Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.

Slides:



Advertisements
Similar presentations
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Advertisements

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5
Advanced Encryption Standard
Cryptography and Network Security
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
RIJNDAEL Arta Doci University Of Colorado.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.
Lecture 23 Symmetric Encryption
Dr. Lo’ai Tawalbeh 2007 Chapter 5: Advanced Encryption Standard (AES) Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Cryptography and Network Security
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Number Theory and Advanced Cryptography 1. Finite Fields and AES
Cryptography and Network Security
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
Applied Cryptography Example: AES. Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's.
9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &
CIM Symmetric Ciphers 31 Advanced Encryption Standard Ch 5 of Cryptography and Network Security -Third Edition by William Stallings Modified from.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
AES Advanced Encryption Standard. Requirements for AES AES had to be a private key algorithm. It had to use a shared secret key. It had to support the.
AES (Advanced Encryption Standard) By- Sharmistha Roy M.Tech, CSE 1 st semester NIT, Agartala.
AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.
Lecture 23 Symmetric Encryption
Fifth Edition by William Stallings
Chapter 2 (C) –Advanced Encryption Standard. Origins clearly a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Lecture 4 Overview. Data Encryption Standard Combination of substitution and transposition – Repeated for 16 cycles – Provides confusion and diffusion.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 7 September 9, 2004.
Data Security and Encryption (CSE348) 1. Lecture # 9 2.
Cryptography and Network Security Chapter 5
Triple DES.
Cryptography and Network Security
School of Computer Science and Engineering Pusan National University
Cryptography and Network Security Chapter 5
Data Security and Encryption (CSE348)
Cryptography and Network Security
Cryptography and Network Security Chapter 5
AES Objectives ❏ To review a short history of AES
Advanced Encryption Standard (Symmetric key Algorithm)
Cryptography and Network Security
Fifth Edition by William Stallings
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 5
Chapter -3 ADVANCED ENCRYPTION STANDARD & BLOCK CIPHER OPERATION
Cryptography and Network Security Chapter 5
Advanced Encryption Standard
SYMMETRIC ENCRYPTION.
Advanced Encryption Standard
Cryptography and Network Security Chapter 5
Origins AES = current federal standard for symmetric crypto (replacing DES) DES Key size is too small The variants are just patches can use Triple-DES.
Cryptography and Network Security Chapter 5
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Advanced Encryption Standard
Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 5
Presentation transcript:

Advanced Encryption Standard

Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be used 3DES has 2 attractions o 168-bit key length  Removes vulnerability to brute force attack o The underlying algorithm in 3DES is same as in DES  Easy to understand  Nothing new-it does not need to further evaluate  Resistant to cryptanalytic attack now Therefore 3DES was considered an appropriate choice for standardized algorithm for decades to come But DES suffers some drawbacks o DES was not efficient algorithm in software and 3DES involves three DES rounds, hence 3 times slower o Both DES and 3DES use a 64-bit block size Because of these drawbacks, 3DES is not a reasonable candidate for long term-NIST issued therefore a new call for the selection of new standard-called as Advanced Encryption Standard

Origins NIST issued a call for new Advanced Encryption Standard in 1997, for an algorithm: o Security strength equal or better than 3DES o Improved efficiency as compared to 3DES In addition to this general criteria, NIST specified that o AES must be a symmetric cipher o Block length of 128-bits o Support for key length of 128, 192 and 256 bits Finally on 2 October 2000, NIST officially announced Rijndael as new AES

The AES Cipher - Rijndael Designed by Vincent Rijmen & Joan Daemen in Belgium Can support variable block & key length sizes of of 128, 192, 256 bits NIST limits the block length to 128 bits, so when it is said AES, by default we are talking about 128-bits block and key lengths Number of Rounds be 10/12/14 depending on the key and block sizes It is not a Feistel cipher but an iterated cipher o Processes data as block of 4 columns of 4 bytes o Operates on entire data block in every round Designed to be: o Resistance against all known attacks o Speed and code compactness on a wide range of platforms o Design simplicity Plaintet 16 byte (128 bits)

AES

The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the key length.

Detailed Structure It is not a Feistel structure. o In the classic Feistel structure, half of the data block is used to modify the other half of the data block, and then the halves are swapped. The key that is provided as input is expanded into an array of forty-four 32-bit words, w[i]. Four distinct words (128 bits) serve as a round key for each round

Detailed Structure Four different stages are used, one of permutation and three of substitution: o Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block o ShiftRows: A simple permutation o MixColumns: A substitution that makes use of arithmetic over (Galois Field) GF(2 8 ). o AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key

AES

Byte Substitution Simple substitution on each byte of state independently Use an S-box of 16x16 bytes containing a permutation of all bit values Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {95} is replaced by {2A} in row 9 column 5

Byte Substitution

Shift Rows A circular byte shift in each o 1 st row is unchanged o 2 nd row does 1 byte circular shift to left o 3rd row does 2 byte circular shift to left o 4th row does 3 byte circular shift to left Since state is processed by columns, this step permutes bytes between the columns

Mix Columns Each column of the state matrix is multiplied by the fixed matrix given by Each byte of the column is multiplied by the constant byte using irreducible polynomial m(x) = x 8 + x 4 + x 3 + x + 1 in GF(2 8 )

Mix Columns

Mix Columns (Multiplication) Following are the steps to follow in order to use L and E lookup table for GF multiplication – The result of the multiplication is simply the result of a lookup of the L table, followed by the addition of the results in base 16, followed by a lookup to the E table. – If the result of addition is greater then FF then simply subtract FF from result. – use the first digit in the number on the vertical index and the second number on the horizontal index. – If the value being multiplied is composed of only one digit then use 0 on the vertical index. Two exceptions are that: – Any number multiplied by one is equal to its self and does not need to go through the above procedure. For example: FF * 1 = FF – Any number multiplied by zero equals zero

Mix Columns (Multiplication)

Example: AF * 8 L(AF)=B7 L (08)=4B B7+4B=102>FF so 102-FF =03 E(03)=0F So AF*08=0F

Add Round Key Added (XOR) each key byte to each byte of the state matrix

AES Decryption

Inverse Byte Substitution S-box has its inverse-inverse S-box Like encryption, each byte is substituted independently Inverse S-box like encrytion s-box contains all 256 values of 8-bit each Each byte of state is replaced by a new byte indexed by row (left 4-bits) & column (right 4-bits) eg. byte {11} is replaced by {e3} in row 1 column 1

Inverse S-Box

Inverse Shift Rows Inverse shift row rotates bytes to the right instead of left as in case of encryption Therefore a circular byte shift in each o 1st row is unchanged o 2nd row does 1 byte circular shift to right o 3rd row does 2 byte circular shift to right o 4th row does 3 byte circular shift to right

Inverse Mix Columns Each column of the state matrix is multiplied by given matrix Each byte of the column is multiplied by the constant byte using irreducible polynomial m(x) = x 8 + x 4 + x 3 + x + 1 in GF(2 8 )

Inverse Add Round Key Inverse Add round key is essentially the same as Add round key as it just adds (XOR) each key byte to each byte of the state matrix

AES: Key Expansion

AES Key Expansion Takes 128-bit (16-byte; 4-word) key and expands into array of 44, 32-bit words. Start by copying key into first 4 words Then loop creating words that depend on values in previous & 4 places back o In 3 of 4 cases just XOR these together o 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back

Each added word w[i] depends on the immediately preceding word, w[i- 1], and the word four positions back, w[i-4]. In three out of four cases, a simple XOR is used. For a word whose position in the w array is a multiple of 4, a more complex function g is used

The function g consists of the following substitution: 1.RotWord performs a one-byte circular left shift on a word. This means that an input word [b0,b1,b2,b3] is transformed into [b1,b2,b3, b0] 2.SubWord performs a byte substitution on each byte of its input word using the S-box 3.The result of step 1 & Step 2 is XORed with a round constant, Rcon[j]

Round Constant The round constant is a word in which the three rightmost bytes are always 0. Thus, the effect of an XOR of a word with Rcon is to only perform an XOR on the leftmost byte of the word. The round constant is different for each round, the values of RC[j] in hexadecimal are:

Key Expansion Rationale The Rijndael developers designed the expansion key algorithm to be resistant to known cryptanalytic attacks. Design criteria included: o The inclusion of round constant eliminates the symmetry, or similarity, between the ways in which round keys are generated in different rounds. o Knowledge of a part of the cipher key or round key does not enable calculation of many other round-key bits. o Fast on wide range of CPU’s o Simplicity of description

Reading “Cryptography and Network Security Principles and Practices”, Fourth Edition by William Stallings Chapter 5