Scribd
Upload
16 views40 pages

CHPT 3 AES

Cybersecurity Aes

Uploaded by

AGAM PURI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views40 pages

CHPT 3 AES

Cybersecurity Aes

Uploaded by

AGAM PURI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Advance Encryption Standard

Topics
Origin of AES

Basic AES

Inside Algorithm

Final Notes
AES Competition Requirements
Private key symmetric block cipher

128-bit data, 128/192/256-bit keys

Stronger & faster than Triple-DES

Provide full specification & design details

Both C & Java implementations


AES Evaluation Criteria
initial criteria:
security – effort for practical cryptanalysis
cost – in terms of computational efficiency
algorithm & implementation characteristics

final criteria
general security
ease of software & hardware implementation
implementation attacks
flexibility (in en/decrypt, keying, other factors)
AES Shortlist
After testing and evaluation, shortlist in Aug-99
MARS (IBM) - complex, fast, high security margin
RC6 (USA) - v. simple, v. fast, low security margin
Rijndael (Belgium) - clean, fast, good security margin
Serpent (Euro) - slow, clean, v. high security margin
Twofish (USA) - complex, v. fast, high security margin

Found contrast between algorithms with


few complex rounds versus many simple rounds
Refined versions of existing ciphers versus new proposals

Rijndae: pronounce “Rain-Dahl”


The AES Cipher - Rijndael
Rijndael was selected as the AES in Oct-2000
Designed by Vincent Rijmen and Joan Daemen in Belgium
Issued as FIPS PUB 197 standard in Nov-2001

An iterative rather than Feistel cipher


processes data as block of 4 columns of 4 bytes (128 bits) V. Rijmen

operates on entire data block in every round

Rijndael design:
simplicity
has 128/192/256 bit keys, 128 bits data
resistant against known attacks
J. Daemen
speed and code compactness on many CPUs
Topics
Origin of AES

Basic AES

Inside Algorithm

Final Notes
AES Conceptual Scheme

Plaintext (128 bits)

AES Key (128-256 bits)

Ciphertext (128 bits)

8
Multiple rounds
Rounds are (almost) identical
First and last round are a little different

9
•E S
non-lin
e
ahi
earftd
c
substit
e
hR
ution
bori
step w
yt
Final Round
No MixColumns v
• ShiftR
ese
ows
• of
A
: d th
d
transpf
edr
osition
st
R
Rounds
stepat
oo
• MixCol
eum
umnsis
nt
: cdh
mixing
oKe Initial Round
operati
mec
on biyof
each i
n
columnp
e Expansion
. dh
• AddRo
Key
we
undKe
itr
y hk
the
High Level Description
ey
rou
us
Overall Structure
128-bit values

Data block viewed as 4-by-4 table of bytes


Represented as 4 by 4 matrix of 8-bit bytes.
Key is expanded to array of 32 bits words

1 byte

12
Data Unit
Unit Transformation
Changing Plaintext to State
Topics
Origin of AES

Basic AES

Inside Algorithm

Final Notes
Details of Each Round
SubBytes: Byte Substitution
A simple substitution of each byte
provide a confusion

Uses one S-box of 16x16 bytes containing a permutation of all 256 8-bit
values

Each byte of state is replaced by byte indexed by row (left 4-bits) & column
(right 4-bits)
eg. byte {95} is replaced by byte in row 9 column 5
which has value {2A}

S-box constructed using defined transformation of values in Galois Field-


GF(28)

Galois : pronounce “Gal-Wa”


SubBytes and InvSubBytes
SubBytes Operation
The SubBytes operation involves 16 independent byte-to-byte
transformations. • Interpret the byte as two
hexadecimal digits xy
S1,1 = xy16 • SW implementation, use row (x)
and column (y) as lookup pointer

x’y’16
SubBytes Table
Implement by Table Lookup
InvSubBytes Table
Sample SubByte Transformation

The SubBytes and InvSubBytes transformations are


inverses of each other.
ShiftRows

Shifting, which permutes the bytes.


A circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
In the encryption, the transformation is called
ShiftRows
In the decryption, the transformation is called
InvShiftRows and the shifting is to the right
ShiftRows Scheme
ShiftRows and InvShiftRows
MixColumns
ShiftRows and MixColumns provide diffusion to the
cipher
Each column is processed separately
Each byte is replaced by a value dependent on all 4 bytes
in the column
Effectively a matrix multiplication in GF(28) using prime
poly m(x) =x8+x4+x3+x+1
MixClumns Scheme

The MixColumns transformation operates at the column level; it


transforms each column of the state to a new column.
MixColumn and InvMixColumn
AddRoundKey
XOR state with 128-bits of the round key

AddRoundKey proceeds one column at a time.


adds a round key word with each state column matrix
the operation is matrix addition

Inverse for decryption identical


since XOR own inverse, with reversed keys

Designed to be as simple as possible


AddRoundKey Scheme
AES Round
AES Key Scheduling
takes 128-bits (16-bytes) key and expands into array of
44 32-bit words
Key Expansion Scheme
Key Expansion submodule
RotWord performs a one byte circular left shift on a word
For example:

RotWord[b0,b1,b2,b3] = [b1,b2,b3,b0]

SubWord performs a byte substitution on each byte of input


word using the S-box

SubWord(RotWord(temp)) is XORed with RCon[j] – the


round constant
Round Constant (RCon)
RCON is a word in which the three rightmost bytes are zero
It is different for each round and defined as:
RCon[j] = (RCon[j],0,0,0)
where RCon[1] =1 , RCon[j] = 2 * RCon[j-1]
Multiplication is defined over GF(2^8) but can be implement in Table
Lookup
Key Expansion Example (1st Round)
• Example of expansion of a 128-bit cipher key
Cipher key = 2b7e151628aed2a6abf7158809cf4f3c
w0=2b7e1516 w1=28aed2a6 w2=abf71588 w3=09cf4f3c

i wi-1 RotWord SubWord Rcon[i/4] ti w[i-4] wi


4 09cf4f3c cf4f3c09 8a84eb01 01000000 8b84eb01 2b7e1516 a0fafe17

5 a0fafe17 - - - - 28aed2a6 88542cb1

6 88542cb1 - - - - Abf71588 23a33939

7 23a33939 - - - - 09cf4f3c 2a6c7605


Topics
Origin of AES

Basic AES

Inside Algorithm

Final Notes
AES Security
AES was designed after DES.
Most of the known attacks on DES were already tested on
AES.
Brute-Force Attack
AES is definitely more secure than DES due to the larger-size key.
Statistical Attacks
Numerous tests have failed to do statistical analysis of the ciphertext
Differential and Linear Attacks
There are no differential and linear attacks on AES as yet.
Implementation Aspects
The algorithms used in AES are so simple that they
can be easily implemented using cheap processors
and a minimum amount of memory.

Very efficient

Implementation was a key factor in its selection as


the AES cipher

AES animation:
http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf

You might also like