Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.

Published byAbigail Holmes Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria."— Presentation transcript:

1 Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria For AES 5.2 The AES Cipher

2 Information Security Lab. Dept. of Computer Engineering 123/151 KEY POINTS  AES is a block cipher intended to replace DES for commercial applications. It uses a 128-bit block size and a key size of 128, 192, or 256 bits.  AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic operations over a finite field, and XOR with a key.

3 Information Security Lab. Dept. of Computer Engineering 124/151 5.1 Evaluation Criteria for AES The Origins of AES  A replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks  Can use Triple-DES – but slow, has small blocks  US NIST issued call for ciphers in Sep. 12, 1997; (block length:128bits, key length: 128, 192, 256bits, royalty-free basis, stronger & faster than Triple-DES)  Submission were due on June 15, 1998, Of 21submitted cryptosystems, 15 met all the necessary criteria. AES candidates  “First AES Candidate Conference” on Aug. 20, 98. “Second AES Candidate Conference” on Mar., 99.

4 Information Security Lab. Dept. of Computer Engineering 125/151 The Origins of AES  Aug. 99, five of the candidates were chosen by NIST as finalist: MARS, RC6, Rijndael, Serpent, Twofish  Apr., 2000, Third AES candidates Conference Oct. 2, 2000, Rijndael was selected to be the AES Belgian researcher, Joan Daemen, Vincent Rijmen  Feb. 28, 2001, (NIST) AES was available for public review and comment. Nov. 26, 2001, Rijndael was adopted as a standard (AES). Dec. 4, 2001, published as FIPS 197.  Rijndael was selected because its combination of security, performance, efficiency, implementability and flexibility 5.1 Evaluation Criteria for AES

5 Information Security Lab. Dept. of Computer Engineering 126/151 AES Evaluation  initial criteria: security – effort for practical cryptanalysis cost – in terms of computational efficiency algorithm & implementation characteristics  final criteria (Oct. 2, 2000) general security ease of software & hardware implementation implementation attacks flexibility (in en/decrypt, keying, other factors) 5.1 Evaluation Criteria for AES

6 Information Security Lab. Dept. of Computer Engineering 127/151 5.2 The AES Cipher  Designed by Rijmen-Daemen in Belgium  Block & Key size : 128/192/256 bit keys Table 5.3 AES Parameters  an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round  Designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity

7 Information Security Lab. Dept. of Computer Engineering 128/151 5.2 The AES Cipher  Variable block length : 128, 192, 256 bits;  State : Intermediate cipher result Nb : the # of 4-bytes(word; 32 bits) of a block Nb = 4, 6, 8 if the block length is 128, 192, 256 bits One dimensional array of a byte within a block; x 0, x 1, x 2, …, x 15,…, x 23,…, x 31 Rectangular(2D) array with four rows Index of One dimensional array: n 0  n  15(Nb = 4); 0  n  23(Nb = 6); 0  n  31(Nb = 8 ) Index of Rectangular(2D): (i, j) i = n mod 4, j =  n / 4 , n = i + 4 * j 0  j  3(Nb = 4); 0  j  5(Nb = 6); 0  n  7(Nb = 8)

8 Information Security Lab. Dept. of Computer Engineering 129/151 5.2 The AES Cipher  State : Intermediate cipher result  Variable key length : 128, 192, 256 bits Nk : the # of 4-bytes(word; 32 bits) of a key Nk = 4, 6, 8 if the key length is 128, 192, 256 bits x 0 x 4 x 8 x 12 x 1 x 5 x 9 x 13 x 2 x 6 x 10 x 14 x 3 x 7 x 11 x 15 s 0,0 s 0,1 s 0,2 s 0,3 s 1,0 s 1,1 s 1,2 s 1,3 s 2,0 s 2,1 s 2,2 s 2,3 s 3,0 s 3,1 s 3,2 s 3,3 State (Nb=4) Nb=6 Nb=8 Plaintext block (Nb=4) 

9 Information Security Lab. Dept. of Computer Engineering 130/151 5.2 The AES Cipher  Variable key length : 128, 192, 256 bits Nk : the # of 4-bytes(word; 32 bits) of a key Nk = 4, 6, 8 if the key length is 128, 192, 256 bits k 0 k 4 k 8 k 12 k 1 k 5 k 9 k 13 k 2 k 6 k 10 k 14 k 3 k 7 k 11 k 15 w0 w0 w1w1 w2 w2 w3w3  w 42 w 43 Key and expanded key Nr = 10 Key size (Nk = 4) 

10 Information Security Lab. Dept. of Computer Engineering 131/151 5.2 The AES Cipher  The AES is an iterated cipher; the # of rounds; Nr  Nr depends on the block length and key length. NrNb = 4Nb = 6Nb = 8 Nk = 4101214 Nk = 612 14 Nk = 814 Nr =The number of rounds

11 Information Security Lab. Dept. of Computer Engineering 132/151 Fig. 5.1 AES Encryption/ Decryption Nb = 4 Nk = 4 Nr = 10

12 Information Security Lab. Dept. of Computer Engineering 133/151 5.2 The AES Cipher Substitute Bytes Transformation (SubBytes)  Forward and Inverse substitute byte transformation S 1,1 = {95} 9 5 S 1,1 = {2A}  S-box constructed using defined transformation of values in GF(2 8 )  designed to be resistant to all known attacks

13 Information Security Lab. Dept. of Computer Engineering 134/151 5.2 The AES Cipher Substitute Bytes Transformation (SubBytes) Table 5.4 AES S-box

14 Information Security Lab. Dept. of Computer Engineering 135/151 5.2 The AES Cipher Substitute Bytes Transformation (SubBytes)  The S-box is constructed in the following fashion: The value of the byte at row x, column y is { xy }. Map each byte { xy } in the S-Box to its multiplicative inverse in the finite field GF(2 8 ) =F[x]/(x 8 +x 4 +x 3 +x+1) Let { xy }  1 = b = (b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ). Apply the following transformation to each bit of b: b i = b i  b (i+4) mod 8  b (i+5) mod 8  b (i+6) mod 8  b (i+7) mod 8  c i where c i such that (c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 )=(01100011)={63} 16 b  Affine transformation  b

15 Information Security Lab. Dept. of Computer Engineering 136/151 5.2 The AES Cipher Substitute Bytes Transformation (SubBytes)  The affine transformation of the S-box in field GF(2 8 ).

16 Information Security Lab. Dept. of Computer Engineering 137/151 5.2 The AES Cipher Substitute Bytes Transformation (SubBytes)  Example : {xy}={95}= (10010101): A(x) = x 7 + x 4 + x 2 +1 A(x)  1 = x 7 + x 3 + x  b= (10001010)={8A} b = (00101010) = {2A}

17 Information Security Lab. Dept. of Computer Engineering 138/151 5.2 The AES Cipher Inverse SubBytes Transformation Table 5.4 AES Inverse S-box

18 Information Security Lab. Dept. of Computer Engineering 139/151 5.2 The AES Cipher Inverse SubBytes Transformation  The inverse affine transformation: b = {2A}  {8A}  {8A}  1 = {95} : inverse in the field GF(2 8 )

19 Information Security Lab. Dept. of Computer Engineering 140/151 5.2 The AES Cipher Forward ShiftRows Transformation  A circular byte shift in each row 87F24D97 EC6E4C90 4AC346E7 8CD895A6 87F24D97 6E4C90EC 46E74AC3 A68CD895 no left shift 1 left shift 2 left shifts 3 left shifts  NbRow 1Row 2Row 3Row 4 40123 60123 80134  Shift offsets for different block lengths

20 Information Security Lab. Dept. of Computer Engineering 141/151 5.2 The AES Cipher Forward ShiftRows Transformation Inverse ShiftRows Transformation  Decrypt inverts using shifts to right

21 Information Security Lab. Dept. of Computer Engineering 142/151 5.2 The AES Cipher Forward MixColumn Transformation  Each column is processed separately.  Each byte is replaced by a value dependent on all 4 bytes in the column

22 Information Security Lab. Dept. of Computer Engineering 143/151 5.2 The AES Cipher Forward MixColumn Transformation  effectively a matrix multiplication in GF(2 8 ) using prime poly. m(x) = x 8 + x 4 + x 3 + x +1

23 Information Security Lab. Dept. of Computer Engineering 144/151 5.2 The AES Cipher Forward MixColumn Transformation  Example : 4740A34C 37D4709F 94E43A42 EDA5A6BC 87F24D97 6E4C90EC 46E74AC3 A68CD895  Inverse MixColumn Transformation  decryption requires use of inverse matrix

24 Information Security Lab. Dept. of Computer Engineering 145/151 5.2 The AES Cipher Forward AddRoundKey Transformation  XOR state with 128-bits of the round key Inverse AddRoundKey Transformation  inverse for decryption identical; since XOR own inverse, with reversed keys

25 Information Security Lab. Dept. of Computer Engineering 146/151 5.2 The AES Cipher AES Key Expansion  Takes 128-bit (16-byte) key and expands into array of Nk = 44/52/60 32-bit words The function g : 1: RotWord : one-byte circular left shift w i = [b 0 b 1 b 2 b 3 ]  [b 1 b 2 b 3 b 0 ] 2: SubWord : SubBytes transformaton 3: The result of 1 & 2  Rcon[j] Rcon[j] = 1, Rcon[j] = 2  Rcons[j  1] over GF(2 8 ) Rcon[2] = 02 Rcon[3] = 04 Rcon[4] = 08 Rcon[5] = 10 Rcon[6] = 20 Rcon[7] = 40 Rcon[8] = 80 Rcon[9] = 1B Rcon[10] = 36

26 Information Security Lab. Dept. of Computer Engineering 147/151 5.2 The AES Cipher AES Key Expansion Rationale  designed to resist known attacks  design criteria included knowing part key insufficient to find many more invertible transformation fast on wide range of CPU ’ s use round constants to break symmetry diffuse key bits into round keys enough non-linearity to hinder analysis simplicity of description

27 Information Security Lab. Dept. of Computer Engineering 148/151 5.2 The AES Cipher Equivalent Inverse Cipher  AES decryption is not identical to encryption since steps done in reverse; but can define an equivalent inverse cipher with steps as for encryption using inverses of each step with a different key schedule  Interchangeing InvShiftRows and InvSubBytes InvShiftRows[InvSubBytes(S i )] = InvSubBytes[InvShiftRows (S i )]  Interchanging AddRoundKey and InvMixColumns InvMixColumns(S i  w j ) = InvMixColumns(S i )  InvMixColumns(w j )

28 Information Security Lab. Dept. of Computer Engineering 149/151 5.2 The AES Cipher

29 Information Security Lab. Dept. of Computer Engineering 150/151 5.2 The AES Cipher Implementation Aspects   can efficiently implement on 8-bit CPU byte substitution; shift rows is byte shift; add round key works on byte XOR’s mix columns requires matrix multiply in GF(2 8 )   can efficiently implement on 32-bit CPU redefine steps to use 32-bit words can precompute 4 tables of 256-words then each column in each round can be computed using 4 table lookups + 4 XORs at a cost of 4Kb to store tables   Very efficient implementation was a key factor in its selection as the AES cipher

30 Information Security Lab. Dept. of Computer Engineering 151/151 Summary  have considered: the AES selection process the details of Rijndael – the AES cipher looked at the steps in each round the key expansion implementation aspects

Download ppt "Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria."

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
The Advanced Encryption Standard (AES) Simplified.

The Advanced Encryption Standard (AES) Simplified.
Advanced Encryption Standard

Advanced Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) - 2007 Jordan’s Campus.

Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.

Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Cryptography and Network Security

Cryptography and Network Security
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Similar presentations

Ads by Google