Download presentation

Presentation is loading. Please wait.

1
Advanced Encryption Standard

2
This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key Expansion Implementation Aspects AES Security and Strength

3
Why AES? Symmetric block cipher, published in 2001 Intended to replace DES and 3DES DES is vulnerable to differential attacks 3DES has slow performances

4
NIST Criteria to Evaluate Potential Candidates Security: The effort to crypt analyze an algorithm. Cost: The algorithm should be practical in a wide range of applications. Algorithm and Implementation Characteristics : Flexibility, simplicity etc. 5 final candidates have been chosen out of 15

5
NIST Criteria – cont. General Security Software Implementations Hardware Implementations Restricted-Space Environments Attacks on Implementations Encryption vs. Decryption Key Agility Potential for Instruction-Level Parallelism Other versatility and Flexibility NIST selected Rijndael as the proposed AES algorithm

6
The AES Cipher Block length is limited to 128 bit The key size can be independently specified to 128, 192 or 256 bits Key size (words/bytes/bits)4/16/1286/24/1928/32/256 Number of rounds101214 Expanded key size (words/byte)44/17652/20860/240

7
The AES Cipher Key received as input array of 4 rows and Nk columns Nk = 4,6, or 8, parameter which depends key size Input key is expanded into an array of 44/52/60 words of 32 bits each 4 different words serve as a key for each round k0k4k8k12 k1 k2 k3 k5 k6 k7 k9 k10 k11 k13 k14 k15 w0w1w2 …… w42w43

8
The AES Cipher Single 128 bit block as input Copied to a State array with Nb columns (Nb=4) in0in4in8in12 in1 in2 in3 in5 in6 in7 in9 in10 in11 in13 in14 in15 S 00 S 01 S 02 S 03 S 10 S 20 S 30 S 11 S 21 S 31 S 12 S 22 S 32 S 13 S 23 S 33 o0o4o8o12 o1 o2 o3 o5 o6 o7 o9 o10 o11 o13 o14 o15 Input State array Output

9
The AES Cipher Number of rounds, Nr, depends on key size Each round is a repetition of functions that perform a transformation over State array Consists of 4 main functions: one permutation and three substitutions Substitute bytes, Shift rows, Mix columns, Add round key

10
The AES Cipher AddRoundKey() – round key is added to the State using XOR operation MixColumns() – takes all the columns of the State and mixes their data, independently of one another, making use of arithmetic over GF(2^8) ShiftRows() – processes the State by cyclically shifting the last three rows of the State by different offsets SubBytes() – uses S-box to perform a byte-by- byte substitution of State

11
The AES Cipher Add round key Substitute bytes Shift rows Mix columns Add Round key Substitute bytes Shift rows Mix columns Add round key Substitute bytes Shift rows Add round key plaintext Cipher text key W[4,7]W[36,39]W[40,43] Round 1 Round 9

12
The AES Cipher Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)]) Begin byte state[4,Nb] state = in AddRoundKey(state, w[0, Nb-1]) for round=1 to Nr-1 SubBytes(state) ShiftRows(state) MixColumns(state) AddRoundKey(state, w[round*Nb, round+1)*Nb-1]) end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1) Out = state end

13
The AES Cipher Only Add round key makes use of the key Other three functions are used for diffusion and confusion Final round consists of only three stages

14
The AES Inverse Cipher Add round key Inv. Shift rows Inv. Sub bytes Add round key Inv. Mix Columns Inv. Shift rows Inv. Sub bytes Add round key Inv. Mix columns Inv. Shift rows Inv. Sub bytes Add round key ciphertext plaintext key W[36,39]W[4,7]W[0,3] Round 1 Round 9

15
The AES Inverse Cipher InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)]) Begin byte state[4,Nb] state = in AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1) for round=1 to Nr-1 InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[round*Nb, round+1)*Nb-1]) InvMixColumns(state) end for InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[0, Nb-1]) Out = state end

16
The AES Inverse Cipher Decryption algorithm uses the expanded key in reverse order All functions are easily reversible and their inverse form is used in decryption Decryption algorithm is not identical to the encryption algorithm Again, final round consists of only three stages

Similar presentations

© 2020 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google