1 / 36

Advanced Encryption Standard

Advanced Encryption Standard. Origins. NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be used 3DES has 2 attractions 168-bit key length Removes vulnerability to brute force attack

dirk
Download Presentation

Advanced Encryption Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Advanced Encryption Standard

  2. Origins • NIST issued a new version of DES in 1999 (FIPS PUB 46-3) • DES should only be used in legacy systems • 3DES will be used • 3DES has 2 attractions • 168-bit key length • Removes vulnerability to brute force attack • The underlying algorithm in 3DES is same as in DES • Easy to understand • Nothing new-it does not need to further evaluate • Resistant to cryptanalytic attack now • Therefore 3DES was considered an appropriate choice for standardized algorithm for decades to come • But DES suffers some drawbacks • DES was not efficient algorithm in software and 3DES involves three DES rounds, hence 3 times slower • Both DES and 3DES use a 64-bit block size • Because of these drawbacks, 3DES is not a reasonable candidate for long term-NIST issued therefore a new call for the selection of new standard-called as Advanced Encryption Standard

  3. Origins • NIST issued a call for new Advanced Encryption Standard in 1997, for an algorithm: • Security strength equal or better than 3DES • Improved efficiency as compared to 3DES • In addition to this general criteria, NIST specified that • AES must be a symmetric cipher • Block length of 128-bits • Support for key length of 128, 192 and 256 bits • Finally on 2 October 2000, NIST officially announced Rijndael as new AES

  4. The AES Cipher - Rijndael • Designed by Vincent Rijmen & Joan Daemen in Belgium • Can support variable block & key length sizes of of 128, 192, 256 bits • NIST limits the block length to 128 bits, so when it is said AES, by default we are talking about 128-bits block and key lengths • Number of Rounds be 10/12/14 depending on the key and block sizes • It is not a Feistel cipher but an iterated cipher • Processes data as block of 4 columns of 4 bytes • Operates on entire data block in every round • Designed to be: • Resistance against all known attacks • Speed and code compactness on a wide range of platforms • Design simplicity Plaintet 16 byte (128 bits)

  5. AES

  6. The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the key length.

  7. Detailed Structure • It is not a Feistel structure. • In the classic Feistel structure, half of the data block is used to modify the other half of the data block, and then the halves are swapped. • The key that is provided as input is expanded into an array of forty-four 32-bit words, w[i]. Four distinct words (128 bits) serve as a round key for each round

  8. Detailed Structure • Four different stages are used, one of permutation and three of substitution: • Substitute bytes: Uses an S-box to perform a byte-by-bytesubstitution of the block • ShiftRows: A simple permutation • MixColumns: A substitution that makes use of arithmetic over (Galois Field) GF(28). • AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key

  9. AES

  10. Byte Substitution • Simple substitution on each byte of state independently • Use an S-box of 16x16 bytes containing a permutation of all 256 8-bit values • Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by {2A} in row 9 column 5

  11. Byte Substitution

  12. Shift Rows • Acircular byte shift in each • 1st row is unchanged • 2nd row does 1 byte circular shift to left • 3rd row does 2 byte circular shift to left • 4th row does 3 byte circular shift to left • Since state is processed by columns, this step permutes bytes between the columns

  13. Mix Columns • Each column of the state matrix is multiplied by the fixed matrix given by • Each byte of the column is multiplied by the constant byte using irreducible polynomial m(x) =x8+x4+x3+x+1 in GF(28)

  14. Mix Columns

  15. Mix Columns (Multiplication) • Following are the steps to follow in order to use L and E lookup table for GF multiplication • The result of the multiplication is simply the result of a lookup of the L table, followed by the addition of the results in base 16, followed by a lookup to the E table. • If the result of addition is greater then FF then simply subtract FFfrom result. • use the first digit in the number on the vertical index and the second number on the horizontal index. • If the value being multiplied is composed of only one digit then use 0on the vertical index. • Two exceptions are that: • Any number multiplied by one is equal to its self and does not need to go through the above procedure. For example: FF * 1 = FF • Any number multiplied by zero equals zero

  16. Mix Columns (Multiplication)

  17. Mix Columns (Multiplication)

  18. Mix Columns (Multiplication) • Example: AF * 8 L(AF)=B7 L (08)=4B B7+4B=102>FF so 102-FF =03 E(03)=0F SoAF*08=0F

  19. Add Round Key • Added (XOR) each key byte to each byte of the state matrix

  20. AES Decryption

  21. Inverse Byte Substitution • S-box has its inverse-inverse S-box • Like encryption, each byte is substituted independently • Inverse S-box like encrytion s-box contains all 256 values of 8-bit each • Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {11} is replaced by {e3} in row 1 column 1

  22. Inverse S-Box

  23. Inverse Shift Rows • Inverse shift row rotates bytes to the right instead of left as in case of encryption • Therefore a circular byte shift in each • 1st row is unchanged • 2nd row does 1 byte circular shift to right • 3rd row does 2 byte circular shift to right • 4th row does 3 byte circular shift to right

  24. Inverse Mix Columns • Each column of the state matrix is multiplied by given matrix • Each byte of the column is multiplied by the constant byte using irreducible polynomial m(x) =x8+x4+x3+x+1 in GF(28)

  25. Inverse Add Round Key • Inverse Add round key is essentially the same as Add round key as it just adds (XOR) each key byte to each byte of the state matrix

  26. AES: Key Expansion

  27. AES Key Expansion • Takes 128-bit (16-byte; 4-word) key and expands into array of 44 , 32-bit words. • Start by copying key into first 4 words • Then loop creating words that depend on values in previous & 4 places back • In 3 of 4 cases just XOR these together • 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back

  28. Each added word w[i] depends on the immediately preceding word, w[i- 1], and the word four positions back, w[i-4]. • In three out of four cases, a simple XOR is used. • For a word whose position in the w array is a multiple of 4, a more complex function g is used

  29. The function g consists of the following substitution: • RotWord performs a one-byte circular left shift on a word. This means that an input word [b0,b1,b2,b3] is transformed into [b1,b2,b3, b0] • SubWordperforms a byte substitution on each byte of its input word using the S-box • The result of step 1 & Step 2 is XORed with a round constant, Rcon[j]

  30. Round Constant • The round constant is a word in which the three rightmost bytes are always 0. • Thus, the effect of an XOR of a word with Rcon is to only perform an XOR on the leftmost byte of the word. • The round constant is different for each round, the values of RC[j] in hexadecimal are:

  31. Key Expansion Rationale • The Rijndael developers designed the expansion key algorithm to be resistant to known cryptanalytic attacks. • Design criteria included: • The inclusion of round constant eliminates the symmetry, or similarity, between the ways in which round keys are generated in different rounds. • Knowledge of a part of the cipher key or round key does not enable calculation of many other round-key bits. • Fast on wide range of CPU’s • Simplicity of description

  32. Reading • “Cryptography and Network Security Principles and Practices”, Fourth Edition by William Stallings • Chapter 5

More Related