

z0 = f8

z1 = df

z2 = 20

z3 = 74

z0 = 11

z1 = d9

z2 = 63

z3 = 00

T0 = g(R0) = f8df2074

T1 = g(ROL(R1, 8)) = 11d96300

F7,0 = (T0 + T1 + K22) mod 232 = (f8df2074 + 11d96300 + 25d0b3fc) mod 232 = (7420dff8(big endian) + 0063d911(big endian) + fcb3d025(big endian)) mod 232 = 7138892e(big endian) = 2e893871.

F7,1 = (T0 + 2T1 + K23) mod 232 = (f8df2074 + 2[11d96300] + eb1e6ea6) mod 232 = (7420dff8(big endian) + 2[0063d911(big endian)] + a66e1eeb(big endian)) mod 232 = (7420dff8(big endian) + 00c7b222(big endian) + a66e1eeb(big endian)) mod 232 = 1b56b105(big endian) = 05b1561b.

R7,0  =  ROL(R8, 2,  1)    F7,0) =  ROL(458c2544,  1)   2e893871 =  ROL(44258c45(big endian),  1)    2e893871 =  884b188a(big endian)    2e893871 =  8a184b88   2e893871 =  a49173f9.

R7,1  =  ROR(R8, 3    F7,1,  1) =  ROR(81213588    05b1561b,  1) =  ROR(84906393, 1) =  ROR(93639084(big endian),  1) =  49b1c842(big endian) =  42c8b149

R7,2 = R8,0 = a965ff39

R7,3 = R8,1 = e8907445

 

Decryption of ciphertext block 4, round r=6

g input = X = x0x1x2x3 = R7,0 = a49173f9

g input = X = x0x1x2x3 = ROL(R7,1,  8) = ROL(42c8b149 ,  8) = ROL(49b1c842(big endian),  8) = b1c84249(big endian) = 4942c8b1.

x0 = a4

x1 = 91

x2 = 73

x3 = f9

x0 = 49

x1 = 42

x2 = c8

x3 = b1

y2,0 = a4

y2,1 = 91

y2,2 = 73

y2,3 = f9

y2,0 = 49

y2,1 = 42

y2,2 = c8

y2,3 = b1

q0.in=a4 a0=a b0=4 a1=e b1=8 a2=a b2=f a3=5 b3=5 a4=d b4=2 q0.out=2d l1,3=14 q0.in=35 a0=3 b0=5 a1=6 b1=1 a2=3 b2=c a3=f b3=d a4=1 b4=5 q0.out=51 l0,3=dc q1.in=d0 a0=d b0=0 a1=d b1=5 a2=a b2=c a3=6 b3=c a4=9 b4=2 q1.out=29

q1.in=91 a0=9 b0=1 a1=8 b1=9 a2=3 b2=d a3=e b3=5 a4=3 b4=3 q1.out=33 l1,2=9c q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l0,2=53 q0.in=f4 a0=f b0=4 a1=b b1=5 a2=9 b2=2 a3=b b3=0 a4=3 b4=d q0.out=d3

q0.in=73 a0=7 b0=3 a1=4 b1=6 a2=6 b2=3 a3=5 b3=f a4=d b4=a q0.out=ad l1,1=8a q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,1=8b q1.in=d7 a0=d b0=7 a1=a b1=e a2=9 b2=0 a3=9 b3=1 a4=e b4=9 q1.out=9e

q1.in=f9 a0=f b0=9 a1=6 b1=b a2=6 b2=5 a3=3 b3=c a4=5 b4=2 q1.out=25 l1,0=18 q1.in=31 a0=3 b0=1 a1=2 b1=3 a2=b b2=b a3=0 b3=e a4=4 b4=8 q1.out=84 l0,0=81 q0.in=58 a0=5 b0=8 a1=d b1=9 a2=c b2=4 a3=8 b3=e a4=c b4=c q0.out=cc

q0.in=49 a0=4 b0=9 a1=d b1=8 a2=c b2=f a3=3 b3=3 a4=e b4=4 q0.out=4e l1,3=14 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l0,3=dc q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=42 a0=4 b0=2 a1=6 b1=5 a2=6 b2=c a3=a b3=0 a4=d b4=b q1.out=bd l1,2=9c q0.in=37 a0=3 b0=7 a1=4 b1=0 a2=6 b2=e a3=8 b3=1 a4=c b4=7 q0.out=7c l0,2=53 q0.in=f7 a0=f b0=7 a1=8 b1=c a2=0 b2=7 a3=7 b3=b a4=0 b4=0 q0.out=00

q0.in=c8 a0=c b0=8 a1=4 b1=8 a2=6 b2=f a3=9 b3=9 a4=8 b4=b q0.out=b8 l1,1=8a q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l0,1=8b q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47

q1.in=b1 a0=b b0=1 a1=a b1=b a2=9 b2=5 a3=c b3=b a4=2 b4=f q1.out=f2 l1,0=18 q1.in=e6 a0=e b0=6 a1=8 b1=d a2=3 b2=9 a3=a b3=7 a4=d b4=e q1.out=ed l0,0=81 q0.in=31 a0=3 b0=1 a1=2 b1=3 a2=7 b2=8 a3=f b3=b a4=1 b4=0 q0.out=01

y0 = 29	y1 = d3	y2 = 9e	y3 = cc	y0 = a3	y1 = 00	y2 = 47	y3 = 01
MDS input = Y = y0y1y2y3 = 29d39ecc				MDS input = Y = y0y1y2y3 = a3004701

MDS output = Z = z0z1z2z3 = 0f23d7b7

MDS output = Z = z0z1z2z3 = 404b28f4

z0 = 0f

z1 = 23

z2 = d7

z3 = b7

z0 = 40

z1 = 4b

z2 = 28

z3 = f4

T0 = g(R0) = 0f23d7b7

T1 = g(ROL(R1, 8)) = 404b28f4

F6,0 = (T0 + T1 + K20) mod 232 = (0f23d7b7 + 404b28f4 + 7b65df4c) mod 232 = (b7d7230f(big endian) + f4284b40(big endian) + 4cdf657b(big endian)) mod 232 = f8ded3ca(big endian) = cad3def8.

F6,1 = (T0 + 2T1 + K21) mod 232 = (0f23d7b7 + 2[404b28f4] + 2189e236) mod 232 = (b7d7230f(big endian) + 2[f4284b40(big endian)] + 36e28921(big endian)) mod 232 = (b7d7230f(big endian) + e8509680(big endian) + 36e28921(big endian)) mod 232 = d70a42b0(big endian) = b0420ad7.

R6,0  =  ROL(R7, 2,  1)    F6,0) =  ROL(a965ff39,  1)   cad3def8 =  ROL(39ff65a9(big endian),  1)    cad3def8 =  73fecb52(big endian)    cad3def8 =  52cbfe73   cad3def8 =  9818208b.

R6,1  =  ROR(R7, 3    F6,1,  1) =  ROR(e8907445    b0420ad7,  1) =  ROR(58d27e92, 1) =  ROR(927ed258(big endian),  1) =  493f692c(big endian) =  2c693f49

R6,2 = R7,0 = a49173f9

R6,3 = R7,1 = 42c8b149

 

Decryption of ciphertext block 4, round r=5

g input = X = x0x1x2x3 = R6,0 = 9818208b

g input = X = x0x1x2x3 = ROL(R6,1,  8) = ROL(2c693f49 ,  8) = ROL(493f692c(big endian),  8) = 3f692c49(big endian) = 492c693f.

x0 = 98

x1 = 18

x2 = 20

x3 = 8b

x0 = 49

x1 = 2c

x2 = 69

x3 = 3f

y2,0 = 98

y2,1 = 18

y2,2 = 20

y2,3 = 8b

y2,0 = 49

y2,1 = 2c

y2,2 = 69

y2,3 = 3f

q0.in=98 a0=9 b0=8 a1=1 b1=5 a2=1 b2=2 a3=3 b3=8 a4=e b4=9 q0.out=9e l1,3=14 q0.in=86 a0=8 b0=6 a1=e b1=b a2=a b2=6 a3=c b3=9 a4=2 b4=b q0.out=b2 l0,3=dc q1.in=33 a0=3 b0=3 a1=0 b1=2 a2=2 b2=2 a3=0 b3=3 a4=4 b4=1 q1.out=14

q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l1,2=9c q0.in=ba a0=b b0=a a1=1 b1=6 a2=1 b2=3 a3=2 b3=0 a4=5 b4=d q0.out=d5 l0,2=53 q0.in=5e a0=5 b0=e a1=b b1=a a2=9 b2=a a3=3 b3=4 a4=e b4=1 q0.out=1e

q0.in=20 a0=2 b0=0 a1=2 b1=2 a2=7 b2=b a3=c b3=2 a4=2 b4=f q0.out=f2 l1,1=8a q1.in=6e a0=6 b0=e a1=8 b1=1 a2=3 b2=e a3=d b3=c a4=b b4=2 q1.out=2b l0,1=8b q1.in=78 a0=7 b0=8 a1=f b1=b a2=5 b2=5 a3=0 b3=7 a4=4 b4=e q1.out=e4

q1.in=8b a0=8 b0=b a1=3 b1=5 a2=d b2=c a3=1 b3=3 a4=c b4=1 q1.out=1c l1,0=18 q1.in=08 a0=0 b0=8 a1=8 b1=4 a2=3 b2=4 a3=7 b3=9 a4=a b4=4 q1.out=4a l0,0=81 q0.in=96 a0=9 b0=6 a1=f b1=2 a2=4 b2=b a3=f b3=9 a4=1 b4=b q0.out=b1

q0.in=49 a0=4 b0=9 a1=d b1=8 a2=c b2=f a3=3 b3=3 a4=e b4=4 q0.out=4e l1,3=14 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6 l0,3=dc q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3

q1.in=2c a0=2 b0=c a1=e b1=4 a2=c b2=4 a3=8 b3=e a4=0 b4=8 q1.out=80 l1,2=9c q0.in=0a a0=0 b0=a a1=a b1=5 a2=5 b2=2 a3=7 b3=c a4=0 b4=8 q0.out=80 l0,2=53 q0.in=0b a0=0 b0=b a1=b b1=d a2=9 b2=0 a3=9 b3=1 a4=8 b4=7 q0.out=78

q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l1,1=8a q1.in=eb a0=e b0=b a1=5 b1=3 a2=7 b2=b a3=c b3=2 a4=2 b4=5 q1.out=52 l0,1=8b q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3

q1.in=3f a0=3 b0=f a1=c b1=4 a2=0 b2=4 a3=4 b3=2 a4=1 b4=5 q1.out=51 l1,0=18 q1.in=45 a0=4 b0=5 a1=1 b1=e a2=8 b2=0 a3=8 b3=8 a4=0 b4=6 q1.out=60 l0,0=81 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b

y0 = 14	y1 = 1e	y2 = e4	y3 = b1	y0 = a3	y1 = 78	y2 = f3	y3 = 4b
MDS input = Y = y0y1y2y3 = 141ee4b1				MDS input = Y = y0y1y2y3 = a378f34b

MDS output = Z = z0z1z2z3 = acad796d

MDS output = Z = z0z1z2z3 = 6f9833a3

z0 = ac

z1 = ad

z2 = 79

z3 = 6d

z0 = 6f

z1 = 98

z2 = 33

z3 = a3

T0 = g(R0) = acad796d

T1 = g(ROL(R1, 8)) = 6f9833a3

F5,0 = (T0 + T1 + K18) mod 232 = (acad796d + 6f9833a3 + d542f0e2) mod 232 = (6d79adac(big endian) + a333986f(big endian) + e2f042d5(big endian)) mod 232 = f39d88f0(big endian) = f0889df3.

F5,1 = (T0 + 2T1 + K19) mod 232 = (acad796d + 2[6f9833a3] + 9f8b15e9) mod 232 = (6d79adac(big endian) + 2[a333986f(big endian)] + e9158b9f(big endian)) mod 232 = (6d79adac(big endian) + 466730de(big endian) + e9158b9f(big endian)) mod 232 = 9cf66a29(big endian) = 296af69c.

R5,0  =  ROL(R6, 2,  1)    F5,0) =  ROL(a49173f9,  1)   f0889df3 =  ROL(f97391a4(big endian),  1)    f0889df3 =  f2e72349(big endian)    f0889df3 =  4923e7f2   f0889df3 =  b9ab7a01.

R5,1  =  ROR(R6, 3    F5,1,  1) =  ROR(42c8b149    296af69c,  1) =  ROR(6ba247d5, 1) =  ROR(d547a26b(big endian),  1) =  eaa3d135(big endian) =  35d1a3ea

R5,2 = R6,0 = 9818208b

R5,3 = R6,1 = 2c693f49

 

Decryption of ciphertext block 4, round r=4

g input = X = x0x1x2x3 = R5,0 = b9ab7a01

g input = X = x0x1x2x3 = ROL(R5,1,  8) = ROL(35d1a3ea ,  8) = ROL(eaa3d135(big endian),  8) = a3d135ea(big endian) = ea35d1a3.

x0 = b9

x1 = ab

x2 = 7a

x3 = 01

x0 = ea

x1 = 35

x2 = d1

x3 = a3

y2,0 = b9

y2,1 = ab

y2,2 = 7a

y2,3 = 01

y2,0 = ea

y2,1 = 35

y2,2 = d1

y2,3 = a3

q0.in=b9 a0=b b0=9 a1=2 b1=f a2=7 b2=d a3=a b3=1 a4=f b4=7 q0.out=7f l1,3=14 q0.in=67 a0=6 b0=7 a1=1 b1=d a2=1 b2=0 a3=1 b3=9 a4=a b4=b q0.out=ba l0,3=dc q1.in=3b a0=3 b0=b a1=8 b1=6 a2=3 b2=3 a3=0 b3=2 a4=4 b4=5 q1.out=54

q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l1,2=9c q0.in=95 a0=9 b0=5 a1=c b1=b a2=e b2=6 a3=8 b3=d a4=c b4=5 q0.out=5c l0,2=53 q0.in=d7 a0=d b0=7 a1=a b1=e a2=5 b2=9 a3=c b3=1 a4=2 b4=7 q0.out=72

q0.in=7a a0=7 b0=a a1=d b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=b q0.out=b9 l1,1=8a q1.in=25 a0=2 b0=5 a1=7 b1=8 a2=e b2=6 a3=8 b3=d a4=0 b4=0 q1.out=00 l0,1=8b q1.in=53 a0=5 b0=3 a1=6 b1=4 a2=6 b2=4 a3=2 b3=4 a4=7 b4=c q1.out=c7

q1.in=01 a0=0 b0=1 a1=1 b1=8 a2=8 b2=6 a3=e b3=b a4=3 b4=f q1.out=f3 l1,0=18 q1.in=e7 a0=e b0=7 a1=9 b1=5 a2=1 b2=c a3=d b3=f a4=b b4=a q1.out=ab l0,0=81 q0.in=77 a0=7 b0=7 a1=0 b1=4 a2=8 b2=1 a3=9 b3=0 a4=8 b4=d q0.out=d8

q0.in=ea a0=e b0=a a1=4 b1=b a2=6 b2=6 a3=0 b3=5 a4=b b4=2 q0.out=2b l1,3=14 q0.in=33 a0=3 b0=3 a1=0 b1=2 a2=8 b2=b a3=3 b3=5 a4=e b4=2 q0.out=2e l0,3=dc q1.in=af a0=a b0=f a1=5 b1=5 a2=7 b2=c a3=b b3=9 a4=8 b4=4 q1.out=48

q1.in=35 a0=3 b0=5 a1=6 b1=1 a2=6 b2=e a3=8 b3=1 a4=0 b4=9 q1.out=90 l1,2=9c q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l0,2=53 q0.in=bc a0=b b0=c a1=7 b1=5 a2=2 b2=2 a3=0 b3=3 a4=b b4=4 q0.out=4b

q0.in=d1 a0=d b0=1 a1=c b1=d a2=e b2=0 a3=e b3=e a4=7 b4=c q0.out=c7 l1,1=8a q1.in=5b a0=5 b0=b a1=e b1=0 a2=c b2=1 a3=d b3=4 a4=b b4=c q1.out=cb l0,1=8b q1.in=98 a0=9 b0=8 a1=1 b1=5 a2=8 b2=c a3=4 b3=e a4=1 b4=8 q1.out=81

q1.in=a3 a0=a b0=3 a1=9 b1=3 a2=1 b2=b a3=a b3=4 a4=d b4=c q1.out=cd l1,0=18 q1.in=d9 a0=d b0=9 a1=4 b1=9 a2=f b2=d a3=2 b3=9 a4=7 b4=4 q1.out=47 l0,0=81 q0.in=9b a0=9 b0=b a1=2 b1=c a2=7 b2=7 a3=0 b3=4 a4=b b4=1 q0.out=1b

y0 = 54	y1 = 72	y2 = c7	y3 = d8	y0 = 48	y1 = 4b	y2 = 81	y3 = 1b
MDS input = Y = y0y1y2y3 = 5472c7d8				MDS input = Y = y0y1y2y3 = 484b811b

MDS output = Z = z0z1z2z3 = 41b5f438

MDS output = Z = z0z1z2z3 = 666802c9

z0 = 41

z1 = b5

z2 = f4

z3 = 38

z0 = 66

z1 = 68

z2 = 02

z3 = c9

T0 = g(R0) = 41b5f438

T1 = g(ROL(R1, 8)) = 666802c9

F4,0 = (T0 + T1 + K16) mod 232 = (41b5f438 + 666802c9 + 19c3630c) mod 232 = (38f4b541(big endian) + c9026866(big endian) + 0c63c319(big endian)) mod 232 = 0e5ae0c0(big endian) = c0e05a0e.

F4,1 = (T0 + 2T1 + K17) mod 232 = (41b5f438 + 2[666802c9] + 5bc0b2cc) mod 232 = (38f4b541(big endian) + 2[c9026866(big endian)] + ccb2c05b(big endian)) mod 232 = (38f4b541(big endian) + 9204d0cc(big endian) + ccb2c05b(big endian)) mod 232 = 97ac4668(big endian) = 6846ac97.

R4,0  =  ROL(R5, 2,  1)    F4,0) =  ROL(9818208b,  1)   c0e05a0e =  ROL(8b201898(big endian),  1)    c0e05a0e =  16403131(big endian)    c0e05a0e =  31314016   c0e05a0e =  f1d11a18.

R4,1  =  ROR(R5, 3    F4,1,  1) =  ROR(2c693f49    6846ac97,  1) =  ROR(442f93de, 1) =  ROR(de932f44(big endian),  1) =  6f4997a2(big endian) =  a297496f

R4,2 = R5,0 = b9ab7a01

R4,3 = R5,1 = 35d1a3ea

 

Decryption of ciphertext block 4, round r=3

g input = X = x0x1x2x3 = R4,0 = f1d11a18

g input = X = x0x1x2x3 = ROL(R4,1,  8) = ROL(a297496f ,  8) = ROL(6f4997a2(big endian),  8) = 4997a26f(big endian) = 6fa29749.

x0 = f1

x1 = d1

x2 = 1a

x3 = 18

x0 = 6f

x1 = a2

x2 = 97

x3 = 49

y2,0 = f1

y2,1 = d1

y2,2 = 1a

y2,3 = 18

y2,0 = 6f

y2,1 = a2

y2,2 = 97

y2,3 = 49

q0.in=f1 a0=f b0=1 a1=e b1=f a2=a b2=d a3=7 b3=4 a4=0 b4=1 q0.out=10 l1,3=14 q0.in=08 a0=0 b0=8 a1=8 b1=4 a2=0 b2=1 a3=1 b3=8 a4=a b4=9 q0.out=9a l0,3=dc q1.in=1b a0=1 b0=b a1=a b1=4 a2=9 b2=4 a3=d b3=3 a4=b b4=1 q1.out=1b

q1.in=d1 a0=d b0=1 a1=c b1=d a2=0 b2=9 a3=9 b3=c a4=e b4=2 q1.out=2e l1,2=9c q0.in=a4 a0=a b0=4 a1=e b1=8 a2=a b2=f a3=5 b3=5 a4=d b4=2 q0.out=2d l0,2=53 q0.in=a6 a0=a b0=6 a1=c b1=9 a2=e b2=4 a3=a b3=c a4=f b4=8 q0.out=8f

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,1=8a q1.in=ab a0=a b0=b a1=1 b1=7 a2=8 b2=7 a3=f b3=3 a4=f b4=1 q1.out=1f l0,1=8b q1.in=4c a0=4 b0=c a1=8 b1=2 a2=3 b2=2 a3=1 b3=a a4=c b4=7 q1.out=7c

q1.in=18 a0=1 b0=8 a1=9 b1=d a2=1 b2=9 a3=8 b3=5 a4=0 b4=3 q1.out=30 l1,0=18 q1.in=24 a0=2 b0=4 a1=6 b1=0 a2=6 b2=1 a3=7 b3=e a4=a b4=8 q1.out=8a l0,0=81 q0.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=9 a3=4 b3=9 a4=6 b4=b q0.out=b6

q0.in=6f a0=6 b0=f a1=9 b1=9 a2=b b2=4 a3=f b3=1 a4=1 b4=7 q0.out=71 l1,3=14 q0.in=69 a0=6 b0=9 a1=f b1=a a2=4 b2=a a3=e b3=1 a4=7 b4=7 q0.out=77 l0,3=dc q1.in=f6 a0=f b0=6 a1=9 b1=4 a2=1 b2=4 a3=5 b3=b a4=6 b4=f q1.out=f6

q1.in=a2 a0=a b0=2 a1=8 b1=b a2=3 b2=5 a3=6 b3=1 a4=9 b4=9 q1.out=99 l1,2=9c q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98 l0,2=53 q0.in=13 a0=1 b0=3 a1=2 b1=0 a2=7 b2=e a3=9 b3=8 a4=8 b4=9 q0.out=98

q0.in=97 a0=9 b0=7 a1=e b1=a a2=a b2=a a3=0 b3=f a4=b b4=a q0.out=ab l1,1=8a q1.in=37 a0=3 b0=7 a1=4 b1=0 a2=f b2=1 a3=e b3=f a4=3 b4=a q1.out=a3 l0,1=8b q1.in=f0 a0=f b0=0 a1=f b1=7 a2=5 b2=7 a3=2 b3=6 a4=7 b4=d q1.out=d7

q1.in=49 a0=4 b0=9 a1=d b1=8 a2=a b2=6 a3=c b3=9 a4=2 b4=4 q1.out=42 l1,0=18 q1.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=0 a3=d b3=5 a4=b b4=3 q1.out=3b l0,0=81 q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8

y0 = 1b	y1 = 8f	y2 = 7c	y3 = b6	y0 = f6	y1 = 98	y2 = d7	y3 = f8
MDS input = Y = y0y1y2y3 = 1b8f7cb6				MDS input = Y = y0y1y2y3 = f698d7f8

MDS output = Z = z0z1z2z3 = e6a900b7

MDS output = Z = z0z1z2z3 = cea6d789

z0 = e6

z1 = a9

z2 = 00

z3 = b7

z0 = ce

z1 = a6

z2 = d7

z3 = 89

T0 = g(R0) = e6a900b7

T1 = g(ROL(R1, 8)) = cea6d789

F3,0 = (T0 + T1 + K14) mod 232 = (e6a900b7 + cea6d789 + 281a4854) mod 232 = (b700a9e6(big endian) + 89d7a6ce(big endian) + 54481a28(big endian)) mod 232 = 95206adc(big endian) = dc6a2095.

F3,1 = (T0 + 2T1 + K15) mod 232 = (e6a900b7 + 2[cea6d789] + a0ddfa24) mod 232 = (b700a9e6(big endian) + 2[89d7a6ce(big endian)] + 24fadda0(big endian)) mod 232 = (b700a9e6(big endian) + 13af4d9c(big endian) + 24fadda0(big endian)) mod 232 = efaad522(big endian) = 22d5aaef.

R3,0  =  ROL(R4, 2,  1)    F3,0) =  ROL(b9ab7a01,  1)   dc6a2095 =  ROL(017aabb9(big endian),  1)    dc6a2095 =  02f55772(big endian)    dc6a2095 =  7257f502   dc6a2095 =  ae3dd597.

R3,1  =  ROR(R4, 3    F3,1,  1) =  ROR(35d1a3ea    22d5aaef,  1) =  ROR(17040905, 1) =  ROR(05090417(big endian),  1) =  8284820b(big endian) =  0b828482

R3,2 = R4,0 = f1d11a18

R3,3 = R4,1 = a297496f

 

Decryption of ciphertext block 4, round r=2

g input = X = x0x1x2x3 = R3,0 = ae3dd597

g input = X = x0x1x2x3 = ROL(R3,1,  8) = ROL(0b828482 ,  8) = ROL(8284820b(big endian),  8) = 84820b82(big endian) = 820b8284.

x0 = ae

x1 = 3d

x2 = d5

x3 = 97

x0 = 82

x1 = 0b

x2 = 82

x3 = 84

y2,0 = ae

y2,1 = 3d

y2,2 = d5

y2,3 = 97

y2,0 = 82

y2,1 = 0b

y2,2 = 82

y2,3 = 84

q0.in=ae a0=a b0=e a1=4 b1=d a2=6 b2=0 a3=6 b3=6 a4=9 b4=6 q0.out=69 l1,3=14 q0.in=71 a0=7 b0=1 a1=6 b1=7 a2=3 b2=5 a3=6 b3=1 a4=9 b4=7 q0.out=79 l0,3=dc q1.in=f8 a0=f b0=8 a1=7 b1=3 a2=e b2=b a3=5 b3=3 a4=6 b4=1 q1.out=16

q1.in=3d a0=3 b0=d a1=e b1=5 a2=c b2=c a3=0 b3=a a4=4 b4=7 q1.out=74 l1,2=9c q0.in=fe a0=f b0=e a1=1 b1=0 a2=1 b2=e a3=f b3=e a4=1 b4=c q0.out=c1 l0,2=53 q0.in=4a a0=4 b0=a a1=e b1=1 a2=a b2=c a3=6 b3=c a4=9 b4=8 q0.out=89

q0.in=d5 a0=d b0=5 a1=8 b1=f a2=0 b2=d a3=d b3=e a4=4 b4=c q0.out=c4 l1,1=8a q1.in=58 a0=5 b0=8 a1=d b1=9 a2=a b2=d a3=7 b3=4 a4=a b4=c q1.out=ca l0,1=8b q1.in=99 a0=9 b0=9 a1=0 b1=d a2=2 b2=9 a3=b b3=e a4=8 b4=8 q1.out=88

q1.in=97 a0=9 b0=7 a1=e b1=a a2=c b2=a a3=6 b3=9 a4=9 b4=4 q1.out=49 l1,0=18 q1.in=5d a0=5 b0=d a1=8 b1=3 a2=3 b2=b a3=8 b3=6 a4=0 b4=d q1.out=d0 l0,0=81 q0.in=0c a0=0 b0=c a1=c b1=6 a2=e b2=3 a3=d b3=7 a4=4 b4=e q0.out=e4

q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa l1,3=14 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb l0,3=dc q1.in=4a a0=4 b0=a a1=e b1=1 a2=c b2=e a3=2 b3=b a4=7 b4=f q1.out=f7

q1.in=0b a0=0 b0=b a1=b b1=d a2=4 b2=9 a3=d b3=8 a4=b b4=6 q1.out=6b l1,2=9c q0.in=e1 a0=e b0=1 a1=f b1=6 a2=4 b2=3 a3=7 b3=d a4=0 b4=5 q0.out=50 l0,2=53 q0.in=db a0=d b0=b a1=6 b1=8 a2=3 b2=f a3=c b3=4 a4=2 b4=1 q0.out=12

q0.in=82 a0=8 b0=2 a1=a b1=9 a2=5 b2=4 a3=1 b3=f a4=a b4=a q0.out=aa l1,1=8a q1.in=36 a0=3 b0=6 a1=5 b1=8 a2=7 b2=6 a3=1 b3=c a4=c b4=2 q1.out=2c l0,1=8b q1.in=7f a0=7 b0=f a1=8 b1=0 a2=3 b2=1 a3=2 b3=3 a4=7 b4=1 q1.out=17

q1.in=84 a0=8 b0=4 a1=c b1=a a2=0 b2=a a3=a b3=5 a4=d b4=3 q1.out=3d l1,0=18 q1.in=29 a0=2 b0=9 a1=b b1=e a2=4 b2=0 a3=4 b3=4 a4=1 b4=c q1.out=c1 l0,0=81 q0.in=1d a0=1 b0=d a1=c b1=7 a2=e b2=5 a3=b b3=4 a4=3 b4=1 q0.out=13

y0 = 16	y1 = 89	y2 = 88	y3 = e4	y0 = f7	y1 = 12	y2 = 17	y3 = 13
MDS input = Y = y0y1y2y3 = 168988e4				MDS input = Y = y0y1y2y3 = f7121713

MDS output = Z = z0z1z2z3 = 60ac7a16

MDS output = Z = z0z1z2z3 = 59df1a43

z0 = 60

z1 = ac

z2 = 7a

z3 = 16

z0 = 59

z1 = df

z2 = 1a

z3 = 43

T0 = g(R0) = 60ac7a16

T1 = g(ROL(R1, 8)) = 59df1a43

F2,0 = (T0 + T1 + K12) mod 232 = (60ac7a16 + 59df1a43 + a38a1320) mod 232 = (167aac60(big endian) + 431adf59(big endian) + 20138aa3(big endian)) mod 232 = 79a9165c(big endian) = 5c16a979.

F2,1 = (T0 + 2T1 + K13) mod 232 = (60ac7a16 + 2[59df1a43] + 0813350e) mod 232 = (167aac60(big endian) + 2[431adf59(big endian)] + 0e351308(big endian)) mod 232 = (167aac60(big endian) + 8635beb2(big endian) + 0e351308(big endian)) mod 232 = aae57e1a(big endian) = 1a7ee5aa.

R2,0  =  ROL(R3, 2,  1)    F2,0) =  ROL(f1d11a18,  1)   5c16a979 =  ROL(181ad1f1(big endian),  1)    5c16a979 =  3035a3e2(big endian)    5c16a979 =  e2a33530   5c16a979 =  beb59c49.

R2,1  =  ROR(R3, 3    F2,1,  1) =  ROR(a297496f    1a7ee5aa,  1) =  ROR(b8e9acc5, 1) =  ROR(c5ace9b8(big endian),  1) =  62d674dc(big endian) =  dc74d662

R2,2 = R3,0 = ae3dd597

R2,3 = R3,1 = 0b828482

 

Decryption of ciphertext block 4, round r=1

g input = X = x0x1x2x3 = R2,0 = beb59c49

g input = X = x0x1x2x3 = ROL(R2,1,  8) = ROL(dc74d662 ,  8) = ROL(62d674dc(big endian),  8) = d674dc62(big endian) = 62dc74d6.

x0 = be

x1 = b5

x2 = 9c

x3 = 49

x0 = 62

x1 = dc

x2 = 74

x3 = d6

y2,0 = be

y2,1 = b5

y2,2 = 9c

y2,3 = 49

y2,0 = 62

y2,1 = dc

y2,2 = 74

y2,3 = d6

q0.in=be a0=b b0=e a1=5 b1=4 a2=f b2=1 a3=e b3=f a4=7 b4=a q0.out=a7 l1,3=14 q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l0,3=dc q1.in=db a0=d b0=b a1=6 b1=8 a2=6 b2=6 a3=0 b3=5 a4=4 b4=3 q1.out=34

q1.in=b5 a0=b b0=5 a1=e b1=9 a2=c b2=d a3=1 b3=2 a4=c b4=5 q1.out=5c l1,2=9c q0.in=d6 a0=d b0=6 a1=b b1=6 a2=9 b2=3 a3=a b3=8 a4=f b4=9 q0.out=9f l0,2=53 q0.in=14 a0=1 b0=4 a1=5 b1=b a2=f b2=6 a3=9 b3=4 a4=8 b4=1 q0.out=18

q0.in=9c a0=9 b0=c a1=5 b1=7 a2=f b2=5 a3=a b3=d a4=f b4=5 q0.out=5f l1,1=8a q1.in=c3 a0=c b0=3 a1=f b1=5 a2=5 b2=c a3=9 b3=b a4=e b4=f q1.out=fe l0,1=8b q1.in=ad a0=a b0=d a1=7 b1=4 a2=e b2=4 a3=a b3=c a4=d b4=2 q1.out=2d

q1.in=49 a0=4 b0=9 a1=d b1=8 a2=a b2=6 a3=c b3=9 a4=2 b4=4 q1.out=42 l1,0=18 q1.in=56 a0=5 b0=6 a1=3 b1=e a2=d b2=0 a3=d b3=5 a4=b b4=3 q1.out=3b l0,0=81 q0.in=e7 a0=e b0=7 a1=9 b1=5 a2=b b2=2 a3=9 b3=2 a4=8 b4=f q0.out=f8

q0.in=62 a0=6 b0=2 a1=4 b1=7 a2=6 b2=5 a3=3 b3=c a4=e b4=8 q0.out=8e l1,3=14 q0.in=96 a0=9 b0=6 a1=f b1=2 a2=4 b2=b a3=f b3=9 a4=1 b4=b q0.out=b1 l0,3=dc q1.in=30 a0=3 b0=0 a1=3 b1=b a2=d b2=5 a3=8 b3=f a4=0 b4=a q1.out=a0

q1.in=dc a0=d b0=c a1=1 b1=3 a2=8 b2=b a3=3 b3=5 a4=5 b4=3 q1.out=35 l1,2=9c q0.in=bf a0=b b0=f a1=4 b1=c a2=6 b2=7 a3=1 b3=d a4=a b4=5 q0.out=5a l0,2=53 q0.in=d1 a0=d b0=1 a1=c b1=d a2=e b2=0 a3=e b3=e a4=7 b4=c q0.out=c7

q0.in=74 a0=7 b0=4 a1=3 b1=d a2=d b2=0 a3=d b3=5 a4=4 b4=2 q0.out=24 l1,1=8a q1.in=b8 a0=b b0=8 a1=3 b1=7 a2=d b2=7 a3=a b3=e a4=d b4=8 q1.out=8d l0,1=8b q1.in=de a0=d b0=e a1=3 b1=2 a2=d b2=2 a3=f b3=4 a4=f b4=c q1.out=cf

q1.in=d6 a0=d b0=6 a1=b b1=6 a2=4 b2=3 a3=7 b3=d a4=a b4=0 q1.out=0a l1,0=18 q1.in=1e a0=1 b0=e a1=f b1=e a2=5 b2=0 a3=5 b3=d a4=6 b4=0 q1.out=06 l0,0=81 q0.in=da a0=d b0=a a1=7 b1=0 a2=2 b2=e a3=c b3=5 a4=2 b4=2 q0.out=22

y0 = 34	y1 = 18	y2 = 2d	y3 = f8	y0 = a0	y1 = c7	y2 = cf	y3 = 22
MDS input = Y = y0y1y2y3 = 34182df8				MDS input = Y = y0y1y2y3 = a0c7cf22

MDS output = Z = z0z1z2z3 = 9c0daa23

MDS output = Z = z0z1z2z3 = e3a48040

z0 = 9c

z1 = 0d

z2 = aa

z3 = 23

z0 = e3

z1 = a4

z2 = 80

z3 = 40

T0 = g(R0) = 9c0daa23

T1 = g(ROL(R1, 8)) = e3a48040

F1,0 = (T0 + T1 + K10) mod 232 = (9c0daa23 + e3a48040 + 22166ed7) mod 232 = (23aa0d9c(big endian) + 4080a4e3(big endian) + d76e1622(big endian)) mod 232 = 3b98c8a1(big endian) = a1c8983b.

F1,1 = (T0 + 2T1 + K11) mod 232 = (9c0daa23 + 2[e3a48040] + 2547a011) mod 232 = (23aa0d9c(big endian) + 2[4080a4e3(big endian)] + 11a04725(big endian)) mod 232 = (23aa0d9c(big endian) + 810149c6(big endian) + 11a04725(big endian)) mod 232 = b64b9e87(big endian) = 879e4bb6.

R1,0  =  ROL(R2, 2,  1)    F1,0) =  ROL(ae3dd597,  1)   a1c8983b =  ROL(97d53dae(big endian),  1)    a1c8983b =  2faa7b5d(big endian)    a1c8983b =  5d7baa2f   a1c8983b =  fcb33214.

R1,1  =  ROR(R2, 3    F1,1,  1) =  ROR(0b828482    879e4bb6,  1) =  ROR(8c1ccf34, 1) =  ROR(34cf1c8c(big endian),  1) =  1a678e46(big endian) =  468e671a

R1,2 = R2,0 = beb59c49

R1,3 = R2,1 = dc74d662

 

Decryption of ciphertext block 4, round r=0

g input = X = x0x1x2x3 = R1,0 = fcb33214

g input = X = x0x1x2x3 = ROL(R1,1,  8) = ROL(468e671a ,  8) = ROL(1a678e46(big endian),  8) = 678e461a(big endian) = 1a468e67.

x0 = fc

x1 = b3

x2 = 32

x3 = 14

x0 = 1a

x1 = 46

x2 = 8e

x3 = 67

y2,0 = fc

y2,1 = b3

y2,2 = 32

y2,3 = 14

y2,0 = 1a

y2,1 = 46

y2,2 = 8e

y2,3 = 67

q0.in=fc a0=f b0=c a1=3 b1=1 a2=d b2=c a3=1 b3=3 a4=a b4=4 q0.out=4a l1,3=14 q0.in=52 a0=5 b0=2 a1=7 b1=c a2=2 b2=7 a3=5 b3=9 a4=d b4=b q0.out=bd l0,3=dc q1.in=3c a0=3 b0=c a1=f b1=d a2=5 b2=9 a3=c b3=1 a4=2 b4=9 q1.out=92

q1.in=b3 a0=b b0=3 a1=8 b1=a a2=3 b2=a a3=9 b3=e a4=e b4=8 q1.out=8e l1,2=9c q0.in=04 a0=0 b0=4 a1=4 b1=2 a2=6 b2=b a3=d b3=b a4=4 b4=0 q0.out=04 l0,2=53 q0.in=8f a0=8 b0=f a1=7 b1=7 a2=2 b2=5 a3=7 b3=8 a4=0 b4=9 q0.out=90

q0.in=32 a0=3 b0=2 a1=1 b1=a a2=1 b2=a a3=b b3=c a4=3 b4=8 q0.out=83 l1,1=8a q1.in=1f a0=1 b0=f a1=e b1=6 a2=c b2=3 a3=f b3=5 a4=f b4=3 q1.out=3f l0,1=8b q1.in=6c a0=6 b0=c a1=a b1=0 a2=9 b2=1 a3=8 b3=9 a4=0 b4=4 q1.out=40

q1.in=14 a0=1 b0=4 a1=5 b1=b a2=7 b2=5 a3=2 b3=5 a4=7 b4=3 q1.out=37 l1,0=18 q1.in=23 a0=2 b0=3 a1=1 b1=b a2=8 b2=5 a3=d b3=2 a4=b b4=5 q1.out=5b l0,0=81 q0.in=87 a0=8 b0=7 a1=f b1=3 a2=4 b2=8 a3=c b3=0 a4=2 b4=d q0.out=d2

q0.in=1a a0=1 b0=a a1=b b1=c a2=9 b2=7 a3=e b3=a a4=7 b4=3 q0.out=37 l1,3=14 q0.in=2f a0=2 b0=f a1=d b1=d a2=c b2=0 a3=c b3=c a4=2 b4=8 q0.out=82 l0,3=dc q1.in=03 a0=0 b0=3 a1=3 b1=9 a2=d b2=d a3=0 b3=b a4=4 b4=f q1.out=f4

q1.in=46 a0=4 b0=6 a1=2 b1=7 a2=b b2=7 a3=c b3=8 a4=2 b4=6 q1.out=62 l1,2=9c q0.in=e8 a0=e b0=8 a1=6 b1=a a2=3 b2=a a3=9 b3=e a4=8 b4=c q0.out=c8 l0,2=53 q0.in=43 a0=4 b0=3 a1=7 b1=d a2=2 b2=0 a3=2 b3=2 a4=5 b4=f q0.out=f5

q0.in=8e a0=8 b0=e a1=6 b1=f a2=3 b2=d a3=e b3=5 a4=7 b4=2 q0.out=27 l1,1=8a q1.in=bb a0=b b0=b a1=0 b1=e a2=2 b2=0 a3=2 b3=2 a4=7 b4=5 q1.out=57 l0,1=8b q1.in=04 a0=0 b0=4 a1=4 b1=2 a2=f b2=2 a3=d b3=6 a4=b b4=d q1.out=db

q1.in=67 a0=6 b0=7 a1=1 b1=d a2=8 b2=9 a3=1 b3=4 a4=c b4=c q1.out=cc l1,0=18 q1.in=d8 a0=d b0=8 a1=5 b1=1 a2=7 b2=e a3=9 b3=8 a4=e b4=6 q1.out=6e l0,0=81 q0.in=b2 a0=b b0=2 a1=9 b1=2 a2=b b2=b a3=0 b3=e a4=b b4=c q0.out=cb

y0 = 92	y1 = 90	y2 = 40	y3 = d2	y0 = f4	y1 = f5	y2 = db	y3 = cb
MDS input = Y = y0y1y2y3 = 929040d2				MDS input = Y = y0y1y2y3 = f4f5dbcb

MDS output = Z = z0z1z2z3 = 6c5c84f9

MDS output = Z = z0z1z2z3 = bc843c8b

z0 = 6c

z1 = 5c

z2 = 84

z3 = f9

z0 = bc

z1 = 84

z2 = 3c

z3 = 8b

T0 = g(R0) = 6c5c84f9

T1 = g(ROL(R1, 8)) = bc843c8b

F0,0 = (T0 + T1 + K8) mod 232 = (6c5c84f9 + bc843c8b + f595a22f) mod 232 = (f9845c6c(big endian) + 8b3c84bc(big endian) + 2fa295f5(big endian)) mod 232 = b463771d(big endian) = 1d7763b4.

F0,1 = (T0 + 2T1 + K9) mod 232 = (6c5c84f9 + 2[bc843c8b] + b3c6caca) mod 232 = (f9845c6c(big endian) + 2[8b3c84bc(big endian)] + cacac6b3(big endian)) mod 232 = (f9845c6c(big endian) + 16790978(big endian) + cacac6b3(big endian)) mod 232 = dac82c97(big endian) = 972cc8da.

R0,0  =  ROL(R1, 2,  1)    F0,0) =  ROL(beb59c49,  1)   1d7763b4 =  ROL(499cb5be(big endian),  1)    1d7763b4 =  93396b7c(big endian)    1d7763b4 =  7c6b3993   1d7763b4 =  611c5a27.

R0,1  =  ROR(R1, 3    F0,1,  1) =  ROR(dc74d662    972cc8da,  1) =  ROR(4b581eb8, 1) =  ROR(b81e584b(big endian),  1) =  dc0f2c25(big endian) =  252c0fdc

R0,2 = R1,0 = fcb33214

R0,3 = R1,1 = 468e671a

 

Decryption output unwhiten for block 4

P3 = R0,5 mod 4    K3 = R0,1    K3 = 252c0fdc    ae0b98a1  =  8b27977d

P2 = R0,4 mod 4    K2 = R0,0    K2 = 611c5a27    ea11ea78  =  8b0db05f

P1 = R0,3 mod 4    K1 = R0,3    K1 = 468e671a    02229b50  =  44acfc4a

P0 = R0,2 mod 4    K0 = R0,2    K0 = fcb33214    9bf1826a  =  6742b07e

 

Decryption of block 4 : Decryption CBC step: Xor of output unwhiten result with previous ciphertext block received

P0 = P '0 C0(previous round) = 6742b07e f7ed5965 = 90afe91b

P1 = P '1 C1(previous round) = 44acfc4a f624a805 = b288544f

P2 = P '2 C2(previous round) = 8b0db05f a73f6c7c = 2c32dc23

P3 = P '3 C3(previous round) = 8b27977d 1001a29b = 9b2635e6

 

Plaintext result for decryption of block 4

p0 = [P0 2[8(0 mod 4)]] mod 28 = [90afe91b 20] mod 28 = [1be9af90(big endian) 20] mod 28 = 90

p1 = [P0 2[8(1 mod 4)]] mod 28 = [90afe91b 28] mod 28 = [1be9af90(big endian) 28] mod 28 = af

p2 = [P0 2[8(2 mod 4)]] mod 28 = [90afe91b 216] mod 28 = [1be9af90(big endian) 216] mod 28 = e9

p3 = [P0 2[8(3 mod 4)]] mod 28 = [90afe91b 224] mod 28 = [1be9af90(big endian) 224] mod 28 = 1b

p4 = [P1 2[8(4 mod 4)]] mod 28 = [b288544f 20] mod 28 = [4f5488b2(big endian) 20] mod 28 = b2

p5 = [P1 2[8(5 mod 4)]] mod 28 = [b288544f 28] mod 28 = [4f5488b2(big endian) 28] mod 28 = 88

p6 = [P1 2[8(6 mod 4)]] mod 28 = [b288544f 216] mod 28 = [4f5488b2(big endian) 216] mod 28 = 54

p7 = [P1 2[8(7 mod 4)]] mod 28 = [b288544f 224] mod 28 = [4f5488b2(big endian) 224] mod 28 = 4f

p8 = [P2 2[8(8 mod 4)]] mod 28 = [2c32dc23 20] mod 28 = [23dc322c(big endian) 20] mod 28 = 2c

p9 = [P2 2[8(9 mod 4)]] mod 28 = [2c32dc23 28] mod 28 = [23dc322c(big endian) 28] mod 28 = 32

p10 = [P2 2[8(10 mod 4)]] mod 28 = [2c32dc23 216] mod 28 = [23dc322c(big endian) 216] mod 28 = dc

p11 = [P2 2[8(11 mod 4)]] mod 28 = [2c32dc23 224] mod 28 = [23dc322c(big endian) 224] mod 28 = 23

p12 = [P3 2[8(12 mod 4)]] mod 28 = [9b2635e6 20] mod 28 = [e635269b(big endian) 20] mod 28 = 9b

p13 = [P3 2[8(13 mod 4)]] mod 28 = [9b2635e6 28] mod 28 = [e635269b(big endian) 28] mod 28 = 26

p14 = [P3 2[8(14 mod 4)]] mod 28 = [9b2635e6 216] mod 28 = [e635269b(big endian) 216] mod 28 = 35

p15 = [P3 2[8(15 mod 4)]] mod 28 = [9b2635e6 224] mod 28 = [e635269b(big endian) 224] mod 28 = e6

Plaintext block output = p0p1p2p3p4p5p6p7p8p9p10p11p12p13p14p15 = 90afe91bb288544f2c32dc239b2635e6