Scribd
Upload
11 views

CSchap 4

This document provides an overview of cryptography and the Advanced Encryption Standard (AES). It discusses the vulnerabilities of the Data Encryption Standard (DES) and how triple DES (3DES) and AES were developed to provide stronger encryption. It then focuses on the details of AES, including its key schedule algorithm, use of finite field arithmetic over bytes, and main transformations of SubBytes, ShiftRows, MixColumns, and AddRoundKey.

Uploaded by

hung kung
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

CSchap 4

This document provides an overview of cryptography and the Advanced Encryption Standard (AES). It discusses the vulnerabilities of the Data Encryption Standard (DES) and how triple DES (3DES) and AES were developed to provide stronger encryption. It then focuses on the details of AES, including its key schedule algorithm, use of finite field arithmetic over bytes, and main transformations of SubBytes, ShiftRows, MixColumns, and AddRoundKey.

Uploaded by

hung kung
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Cryptography And Security

Advanced Encryption Standard (AES)


A. SAMHAT

Lebanese University – Faculty of Engineering III, Semester IX


Outline

❑ Introduction
❑ 3DES
❑ Finite field arithmetic
❑ AES
▪General structure
▪Detailed structure
▪AES transformations
▪Key expansion algorithm
▪Etc.
❑ Summary

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Introduction
❑ Because of its vulnerability to brute-force attack, DES, once
the most widely used symmetric cipher, has been largely
replaced by stronger encryption schemes.
▪One approach is to design a completely new algorithm that is resistant
to both cryptanalytic and brute-force attacks, =>AES
▪Another alternative, which preserves the existing investment in software
and equipment, is to use multiple encryption with DES and multiple keys
= > triple DES (3DES) algorithm.

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


3DES
❑ Three-key 3DES is preferred Algorithm in this case
▪if K1=K2, then can work with single DES
❑ Standardized in ANSI X9.17 & ISO8732
❑ No current known practical attacks several proposed
impractical attacks might become basis of future attacks

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Finite Field Arithmetic
• In the Advanced Encryption Standard (AES) all operations
are performed on 8-bit bytes
• The arithmetic operations of addition, multiplication, and
division are performed over the finite field GF(28)
• A field is a set in which we can do addition, subtraction,
multiplication, and division without leaving the set
• Division is defined with the following rule: a /b = a (b-1 )

• An example of a finite field (one with a finite number of


elements) is the set Zp consisting of all the integers
{0, 1, . . . . , p - 1}, where p is a prime number and in which
arithmetic is carried out modulo p

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Finite Field Arithmetic
If one of the operations For convenience and for
used in the algorithm is implementation efficiency we
division, then we need to would like to work with
work in arithmetic defined integers that fit exactly into a
over a field given number of bits with no
• Division requires that each nonzero wasted bit patterns
element have a multiplicative • Integers in the range 0 through 2n
inverse – 1, which fit into an n-bit word

The set of such integers, Z2n, A finite field containing 2n


using modular arithmetic, is elements is referred to as
not a field GF(2n)
• Every polynomial in GF(2n) can be
• For example, the integer 2 has no
represented by an n-bit number
multiplicative inverse in Z2n, that is,
there is no integer b, such that 2b
mod 2n = 1

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


The AES Cipher -Rijndael
❑ Designed by Rijmen-Daemen in Belgium
❑ Key lengths: 128/192/256 bits Referred to as:
AES-128, AES-192 and AES-256
❑ Block size: 128 bits
❑ Iterative rather than Feistel cipher processes data
as block 4x4 matrix of bytes, operates on entire
data block in every round
❑ Design principles:
▪resistance against known attacks
▪speed and code compactness on many CPUs
▪design simplicity

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


AES Encryption Process

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


AES Parameters

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
Detailed Structure

• Processes the entire data block as a single matrix during each round using substitutions and
permutation
• The key that is provided as input , is expanded into an array of forty-four 32-bit words, w[i]
Four different stages are used:
• Substitute bytes – uses an S-box to perform a byte-by-byte substitution of the block
• ShiftRows – a simple permutation
• MixColumns – a substitution that makes use of arithmetic over GF(28)
• AddRoundKey – a simple bitwise XOR of the current block with a portion of the expanded key

• The cipher begins and ends with an AddRoundKey stage


• Can view the cipher as alternating operations of XOR encryption (AddRoundKey) of a block,
followed by scrambling of the block (the other three stages), followed by XOR encryption, and
so on
• Each stage is easily reversible
• The decryption algorithm makes use of the expanded key in reverse order, however the
decryption algorithm is not identical to the encryption algorithm
• State is the same for both encryption and decryption

A.

Samhat
Final round of both encryption and decryption consists of only three stages
Lebanese University – Faculty of Engineering III, Semester IX
AES Encryption
Round

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Substitute bytes
❑ Each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


(a) S-box
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
(b) Inverse S-box
(Table can be found on page 163 in textbook)
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
S-Box Rationale

❑ The S-box is designed to be resistant to known


cryptanalytic attacks
❑ The Rijndael developers sought a design that has a low
correlation between input bits and output bits and the
property that the output is not a linear mathematical
function of the input

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


ShiftRows
❑ A circular byte shift
▪1strow is unchanged
▪2ndrow does 1 byte circular shift to left
▪3rdrow does 2 byte circular shift to left
▪4throw does 3 byte circular shift to left
❑ Decrypt inverts using shifts to right

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Shift Row Rationale
• More substantial than it may first appear
• The State, as well as the cipher input and output, is
treated as an array of four 4-byte columns
• On encryption, the first 4 bytes of the plaintext are
copied to the first column of State, and so on
• The round key is applied to State column by column
•Thus, a row shift moves an individual byte from one column
to another, which is a linear distance of a multiple of 4 bytes
• Transformation ensures that the 4 bytes of one
column are spread out to four different columns

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Mix Columns
❑ Each column is processed separately
❑ Each byte is replaced by a value dependent on all 4 bytes in the column
❑ Effectively a matrix multiplication in GF(28) using prime poly. m(x) =x8+x4+x3+x+1
❑ Decryption requires use of inverse matrix

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Mix Columns Rationale

❑ Coefficients of a matrix based on a linear code with


maximal distance between code words ensures a
good mixing among the bytes of each column
❑ The mix column transformation combined with the
shift row transformation ensures that after a few
rounds all output bits depend on all input bits

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


AddRoundKey
❑ XOR state with 128-bits of the round key
❑ Same for decryption since XOR own inverse, with reversed keys

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
AddRoundKey Transformation

• The 128 bits of State are


bitwise XORed with the
128 bits of the round key Rationale:
• Operation is viewed as a
columnwise operation Is as simple as possible
and affects every bit of
between the 4 bytes of a State
State column and one
word of the round key The complexity of the round
•Can also be viewed as a key expansion plus the
complexity of the other
byte-level operation stages of AES ensure
security

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


AES Key Expansion

• Takes as input a four-word (16 byte) key and produces a


linear array of 44 words (176) bytes
•This is sufficient to provide a four-word round key for the initial
AddRoundKey stage and each of the 10 rounds of the cipher
• Key is copied into the first four words of the expanded key
•The remainder of the expanded key is filled in four words at a time
• Each added word w[i] depends on the immediately
preceding word, w[i – 1], and the word four positions back,
w[i – 4]
•In three out of four cases a simple XOR is used
•For a word whose position in the w array is a multiple of 4, a more
complex function is used

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
Key Expansion Rationale

The specific criteria that were used


• The Rijndael developers are:
designed the expansion key • Knowledge of a part of the cipher key
or round key does not enable
algorithm to be resistant to calculation of many other round-key
bits
known cryptanalytic attacks • An invertible transformation
• Inclusion of a round- • Speed on a wide range of processors
• Usage of round constants to eliminate
dependent round constant symmetries
eliminates the symmetry • Diffusion of cipher key differences into
the round keys
between the ways in which • Enough nonlinearity to prohibit the full
determination of round key
round keys are generated in differences from cipher key
different rounds differences only
• Simplicity of description
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
AES
Example
Key
Expansion

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


AES

Example

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Avalanche Effect

in AES: Change

in Plaintext

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Avalanche Effect

in AES: Change

in Key

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Equivalent Inverse Cipher

• AES decryption cipher is not


Two separate changes are
identical to the encryption cipher needed to bring the
decryption structure in line
•The sequence of transformations with the encryption structure
differs although the form of the key
schedules is the same
•Has the disadvantage that two The first two stages of the
separate software or firmware decryption round need to be
interchanged
modules are needed for
applications that require both
encryption and decryption
The second two stages of the
decryption round need to be
interchanged

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Interchanging
InvShiftRows and InvSubBytes
• InvShiftRows affects the sequence of bytes in
State but does not alter byte contents and does
not depend on byte contents to perform its
transformation
• InvSubBytes affects the contents of bytes in State
but does not alter byte sequence and does not
depend on byte sequence to perform its
transformation
Thus, these two operations commute and
can be interchanged

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Interchanging
AddRoundKey and InvMixColumns

If we view the
key as a
The
sequence of
transformation
words, then
s These two
both
AddRoundKey operations are
AddRoundKey
and linear with
and
InvMixColumns respect to the
InvMixColumns
do not alter the column input
operate on
sequence of
State one
bytes in State
column at a
time
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
AES Decryption

❑ AES decryption is not identical to encryption


since steps done in reverse
❑ but can define an equivalent inverse cipher
with steps as for encryption but using
inverses of each step with a different key
schedule

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Implementation Aspects

• AES can be implemented very efficiently on an 8-


bit processor
• AddRoundKey is a bytewise XOR operation
• ShiftRows is a simple byte-shifting operation
• SubBytes operates at the byte level and only
requires a table of 256 bytes
• MixColumns requires matrix multiplication in the
field GF(28), which means that all operations are
carried out on bytes

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Implementation Aspects

• Can efficiently implement on a 32-bit processor


•Redefine steps to use 32-bit words
•Can precompute 4 tables of 256-words
•Then each column in each round can be computed using 4
table lookups + 4 XORs
•At a cost of 4Kb to store tables
• Designers believe this very efficient implementation
was a key factor in its selection as the AES cipher

A. Samhat Lebanese University – Faculty of Engineering III, Semester IX


Summary

❑ 3DES • AES
transformation
❑ Finite field functions
arithmetic •Substitute bytes
❑ AES structure •ShiftRows
▪General structure •MixColumns
▪Detailed structure •AddRoundKey
❑ AES key • AES implementation
expansion •Equivalent
▪Key expansion inverse cipher
algorithm •Implementation
▪Rationale aspects
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX
A. Samhat Lebanese University – Faculty of Engineering III, Semester IX

You might also like