advanced encryption standard n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Advanced Encryption Standard PowerPoint Presentation
Download Presentation
Advanced Encryption Standard

Loading in 2 Seconds...

play fullscreen
1 / 36

Advanced Encryption Standard - PowerPoint PPT Presentation


  • 239 Views
  • Uploaded on

Advanced Encryption Standard. Origins. NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be used 3DES has 2 attractions 168-bit key length Removes vulnerability to brute force attack

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Advanced Encryption Standard' - dirk


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
origins
Origins
  • NIST issued a new version of DES in 1999 (FIPS PUB 46-3)
  • DES should only be used in legacy systems
  • 3DES will be used
  • 3DES has 2 attractions
    • 168-bit key length
      • Removes vulnerability to brute force attack
    • The underlying algorithm in 3DES is same as in DES
      • Easy to understand
      • Nothing new-it does not need to further evaluate
      • Resistant to cryptanalytic attack now
  • Therefore 3DES was considered an appropriate choice for standardized algorithm for decades to come
  • But DES suffers some drawbacks
    • DES was not efficient algorithm in software and 3DES involves three DES rounds, hence 3 times slower
    • Both DES and 3DES use a 64-bit block size
  • Because of these drawbacks, 3DES is not a reasonable candidate for long term-NIST issued therefore a new call for the selection of new standard-called as Advanced Encryption Standard
origins1
Origins
  • NIST issued a call for new Advanced Encryption Standard in 1997, for an algorithm:
    • Security strength equal or better than 3DES
    • Improved efficiency as compared to 3DES
  • In addition to this general criteria, NIST specified that
    • AES must be a symmetric cipher
    • Block length of 128-bits
    • Support for key length of 128, 192 and 256 bits
  • Finally on 2 October 2000, NIST officially announced Rijndael as new AES
the aes cipher rijndael
The AES Cipher - Rijndael
  • Designed by Vincent Rijmen & Joan Daemen in Belgium
  • Can support variable block & key length sizes of of 128, 192, 256 bits
  • NIST limits the block length to 128 bits, so when it is said AES, by default we are talking about 128-bits block and key lengths
  • Number of Rounds be 10/12/14 depending on the key and block sizes
  • It is not a Feistel cipher but an iterated cipher
    • Processes data as block of 4 columns of 4 bytes
    • Operates on entire data block in every round
  • Designed to be:
    • Resistance against all known attacks
    • Speed and code compactness on a wide range of platforms
    • Design simplicity

Plaintet 16 byte (128 bits)

slide6

The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the key length.

detailed structure
Detailed Structure
  • It is not a Feistel structure.
      • In the classic Feistel structure, half of the data block is used to modify the other half of the data block, and then the halves are swapped.
  • The key that is provided as input is expanded into an array of forty-four 32-bit words, w[i]. Four distinct words (128 bits) serve as a round key for each round
detailed structure1
Detailed Structure
  • Four different stages are used, one of permutation and three of substitution:
    • Substitute bytes: Uses an S-box to perform a byte-by-bytesubstitution of the block
    • ShiftRows: A simple permutation
    • MixColumns: A substitution that makes use of arithmetic over (Galois Field) GF(28).
    • AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key
byte substitution
Byte Substitution
  • Simple substitution on each byte of state independently
  • Use an S-box of 16x16 bytes containing a permutation of all 256 8-bit values
  • Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by {2A} in row 9 column 5
shift rows
Shift Rows
  • Acircular byte shift in each
    • 1st row is unchanged
    • 2nd row does 1 byte circular shift to left
    • 3rd row does 2 byte circular shift to left
    • 4th row does 3 byte circular shift to left
  • Since state is processed by columns, this step permutes bytes between the columns
mix columns
Mix Columns
  • Each column of the state matrix is multiplied by the fixed matrix given by
  • Each byte of the column is multiplied by the constant byte using irreducible polynomial m(x) =x8+x4+x3+x+1 in GF(28)
mix columns multiplication
Mix Columns (Multiplication)
  • Following are the steps to follow in order to use L and E lookup table for GF multiplication
    • The result of the multiplication is simply the result of a lookup of the L table, followed by the addition of the results in base 16, followed by a lookup to the E table.
    • If the result of addition is greater then FF then simply subtract FFfrom result.
    • use the first digit in the number on the vertical index and the second number on the horizontal index.
    • If the value being multiplied is composed of only one digit then use 0on the vertical index.
  • Two exceptions are that:
    • Any number multiplied by one is equal to its self and does not need to go through the above procedure. For example: FF * 1 = FF
    • Any number multiplied by zero equals zero
mix columns multiplication3
Mix Columns (Multiplication)
  • Example: AF * 8

L(AF)=B7

L (08)=4B

B7+4B=102>FF so

102-FF =03

E(03)=0F

SoAF*08=0F

add round key
Add Round Key
  • Added (XOR) each key byte to each byte of the state matrix
inverse byte substitution
Inverse Byte Substitution
  • S-box has its inverse-inverse S-box
  • Like encryption, each byte is substituted independently
  • Inverse S-box like encrytion s-box contains all 256 values of 8-bit each
  • Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {11} is replaced by {e3} in row 1 column 1
inverse shift rows
Inverse Shift Rows
  • Inverse shift row rotates bytes to the right instead of left as in case of encryption
  • Therefore a circular byte shift in each
    • 1st row is unchanged
    • 2nd row does 1 byte circular shift to right
    • 3rd row does 2 byte circular shift to right
    • 4th row does 3 byte circular shift to right
inverse mix columns
Inverse Mix Columns
  • Each column of the state matrix is multiplied by given matrix
  • Each byte of the column is multiplied by the constant byte using irreducible polynomial m(x) =x8+x4+x3+x+1 in GF(28)
inverse add round key
Inverse Add Round Key
  • Inverse Add round key is essentially the same as Add round key as it just adds (XOR) each key byte to each byte of the state matrix
aes key expansion
AES Key Expansion
  • Takes 128-bit (16-byte; 4-word) key and expands into array of 44 , 32-bit words.
  • Start by copying key into first 4 words
  • Then loop creating words that depend on values in previous & 4 places back
    • In 3 of 4 cases just XOR these together
    • 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back
slide32

Each added word w[i] depends on the immediately preceding word, w[i- 1], and the word four positions back, w[i-4].

  • In three out of four cases, a simple XOR is used.
  • For a word whose position in the w array is a multiple of 4, a more complex function g is used
slide33

The function g consists of the following substitution:

  • RotWord performs a one-byte circular left shift on a word. This means that an input word [b0,b1,b2,b3] is transformed into [b1,b2,b3, b0]
  • SubWordperforms a byte substitution on each byte of its input word using the S-box
  • The result of step 1 & Step 2 is XORed with a round constant, Rcon[j]
round constant
Round Constant
  • The round constant is a word in which the three rightmost bytes are always 0.
  • Thus, the effect of an XOR of a word with Rcon is to only perform an XOR on the leftmost byte of the word.
  • The round constant is different for each round, the values of RC[j] in hexadecimal are:
key expansion rationale
Key Expansion Rationale
  • The Rijndael developers designed the expansion key algorithm to be resistant to known cryptanalytic attacks.
  • Design criteria included:
    • The inclusion of round constant eliminates the symmetry, or similarity, between the ways in which round keys are generated in different rounds.
    • Knowledge of a part of the cipher key or round key does not enable calculation of many other round-key bits.
    • Fast on wide range of CPU’s
    • Simplicity of description
reading
Reading
  • “Cryptography and Network Security Principles and Practices”, Fourth Edition by William Stallings
  • Chapter 5