Scribd
Upload
20 views

AES Cipher Algorithm Part 2

The document discusses the Advanced Encryption Standard (AES). It provides details on the origins and development of AES including the need to replace DES, the NIST competition that resulted in AES, and high level descriptions of AES including its key sizes, conceptual scheme, rounds, and the functions that make up each round.

Uploaded by

Momina Shakoor
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
20 views

AES Cipher Algorithm Part 2

The document discusses the Advanced Encryption Standard (AES). It provides details on the origins and development of AES including the need to replace DES, the NIST competition that resulted in AES, and high level descriptions of AES including its key sizes, conceptual scheme, rounds, and the functions that make up each round.

Uploaded by

Momina Shakoor
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Advanced Encryption Standard

 Dr. Amjad Hussain Zahid

Origins
 A replacement for DES was needed
 Key size is too small in DES
 Can use Triple-DES
 But Triple-DES is slow and uses small plaintext block

 US NIST issued call for ciphers in 1997  AES is the result of a three
year competition.

 15 candidate ciphers accepted in Jun 1998  This competition was


announced in September 1997
and had entries from 12
different countries
 5 ciphers were shortlisted in Aug 1999
AES : Introduction
 Private key symmetric block cipher
 128-bit data
 Three options for key : 128/192/256-bit keys
 128 bits ( = 3.4 x 1038 keys)
 192 bits ( = 6.2 x 1057 keys)
 256 bits ( = 1.1 x 1077 keys)
 DES uses only 56-bit keys, giving a key space of 7.2 x 1016 keys
AES Conceptual Scheme

Plaintext (128 bits) = 16 Bytes = 4 x 4 Matrix

128 bits subkeys = 16 Bytes = 4 x 4 Matrix


AES Key (128-192-256 bits)
128 Bits = 16 Bytes
192 Bits = 24 Bytes
256 Bits = 32 Bytes

Ciphertext (128 bits)

3
Multiple rounds
 Rounds are (almost) identical
 First and last round are a little different

Nr = Number of Rounds

4
High Level Description

• Round keys are derived from the cipher key


Key Expansion using Rijndael's key schedule

• AddRoundKey : Each byte of the state is combined


Initial Round with the round key using bitwise xor

• SubBytes : non-linear substitution step


• ShiftRows : transposition step
Rounds • MixColumns : mixing operation of each column.
• AddRoundKey

• SubBytes
Final Round • ShiftRows MixColumns step is not
included in this round
• AddRoundKey
Overall Structure
128-bit values
 Data block viewed as 4-by-4 table of bytes
 Represented as 4 by 4 matrix of 8-bit bytes.
 Key is expanded to array of 32 bits words
1 Byte

Changing Plaintext to State

17

7
Details of Each Round
 Each round is a repetition of functions that
perform a transformation over State array
 Consists of 4 main functions: one permutation
and three substitutions
Substitute bytes, Shift rows, Mix columns, Add round key
Finite Field Arithmetic
 Addition (XOR)
 (x6 + x4 + x2 + x + 1) + (x7 + x + 1) = x7 + x6 + x4 + x2
 {01010111}  {10000011} = {11010100}
 {57}  {83} = {d4}

 Multiplication is tricky
Finite Field Multiplication (•)
(x6 + x4 + x2 + x +1) (x7 + x +1) =

x13 + x11 + x9 + x8 + x7 + x7 + x5 + x3 + x2 + x + x6 + x4 + x2 + x +1

These cancel = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1


and
x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 modulo ( x8 + x4 + x3 + x +1)
= x7 + x6 +1.

Irreducible Polynomial
SubBytes: Byte Substitution

Substitution Box

• S-box is generated by determining the


multiplicative inverse for a given number in the
Galois field, zero would be set to zero
Substitution Box

How to calculate the Multiplicative inverse?


Calculate Multiplicative Inverse of x6+x4+x+1 w.r.t. x8+x4+x3+x+1.

Addition in a Finite Field is XOR.


Thus the inverse is x7+x6+x3+x = CA in hexadecimal.
Substitution Box
Multiplicative inverse of 1 is 1
Multiplicative inverse of 2
2 In Binary = 0 0 0 0 0 0 1 0
= X1
= X

Calculate Multiplicative Inverse of x w.r.t. x8+x4+x3+x+1.

Remainder Quotient Auxiliary


x8+x4+x3+x+1 0
x 1
1 x7+x3+x2+1 x7+x3+x2+1

Thus the inverse of 2 is x7+x3+x2+1 = 10001101 = 8D in hexadecimal.


Substitution Box

Multiplicative inverse of 3
3 In Binary = 0 0 0 0 0 0 1 1
= X1 1
= X + 1

Calculate Multiplicative Inverse of x + 1 w.r.t. x8+x4+x3+x+1.

Remainder Quotient Auxiliary


x8+x4+x3+x+1 0
x+1 1
1 x7+x6+x5+x4+x2+x x7+x6+x5+x4+x2+x

Thus the inverse of 3 is x7+x6+x5+x4+x2+x = 11110110 = F6 in hexadecimal.


Substitution Box
Multiplicative inverse of 3 = x + 1 w.r.t. x8+x4+x3+x+1.

X7 + X6 + X5 + X4 + X2 + X
X+1 X8 + X4 + X3 + X+1
X8 + X7
X7
X7 + X6
X6
X6 + X5

X5 + X4
X5 + X4

X3
X3 + X2
X2 + X
X2 + X
1
Substitution Box
Table of Multiplicative inverses
SubBytes and InvSubBytes
 Modulo 2 arithmetic + = XOR
8 F

b0  1 0 0 0 1 1 1 1 b0  1


 b   1 1 0 0 0 1 1 1  b1  1
 1 
b2  1 1 1 0 0 0 1 1 b2  0
      
b3  = 1 1 1 1 0 0 0 1 b3  0
+ 99 in Decimal
b4  1 1 1 1 1 0 0 0 b4  0 = 63 in Hexadecimal
       = 01100011 in Binary
b5  0 1 1 1 1 1 0 0 b5  1
b  0 0 1 1 1 1 1 0 b6  1
 6     
b7  0 0 0 1 1 1 1 1 b7  0

Output bits(what goes in the sbox) Input bits (the multiplicative inverse)
SubBytes and InvSubBytes
 For 0
0 1 1
0 1 1
0 0 0
0 0
= 0
+ 0
= 0
0
= 63 in Hexa

0 1 1
0 1 1
0 0 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
SubBytes and InvSubBytes
 For 1

1 1 0
1 1 0
1 0 1
= 1
1 + 0 = 1
1
= 7C
0
0 1 1
0 1 1
0 0 0
SubBytes and InvSubBytes
 For 2
Inverse of 02 = 10001101 =
Written in reverse
0 1 1
1
0 0 1 1
1 1 0 1
0 + 0
1
0
= 1 0
= 0
1
= 77 in Hexa

0 0 1 1
0 0 1 1
1 0 0 0
1+0+0+0+0+0+0+1=2=2 MOD 2 = 0
1+0+0+0+0+0+0+1=2=2 MOD 2 = 0
1+0+1+0+0+0+0+1=3=3 MOD 2 = 1
1+0+1+1+0+0+0+1=4=4 MOD 2 = 0
1+0+1+1+0+0+0+0=3=3 MOD 2 = 1
0+0+1+1+0+0+0+0=2=2 MOD 2 = 0
0+0+1+1+0+0+0+0=2=2 MOD 2 = 0

0+0+0+1+0+0+0+1=2=2 MOD 2 = 0
SubBytes and InvSubBytes
 For 3
Inverse of 03 = 11110110
0 1 1
0 1 1
0 0 0
1 + 0 1 = 7B in Hexa
= 1 0 = 1
0 1 1
0 1 1
0 0 0
0+0+0+0+1+1+1+1=4=4 MOD 2 = 0
0+1+0+0+0+1+1+1=4=4 MOD 2 = 0
0+1+1+0+0+0+1+1=4=4 MOD 2 = 0
0+1+1+0+0+0+0+1=3=3 MOD 2 = 1

0+1+1+0+1+0+0+0=3=3 MOD 2 = 1
0+1+1+0+1+1+0+0=4=4 MOD 2 = 0

0+0+1+0+1+1+1+0=4=4 MOD 2 = 0

0+0+0+0+1+1+1+1=4=4 MOD 2 = 0
SubBytes Operation

 Replace each byte in the state array with its


corresponding value from the S-Box
55

00 44 88 CC
11 55 99 DD
22 66 AA EE
33 77 BB FF
SubBytes Table
 Implement by Table Lookup
Sample SubByte Transformation

 The SubBytes and InvSubBytes transformations are


inverses of each other.
ShiftRows
 Shifting, which permutes the bytes.
 A circular byte shift in each each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left

Example :
MixClumns Scheme

The MixColumns transformation operates at the column level; it


transforms each column of the state to a new column.
MixClumns Example
MixClumns Example

➢ uses arithmetic in the finite field GF(28)


➢ with irreducible polynomial
m(x) = x8 + x4 + x3 + x + 1
which is (100011011) or {11b}
➢ e.g.
{02} • {87} mod {11b} = (1 0000 1110) mod {11b}
= (1 0000 1110) xor (1 0001 1011) = (0001 0101)

You might also like