90 likes | 189 Views
ICS 454 Principles of Cryptography. Advanced Encryption Standard (AES) Sultan Almuhammadi. Outline. Background AES Encryption and Decryption Security Issues Implementation Issues. Background. In 1977, the National Bureau of Standards (NBS) adopted DES.
E N D
ICS 454Principles of Cryptography Advanced Encryption Standard (AES) Sultan Almuhammadi
Outline • Background • AES Encryption and Decryption • Security Issues • Implementation Issues
Background • In 1977, the National Bureau of Standards (NBS) adopted DES. • In 1994, the National Institute of Standards and Technology (NIST), reaffirmed DES for federal use for another 5 years. • In 1999, NIST adopted 3DES. • Pros: • 168-bit key overcomes brute-force attack. • Cons: • Triple rounds relatively slow in software. • 64-bit block size larger is better. • 3DES is not a good candidate for long-term use.
Background • In 1997, NIST called for a new Advanced Encryption Standard (AES) • AES Requirements: • Must have equal or better security than 3DES. • Must improve the efficiency. • Must be a 128-bit symmetric block cipher. • Must support 128/192/256 bit key lengths. • In 2001, NIST selected Rijndael (by Rijmen and Daemen) as the new AES. • AES will replace 3DES eventually. Until then, NIST approves 3DES for US government use.
AES (Encryption) • Not a Feistel structure (data block is processed in parallel in each round) • Key Expansion provides 128-bit round keys (4 words each). • Each round has 4 stages: • Substitute bytes: using an S-box to perform a byte-by-byte substitution of the block • ShiftRows: a simple permutation • MixColumns: substitution using arithmetic over GF(28) • AddRoundKey: bitwise XOR of the current block with a round key
byte-by-byte substitution using S-box Simple permutation Substitution using arithmetic over GF(28) XOR with round key
AES (Decryption) • Each stage is easily reversible: • Inv. Sub bytes: An inverse S-box is used. • Inv. ShiftRows: Inverse permutation • Inv. MixColumns: Inverse substitution using arithmetic over GF(28) • AddRoundKey: XOR with a round key in reverse order (B RK) RK = B
AES Security Issues • Only the AddRoundKey stage makes use of the key. • Other stages are reversible without the key add no security. • AddRoundKey stage by itself is just an XOR scheme attackable. • Other three stages provide confusion/diffusion/ nonlinearity (i.e. scrambling the block), but no security. • The four stages together in each round make it both efficient and highly secure. • The S-box is designed such that: • It is resistant to known cryptanalytic attacks • It has no fixed point (S-box(n) = n) • it is not self-inverse. Eg. S-box(95) = 2A, but Inv.S-box(95) = AD
AES Implementation Issues • Very efficient on 8-bit processor: • AddRoundKey: bytewise XOR operation • ShiftRows: simple byte shifting • SubBytes: operates at byte-level • MixColumns: multiplies matrices in GF(28) • On 32-bit processor, a more efficient implementation can be achieved with operations defined on 32-bit words.