Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lect. 8 : Advanced Encryption Standard

Similar presentations


Presentation on theme: "1 Lect. 8 : Advanced Encryption Standard"— Presentation transcript:

1 1 Lect. 8 : Advanced Encryption Standard

2 2 AES Contest AES Contest Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty free More secure than Triple DES More efficient than Triple DES 1998 : 1 st Round Candidates – 15 Algorithms Mars, Twofish, RC6, SAFER+, HPC, CAST256, DEAL, Frog, Magenta, Rijndael, DFC, Serpent, Crypton, E2, LOKI : 2 nd Round Candidates – 5 Algorithms MARS, RC6, Rijndael, Serpent, and Twofish : Rijndael selected as the finalist : official publication as FIPS PUB 197 * National Institute of Standards and Technology

3 3 1st Round Candidates – 15 Algorithms AES Contest

4 4 2nd Round Candidates – 5 Algorithms CipherSubmitterStructureNonlinear Component MARSIBMFeistel structureSbox DD-Rotation RC6RSA Lab.Feistel structureRotation RijndaelDaemen, RijmenSPN structureSbox SerpentAnderson, Biham, Knudsen SPN structureSbox TwofishSchneier et. alFeistel structureSbox AES Contest

5 5 Joan Daemen and Vincent Rijmen, The Design ofThe Design of Rijndael, AES – The Advanced Encryption StandardRijndael, AES – The Advanced Encryption Standard, Springer, 2002, ISBN Vincent Rijmen AES Contest : Rijndael selected as the finalist : official publication as FIPS PUB 197

6 6 SPN- Structure Block Cipher More constraints on the round function: must be invertible Relatively new architecture than Feistel-structure Faster than Feistel- structure Parallel computation Typically E D

7 7 Advanced Encryption Standard (AES) AES External Format AES Plaintext block 128 bits Ciphertext block 128 bits Key 128, 192, 256 bits

8 8 AES Architecture SPN-type block cipher Block size = 128 bits Key size / No. round –128 bits 10 rounds –192 bits 12 rounds –256 bits 14 rounds Round transformation –SubBytes –ShiftRow –MixColumn –AddRoundKey Final round Repeat N-1 rounds Plaintext AddRoundKey SubByte ShiftRow MixColumn AddRoundKey SubByte ShiftRow AddRoundKey Ciphertext Initial Key Final round key Round key

9 9 Finite Field Every nonzero element has multiplicative inverse. Prime number, Zp Gcd, Extended Euclidean Algorithm Representation of n-bit data Binary Hexadecimal Polynomial GF(p), GF(2 n ) over irreducible polynomial Ex) GF(2 3 ) /x 3 + x + 1 Addition and multiplication AES uses GF(2 8 ) /f(x)= x 8 + x 4 + x 3 + x +1

10 10 S-box Round Transformation No shift Cyclic shift by 1 byte Cyclic shift by 2 byte Cyclic shift by 3 byte SubBytes MixColumns ShiftRows c(x) a 00 a 01 a 02 a 03 a 10 a 11 a 12 a 13 a 20 a 21 a 22 a 23 a 30 a 31 a 32 a 33 a ij b 00 b 01 b 02 b 03 b 10 b 11 b 12 b 13 b 20 b 21 b 22 b 23 b 30 b 31 b 32 b 33 b ij a 00 a 02 a 03 a 10 a 12 a 13 a 20 a 22 a 23 a 30 a 32 a 33 a 0j a 1j a 2j a 3j b 00 b 02 b 03 b 10 b 12 b 13 b 20 b 22 b 23 b 30 b 32 b 33 b 0j b 1j b 2j b 3j a 00 a 01 a 02 a 03 a 10 a 11 a 12 a 13 a 20 a 21 a 22 a 23 a 30 a 31 a 32 a 33 a 00 a 01 a 02 a 03 a 11 a 12 a 13 a 10 a 22 a 23 a 20 a 21 a 33 a 30 a 31 a 32 The input block is XOR-ed with the round key AddRoundKey

11 11 The input block is XOR-ed with the round key AddRoundKey

12 Best Known Attack related-key attack can break 256-bit AES with a complexity of 2 119, which is faster than brute force but is still infeasible. 192-bit AES can also be defeated in a similar manner, but at a complexity of bit AES is not affected by this attack.related-key attack chosen-plaintext attack can break 8 rounds of 192- and 256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at (Ferguson et al., 2000).chosen-plaintext attack 12

13 13 Feistel vs. SPN Structures More constraints on the round function: must be invertible Less cryptanalytic experience: relatively new architecture more parallel computation Typically E D SAFER SAFER+ IDEA AES CRYPTON SERPENT 64-bit block 128-bit block Fewer constraints on the round function More cryptanalytic experience Serial in nature Typically E = D with round keys in reverse order DES/3DES BLOWFISH CAST128 RC5 SEED TWOFISH CAST256 RC6 MARS 64-bit block 128-bit block Feistel structure SPN structure


Download ppt "1 Lect. 8 : Advanced Encryption Standard"

Similar presentations


Ads by Google