The Advanced Encryption Standard Part 2: Mathematical Background CSCI 5857: Encoding and Encryption

Outline Modular multiplicative inverses Galois Field mathematics Galois Field inverses Uses in AES

Mathematical Goals S-Boxes and other transformations should have mathematical basis Can insure useful properties (nonlinearity, etc.) Can re-derive as needed for larger keys Mapping should appear “random” (no simple patterns between inputs and outputs)

Modular Multiplication a  b mod m = remainder left after (a  b)/m Example: multiplication table mod 7

Modular Multiplicative Inverses b is inverse of a mod m if ab mod m = 1 (b = a -1 mod m) Example: 5 = 3-1 mod 7 since 3 x 5 = 15 = 1 mod 7 Creates nonlinear “pseudorandom” mappings a a -1 none 1 2 4 3 5 6

Lack of Multiplicative Inverses Problem: Only works if m is a prime number Otherwise, some numbers have no inverse Example: modular inverses mod 8 a a -1 none 1 2 3 4 5 6 7

Galois Fields for Inverses Goal: use this idea in cases where m = 2n (that is, m is the size of a typical block) Galois Fields Represent byte to transform as a polynomial Compute inverse of that polynomial mod some other “prime” polynomial Galois Field with m = 28 used to create S-Boxes for AES , mapping 256 possible byte inputs to 256 possible byte outputs

Galois Field Mathematics Step 1: Represent binary numbers with n bits as polynomial of degree n Example: n = 3 GF(23) Binary Polynomial 000 0x2 + 0x + 0 001 0x2 + 0x + 1 1 010 0x2 + 1x + 0 x 011 0x2 + 1x + 1 x + 1 100 1x2 + 0x + 0 x2 101 1x2 + 0x + 1 x2 + 1 110 1x2 + 1x + 0 x2 + x 111 1x2 + 1x + 1 x2 + x + 1

Galois Field Mathematics (1) All coefficients are binary (1 or 0) Addition/subtraction in mod 2 = XOR function Examples: x2 + x + 1 + x + 1 x2 + 2x + 2 = x2 + 0x + 0 = x2 since 2 mod 2 = 0 x2 - (x + 1) x2 - x – 1 = x2 + x + 1 since -1 mod 2 = 1

Galois Field Mathematics (2) Step 2: Find a “prime” polynomial Pn of degree n Not a multiple of any two other polynomials (other than 1 and itself) Example for GF(23): P3 = x3 + x + 1 Used in AES for GF(28): P8 = x8 + x4 + x3 + x + 1

Galois Field Mathematics (3) Step 3: Compute multiplication table for all pairs of polynomials Pi x Pj mod Pn Will need to compute mod if order of Pi x Pj is k  n Simple (inefficient) way: compute Pi x Pj – xk-nPn Example for GF(23):

Galois Field Example Example: Multiplying 110 and 101 110  x2 + x 011  x + 1 (x2 + x)(x + 1) = x3 + 2x2 + x = x3 + x 2 mod 2 = 0 (x3 + x) mod (x3 + x + 1) = x3 + x - x3 + x + 1 - 1 = 1 -1 mod 2 = 1

Galois Field Inverses Inverse b-1 of a binary number b in GF(2n) b-1 x b = 1 in GF(2n) Example: GF(23) b 000 001 010 011 100 101 110 111 b-1 none

Galois Fields in AES SubBytes stage MixColumns Stage AES mathematics based on GF(28) Prime polynomial = x8 + x4 + x3 + x + 1 SubBytes stage Basis of S-Boxes MixColumns Stage Uses matrix multiplication in GF(28) Round Key Generation Adds extra “random” bits to each round key

What’s Next Let me know if you have any questions Continue on to the next lecture on AES: Mathematical Backgorund