1 / 16

Advanced Encryption Standard

Advanced Encryption Standard . This Lecture . Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key Expansion Implementation Aspects AES Security and Strength. Why AES? . Symmetric block cipher, published in 2001

niveditha
Télécharger la présentation

Advanced Encryption Standard

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Encryption Standard

  2. This Lecture • Why AES? • NIST Criteria for potential candidates • The AES Cipher • AES Functions and Inverse Functions • AES Key Expansion • Implementation Aspects • AES Security and Strength

  3. Why AES? • Symmetric block cipher, published in 2001 • Intended to replace DES and 3DES DES is vulnerable to differential attacks 3DES has slow performances

  4. NIST Criteria to Evaluate Potential Candidates • Security: The effort to crypt analyze an algorithm. • Cost: The algorithm should be practical in a wide range of applications. • Algorithm and Implementation Characteristics : Flexibility, simplicity etc. 5 final candidates have been chosen out of 15

  5. NIST Criteria – cont. • General Security • Software Implementations • Hardware Implementations • Restricted-Space Environments • Attacks on Implementations • Encryption vs. Decryption • Key Agility • Potential for Instruction-Level Parallelism • Other versatility and Flexibility NIST selected Rijndael as the proposed AES algorithm

  6. The AES Cipher • Block length is limited to 128 bit • The key size can be independently specified to 128, 192 or 256 bits

  7. The AES Cipher • Key received as input array of 4 rows and Nk columns • Nk = 4,6, or 8, parameter which depends key size • Input key is expanded into an array of 44/52/60 words of 32 bits each • 4 different words serve as a key for each round k0 k4 k8 k12 …… k1 k5 k9 k13 w0 w1 w2 w42 w43 k2 k6 k10 k14 k3 k7 k11 k15

  8. The AES Cipher • Single 128 bit block as input • Copied to a State array with Nb columns (Nb=4) Input State array Output in0 in4 in8 in12 S00 S01 S02 S03 o0 o4 o8 o12 in1 in5 in9 in13 S10 S11 S12 S13 o1 o5 o9 o13 in2 in6 in10 in14 S20 S21 S22 S23 o2 o6 o10 o14 in3 in7 in11 in15 S30 S31 S32 S33 o3 o7 o11 o15

  9. The AES Cipher • Number of rounds, Nr, depends on key size • Each round is a repetition of functions that perform a transformation over State array • Consists of 4 main functions: one permutation and three substitutions Substitute bytes, Shift rows, Mix columns, Add round key

  10. The AES Cipher • AddRoundKey() – round key is added to the State using XOR operation • MixColumns() – takes all the columns of the State and mixes their data, independently of one another, making use of arithmetic over GF(2^8) • ShiftRows() – processes the State by cyclically shifting the last three rows of the State by different offsets • SubBytes() – uses S-box to perform a byte-by-byte substitution of State

  11. The AES Cipher plaintext Add round key Substitute bytes Substitute bytes Substitute bytes Shift rows Shift rows Shift rows Round 1 Round 9 Mix columns Mix columns Add round key Add Round key Add round key Cipher text W[4,7] W[36,39] W[40,43] key

  12. The AES Cipher Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)]) Begin byte state[4,Nb] state = in AddRoundKey(state, w[0, Nb-1]) for round=1 to Nr-1 SubBytes(state) ShiftRows(state) MixColumns(state) AddRoundKey(state, w[round*Nb, round+1)*Nb-1]) end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1) Out = state end

  13. The AES Cipher • Only Add round key makes use of the key • Other three functions are used for diffusion and confusion • Final round consists of only three stages

  14. The AES Inverse Cipher ciphertext Add round key Inv. Shift rows Inv. Shift rows Inv. Shift rows Inv. Sub bytes Inv. Sub bytes Inv. Sub bytes Round 1 Round 9 Add round key Add round key Add round key Inv. Mix Columns Inv. Mix columns plaintext W[36,39] W[4,7] W[0,3] key

  15. The AES Inverse Cipher InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)]) Begin byte state[4,Nb] state = in AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1) for round=1 to Nr-1 InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[round*Nb, round+1)*Nb-1]) InvMixColumns(state) end for InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[0, Nb-1]) Out = state end

  16. The AES Inverse Cipher • Decryption algorithm uses the expanded key in reverse order • All functions are easily reversible and their inverse form is used in decryption • Decryption algorithm is not identical to the encryption algorithm • Again, final round consists of only three stages

More Related