RIJNDAEL Arta Doci University Of Colorado.
Topics Covered Introduction Characteristics of Rijndael Algorithm and its building blocks Mathematics behind Rijndael Conclusion
Rijndael, the Advanced Encryption Standard, is a symmetric block cipher. It uses the same key between sender and receiver to encrypt and decrypt the message. Speed and cost make symmetric algorithms as the algorithm of choice for encrypting large amounts of data. Rijndael = Rijmen & Daemen
Characteristics of Rijndael: Iterated block cipher Parallel structure (based on the S- P Network model structure) Byte Oriented Predecessor: SQUARE.
Block Cipher: Two Principles of a good block cipher, as defined by Claude Shannon, are: 1. ‘Confusion’ which stands for substitution operations. 2. ‘Diffusion’ which stands for transposition or permutation operations.
S-P Network Model (Shannon) Divide each Block of Data into smaller manageable pieces of the same length. In parallel each piece goes through: Confusion (substitution): S-Box Diffusion (Permutation): P-Box
INPUT(Block of Plaintext, Key): Divide plaintext into blocks of length 1(byte) * 16, thus creating a 4 X 4 matrix, i.e. the STATE matrix. State[Row,Column]=Byte[Row+4Column] Byte0Byte4Byte8Byte12 Byte1Byte5Byte9Byte13 Byte2Byte6Byte10Byte14 Byte3Byte7Byte11Byte15 State[0,0]State[0,1]State[0,2]State[0,3] State[1,0]State[1,1]State[1,2]State[1,3] State[2,0]State[2,1]State[2,2]State[2,3] State[3,0]State[3,1]State[3,2]State[3,3] EXAMPLE: Create State Matrix from a given block…
Pseudo Code: Rijndael_Cipher (byte [] block_of_data, byte [] KEY) { Expand_Key(KEY, Expanded_KEY); Add_Key(State[], Expanded_KEY[0]); DO (Nr – 1 times) ROUND(State, Expanded_KEY[i]); Last_Round (State, Expanded_KEY[Nr]); }
Pseudo Code (continued): Round(State, Expanded_KEY[i]) { Substitute_Bytes(State); Shift_Rows(State); Mix_Columns(State); Add_Key(State[],Expanded_KEY[i]); } Last_Round (State, Expanded_KEY[Nr]) { Substitute_Bytes(State); Shift_Rows(State); Add_Key(State[],Expanded_KEY[i]); }
ROUND 1 Last_ROUND Nr Nr - 1 ROUND Nr - 1 EXTENDED_KEYEXTENDED_KEY KEY ROUND 0 KEY ROUND 1 SUB_ SUB_BYTES ADD_ROUND KEY MIX_ MIX_COLUMN S SHIFT_ROWSSHIFT_ROWS INPUT PLAINTEXT ENCRYPTED DATA Encryption KEY ROUND Nr-1 ROUND KEY OUTPUT SECRET KEY Round 0 ROUND 0 KEY ROUND Nr
Number of Rounds Block size is fixed at 128 bits; key can be 128,192, or 256. Nr is the number of rounds which is a function of N k (Block length divided by 32 ), and N b (Key length divided by 32 ) NrNkNk 468 NbNb
Expand_Key This procedure will 1.Expand the key From a cipher Key of bytes [4][Nk] to another array of (4) * (Nb*(Nr + 1)) = 4* (10 + 1) = 44 bytes. 2.Select a round key for each round. This procedure avoids: 1. Weak Keys by introducing asymmetry. 2. Key-related attacks(Biham) 3. Cipher keys that are partially known or that can be chosen by an imposter.
Add_Key Add_Key will be called 1. Once in the beginning of rounds 2. Nr-1 times in the Round 3. Once in the final round. It just XOR-s the 16 bytes of the state with the 16 bytes of key (for the 128 bit key). EXAMPLE: Add_Key illustrated….
Substitute_Bytes (Non-Linear step) Substitutes each byte of the State with a byte from the S-Box as follows: S-Box State [row, column] = S-Box [state [row, column]]. S-Box S-Box ---- MORE LATER…
Shift_Rows It will not change the values, but will just change their order. It does a left circular shift to each row as below: Row 0 Shift 0; Row 1 Shift 1; Row 2 Shift 2; Row 3 Shift 3; State[ 0,0] State[ 0,1] State[ 0,2] State[ 0,3] State[ 1,0] State[ 1,1] State[ 1,2] State[ 1,3] State[ 2,0] State[ 2,1] State[ 2,2] State[ 2,3] State[ 3,0] State[ 3,1] State[ 3,2] State[ 3,3] State[ 0,0] State[ 0,1] State[ 0,2] State[ 0,3] State[ 1,1] State[ 1,2] State[ 1,3] State[ 1,0] State[ 2,2] State[ 2,3] State[ 2,0] State[ 2,1] State[ 3,3] State[ 3,0] State[ 3,1] State[ 3,2]
Mathematics Behind Rijndael… Field Finite Field Inverses
Rijndael operates on the: Binary Finite Field, GF(2 8 ). FIELD. Definition and Example. FINITE FIELD. The field with a finite number of elements. Rijndael uses polynomial basis. Rijndael is byte oriented. Each byte, which will be stored in Hex and it will represent a polynomial of at most degree 7: b 7 X 7 + b 6 X 6 + b 5 X 5 + b 4 X 4 + b 3 X 3 + b 2 X 2 + b 1 X 1 + b o. Example: { } = 0Xd4 = X 7 + X 6 + X 4 + X 2
The set of all polynomials of degree at most 7 with coefficients GF(2) and with the two defined operations: Addition: Just XOR-in Multiplication: Shift to the left. and modulo an irreducible polynomial. Galois Theorem: For any prime p and integer n, there exists a field of order p n and it is unique. Cyclic Group Theorem: GF (p n )*, i.e. multiplicative Group, is cyclic; The nonzero elements are powers of some primitive root. Example: HOW do we construct such a field? Irreducible? Primitive Root? FINITE FIELD GF(2 ^ 8)
Finding the multiplicative inverse… Multiplicative inverses in GF(256) using Look Up Tables: 1. Example: Building Log Table. 2. Building Anti Log Table. Reverse the Log process {03} (06) ={55}; {06} = {03} (55). 3. Building Inverse Table(using Log/Antilog). g (x) has as inverse g (ff ) – ( x). Example:{12}= {03} (e0), so the inverse will be g (ff ) – ( e0) = g 1f = {aa}
S-BOX The only non-linear step … field S-Box is based on the mapping: X -> X –1 ; where X –1 represents multiplicative inverse in the field. 1. Replaces each byte with its inverse GF (2 8 ), g (a); beside 00 mapped to itself. 2. Applies an affine transformation (a bitwise modulo-two matrix, XOR-ed with the hexadecimal number 63. EXAMPLE: Lets find S RD [12]. ??
Mix_Columns Mix_Columns multiplies two numbers: (A column that is considered as a polynomial) * (A mixing polynomial (modulo x 4 + 1)). Mixing polynomial is {03}*x 3 + {01} * x 2 + {01} * x + {02}. It should be relatively prime with the polynomial x 4 + 1={11}=(x+1) 4, Thus, the fixed polynomial will have an inverse (mod x 4 + 1) and we can decrypt…..
Conclusion Secure –Excellent resistance to known attacks. Elegant mathematical structure Efficient
Q & A