1 / 26

AES ( A dvanced E ncryption S tandard)

AES ( A dvanced E ncryption S tandard). By- Sharmistha Roy M.Tech, CSE 1 st semester NIT, Agartala. Introduction:.

lorenem
Download Presentation

AES ( A dvanced E ncryption S tandard)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AES (Advanced Encryption Standard) By- Sharmistha Roy M.Tech, CSE 1st semester NIT, Agartala

  2. Introduction: • After DES, the need for coming up with a new algorithm was actually because of the perceived weakness in DES. The 56-bit keys of DES were no longer considered safe against attacks based on exhaustive key searches and the 64-bit blocks were also considered as weak. • AES was to be based on 128-bit blocks, with 128-bit keys or 192-bit or 256-bit keys. • In general, two versions of AES are used: 128-bit plain text block combined with 128-bit key block and 128-bit plain text block combined with 256-bit key block. • Many proposals of AES were submitted and after a lot of debate, an algorithm called as Rijndael was accepted. It was developed by Joan Daemen and Vincent Rijmen.

  3. Introduction: • According to its designers, the main features of AES are: • Symmetric and parallel structure: This gives the implementers of the algorithm a lot of flexibility. It also stands up well against cryptanalysis attacks. • Adapted to modern processors: The algorithm works well with modern processors (Pentium, RISC, parallel) • Suited to smart cards: The algorithm can work well with smart cards. • Since 128-bits give a possible key range of 2^128 or 3*10^38 keys, so AES is very much secure and faster than Triple-DES. • Rijndael has a variable number of rounds. • 10 if both the block and the key are 128 bits long. • 12 if either the block or the key is 192 bits long, and neither of them is longer than that. • 14 if either the block or the key is 256 bits long. • One key differentiator between DES and Rijndael is that all the Rijndael operation involve entire byte and not individual bits of a byte.

  4. STATE Operation of each round Sub bytes • One AddRoundKey is applied before the first round. • The Mix column is missing at last round. STATE Shiftrows STATE Mixcolumns STATE AddRoundKey Structure of each round STATE

  5. AES Process: • Block: A block in AES is a group of 128 bits which is represented as a row matrix of 16 bytes. • State: The data block in AES are treated as State. For example Let us take a text block “AES USES A MATRIX”. • To make it 16 bytes add Z at the end. • Now assign values to the characters from 0 to 25. • Form state matrix with their equivalent two hexadecimal digits.

  6. AES Encryption Procedure State Processing: Text: Hex : • Step-1: Hence the resulting State Matrix is as follows: 00 12 0C 08 04 04 00 23 12 12 13 19 14 00 11 19 (4 X 4) matrix • Step-2: Pre-round operation Here in this step the state matrix is added with the cipher key i.e. (the key matrix containing W[0] to W[3]). Addition means performing XOR operation.

  7. Pre-round Operation:  • Hence the resulting State Matrix after pre-round is as follows: • Step-3: Sub-byte Transformation Next step is the sub-byte transformation, which requires S-box. Byte by byte substitution is done to replace the contents of the state array with the respective entries in the S-box. Cipher Key State matrix

  8. AES S-Box Lookup Table 0 1 2 3 4 5 6 7 8 9 A B C D E F 063 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76 1CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0 2B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15 304 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75 409 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84 553 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF 6D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8 751 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2 8CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73 960 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB AE0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79 BE7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08 CBA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A D70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E EE1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF F8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16

  9. Sub-byte: The sub-byte transformation of the above example is:02 D2 D2 AA A3 EF 92 B1 EF BC F3 02 D0 9D 92 3C Shift rows Transformation: Row 0 : 0 byte Lshift Row 1 : 1 byte Lshift Row 2: 2 byte Lshift Row 3: 3 byte Lshift

  10. Shift row Transformation: • Step-4: Shift-row Transformation Shift-row transformation involves byte-wise left shift. The shift-row transformation of the above example is: Mix- column Transformation: • Step-5: Mix-column Transformation • The mix column transformation operates at the column level. It transform each column of the state to a new column. This transformation is actually a matrix multiplication of state column by a constant square matrix. • The constant matrix is as: 02 03 01 01 01 02 03 01 01 01 02 03 03 01 01 02

  11. Mix column overview = X constant Mix column state state

  12. Mix column overview • B1=(b1*2) (b2*3) (b3*1) (b4*1) • B2=(b1*1) (b2*2) (b3*3) (b4*1) • B3=(b1*1) (b2*1) (b3*2) (b4*3) • B4=(b1*3) (b2*1) (b3*1) (b4*2) • B5=(b5*2) (b6*3) (b7*1) (b8*1) • B6=(b5*1) (b6*2) (b7*3) (b8*1) • B7=(b5*1) (b6*1) (b7*2) (b8*3) • B8=(b5*3) (b6*1) (b7*1) (b8*2) 16 byte state array Mix-column array Constant matrix

  13. Mix column operation: In this example mix-column operation is as: B1=02*2 EF*3 F3*1 3C*1 02*2=(00000010)(00000010) =(x)(x) = x^2 = 00000100 EF*3=(11101111)(00000011) = (x^7 + x^6 + x^5 + x^3+x^2+x+1)(x+1) =x^8+x^7+x^6+x^4+x^3+x^2+x+x^7+x^6+x^5+x^3+x^2+x+1 = x^8+x^5+x^4+1 (mod x^8+x^4+x^3+x+1) = x^5+x^3+x = 00101010 F3*1=F3=11110011 3C*1=3C=00111100 X

  14. Mix column operation: B1=00000100 00101010 1111001100111100 =11100001 = E1 • This matrix multiplication can be done with the help of another method known as Galois Field Multiplication, which involves the use of L-Table & E-table. • All numbers being multiplied using the Mix Column function converted to HEX will form a maximum of 2 digit Hex number. We use the first digit in the number on the vertical index and the second number on the horizontal index. If the value being multiplied is composed of only one digit we use 0 on the vertical index. • Multiplication in GF(28) consists of multiplying two polynomials modulo an irreducible polynomial of degree 8. • AES uses the following irreducible polynomial m(x) = x8 + x4 + x3 + x + 1

  15. L-Table 0 1 2 3 4 5 6 7 8 9 A B C D E F 000 19 01 32 02 1A C6 4B C7 1B 68 33 EE DF 03 164 04 E0 0E 34 8D 81 EF 4C 71 08 C8 F8 69 1C C1 27D C2 1D B5 F9 B9 27 6A 4D E4 A6 72 9A C9 09 78 365 2F 8A 05 21 0F E1 24 12 F0 82 45 35 93 DA 8E 496 8F DB BD 36 D0 CE 94 13 5C D2 F1 40 46 83 38 566 DD FD 30 BF 06 8B 62 B3 25 E2 98 22 88 91 10 67E 6E 48 C3 A3 B6 1E 42 3A 6B 28 54 FA 85 3D BA 72B 79 0A 15 9B 9F 5E CA 4E D4 AC E5 F3 73 A7 57 8AF 58 A8 50 F4 EA D6 74 4F AE E9 D5 E7 E6 AD E8 92C D7 75 7A EB 16 0B F5 59 CB 5F B0 9C A9 51 A0 A7F 0C F6 6F 17 C4 49 EC D8 43 1F 2D A4 76 7B B7 BCC BB 3E 5A FB 60 B1 86 3B 52 A1 6C AA 55 29 9D C97 B2 87 90 61 BE DC FC BC 95 CF CD 37 3F 5B D1 D53 39 84 3C 41 A2 6D 47 14 2A 9E 5D 56 F2 D3 AB E44 11 92 D9 23 20 2E 89 B4 7C B8 26 77 99 E3 A5 F67 4A ED DE C5 31 FE 18 0D 63 8C 80 C0 F7 70 07

  16. E-Table 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 01 03 05 0F 11 33 55 FF 1A 2E 72 96 A1 F8 13 35 15F E1 38 48 D8 73 95 A4 F7 02 06 0A 1E 22 66 AA 2E5 34 5C E4 37 59 EB 26 6A BE D9 70 90 AB E6 31 353 F5 04 0C 14 3C 44 CC 4F D1 68 B8 D3 6E B2 CD 44C D4 67 A9 E0 3B 4D D7 62 A6 F1 08 18 28 78 88 583 9E B9 D0 6B BD DC 7F 81 98 B3 CE 49 DB 76 9A 6B5 C4 57 F9 10 30 50 F0 0B 1D 27 69 BB D6 61 A3 7 FE 19 2B 7D 87 92 AD EC 2F 71 93 AE E9 20 60 A0 8FB 16 3A 4E D2 6D B7 C2 5D E7 32 56 FA 15 3F 41 9C3 5E E2 3D 47 C9 40 C0 5B ED 2C 74 9C BF DA 75 A9F BA D5 64 AC EF 2A 7E 82 9D BC DF 7A 8E 89 80 B9B B6 C1 58 E8 23 65 AF EA 25 6F B1 C8 43 C5 54 CFC 1F 21 63 A5 F4 07 09 1B 2D 77 99 B0 CB 46 CA D45 CF 4A DE 79 8B 86 91 A8 E3 3E 42 C6 51 F3 0E E12 36 5A EE 29 7B 8D 8C 8F 8A 85 94 A7 F2 0D 17 F39 4B DD 7C 84 97 A2 FD 1C 24 6C B4 C7 52 F6 01

  17. Galois Field Operation • For example if the two Hex values being multiplied are AF * 8 we first lookup L(AF) index which returns B7 and then lookup L(08) which returns 4B. Once the L table lookup is complete we can then simply add the numbers together. • The only trick being that if the addition result is greater then FF we subtract FF from the addition result. For example AF+B7= 166. Because 166 > FF, we perform: 166-FF which gives us 67. • The last step is to look up the addition result on the E table. Again we take the first digit to look up the vertical index and the second digit to look up the horizontal index. For example E (67)=F0. • There fore the result of multiplying AF * 8 over a Galois Field is F0 Note: In the last round i.e. round 10 we omit the mix-column operation

  18. Key Adding • Step-6: Add round Key The most important transformation is to include cipher key. If cipher is not added with the state at each round it is very easy to find the plain text from cipher text. The cipher key is only secret between sender and receiver. • Each round key is 128 bits long and its form 4X4 matrix for each step. • Add round key also proceeds one column at a time. Add round key adds a round key with each state column matrix. The operation in add round key is matrix addition. (addition means XOR operation) • So in 1st round the add round key uses the round key from w[4] to w[7] and in the last i.e. 10th round the add round key uses the round key from w[40] to w[43].

  19. Key Processing: • To create round key for each round AES uses a key expansion processes. • The first round key is used for pre-round transformation i.e. (W0 to W3). • The remaining round keys are used for Add round Key i.e. the last transformation of each round. • Key expansion routine creates keys word by word where a word is an array of 4 bytes.

  20. Key Expansion: • The first words ( w0,w1,w2,w3 ) are made from the cipher key. The cipher key is thought of as an array of 16 (k0…k15) bytes. The first four bytes (k0..k3) become w0, next 4 bytes become w1 and so on. • The rest of the words w4 to w43 are made as follows: a) if (i mod 4) ≠0 wi=w(i-1) w(i-4) b) if (i mod 4) = =0 wi=t w(i-4) where t is a temporary word, result of applying two routines subword and rotword on wi-1 and X-ORing the result with a round constant t = subword(rotword(w(i-1))) constant [i /4]

  21. Key Expansion: • Rotword: similar to shiftrows • Subword: similar to subbyte operation in earlier cases • Roundconstant: The round constant matrix is as: round Const

  22. Key Processing • Let us take one key matrix W[4] W[5] W[6] W[7] W[0] W[1] W[2] W[3] Next we have to find out W[4], W[5], W[6], W[7] For W[4], since i mod 4 =0 so, W[4]= t XOR W[i-4] = t XOR W[0] Here t= subword(rotword(w[i-1])) XOR constant [i /4] = subword(rotword(W[3])) XOR constant [0] For W[5], since I mod 4 = 0 so, W[5] = W[i-1] XOR W[i-4] = W[4] XOR W[1] In this way keys are created from W[4] to W[43].

  23. Key Processing Finding W[4]: W[3]= 6A 75 73 74 Rotword W[3]= 75 73 74 6A Subword(Rotword W[3])= subword(75 73 74 6A)= 9D 8F 92 02 Subword(Rotword W[3]) XOR constant [0] = 9D 8F 92 02 XOR 01 00 00 00= 9C 8F 92 02 Therefore W[4]= t XOR W[0] = 9C 8F 92 02 XOR 6A 75 73 74 = F6 FA E1 76 Finding W[5]: W[5]= W[4] XOR W[1] = F6 FA E1 76 XOR 6D 65 6A 75 = 9B 9F 8B 03

  24. AES Decryption Procedure • Decryption algorithm uses the expanded key in reverse order. • All functions are easily reversible and their inverse form is used in decryption. • Decryption algorithm is not identical to the encryption algorithm. • In the beginning there is a pre-round operation using the cipher text as the state matrix and the last round key as the key matrix(i.e. W[40] to W[43]). • Again, final round consists of only three stages. Mix-column operation is omitted here.

  25. Conclusion of AES

More Related