INFORMATION SECURITY

ASSIGNMENT 1

AES Algorithm
● The more popular and widely adopted symmetric encryption algorithm
likely to be encountered nowadays is the Advanced Encryption Standard
(AES) which is found at least six times faster than triple DES.
● A replacement for DES was needed as its key size was too small.
● With increasing computing power, it was considered vulnerable against
exhaustive key search attack.
● Triple DES was designed to overcome this drawback but it was found slow.
● The ​features ​of AES are as follows :
○ Symmetric key symmetric block cipher
○ 128-bit data, 128/192/256-bit keys
○ Stronger and faster than Triple-DES
○ Provide full specification and design details
○ Software implementable in C and Java
● Operation ​of AES
○ AES is an iterative rather than Feistel cipher.
○ It is based on ‘substitution–permutation network’.
○ It comprises of a series of linked operations, some of which involve
replacing inputs by specific outputs (substitutions) and others
involve shuffling bits around (permutations).
○ Interestingly, AES performs all its computations on bytes rather
than bits.
○ Hence, AES treats the 128 bits of a plaintext block as 16 bytes.
○ These 16 bytes are arranged in four columns and four rows for
processing as a matrix
○ Unlike DES, the number of rounds in AES is variable and depends
on the length of the key.
○ AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys
and 14 rounds for 256-bit keys.
○ Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
○ The ​schematic ​of AES structure:
● Encryption ​Process
○ Here, we restrict to description of a typical round of AES encryption.
○ Each round comprises of four sub-processes.
○ The ​first round​ process is:

○ Byte Substitution (​SubBytes​)

■ The 16 input bytes are substituted by looking up a fixed table
(S-box) given in design.
■ The result is in a matrix of four rows and four columns.
○ Shiftrows
■ Each of the four rows of the matrix is shifted to the left.
■ Any entries that ‘fall off’ are re-inserted on the right side of
the row.
■ Shift is carried out as follows −
● First row is not shifted.
● Second row is shifted one (byte) position to the left.
● Third row is shifted two positions to the left.
● Fourth row is shifted three positions to the left.
● The result is a new matrix consisting of the same 16
bytes but shifted with respect to each other.
○ MixColumns
■ Each column of four bytes is now transformed using a special
mathematical function.
■ This function takes as input the four bytes of one column and
outputs four completely new bytes, which replace the original
column.
■ The result is another new matrix consisting of 16 new bytes.
■ It should be noted that this step is not performed in the last
round.
○ Addroundkey
■ The 16 bytes of the matrix are now considered as 128 bits
and are XORed to the 128 bits of the round key.
 ■ If this is the last round then the output is the ciphertext.
■ Otherwise, the resulting 128 bits are interpreted as 16 bytes
and we begin another similar round.
● Decryption ​Process
○ The process of decryption of an AES ciphertext is similar to the
encryption process in the reverse order.
○ Each round consists of the four processes conducted in the reverse
order:
■ Add round key
■ Mix columns
■ Shift rows
■ Byte substitution
○ Since sub-processes in each round are in reverse manner, unlike for
a Feistel Cipher, the encryption and decryption algorithms needs to
be separately implemented, although they are very closely related.
● AES ​Analysis
○ In present day cryptography, AES is widely adopted and supported
in both hardware and software.
○ Till date, no practical cryptanalytic attacks against AES has been
discovered.
○ Additionally, AES has built-in flexibility of key length, which allows a
degree of ‘future-proofing’ against progress in the ability to perform
exhaustive key searches.
○ However, just as for DES, AES security is assured only if it is
correctly implemented and good key management is employed.

AES Example:
1. First, the data is divided into blocks.
● Under this method of encryption, the first thing that happens is that the
plaintext is separated into blocks.
● The block size of AES is 128-bits, so it separates the data into a
four-by-four column of sixteen bytes.
● If the message is “buy me some potato chips please” the first block looks
like this:

b m o p
u e m o
y e t
s a

● The “…to chips please” would normally just be added to the next block.

2. Key expansion
● Key expansion involves taking the initial key and using it to come up with
a series of other keys for each round of the encryption process.
● These new 128-bit round keys are derived with Rijndael’s key schedule,
which is essentially a simple and fast way to produce new key ciphers.
● If the initial key is “keys are boring1”:

k i
e a b n
y r o g
s e r 1

● Then each of the new keys might look something like this once Rijndael’s
key schedule has been used:

14 29 1h s5
h9 9f st 9f
gt 2h hq 73
ks dj df hb

3. Add round key

● In this step, because it is the first round, our initial key is added to the
block of our message:

b m o p
u e m o
y e t
s a
+

k i
e a b n
y r o g
s e r 1

● This is done with an XOR cipher, which is an additive encryption

algorithm.
● This mathematical operation gives us a result of:

h3 jd zu 7s
s8 7d 26 2n
dj 4b 9d 9c
74 el 2h hg

4. Substitute bytes
● In this step, each byte is substituted according to a predetermined table.
● This system is a little bit more complicated and doesn’t necessarily have
any logic to it.
● Instead, there is an established table that can be looked up by the
algorithm, which says, for example, that h3 becomes jb, s8 becomes 9f,
dj becomes 62 and so on.
● After this step, let’s say that the predetermined table gives us:

jb n3 kf n2
9f jj 1h js
74 wh 0d 18
hs 17 d6 px

5. Shift rows
● The second row is moved one space to the left, the third row is moved two
spaces to the left, and the fourth row is moved three spaces to the left.
● This gives us:

jb n3 kf n2
jj 1h js 9f
0d 18 74 wh
px hs 17 d6

6. Mix columns
● Each column has a mathematical equation applied to it in order to further
diffuse it.
● Let’s say that the operation gives us this result:

ls j4 2n ma
83 28 ke 9f
9w xm 3l m4
5b a9 cj ps

7. Add round key (again)

● We take the result of our mixed columns and add the first round key that
we derived:

ls j4 2n ma
83 28 ke 9f
9w xm 3l m4
5b a9 cj ps
+

14 29 1h s5
h9 9f st 9f
gt 2h hq 73
ks dj df hb
● Let’s say that this operation gives us the following result:

9d 5b 28 sf
ls df hf 3b
9t 28 hp 8f
62 7d 15 ah

8. Many more rounds…

● After the last round key was added, it goes back to the byte substitution
stage, where each value is changed according to a predetermined table.
● Once that’s done, it’s back to shift rows and moving each row to the left
by one, two or three spaces.
● Then it goes through the mix columns equation again.
● After that, another round key is added.
● AES has key sizes can be either 128, 192 or 256-bits.
● When a 128-bit key is used, there are nine of these rounds.
● When a 192-bit key is used, there are 11.
● When a 256-bit key is used, there are 13.
● So the data goes through the byte substitution, shift rows, mix columns
and round key steps up to thirteen times each, being altered at every
stage.
● After these nine, 11 or 13 rounds, there is one additional round in which
the data is only processed by the byte substitution, shift rows and add
round key steps, but not the mix columns step.