Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.

Slides:



Advertisements
Similar presentations
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Advertisements

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5
The Advanced Encryption Standard (AES) Simplified.
Advanced Encryption Standard
Cryptography and Network Security
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Cryptography and Network Security
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Cryptography and Network Security
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
Applied Cryptography Example: AES. Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's.
9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &
CIM Symmetric Ciphers 31 Advanced Encryption Standard Ch 5 of Cryptography and Network Security -Third Edition by William Stallings Modified from.
Classical &ontemporyryptology 1 AESAES Classical &ontemporyryptology 2 Advanced Encryption Standard Since DES was becoming less reliable as new cryptanalysis.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 Cryptography is the science of using mathematics to encrypt and decrypt data.  Cryptography enables you to store sensitive.
Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.
Lecture 23 Symmetric Encryption
Fifth Edition by William Stallings
Chapter 2 (C) –Advanced Encryption Standard. Origins clearly a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.
Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.
Fall 2002CS 395: Computer Security1 Chapters 5-6: Contemporary Symmetric Ciphers Triple DES Blowfish AES.
Data Security and Encryption (CSE348) 1. Lecture # 9 2.
The Advanced Encryption Standard Part 1: Overview
Understanding Cryptography by Christof Paar and Jan Pelzl Chapter 4 – The Advanced Encryption Standard (AES) ver. October 28, 2009.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security Chapter 5
CSE565: Computer Security Lectures 5 & 6 Advanced Encryption Standard
Triple DES.
Cryptography and Network Security
School of Computer Science and Engineering Pusan National University
Cryptography and Network Security Chapter 5
The Advanced Encryption Standard: Rijndael
Cryptography and Network Security
Cryptography and Network Security Chapter 5
AES Objectives ❏ To review a short history of AES
Advanced Encryption Standard (Symmetric key Algorithm)
Cryptography and Network Security
Fifth Edition by William Stallings
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 5
Chapter -3 ADVANCED ENCRYPTION STANDARD & BLOCK CIPHER OPERATION
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 5
Origins AES = current federal standard for symmetric crypto (replacing DES) DES Key size is too small The variants are just patches can use Triple-DES.
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Advanced Encryption Standard
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 5
Presentation transcript:

Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria For AES 5.2 The AES Cipher

Information Security Lab. Dept. of Computer Engineering 123/151 KEY POINTS  AES is a block cipher intended to replace DES for commercial applications. It uses a 128-bit block size and a key size of 128, 192, or 256 bits.  AES does not use a Feistel structure. Instead, each full round consists of four separate functions: byte substitution, permutation, arithmetic operations over a finite field, and XOR with a key.

Information Security Lab. Dept. of Computer Engineering 124/ Evaluation Criteria for AES The Origins of AES  A replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks  Can use Triple-DES – but slow, has small blocks  US NIST issued call for ciphers in Sep. 12, 1997; (block length:128bits, key length: 128, 192, 256bits, royalty-free basis, stronger & faster than Triple-DES)  Submission were due on June 15, 1998, Of 21submitted cryptosystems, 15 met all the necessary criteria. AES candidates  “First AES Candidate Conference” on Aug. 20, 98. “Second AES Candidate Conference” on Mar., 99.

Information Security Lab. Dept. of Computer Engineering 125/151 The Origins of AES  Aug. 99, five of the candidates were chosen by NIST as finalist: MARS, RC6, Rijndael, Serpent, Twofish  Apr., 2000, Third AES candidates Conference Oct. 2, 2000, Rijndael was selected to be the AES Belgian researcher, Joan Daemen, Vincent Rijmen  Feb. 28, 2001, (NIST) AES was available for public review and comment. Nov. 26, 2001, Rijndael was adopted as a standard (AES). Dec. 4, 2001, published as FIPS 197.  Rijndael was selected because its combination of security, performance, efficiency, implementability and flexibility 5.1 Evaluation Criteria for AES

Information Security Lab. Dept. of Computer Engineering 126/151 AES Evaluation  initial criteria: security – effort for practical cryptanalysis cost – in terms of computational efficiency algorithm & implementation characteristics  final criteria (Oct. 2, 2000) general security ease of software & hardware implementation implementation attacks flexibility (in en/decrypt, keying, other factors) 5.1 Evaluation Criteria for AES

Information Security Lab. Dept. of Computer Engineering 127/ The AES Cipher  Designed by Rijmen-Daemen in Belgium  Block & Key size : 128/192/256 bit keys Table 5.3 AES Parameters  an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round  Designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity

Information Security Lab. Dept. of Computer Engineering 128/ The AES Cipher  Variable block length : 128, 192, 256 bits;  State : Intermediate cipher result Nb : the # of 4-bytes(word; 32 bits) of a block Nb = 4, 6, 8 if the block length is 128, 192, 256 bits One dimensional array of a byte within a block; x 0, x 1, x 2, …, x 15,…, x 23,…, x 31 Rectangular(2D) array with four rows Index of One dimensional array: n 0  n  15(Nb = 4); 0  n  23(Nb = 6); 0  n  31(Nb = 8 ) Index of Rectangular(2D): (i, j) i = n mod 4, j =  n / 4 , n = i + 4 * j 0  j  3(Nb = 4); 0  j  5(Nb = 6); 0  n  7(Nb = 8)

Information Security Lab. Dept. of Computer Engineering 129/ The AES Cipher  State : Intermediate cipher result  Variable key length : 128, 192, 256 bits Nk : the # of 4-bytes(word; 32 bits) of a key Nk = 4, 6, 8 if the key length is 128, 192, 256 bits x 0 x 4 x 8 x 12 x 1 x 5 x 9 x 13 x 2 x 6 x 10 x 14 x 3 x 7 x 11 x 15 s 0,0 s 0,1 s 0,2 s 0,3 s 1,0 s 1,1 s 1,2 s 1,3 s 2,0 s 2,1 s 2,2 s 2,3 s 3,0 s 3,1 s 3,2 s 3,3 State (Nb=4) Nb=6 Nb=8 Plaintext block (Nb=4) 

Information Security Lab. Dept. of Computer Engineering 130/ The AES Cipher  Variable key length : 128, 192, 256 bits Nk : the # of 4-bytes(word; 32 bits) of a key Nk = 4, 6, 8 if the key length is 128, 192, 256 bits k 0 k 4 k 8 k 12 k 1 k 5 k 9 k 13 k 2 k 6 k 10 k 14 k 3 k 7 k 11 k 15 w0 w0 w1w1 w2 w2 w3w3  w 42 w 43 Key and expanded key Nr = 10 Key size (Nk = 4) 

Information Security Lab. Dept. of Computer Engineering 131/ The AES Cipher  The AES is an iterated cipher; the # of rounds; Nr  Nr depends on the block length and key length. NrNb = 4Nb = 6Nb = 8 Nk = Nk = Nk = 814 Nr =The number of rounds

Information Security Lab. Dept. of Computer Engineering 132/151 Fig. 5.1 AES Encryption/ Decryption Nb = 4 Nk = 4 Nr = 10

Information Security Lab. Dept. of Computer Engineering 133/ The AES Cipher Substitute Bytes Transformation (SubBytes)  Forward and Inverse substitute byte transformation S 1,1 = {95} 9 5 S 1,1 = {2A}  S-box constructed using defined transformation of values in GF(2 8 )  designed to be resistant to all known attacks

Information Security Lab. Dept. of Computer Engineering 134/ The AES Cipher Substitute Bytes Transformation (SubBytes) Table 5.4 AES S-box

Information Security Lab. Dept. of Computer Engineering 135/ The AES Cipher Substitute Bytes Transformation (SubBytes)  The S-box is constructed in the following fashion: The value of the byte at row x, column y is { xy }. Map each byte { xy } in the S-Box to its multiplicative inverse in the finite field GF(2 8 ) =F[x]/(x 8 +x 4 +x 3 +x+1) Let { xy }  1 = b = (b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ). Apply the following transformation to each bit of b: b i = b i  b (i+4) mod 8  b (i+5) mod 8  b (i+6) mod 8  b (i+7) mod 8  c i where c i such that (c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 )=( )={63} 16 b  Affine transformation  b

Information Security Lab. Dept. of Computer Engineering 136/ The AES Cipher Substitute Bytes Transformation (SubBytes)  The affine transformation of the S-box in field GF(2 8 ).

Information Security Lab. Dept. of Computer Engineering 137/ The AES Cipher Substitute Bytes Transformation (SubBytes)  Example : {xy}={95}= ( ): A(x) = x 7 + x 4 + x 2 +1 A(x)  1 = x 7 + x 3 + x  b= ( )={8A} b = ( ) = {2A}

Information Security Lab. Dept. of Computer Engineering 138/ The AES Cipher Inverse SubBytes Transformation Table 5.4 AES Inverse S-box

Information Security Lab. Dept. of Computer Engineering 139/ The AES Cipher Inverse SubBytes Transformation  The inverse affine transformation: b = {2A}  {8A}  {8A}  1 = {95} : inverse in the field GF(2 8 )

Information Security Lab. Dept. of Computer Engineering 140/ The AES Cipher Forward ShiftRows Transformation  A circular byte shift in each row 87F24D97 EC6E4C90 4AC346E7 8CD895A6 87F24D97 6E4C90EC 46E74AC3 A68CD895 no left shift 1 left shift 2 left shifts 3 left shifts  NbRow 1Row 2Row 3Row  Shift offsets for different block lengths

Information Security Lab. Dept. of Computer Engineering 141/ The AES Cipher Forward ShiftRows Transformation Inverse ShiftRows Transformation  Decrypt inverts using shifts to right

Information Security Lab. Dept. of Computer Engineering 142/ The AES Cipher Forward MixColumn Transformation  Each column is processed separately.  Each byte is replaced by a value dependent on all 4 bytes in the column

Information Security Lab. Dept. of Computer Engineering 143/ The AES Cipher Forward MixColumn Transformation  effectively a matrix multiplication in GF(2 8 ) using prime poly. m(x) = x 8 + x 4 + x 3 + x +1

Information Security Lab. Dept. of Computer Engineering 144/ The AES Cipher Forward MixColumn Transformation  Example : 4740A34C 37D4709F 94E43A42 EDA5A6BC 87F24D97 6E4C90EC 46E74AC3 A68CD895  Inverse MixColumn Transformation  decryption requires use of inverse matrix

Information Security Lab. Dept. of Computer Engineering 145/ The AES Cipher Forward AddRoundKey Transformation  XOR state with 128-bits of the round key Inverse AddRoundKey Transformation  inverse for decryption identical; since XOR own inverse, with reversed keys

Information Security Lab. Dept. of Computer Engineering 146/ The AES Cipher AES Key Expansion  Takes 128-bit (16-byte) key and expands into array of Nk = 44/52/60 32-bit words The function g : 1: RotWord : one-byte circular left shift w i = [b 0 b 1 b 2 b 3 ]  [b 1 b 2 b 3 b 0 ] 2: SubWord : SubBytes transformaton 3: The result of 1 & 2  Rcon[j] Rcon[j] = 1, Rcon[j] = 2  Rcons[j  1] over GF(2 8 ) Rcon[2] = 02 Rcon[3] = 04 Rcon[4] = 08 Rcon[5] = 10 Rcon[6] = 20 Rcon[7] = 40 Rcon[8] = 80 Rcon[9] = 1B Rcon[10] = 36

Information Security Lab. Dept. of Computer Engineering 147/ The AES Cipher AES Key Expansion Rationale  designed to resist known attacks  design criteria included knowing part key insufficient to find many more invertible transformation fast on wide range of CPU ’ s use round constants to break symmetry diffuse key bits into round keys enough non-linearity to hinder analysis simplicity of description

Information Security Lab. Dept. of Computer Engineering 148/ The AES Cipher Equivalent Inverse Cipher  AES decryption is not identical to encryption since steps done in reverse; but can define an equivalent inverse cipher with steps as for encryption using inverses of each step with a different key schedule  Interchangeing InvShiftRows and InvSubBytes InvShiftRows[InvSubBytes(S i )] = InvSubBytes[InvShiftRows (S i )]  Interchanging AddRoundKey and InvMixColumns InvMixColumns(S i  w j ) = InvMixColumns(S i )  InvMixColumns(w j )

Information Security Lab. Dept. of Computer Engineering 149/ The AES Cipher

Information Security Lab. Dept. of Computer Engineering 150/ The AES Cipher Implementation Aspects   can efficiently implement on 8-bit CPU byte substitution; shift rows is byte shift; add round key works on byte XOR’s mix columns requires matrix multiply in GF(2 8 )   can efficiently implement on 32-bit CPU redefine steps to use 32-bit words can precompute 4 tables of 256-words then each column in each round can be computed using 4 table lookups + 4 XORs at a cost of 4Kb to store tables   Very efficient implementation was a key factor in its selection as the AES cipher

Information Security Lab. Dept. of Computer Engineering 151/151 Summary  have considered: the AES selection process the details of Rijndael – the AES cipher looked at the steps in each round the key expansion implementation aspects

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.