1 / 17

PIS : Unit II Advanced Encryption Standard (AES)

PIS : Unit II Advanced Encryption Standard (AES). Sanjay Rawat Sanjay_r@vnrvjiet.in. Based on the slides of Lawrie Brown together with the book “Cryptography and Network Security” by William Stalling. Facts. Published by NIST in Nov 2001: FIPS PUB 197

penelope-morrow
Download Presentation

PIS : Unit II Advanced Encryption Standard (AES)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PIS: Unit IIAdvanced Encryption Standard (AES) Sanjay Rawat Sanjay_r@vnrvjiet.in Based on the slides of Lawrie Brown together with the book “Cryptography and Network Security” by William Stalling. PIS Unit 2 AES Sanjay Rawat

  2. Facts • Published by NIST in Nov 2001: FIPS PUB 197 • Based on a competition won by Rijmen and Daemen (Rijndael) from Belgium • 22 submissions, 7 did not satisfy all requirements • 15 submissions, 5 finalists: Mars, RC6, Rijndael, Serpent, Twofish. Winner: Rijndael. • Rijndaelallows many block sizes and key sizes • AES restricts it to: • Block Size: 128 bits • Key sizes: 128, 192, 256 (AES-128, AES-192, AES-256) • An iterative rather than Feistel cipher • operates on entire data block in every round • Byte operations: Easy to implement in software PIS Unit 2 AES Sanjay Rawat

  3. Rijndael • data block of 4 columns of 4 bytes is state • key is expanded to array of words • has 9/11/13 rounds in which state undergoes: • byte substitution (1 S-box used on every byte) • shift rows (permute bytes between groups/columns) • mix columns (subs using matrix multipy of groups) • add round key (XOR state with key material) • view as alternating XOR key & scramble data bytes • initial XOR key material & incomplete last round • with fast XOR & table lookup implementation PIS Unit 2 AES Sanjay Rawat

  4. AES parameters PIS Unit 2 AES Sanjay Rawat

  5. Rijndael steps PIS Unit 2 AES Sanjay Rawat

  6. 1. Byte Substitution • a simple substitution of each byte • uses S-box of 16x16 bytes containing a permutation of all 256 8-bit values • each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits) • S-box constructed using defined transformation of values in GF(28) • designed to be resistant to all known attacks PIS Unit 2 AES Sanjay Rawat

  7. S-Box • eg. byte {95} is replaced by byte in row 9 column 5 • which has value {2A} PIS Unit 2 AES Sanjay Rawat

  8. 2. Shift Rows • a circular byte shift in each each • 1st row is unchanged • 2nd row does 1 byte circular shift to left • 3rd row does 2 byte circular shift to left • 4th row does 3 byte circular shift to left • decrypt inverts using shifts to right • since state is processed by columns, this step permutes bytes between the columns • provides for diffusion of values between columns PIS Unit 2 AES Sanjay Rawat

  9. ShiftRow PIS Unit 2 AES Sanjay Rawat

  10. 3. Mix Columns • each column is processed separately • each byte is replaced by a value dependent on all 4 bytes in the column • effectively a matrix multiplication in GF(28) using prime poly m(x) =x8+x4+x3+x+1 • m(x) =x8+x4+x3+x+1 can be represented as (100011011)=11B -> modulo PIS Unit 2 AES Sanjay Rawat

  11. Mix columns x = PIS Unit 2 AES Sanjay Rawat

  12. Inverse Mix Columns = ? PIS Unit 2 AES Sanjay Rawat

  13. 4. Add Round Key • XOR state with 128-bits of the round key • again processed by column (though effectively a series of byte operations) • inverse for decryption identical • since XOR own inverse, with reversed keys PIS Unit 2 AES Sanjay Rawat

  14. Key Expansion • takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words • First subkey (w3,w2,w1,w0) = cipher key • Other keys are calculated as follows: • , if else: PIS Unit 2 AES Sanjay Rawat

  15. Key Expansion • RotWord: performs a one-byte circular left shift on the word w[i-1] i.e. previous word. S1 • SubWord: performs a byte substitution on each byte of its input word, using a S-box (same as for byte substitution step). S2 • The result of steps 1 and 2 is XORed with a round constant, Rcon[j]. W[i]= S2 XOR w[i-4] XOR Rcon[j] • For AES-192 and AES-256, the key expansion is more complex. Rcon[j]= PIS Unit 2 AES Sanjay Rawat

  16. Example Key Expansion PIS Unit 2 AES Sanjay Rawat

  17. Summary • AES encrypts 128 bit blocks with 128-bit, 192-bit or 256-bit. • using 10, 12, or 14 rounds, respectively. • Does not use Feistel based cipher. All 128 bits are encrypted. • Each round has 4 steps-- SubBytes, ShiftRows, MixColumns, and AddRoundKey. • Last round has only 3 steps. No MixColumns. • Decryption is not the same as encryption. Decryption consists of inverse steps. PIS Unit 2 AES Sanjay Rawat

More Related