Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is."— Presentation transcript:

1 Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is picking up traffic Discussion forum is picking up trafficToday: Prep. for Rijndael and Discrete Logs: GF(2 8 ) Prep. for Rijndael and Discrete Logs: GF(2 8 ) Rijndael RijndaelQuestions? DTTF/NB479: DszquphsbqizDay 18

2 Rijndael A.k.a. AES (Advanced Encryption Standard) 128-bit blocks Encrypted using functions of 128-bit key for 10 rounds Versions exist for keys with 192 bits (12 rounds), 256 bits (14 rounds) Versions exist for keys with 192 bits (12 rounds), 256 bits (14 rounds) The S-boxes, round keys, and MixColumn functions require the use of GF(2 8 ), so…

3 Fields (T&W, 3.11) A field is a set of numbers with the following properties: Addition, with identity: a + 0 = a and inverse a+(-a)=0 Addition, with identity: a + 0 = a and inverse a+(-a)=0 Multiplication with identity: a*1=a, and inverse (a * a -1 = 1 for all a != 0) Multiplication with identity: a*1=a, and inverse (a * a -1 = 1 for all a != 0) Subtraction and division (using inverses) Subtraction and division (using inverses) Commutative, associative, and distributive properties Commutative, associative, and distributive properties Closure over all four operations Closure over all four operationsExamples: Real numbers Real numbers GF(4) = {0, 1, ,  2 } with these additional laws: x + x = 0 for all x and  + 1 =  2. GF(4) = {0, 1, ,  2 } with these additional laws: x + x = 0 for all x and  + 1 =  2. GF(p n ) for prime p is called a Galois Field. GF(p n ) for prime p is called a Galois Field.

4 Galois fields For every power of n with prime p, there is only 1 finite field with p n elements. The integers (mod p n ) aren’t a field. (Why not?) Another way to get GF(4) = GF(2 2 ) using polynomials Technique extends to GF(2 8 ) Technique extends to GF(2 8 ) Finish discussion of Z 2 [X]

5 Galois fields If Z p [X] is set of polynomials with coefficients (mod p) …and P(X) is degree n and irreducible (mod p) Then GF(p n ) = Z p [X] (mod P(X) is a field with p n elements. Wasn’t Z 2 [X] (mod X 2 + X + 1) = GF(4)? Consider GF(2 n ) with P(X) = X 8 + X 4 + X 3 + X + 1 Rijndael uses this!

6 Back to Rijndael/AES Parallels with DES? Multiple rounds (7 enough to force brute force) Diffusion XOR with round keys No MixColumn in last round Major differences Not a Feistel system Much quicker diffusion of bits (2 rounds) Much stronger against linear, diffy. crypt., interpolation attacks

7 ByteSub (BS) 1.Write 128-bit input a as matrix with 16 byte entries (column major ordering): 2.For each byte, abcdefgh, replace with byte in location (abcd, efgh) Example: 00011111  ___ Example: 11001011  31 3.Output is a matrix called b Why were these numbers chosen?

8 S-box Derivation The S-box maps byte x to byte z via the function z = Ax -1 +b: Input byte x: x 7 x 6 x 5 x 4 x 3 x 2 x 1 x 0 Compute the inverse in GF(2 8 ): y 7 y 6 y 5 y 4 y 3 y 2 y 1 y 0 (non-linear, vs. attacks) (use 0 as inverse of 0) Compute this linear function z in GF(2 8 ): (to complicate attacks) (A is simple to implement) b chosen so

9 ShiftRow (SR) Shifts the entries of each row by increasing offset: Shifts the entries of each row by increasing offset: Gives resistance to newer attacks (truncated differentials, Square attack)

10 MixColumn (MC) Multiply -- via GF(2 8 ) – with the fixed matrix shown. Multiply -- via GF(2 8 ) – with the fixed matrix shown.Speed? 64 multiplications, each involving at most 1 shift + XOR Gives quick diffusion of bits

11 AddRoundKey (ARK) XOR the round key with matrix d. XOR the round key with matrix d. Key schedule on next slide

12 Key Schedule Write original key as 4x4matrix with 4 columns: W(0), W(1), W(2), W(3). Key for round i is (W(4i), W(4i+1), W(4i+2), W(4i+3)) Other columns defined recursively: Highly non-linear. Resists attacks at finding whole key when part is known K0K0 K1K1 K 10 192-, 256-bit versions similarsimilar

13 Decryption E(k) is: (ARK 0, BS, SR, MC, ARK 1, … BS, SR, MC, ARK 9, BS, SR, ARK 10 ) Each function is invertible: ARK; IBS; ISR; IMC (IMC is slower) So D(k) is: ARK 10, ISR, IBS, ARK 9, IMC, ISR, IBS, … ARK 1, IMC, ISR, IBS, ARK 0 ) Half-round structure: Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK Write E(k) = ARK, (BS, SR), (MC, ARK), … (BS, SR), (MC, ARK), (BS, SR), ARK (Note that last MC wouldn’t fit) D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK D(k) = ARK, (ISR, IBS), (ARK, IMC), (ISR, IBS), … (ARK, IMC), (ISR, IBS), ARK Can write: D(k) = ARK, (IBS, ISR), (IMC, IARK), … (IBS, ISR), (IMC, IARK), (IBS, ISR), ARK

14 Wrap-up Do you trust 128-bit encryption now? Wikipedia’s entry has some nice visuals visuals

Download ppt "Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is."

Similar presentations

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Session 3 Symmetric ciphers 2 part 2. Triple DES Ordinary DES is now considered obsolete ‒Its key length is only 56 bits. ‒With today’s technology, it.

Session 3 Symmetric ciphers 2 part 2. Triple DES Ordinary DES is now considered obsolete ‒Its key length is only 56 bits. ‒With today’s technology, it.
Advanced Encryption Standard

Advanced Encryption Standard
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
Announcements: Ch 3 quiz next week (tentatively Friday). Will include fields (today) Ch 3 quiz next week (tentatively Friday). Will include fields (today)Today:

Announcements: Ch 3 quiz next week (tentatively Friday). Will include fields (today) Ch 3 quiz next week (tentatively Friday). Will include fields (today)Today:
Session 3: Secret key cryptography – block ciphers – part 2.

Session 3: Secret key cryptography – block ciphers – part 2.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.

Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.
RIJNDAEL Arta Doci University Of Colorado.

RIJNDAEL Arta Doci University Of Colorado.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Similar presentations

Ads by Google