1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

Slides:



Advertisements
Similar presentations
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Advertisements

“Advanced Encryption Standard” & “Modes of Operation”
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3
The Advanced Encryption Standard (AES) Simplified.
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Advanced Encryption Standard
Cryptography and Network Security
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
AES clear a replacement for DES was needed
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
Lecture 23 Symmetric Encryption
CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
Encryption Schemes Second Pass Brice Toth 21 November 2001.
CSE 651: Introduction to Network Security
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on “A Tutorial on Linear and Differential Cryptanalysis” by Howard Heys.] Modern block ciphers.
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Cryptography and Network Security
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Cryptography and Network Security
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
CSCI 5857: Encoding and Encryption
Applied Cryptography Example: AES. Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's.
TWOFISH ENCRYPTION ALGORITHM CS–627: Cryptology Fall 2004 Horatiu Paul Stancu.
9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &
CIM Symmetric Ciphers 31 Advanced Encryption Standard Ch 5 of Cryptography and Network Security -Third Edition by William Stallings Modified from.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
AES Background and Mathematics CSCI 5857: Encoding and Encryption.
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.
DES Algorithm Data Encryption Standard. DES Features Block cipher, 64 bits per block 64-bit key, with only 56 bits effective ECB mode and CBC mode.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 Cryptography is the science of using mathematics to encrypt and decrypt data.  Cryptography enables you to store sensitive.
Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.
Lecture 23 Symmetric Encryption
Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski.
Fifth Edition by William Stallings
Chapter 2 (C) –Advanced Encryption Standard. Origins clearly a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Understanding Cryptography by Christof Paar and Jan Pelzl Chapter 4 – The Advanced Encryption Standard (AES) ver. October 28, 2009.
Practical Aspects of Modern Cryptography Josh Benaloh & Brian LaMacchia.
Triple DES.
School of Computer Science and Engineering Pusan National University
Cryptography and Network Security
Fifth Edition by William Stallings
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Advanced Encryption Standard
Presentation transcript:

1 The AES block cipher Niels Ferguson

2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition. US government standard. Also known as Rijndael.

3 Bias warning I’m one of the designers of the Twofish block cipher. Twofish was one of the other AES submissions. AES (then called Rijndael) won. I’ve spent several month trying to break AES.

4 Block cipher AES Plaintext (128 bits) Ciphertext (128 bits) Key ( bits)

5 Multiple rounds Plaintext Ciphertext Key schedule

6 AES multiple rounds simple rounds. Each round is a weak block cipher. Rounds are (almost) identical. Simple key schedule.

7 AES single round Add key S-box Shift row Mix column

8 128-bit values Represented as 4 by 4 matrix of 8-bit bytes.

9 Add key operation Xor of corresponding byteskey

10 S-box S 8-bit lookup table 16 lookups in parallel S

11 Shift row Reordering of the bytes within each row. Rotate rows by 0-3 byte positions.

12 Mix column Interpret each column as a vector of length 4. Multiply by 4  4 matrix over GF(2 8 ). Matrix is an MDS matrix.

13 Single round  S Round key

14 Last round  S Round key 

15 S-box Inversion in GF(2 8 ) Bitwise linear transformation Xor with a constant

16 MDS matrix Maximum Distance Separable. Byte-Hamming weight of input + output is at least 5. Input weightOutput weight 1 4 2>= 3 3>= 2 4>= 1

17 Decryption Every operation is invertible. Order of operations can be the same as for encryption.

18 Changing the order S  Round key S 

19 Decryption differences Inverse S-box. Inverse of MDS matrix. Modified round keys, or modified operation order. Requires extra hardware.

20 Key schedule (128 bits) S  r

21 Key schedule (256 bits) S  r S

22 Key schedule Cannot directly generate round keys in reverse order. Decryption must either store all round keys, or pre-compute the ‘final’ state and work backwards from that. Requires extra time from getting key to start of first decryption.

23 Speed About 16 clock cycles/byte on modern 32- bit CPUs. That’s 200 MByte/s on a 3.2 GHz P4!

24 Uses Almost never used as-is: most messages are not exactly 128 bits long. Used with a block cipher mode to encrypt and/or authenticate messages.

25 Security properties For any given key, a block cipher is a permutation (must be able to decrypt). Should behave like a random permutation: no detectable structure. Different keys result in “independent random permutations.”

26 Best known attacks No known attacks on full AES. Best attack on 7  9 rounds (out of 10  14 rounds). Clean design leaves algebraic structures: no attacks, but some worries.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.