Scribd
Upload
51 views

Encryption: CS 465 January 9, 2006 Tim Van Der Horst

Encryption involves transforming information so that its true meaning is hidden. AES is the most widely used encryption standard. It involves transforming plaintext blocks into ciphertext blocks through repetition of rounds that include four transformations: AddRoundKey, SubBytes, ShiftRows, and MixColumns. AddRoundKey performs XOR between the plaintext and round key. SubBytes substitutes bytes based on an S-box. ShiftRows cyclically shifts bytes in the last three rows. MixColumns multiplies bytes with fixed coefficients in the finite field. AES has a variable number of rounds depending on the key size.

Uploaded by

Anand Mohan Reddy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
51 views

Encryption: CS 465 January 9, 2006 Tim Van Der Horst

Encryption involves transforming information so that its true meaning is hidden. AES is the most widely used encryption standard. It involves transforming plaintext blocks into ciphertext blocks through repetition of rounds that include four transformations: AddRoundKey, SubBytes, ShiftRows, and MixColumns. AddRoundKey performs XOR between the plaintext and round key. SubBytes substitutes bytes based on an S-box. ShiftRows cyclically shifts bytes in the last three rows. MixColumns multiplies bytes with fixed coefficients in the finite field. AES has a variable number of rounds depending on the key size.

Uploaded by

Anand Mohan Reddy
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 32

Encryption

CS 465
January 9, 2006

Tim van der Horst


What is Encryption?
 Transform information such that its
true meaning is hidden
 Requires “special knowledge” to retrieve
the information
 Examples
 AES, 3DES, RC4, ROT-13, …
Types of Encryption Schemes
Ciphers

Classical Modern
Rotor Machines

Substitution Transposition Public Key Secret Key

Steganography
Stream Block
Symmetric Encryption Terms
Key Key

Alice Bob

Plaintext Ciphertext Plaintext

Encryption Decryption
Algorithm Algorithm
What can go wrong?
 Algorithm
 Rely on the secrecy of the algorithm
 Examples: Substitution ciphers
 Algorithm is used incorrectly
 Example: WEP used RC4 incorrectly
 Key
 Too small
 Too big
Big numbers
 Uses really big numbers
 1 in 261 odds of winning the lotto and being hit by
lightning on the same day
 292 atoms in the average human body
 2128 possible keys in a 128-bit key
 2170 atoms in the planet
 2190 atoms in the sun
 2233 atoms in the galaxy
 2256 possible keys in a 256-bit key
Thermodynamic Limitations*
 Physics: To set or clear a bit requires no less than kT
 k is the Boltzman constant (1.38*10-16 erg/ºK)
 T is the absolute temperature of the system

 Assuming T = 3.2ºK (ambient temperature of universe)


 kT = 4.4*10-16 ergs

 Annual energy output of the sun 1.21*1041 ergs


 Enough to cycle through a 187-bit counter

 Build a Dyson sphere around the sun and collect all energy for 32
year, we could
 Enough to cycle through a 192-bit counter.

 Supernova produces in the neighborhood of 1051 ergs


 Enough to cycle through a 219-bit counter

*From Applied Cryptography


Perfect Encryption Scheme?
 One-Time Pad (XOR message with key)
 Example*:
 Message: ONETIMEPAD
 Key: TBFRGFARFM
 Ciphertext: IPKLPSFHGQ

 The key TBFRGFARFM decrypts the message to


ONETIMEPAD
 The key POYYAEAAZX decrypts the message to
SALMONEGGS
 The key BXFGBMTMXM decrypts the message to
GREENFLUID

*From Applied Cryptography


Advanced Encryption Standard
Not “American”
Encryption Standard
a.k.a
Lab #1
How was AES created?
 AES competition
 Started in January 1997 by NIST
 4-year cooperation between
 U.S. Government
 Private Industry
 Academia
 Why?
 Replace 3DES
 Provide an unclassified, publicly disclosed
encryption algorithm, available royalty-free,
worldwide
The Finalists
 MARS
 IBM
 RC6
 RSA Laboratories
 Rijndael
 Joan Daemen (Proton World International) and
 Vincent Rijmen (Katholieke Universiteit Leuven)
 Serpent
 Ross Anderson (University of Cambridge),
 Eli Biham (Technion), and
 Lars Knudsen (University of California San Diego)
 Twofish
 Bruce Schneier, John Kelsey, and Niels Ferguson (Counterpane, Inc.),
 Doug Whiting (Hi/fn, Inc.),
 David Wagner (University of California Berkeley), and
 Wrote
Chris Hall (Princeton the book
University)
on crypto
Evaluation Criteria (in order of importance)
 Security
 Resistance to cryptanalysis, soundness of math,
randomness of output, etc.
 Cost
 Computational efficiency (speed)
 Memory requirements
 Algorithm / Implementation Characteristics
 Flexibility, hardware and software suitability, algorithm
simplicity
Results
Results
The winner: Rijndael
 AES adopted a subset of Rijndael
 Rijndael supports more block and key
sizes
Lab #1
 Implement AES
 Use FIPS 197 as guide
 Everything in this tutorial but in more detail
 Pseudocode
 20 pages of complete, step by step
debugging information
Finite Fields
 AES uses the finite field GF(28)
 b7x7 + b6x6 + b5x5 + b4x4 + b3x3 + b2x2 + b1x + b0
 {b7, b6, b5, b4, b3, b2, b1, b0}
 Byte notation for the element: x6 + x5 + x + 1
 {01100011} – binary
 {63} – hex
 Has its own arithmetic operations
 Addition
 Multiplication
Finite Field Arithmetic
 Addition (XOR)
 (x6 + x4 + x2 + x + 1) + (x7 + x + 1) = x7 + x6 + x4 + x2
 {01010111}  {10000011} = {11010100}
 {57}  {83} = {d4}
 Multiplication is tricky
Finite Field Multiplication ()
(x6 + x4 + x2 + x +1) (x7 + x +1) =

x13 + x11 + x9 + x8 + x7 + x7 + x5 + x3 + x2 + x + x6 + x4 + x2 + x +1

These cancel = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1

and

x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 modulo ( x8 + x4 + x3 + x +1)


= x7 + x6 +1.

Irreducible Polynomial
Efficient Finite field Multiply
 There’s a better way
 xtime() – very efficiently multiplies its
input by {02}
 Multiplication by higher powers can be
accomplished through repeat
application of xtime()
Efficient Finite field Multiply

Example: {57}  {13}


{57}  {02} = xtime({57}) = {ae}
{57}  {04} = xtime({ae}) = {47}
{57}  {08} = xtime({47}) = {8e}
{57}  {10} = xtime({8e}) = {07}

{57}  {13} = {57}  ({01}  {02}  {10})


= ({57}  {01})  ({57}  {02})  ({57}  {10})
= {57}  {ae}  {07}
= {fe}
AES parameters
 Nb – Number of columns in the State
 For AES, Nb = 4
 Nk – Number of 32-bit words in the Key
 For AES, Nk = 4, 6, or 8
 Nr – Number of rounds (function of Nb and Nk)
 For AES, Nr = 10, 12, or 14
AES methods
 Convert to state array
 Transformations (and their inverses)
 AddRoundKey
 SubBytes
 ShiftRows
 MixColumns
 Key Expansion
Convert to State Array
Input block:

0 4 8 12 S0,0 S0,1 S0,2 S0,3

0
1 5
9 13
1 2 3 4 5
2 6 10 14
3 7 11 15
=
6 7 8
S S1,1 S1,2 S1,3
9 1,0
10 11 12 13 14 15
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
AddRoundKey
 XOR each byte of the round key with
its corresponding byte in the state
array XOR
S0,1
S0,0 S0,1 S0,2 S0,3
S1,1
S1,0 S1,1 S1,2 S1,3 S’0,1
R0,1
S2,0 S
S2,1 S2,2 S2,3 S’0,0 S’0,1 S’0,2 S’0,3
2,1 R0,0 R0,1 R0,2 R0,3 S’
S3,0 S3,1 S3,2 S3,3 R1,1 S’1,0 S’1,1
1,1 S’1,2 S’1,3
S3,1 R1,0 R1,1 R1,2 R1,3
S’2,0S’
S’2,1
2,1 S’2,2 S’2,3
R2,0 R
R2,1
2,1
R2,2 R2,3
S’3,0 S’3,1 S’3,2 S’3,3
R3,0 R3,1 R3,2 R3,3 S’3,1
R3,1
SubBytes
 Replace each byte in the state array
with its corresponding value from the
S-Box

00 44 88 CC
11 55 99 DD
22 66 AA EE
33 77 BB FF
ShiftRows

 Last three rows are cyclically shifted

S0,0 S0,1 S0,2 S0,3

S1,0 S1,0 S1,1 S1,2 S1,3

S2,0 S2,1 S2,0 S2,1 S2,2 S2,3

S3,0 S3,1 S3,2 S3,0 S3,1 S3,2 S3,3


MixColumns
 Apply MixColumn transformation to
each column
S’0,c = ({02}  S0,c)  ({03}  S1,c)  S2,c  S3,c
MixColumns()
S0,1 S’
S’1,c = S0,c  ({02}  S1,c)  ({03}  S2,c)  S0,13,c
S0,0 S0,1 S0,2 S0,3 S’0,0 S’0,1 S’0,2 S’0,3
S1,1 S’1,1
S1,0 S1,1 S’
S2,c
1,2 =
S S
1,30,c  S 1,c  ({02}  S 2,c )  ({03}
S’  S3,c
1,0 S’1,1) S’1,2 S’1,3

S2,0 S
S2,1 S2,2 S2,3 S’2,0S’
S’2,1
2,1 S’2,2 S’2,3
2,1
S’3,c = ({03}  S0,c)  S1,c  S2,c  ({02}  S3,c
S3,0 S3,1 S3,2 S3,3 S’3,0 S’3,1 S’3,2 S’3,3
S3,1 S’3,1
Key Expansion
 Expands the key material so that each
round uses a unique round key
 Generates Nb(Nr+1) words
Filled with just
the key

Filled with a combination


of the previous work and
the one Nk positions
earlier
Encryption
byte state[4,Nb]

state = in

AddRoundKey(state, keySchedule[0, Nb-1])

for round = 1 step 1 to Nr–1 {


SubBytes(state) Prevents
First and an
lastattacker from
operations
ShiftRows(state) even beginning
involve theto key
encrypt or
MixColumns(state) decrypt without the key
AddRoundKey(state, keySchedule[round*Nb, (round+1)*Nb-1])
}

SubBytes(state)
ShiftRows(state)
AddRoundKey(state, keySchedule[Nr*Nb, (Nr+1)*Nb-1])

out = state
Decryption
byte state[4,Nb]

state = in

AddRoundKey(state, keySchedule[Nr*Nb, (Nr+1)*Nb-1])

for round = Nr-1 step -1 downto 1 {


InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, keySchedule[round*Nb, (round+1)*Nb-1])
InvMixColumns(state)
}

InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, keySchedule[0, Nb-1])

out = state
Encrypt and Decrypt
Encryption Decryption

AddRoundKey AddRoundKey

SubBytes InvShiftRows
ShiftRows InvSubBytes
MixColumns AddRoundKey
AddRoundKey InvMixColumns

SubBytes InvShiftRows
ShiftRows InvSubBytes
AddRoundKey AddRoundKey

You might also like