AES-Intro
16
Advanced Encryption Standard
-
Upload
smitha-vas -
Category
Documents
-
view
8 -
download
0
Transcript of AES-Intro
Advanced Encryption Standard
This Lecture
• Why AES?
• NIST Criteria for potential candidates
• The AES Cipher
• AES Functions and Inverse Functions
• AES Key Expansion
• Implementation Aspects
• AES Security and Strength
Why AES?
• Symmetric block cipher, published in 2001
• Intended to replace DES and 3DES
DES is vulnerable to differential attacks
3DES has slow performances
NIST Criteria to Evaluate Potential Candidates
• Security: The effort to crypt analyze an algorithm.
• Cost: The algorithm should be practical in a wide range of applications.
• Algorithm and Implementation Characteristics : Flexibility, simplicity etc.
5 final candidates have been chosen out of 15
NIST Criteria – cont.• General Security• Software Implementations• Hardware Implementations• Restricted-Space Environments• Attacks on Implementations• Encryption vs. Decryption• Key Agility• Potential for Instruction-Level Parallelism• Other versatility and Flexibility NIST selected Rijndael as the proposed AES algorithm
The AES Cipher
• Block length is limited to 128 bit
• The key size can be independently specified to 128, 192 or 256 bits
Key size (words/bytes/bits) 4/16/128 6/24/192 8/32/256
Number of rounds 10 12 14
Expanded key size (words/byte) 44/176 52/208 60/240
The AES Cipher• Key received as input array of 4 rows and Nk columns• Nk = 4,6, or 8, parameter which depends key size• Input key is expanded into an array of 44/52/60 words
of 32 bits each• 4 different words serve as a key for each round
k0 k4 k8 k12
k1
k2
k3
k5
k6
k7
k9
k10
k11
k13
k14
k15
w0 w1 w2 …… w42 w43
The AES Cipher
• Single 128 bit block as input• Copied to a State array with Nb columns (Nb=4)
in0 in4 in8 in12
in1
in2
in3
in5
in6
in7
in9
in10
in11
in13
in14
in15
S00 S01 S02 S03
S10
S20
S30
S11
S21
S31
S12
S22
S32
S13
S23
S33
o0 o4 o8 o12
o1
o2
o3
o5
o6
o7
o9
o10
o11
o13
o14
o15
Input State array Output
The AES Cipher
• Number of rounds, Nr, depends on key size
• Each round is a repetition of functions that perform a transformation over State array
• Consists of 4 main functions: one permutation and three substitutions
Substitute bytes, Shift rows, Mix columns, Add round key
The AES Cipher
• AddRoundKey() – round key is added to the State using XOR operation
• MixColumns() – takes all the columns of the State and mixes their data, independently of one another, making use of arithmetic over GF(2^8)
• ShiftRows() – processes the State by cyclically shifting the last three rows of the State by different offsets
• SubBytes() – uses S-box to perform a byte-by-byte substitution of State
The AES Cipher
Add round key
Substitute bytes
Shift rows
Mix columns
Add Round key
Substitute bytes
Shift rows
Mix columns
Add round key
Substitute bytes
Shift rows
Add round key
plaintext
Cipher text
keyW[4,7] W[36,39] W[40,43]
Round 1
Round 9
The AES CipherCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])Begin byte state[4,Nb] state = in AddRoundKey(state, w[0, Nb-1])
for round=1 to Nr-1 SubBytes(state) ShiftRows(state) MixColumns(state) AddRoundKey(state, w[round*Nb, round+1)*Nb-1]) end for
SubBytes(state) ShiftRows(state) AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1)
Out = stateend
The AES Cipher
• Only Add round key makes use of the key
• Other three functions are used for diffusion and confusion
• Final round consists of only three stages
The AES Inverse Cipher
Add round key
Inv. Shift rows
Inv. Sub bytes
Add round key
Inv. Mix Columns
Inv. Shift rows
Inv. Sub bytes
Add round key
Inv. Mix columns
Inv. Shift rows
Inv. Sub bytes
Add round key
ciphertext
plaintext
keyW[36,39] W[4,7] W[0,3]
Round 1
Round 9
The AES Inverse CipherInvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])Begin byte state[4,Nb] state = in AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1)
for round=1 to Nr-1 InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[round*Nb, round+1)*Nb-1]) InvMixColumns(state) end for
InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[0, Nb-1])
Out = stateend
The AES Inverse Cipher
• Decryption algorithm uses the expanded key in reverse order
• All functions are easily reversible and their inverse form is used in decryption
• Decryption algorithm is not identical to the encryption algorithm
• Again, final round consists of only three stages
