Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1

Contents History Drawbacks of DES Algorithm Feature of AES Algorithm. Substitution-Permutation Network Key Expansion Description of the AES Advantages of AES Security of the AES Comparison b/w AES and DES Conclusion Slide #9-2

History The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952 In 1976 National Institute of Standards and Technology (NIST), published the DES algorithm And later IDEA, Blowfish, RC5 and Triple DES algorithms are published. And these algorithms survived as part-time algorithms Slide #9-3

History Continues… AES was announced by National Institute of Standards and Technology(NIST ) in 2002 AES was first published as Rijndael in the year 1998, portmanteau of the names of the two inventors Joan Daemen and Vincent Rijmen. As of 2009, AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information. Slide #9-4

Drawbacks of DES Algorithm DES is considered to be insecure for many applications. The main reason the insecurity of DES is it’s Key length. The Key length of DES is 56 bits. NSA claimed that the key length is too small. In January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes w considered to be insecure for many applications Slide #9-5

Features of AES Symmetric Cipher Fixed Block length Variable Key length Variable Number of Rounds. Uses Substitution-Permutation Network. Available in three different Version(AES-128, AES192, AES 256) Certified by CRYPTREC, NESSIE, NSA, AES Winner Slide #9-6

Substitution-Permutation Network AIM: to provide Diffusion and Confusion. S-boxes substitute or transform input bits into output bits. A good S-box will have the property that changing one input bit will change about half of the output bits. No output bit of S-Box should match the I/P bits S-Boxes should show Non linearity Slide #9-7

SP Network (Continue..) P-boxes take the S-box outputs of one round, permute or transpose bits, and feed them into the S- box inputs of the next round. A single S-box produces a limited amount of confusion and the single P-box produces a limited amount of diffusion A well-designed SP network has enough rounds that every input bit is fully diffused across every output bit of the entire message. Slide #9-8

Description of Algorithm Key Expansion Initial Round 1.Add RoundKey Rounds 1. SubBytes 2. Shift Rows 3. Mix Columns 4. Add RoundKey Final Round 1.SubBytes 2.ShiftRows 3.AddRoundKey Slide #9-9

Key Expansion AES key is either 128 bits, 192 bits or 256 bits 128bits=4 words 192bits=6 words 256bits=8words Number of Rounds=Key length + 6 (in words) Expanded Key length= 4*(Number of Rounds+1) (in words) Slide #9-10

Key Expansion(continues) Slide #9-11 Key length Expanded key length Block Size Number of Rounds AES AES AES

Encryption CIPHER TEXT Slide #9-12

Add RoundKey The subkey, which is generated from the key Expansion is added by combining each byte of the state with the corresponding byte of the subkey using bitwise XOR Slide #9-13

Add Roundkey Slide #9-14

SUB-BYTE In the SubBytes step, each byte in the array is updated using an 8-bit substitution box, the Rijndael S-box. This operation provides the non-linearity in the cipher.. The S-box is also chosen to avoid any fixed points also any opposite fixed points. Slide #9-15

SubBytes Slide #9-16

MixColumns In the MixColumns step, the four bytes of each column of the state are combined using an invertible linear transformation. The MixColumns function takes four bytes as input and outputs four bytes, where each input byte affects all four output bytes. Together with ShiftRows, MixColumns provides diffusion in the cipher. Slide #9-17

MixColumns Slide #9-18

Shift Rows ShiftRows step operates on the rows of the state; it cyclically shifts the bytes in each row by a certain offset. For AES, the first row is left unchanged. Each byte of the second row is shifted one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three respectively Slide #9-19

Shift Row Slide #9-20

Key Expansion Slide #9-21 One word among the key is taken usually the last word is taken. It is rotated by one bit. The sub-byte operation is performed on it Now the result is EXOR with first word and Rcon. The result gives the first column of the expansion key

Advantages Fast in it’s execution Requires less Memory Use Substitution –Permutation Network. Slide #9-22

Security Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2 55 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old So, AES is safe for another 109 year ( with assumption that the speed of the processor double for every 18 months) Slide #9-23

Security(Continues..) As of 2006, the only successful attacks against AES implementations have been side-channel attacks. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non- classified data. In June 2003, the US Government announced that AES may be used to protect classified information: Slide #9-24

Side Channel Attack A side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). Slide #9-25

Comparison b/w DES &AES SubjectDESAES Year Block64 bits128 bits StructureFeistal CipherSP-Network Encryption PrincipleSubstitution, Permutation Shift, Bit Mixing, Substitution Cryptography Primitive Confusion, Diffusion DesignOpen Design RationaleClosedOpen SourceIBM, enhanced by NSA Independent Belgian Cryptography

Conclusion No Algorithm is secure from Brute force attack. But, the main goal of the modern encryption algorithms is to make it difficult for the Brute force Attack to break the encryption. But, the Brute force Attack can be executed fast with the help of Cluster and Grid Computing Technologies. So, Modern Encryption Algorithms should compete with the challenges posed by Cluster and Grid Computing Technologies. Slide #9-27