1 / 15

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES). Reasons for AES. Problems with DES key size is small Theoretical attacks Exhaustive key search attacks Triple-DES – pretty safe, but slow AES selected out of 15 candidates Issued as FIPS PUB 197 standard in Nov-2001. AES Features.

aeckenrode
Download Presentation

Advanced Encryption Standard (AES)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Encryption Standard(AES)

  2. Reasons for AES • Problems with DES • key size is small • Theoretical attacks • Exhaustive key search attacks • Triple-DES – pretty safe, but slow • AES selected out of 15 candidates • Issued as FIPS PUB 197 standard in Nov-2001

  3. AES Features • Symmetric key block cipher • 128-bit data, 128/192/256-bit keys • Resistant against known attacks • Fast • Compact code • Simple

  4. AES Cipher • Designed by Rijmen-Daemen in Belgium • Anticipated life of 20-30 years • NIST have released all submissions & unclassified analyses • Fixed data block size : 128 bits • Processes a data block in 4 groups of 4 bytes and operates an entire block in every round • A data block is termed as “state.” Original plaintext known as initial state.

  5. AES • Goes through 9/11/13 rounds. In each round, it does: • Byte substitution (SubBytes()) • Shift rows (ShiftRows()) • Mix columns (MixColums()) • Add round key (AddRoundKey()) • Last round is incomplete

  6. AES Flow Diagram

  7. Byte Substitution • Uses a 16x16 table • Each byte of state is replaced by byte in row indexed by left 4-bits of the byte & column indexed by right 4-bits • Example: byte {95} in hex. is replaced by row 9 col 5 byte, which is the value {2A} in hex. • S-box (substitution box) is constructed using a defined transformation of the values in GF(28) • Designed to be resistant to all known attacks

  8. Shift Rows • Each row is processed separately • A circular byte shift in each row • 1st row: no shift • 2nd row: 1 byte circular shift to left • 3rd row: 2 byte circular shift to left • 4th row: 3 byte circular shift to left • Decrypt does shifts to right by 0, 1, 2, and 3 bytes for rows 1, 2, 3, and 4 respectively.

  9. Mix Columns • Each byte is replaced by a value dependent on all 4 bytes in the column • Essentially a matrix multiplication in GF(28)

  10. Add Round Key • XOR state with 128-bits of the round key • XOR each column of the state with a word from the key schedule

  11. AES Round

  12. AES Key Expansion • 128-bit (16-byte) key expands into array of 44/52/60 32-bit words • See PDF for details

  13. AES Decryption • Not identical to encryption since steps done in reverse • Uses inverses of each encryption step with a different key schedule • Inverse byte substitution • Inverse shift rows • Inverse mix columns • Inverse add (tweaked) round key

  14. Implementation • On 8-bit CPU • Byte substitution can be done using a table of 256 entries • Shift rows is simple byte shifting • Add round key is byte XORs • Mix columns is matrix multiplication in GF(28) which works on byte values, can be simplified to use a table lookup

  15. Implementation • On 32-bit CPU • Redesign steps to use 32-bit words • Use pre-computed 4 tables of 256-words • Each column in each round can be computed using 4 table lookups + 4 XORs • Very efficient implementation was a key factor in its selection as the AES cipher

More Related