Scribd
Upload
17 views28 pages

4 Aes

AES is the most widely used symmetric cipher, selected by NIST in a multi-year process starting in 1997, with Rijndael chosen as the AES in 2000. It supports key lengths of 128, 192, and 256 bits, and is designed for efficiency in both software and hardware while providing strong security against brute-force attacks. AES is not based on Feistel networks and employs Galois field arithmetic for its operations, making it a key standard in various encryption protocols.

Uploaded by

Paladin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views28 pages

4 Aes

AES is the most widely used symmetric cipher, selected by NIST in a multi-year process starting in 1997, with Rijndael chosen as the AES in 2000. It supports key lengths of 128, 192, and 256 bits, and is designed for efficiency in both software and hardware while providing strong security against brute-force attacks. AES is not based on Feistel networks and employs Galois field arithmetic for its operations, making it a key standard in various encryption protocols.

Uploaded by

Paladin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Some Basic Facts

• AES is the most widely used symmetric cipher today

• The algorithm for AES was chosen by the US National Institute of Standards and
Technology (NIST) in a multi-year selection process

• The requirements for all AES candidate submissions were:

• Block cipher with 128-bit block size


• Three supported key lengths: 128, 192 and 256 bit
• Security relative to other submitted algorithms
• Efficiency in software and hardware
Chronology of the AES Selection

• The need for a new block cipher announced by NIST in January, 1997

• 15 candidates algorithms accepted in August, 1998

• 5 finalists announced in August, 1999:


• Mars– IBM Corporation
• RC6 –RSA Laboratories
• Rijndael – J. Daemen & V. Rijmen
• Serpent – Eli Biham et al.
• Twofish – B. Schneier et al.

• In October 2000, Rijndael was chosen as the AES

• AES was formally approved as a US federal standard in November 2001


AES: Overview
Internal Structure of AES
• AES is a byte-oriented cipher
• The state A (i.e., the 128-bit data path) can be arranged in a 4x4 matrix

with A0,…, A15 denoting the 16-byte input of AES


Byte Substitution Layer
• The Byte Substitution layer consists of 16 S-Boxes with the following properties: The S-
Boxes are
• identical
• the only nonlinear elements of AES, i.e., ByteSub(Ai) + ByteSub(Aj) ≠ ByteSub(Ai +
Aj), for i,j = 0,…,15
• bijective, i.e., there exists a one-to-one mapping of input and output bytes ⇒S-Box
can be uniquely reversed

In software implementations, the S-Box is usually realized as a lookup table


Let's assume the input byte to the S-Box is Ai = (C2)hex, then the substituted value is S((C2)hex) = (25)hex.
Diffusion Layer The Diffusion layer

• provides diffusion over all input state bits


• consists of two sublayers:
• ShiftRows Sublayer: Permutation of the data on a byte level
• MixColumn Sublayer: Matrix operation which combines (“mixes”) blocks of four bytes
• performs a linear operation on state matrices A, B, i.e.,
DIFF(A) + DIFF(B) = DIFF(A + B)
Shift Rows Sublayer
• Rows of the state matrix are shifted cyclically:
MixColumn Sublayer

• Linear transformation which mixes each column of the state matrix


•Each 4-byte column is considered as a vector and multiplied by a fixed 4x4 matrix, e.g.,

where 01, 02 and 03 are given in hexadecimal notation

•All arithmetic is done in the Galois field GF(28)


Key Addition Layer

• Inputs:

• 16-byte state matrix C

• 16-byte subkey ki

• Output: C ⊕ ki

• The subkeys are generated in the key schedule


Key Schedule

• Subkeys are derived recursively from the original 128/192/256-bit input key

• Each round has 1 subkey, plus 1 subkey at the beginning of AES Key length (bits)
128 192 256 Number of subkeys 11 13 15

• Key whitening: Subkey is used both at the input and output of AES ⇒# subkeys = #
rounds + 1

• There are different key schedules for the different key size
Word-oriented: 1 word = 32 bits

• 11 subkeys are stored in W[0]…W[3], W[4]…W[7], … , W[40]…W[43]

• First subkey W[0]…W[3] is the original AES key


Function g rotates its four input bytes and performs a bytewise S-Box substitution
⇒nonlinearity
• The round coefficient RC is only added to the leftmost byte and varies from
round to round:

RC[1] = x0 = (00000001)2
RC[2] = x1 = (00000010)2
RC[3] = x2 = (00000100)2

... RC[10] = x9 = (00110110)2

• xi represents an element in a Galois field


AES is not based on a Feistel network ⇒ All layers must be inverted for
decryption:

• MixColumn layer → Inv MixColumn layer

• ShiftRows layer→ Inv ShiftRows layer

• Byte Substitution layer → Inv Byte Substitution layer

• Key Addition layer is its own inverse


▪ Brute-force attack: Due to the key length of 128, 192 or 256 bits, a brute-force attack is
not possible
▪ Analytical attacks: There is no analytical attack known that is better than brute-force

▪ Side-channel attacks

▪ Several side-channel attacks have been published

▪ Note that side-channel attacks do not attack the underlying algorithm but the
implementation of it
❑ AES is a modern block cipher which supports three key lengths of 128, 192 and
256 bit. It provides excellent long-term security against brute-force attacks.

❑ AES has been studied intensively since the late 1990s and no attacks have been
found that are better than brute-force.

❑ AES is not based on Feistel networks. Its basic operations use Galois field
arithmetic and provide strong diffusion and confusion.

❑ AES is part of numerous open standards such as IPsec or TLS, in addition to being
the mandatory encryption algorithm for US government applications. It seems
likely that the cipher will be the dominant encryption algorithm for many years to
come.

❑ AES is efficient in software and hardware


Note

Please refer to the notebook for detailed information, not just the slides, which are for
quick reference.

For this section, you may Cryptography and Network Security by Behrouz A
Forouzan and Deep Mukhopadhayay.

You may also refer the suggested text books

You may also refer the book Understanding the cryptography

You might also like