Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zong-Cing Lin 2007/10/31.  Algorithm Description  Why chose Rijndael  Reference.

Published byEdward Campbell Modified over 8 years ago

Similar presentations

Presentation on theme: "Zong-Cing Lin 2007/10/31.  Algorithm Description  Why chose Rijndael  Reference."— Presentation transcript:

1 Zong-Cing Lin 2007/10/31

2  Algorithm Description  Why chose Rijndael  Reference

3  Rijndael, designed by Joan Daemen and Vincent Rijmen.  A call for proposals for a new Advanced Encryption Standard issued in 1997 by National Institute of Standards and Technology.  Published as FIPS PUB 197 in November, 2001. Key Size128 bits192 bits256 bits Plaintext block size 128 bits Number of rounds 101214 Round key size128 bits Expanded key size 176 bytes 208 bytes (with additional 2 round keys) 240 bytes (with additional 2 round keys)

4

5  Use S-box byte by byte

6  S-box construction: ◦ Initialization: 1st row: {00}, {01}, {02}, · · ·, {0F}; 2nd row: {10}, {11}, {12}, · · ·, {1F}; etc. ◦ Replace each byte with its multiplicative inverse in GF( ); the value {00} is mapped to itself. ◦ Apply the following (invertible) transformation:

7

8

9  XOR operation  Round key length 128 bits  Round key construction ◦ 1 st round key is from original key (for 128 bits key length) ◦ Other round keys:  First word is produced from previous round key’s last word: w[i]=sbox(byteRotation(w[i-1]))^Rcon[i/4]  Other word: w[i]=w[i-4]^(First word)  Rcon[j]=(RC[j],0,0,0), with RC[1]=1, RC[j]=2RC[j-1]

10  Written by Vincent Rijmen, Antoon Bosselaers, and Paulo Barreto  Used by OpenSSL 0.9.8e

11 t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; Provide loop-unrolling flag. In order to reduce computation time, duplicate many edition for original, 2 times, 3 times Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; Te2[x] = S [x].[01, 03, 02, 01]; Te3[x] = S [x].[01, 01, 03, 02]; Te4[x] = S [x].[01, 01, 01, 01];

12  Other AES candidate: ◦ Round one: CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, SAFER+, Serpent, and Twofish.CAST-256CRYPTONDEALDFCE2FROG HPCLOKI97MAGENTAMARSRC6SAFER+SerpentTwofish ◦ Final round: MARS, RC6, Serpent,and Twofish.MARSRC6SerpentTwofish  It was considered in: ◦ General security ◦ Software implementation ◦ Restricted-space environment ◦ Hardware implementation ◦ Attack on implementation ◦ Encryption VS decryption ◦ Key agility ◦ Potential for instruction level parallelism

13  No known security attacks based on the security analysis to-date.  Adequate security margin ◦ MARS, Serpent, and Twofish have high security margins  Some comments criticized Rijndael for its math structure. (about Galois Field)

14  Rijndael’s key setup performance is the fastest.  With longer key size, Rijndael need more round keys.  Decryption’s key setup time is more than encryption’s. AlgorithmClocksNorm MARS49340.26 49970.26 51710.25 RC622780.57 24030.54 25140.51 Rijndael1289(1724)1.00(0.75) 2000(2553)0.64(0.50) 2591(3255)0.50(0.40) Serpent69440.19 88530.15 106680.12 Twofish92630.14 127220.10 179540.07 Key setup under Intel Pentium III 600MHz

15  RC6 and Rijndael generally demonstrate above average speed for 128 bit keys.  Rijndael’s performance for encryption and decryption decreases with higher key sizes ◦ While MARS, RC6, and Serpent exhibit consistent performance for all key sizes. AlgorithmClocksNorm MARS6560.48 RC63181.00 Rijndael8050.40 9810.32 11550.28 Serpent12610.25 Twofish7800.41 AlgorithmClocksNorm MARS5690.53 RC63071.00 Rijndael7840.39 9550.32 11210.23 Serpent11040.28 Twofish6130.50 Encryption under Intel Pentium III 600MHz Decryption under Intel Pentium III 600MHz

16  Rijndael has very low RAM and ROM requirements and is very well suited to restricted-space environments. ◦ MARS is not well suited for restricted- space environments due to its ROM requirement. Algorith m RAMROMEN C KEYTIME MARS5725468452167 RC6156106034138173 Rijndael66980251035 Serpent164393771147219 Twofish902808312860 A smart card study on Toshiba’s T6N55 chip equipped with Z80 micro-proecessor, 2000.

17  Serpent and Rijndael have the best hardware throughput of the finalist. ◦ Serpent offers the highest throughput in non-feedback modes. ◦ Rijndael in feedback modes.

18  Rijndael and Serpent use operations that are among the easiest to defend against power and timing attacks ◦ RC6 and MARS are the most difficult to defend against timing and power attacks. (due to their use of multiplications, variable rotations, and additions)  Rijndael, Serpent, and Twofish are impacted significantly less than that of MARS and RC6 when masking techniques used.

19  The encryption and decryption functions are nearly identical for Twofish, while the functions are similar for MARS and RC6 ◦ Rijndael’s and Serpent’s encryption and decryption are different.  All of the finalists show very little speed variation between encryption and decryption functions for a given key size.  Rijndael’s key setup performance is slower for decryption than for encryption.

20  It refers to the ability to change keys quickly and with minimum resources.  Rijndael supports on-the-fly subkey computation for encryption, but requires a one-time execution of the entire key schedule prior to the first decryption with a particular key.

21  Rijndael and Serpent are substitution-linear transformation networks. ◦ They have more potential to benefit from ILP.  MARS, RC6, and Twofish are Festal structure. ◦ They have less potential to benefit from ILP.

22  Rijndael’s combination of security, performance, efficiency, implementability, and flexibility make it an appropriate selection for the AES for use in the technology of today and in the future. ◦ General securitynormal ◦ Software implementationnormal ◦ Restricted-space environmentvery good ◦ Hardware implementationvery good ◦ Attack on implementationvery good ◦ Encryption VS decryptionbad ◦ Key agilitynormal ◦ Potential for instruction level parallelismvery good

23  William Stallings “Cryptography and Network Security: principles and practices” 3 rd edition, 2003.  James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr, Morris Dworkin, James Foti, and Edward Roback “Report on the Development of the Advanced Encryption Standard” Journal of Research of the National Institute of Standards and Technology, 2001.

Download ppt "Zong-Cing Lin 2007/10/31.  Algorithm Description  Why chose Rijndael  Reference."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Lect. 8 : Advanced Encryption Standard

Lect. 8 : Advanced Encryption Standard
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
128-bit Block Cipher Camellia

128-bit Block Cipher Camellia
Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.

Chapter 3  Symmetric Key Cryptosystems 1 Overview  Modern symmetric-key cryptosystems o Data Encryption Standard (DES)  Adopted in 1976  Block size.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security

Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google