CLO 2

Lecture#04
Advanced Encryption Standard
(AES)
Course: Cryptography & Network Security (CE-408)
Course Teacher: Dr. Rukaiya

Contact Info:

Room No: BS-02, CED

Email: [email protected]

1
Origins of AES
• In 1999, NIST issued a new standard that is said 3DES,
 168-bit key length
 Algorithm is the same as DES

• 3DES had drawbacks

 Algorithm is sluggish (slow) in software
 Only uses 64-bit block size

• In 1997, NIST issued a calls for proposals for the new Advanced
Encryption Standard (AES)
 security strength >= 3DES
 improved efficiency

 AES is also known by its original name Rijndael (rain-dahl).

2
Evolution of AES

• The Previous algorithms like DES were not secure enough after
the inclusion of fastest computing technologies.

X AES Y
128 bit

K
128/192/256 bit

• No method exists to break the AES key even if a key is found @ 1

second, it would still take 149 trillion years to crack the 128-bit
AES key.

3
Rounds of Evaluation

 Number of rounds depend on the key length

K No. of Rounds
128 10 (Commercial Application)
192 12 (More Secure)
256 14

 If you want your cipher to be secured, increase number of

rounds according to the key size

4
What makes Rijndael Stand out?

• The Symmetric and parallel structure

 gives implementers a lot of flexibility
 Has not allowed effective cryptanalytic attacks.

• Well adapted to modern processors

 Pentium
 RISC and parallel processors

• Suited for Smart cards

• Flexible in dedicated hardware

5
 AES Structure

• AES uses Block Cipher technique

 A block cipher is a type of symmetric-key encryption
algorithm

 Transforms a fixed-length block of plaintext

(unencrypted text) data into a block of Cipher text
(encrypted text) data of the same length

• AES is not a Feistel structure/cipher

 Because in DES we encrypt one portion of the
data

 AES encrypts all 128 bits of the data path in 1

round

Typical Feistel Structure

6
AES Structure

7
AES Basic Operations
• The Rijndael Algorithm is a block cipher that encrypt blocks of 128 bits
• Uses symmetric keys of 128, 192 or 256 bits.
• It consists of an initial round (AddRoundKey), and r standard rounds,
 r is 10,12 or 14 depending on the block and key length.

• The first r-1 rounds are similar and they consist of 4 transformations,
called
 ByteSub (Substitution Bytes)
 ShiftRow (Shift Rows)
 MixColumn (multiply columns)
 AddRoundKey (XOR by key )
• The last round have only the transformations
 ByteSub
 ShiftRow
 AddRoundKey

8
 Plaintext Plaintext

Add round key w[0,3] Add round key

Round 10
Substitute Bytes Expand Key Inverse sub bytes

Round 1
Shift Rows Inverse shift rows
Mix Columns Inverse mix cols

Round 9
Add round key w[4,7] Add round key
. Inverse sub bytes
.
.
Inverse shift rows
Substitute Bytes .
.
Round 9

Shift Rows .

Mix Columns Inverse mix cols

Round 1
Add Round Key w[36,39] Add round key
Substitute Bytes Inverse sub bytes
Round 10

Shift Rows Inverse shift rows

Add Round Key w[40,43] Add round key

Ciphertext Ciphertext
9
Terms Detail

Terms Used

10
11
Algorithm Parameters, Symbols, and Functions

12
13
Working of Algorithm

• The number of rounds for the algorithm depends on the key length
and Block size

14
 Plaintext Plaintext

Add round key w[0,3] Add round key

Round 10
Substitute Bytes Expand Key Inverse sub bytes

Round 1
Shift Rows Inverse shift rows
Mix Columns Inverse mix cols

Round 9
Add round key w[4,7] Add round key
. Inverse sub bytes
.
.
Inverse shift rows
Substitute Bytes .
.
Round 9

Shift Rows .

Mix Columns Inverse mix cols

Round 1
Add Round Key w[36,39] Add round key
Substitute Bytes Inverse sub bytes
Round 10

Shift Rows Inverse shift rows

Add Round Key w[40,43] Add round key

Ciphertext Ciphertext
15
KEY GENERATION (128-Bit)

Total number of Words

= [𝑁𝑏 × (𝑁𝑟 + 1)]
= [4 ×(10 + 1)]
=44 words of 32 bytes

16
Example
• Plaintext = 00112233445566778899AABBCCDDEEFF
• Key = 000102030405060708090A0B0C0D0E0F

00 44 88 CC
• Plain Text 11 55 99 DD
22 66 AA EE
33 77 BB FF

• Key

17
Example- KEY GENERATION
Key
K = 000102030405060708090A0B0C0D0E0F

• Write the key into matrix Column wise

00 04 08 0C
01 05 09 0D
KEY =
02 06 0A 0E
03 07 0B 0F

18
 KEY GENERATION
• Steps to perform sub-key generation

• W[0, 3] = Actual Key (use for pre-round transformation)

• For finding other words

• Perform following steps for finding first words of each
sub-key
• Rotate word
• Sub-Bytes
• Use for Rcon (Round Constant)
• And Xoring operations

For finding word

W[i] = W[i-𝐍𝐤 ] XOR W[i-1] where Nk=4

(Key length =128 bits)

19
 KEY GENERATION
Rot Word Subword Rcon Xor Xor
𝐖𝐢 Temp W[i-4]
(RW) (SW) (R) 𝐓𝟏 =(SW^R) (W[i-4] ^T)
0
1
2
3
4
5
6

8
9
10
11
..

43
20
Encryption Process
• Pre-round Transformation

• Add Round Key

• Round 01
 Substitute Bytes (use S-box on Slide 21)
 Shift Rows
 1st row – No shift
 2nd row – 1 byte left shift
 3rd Row – 2 byte left shift
 4th Row – 3 byte left shift
 Mix Column

Constant matrix
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
21
S-box for
Encryption

22
Decryption Process
• Pre-round Transformation

• Add Round Key

• Round 01
 Inverse Shift Rows
 1st row – No shift
 2nd row – 1 byte right shift
 3rd Row – 2 byte right shift
 4th Row – 3 byte right shift

 Inverse Substitute Bytes [use Inverse S-box - Slide 23]

 Add Round Key [Reverse order of sub-keys]
 Inverse Mix Column
Constant matrix
0E 0B 0D 09
09 0E 0B 0D
0D 09 0E 0B
0B 0D 09 0E
23
24
Inverse S-box
for Decryption

25
Advantages

• Implementation aspects:
 Rijndael can be implemented to run at speeds unusually fast for a block cipher on a
Pentium (Pro). There is a trade-off between table size/performance.

 Rijndael can be implemented on a Smart Card in a small amount of code, using a

small amount of RAM and taking a small number of cycles. There is some
ROM/performance trade-off.

 The round transformation is parallel by design, an important advantage in future

processors and dedicated hardware.

 As the cipher does not make use of arithmetic operations, it has no bias towards big
or little endian processor architectures.

26
Advantages

• Simplicity of Design:
 The cipher is fully “self-supporting”. It does not make use of another cryptographic
component, S-boxes “lent” from well-reputed ciphers.

 The cipher does not base its security or part of it on obscure and not well understood
interactions between arithmetic operations.

 The tight cipher design does not leave enough room to hide a trapdoor.

• Variable block length:

 The block lengths of 192 and 256 bits allow the construction of a collision-resistant
iterated hash function using Rijndael as the compression function.

 The block length of 128 bits is not considered sufficient for this purpose nowadays.

27
Advantages

• Extensions:
 The design allows the specification of variants with the block length and key length
both ranging from 128 to 256 bits in steps of 32 bits.

 Although the number of rounds of Rijndael is fixed in the specification, it can be

modified as a parameter in case of security problems.

28
Limitations

• The inverse cipher is less suited to be implemented on a smart card than the cipher
itself: it takes more code and cycles. (Still, compared with other ciphers, even the
inverse is very fast)

• In software, the cipher and its inverse make use of different code and/or tables.

• In hardware, the inverse cipher can only partially re-use the circuitry that implements
the cipher.

29