Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 AES Proposal : Rijndael Joan Daeman Vincent Rijmen.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 AES Proposal : Rijndael Joan Daeman Vincent Rijmen."— Presentation transcript:

1 1 AES Proposal : Rijndael Joan Daeman Vincent Rijmen

2 2 Outline zIntroduction zRijndael zRound Function zKey Schedule zEncryption & Decryption zRijndael on Modern Processors

3 3 Introduction zAdvanced Encryption Standard (AES) yA crypto algorithm for the twenty-first century y the algorithm must implement symmetric key cryptography as a block cipher and (at a minimum) support block sizes of 128- bits and key sizes of 128, 192, and 256 bits. yThe AES finalist candidate algorithms are MARS, RC6, Rijndael, Serpent, and Twofish. yOn October 2, 2000, Rijndael was select by the National Institute of Standards and Technology (NIST) for the proposed AES. zRijndael yRijmen & Daemen

4 4 Rijndael ziterated block cipher zThe block length and the key length can be independently specified to 128, 192 or 256 bits. (16, 24, or 32 bytes) zState : the intermediate cipher result zState and Key bytes arranged in rectangular array zNb : # of columns of the array (Nb : 4,6,8) Nk : # of the columns of the Cipher Key (Nk : 4,6,8)

5 5 zNr : # of rounds zNr = Max(Nb,Nk) + 6 z Rijndael

6 6 Round Function zRound function : uniform, parallel, and composed of 4 steps zEach step has its own particular function yByteSub : nonlinearity yShiftRow : inter-column diffusion yMixcolumn : inter-byte diffusion with column yRound key addition z

7 7 zThe final round of the cipher is slightly different. ywith the MixColumn step removed z Round Function

8 8 Round Step 1 : ByteSub zThe ByteSub Transformation is a non-linear byte substitution zS-box yReplace each byte with its reciprocal in the same GF(2 8 ) yA bitwise modulo-two matrix multiply is used. yThe hexadecimal number 63(01100011) is XORed with the result

9 9 Round Step 1 : ByteSub

10 10 zS-box Round Step 1 : ByteSub

11 11 zInverse S-box (InvByteSub) Round Step 1 : ByteSub

12 12 zRow 0 is not shifted, Row 1 is shifted over C1 bytes, Row 2 over C2 bytes and Row 3 over C3 bytes. zThe inverse of ShiftRow is a cyclic shift of the 3 bottom rows over (Nb-C1), (Nb-C2), and (Nb-C3) bytes  the byte at position j in row i moves to position (j+Nb-Ci) mod Nb no shift cyclic shift by C1(1) cyclic shift by C2(2) cyclic shift by C3(3) Round Step 2 : ShiftRow

13 13 zThe columns of the State are considered as polynomials over GF(2 8 ) and multiplied modulo (x 4 +1) with a fixed polynomial c(x) c(x)=‘03’x 3 +‘01’x 2 +‘01’x+‘02’ zAssume we have two polynomials over GF(2 8 ) a(x)=a 3 x 3 +a 2 x 2 +a 1 x+a 0 and b(x)=b 3 x 3 +b 2 x 2 +b 1 x+b 0 c(x)=a(x)b(x) Round Step 3 : Mixcolumn

14 14 zBy reducing c(x) modulo a polynomial of degree 4, the result can be reduced a polynomial of degree below 4. (M(x) = x 4 +1) x i mod (x 4 +1) = x i mod 4 zd(x) = a(x)  b(x) = d 3 x 3 +d 2 x 2 +d 1 x+d 0 Round Step 3 : Mixcolumn

15 15 zBytes in column are linearly combined zInvMixColumn yEvery column is transformed by multiplying it with a specific polynomial d(x) d(x)=‘0B’x 3 +‘0D’x 2 +‘09’x+‘0E’ yc(x)  d(x) = ‘01’ mod M(x) Round Step 3 : Mixcolumn

16 16 zThe Round Key is derived from the Cipher Key. zThe Round Key length is equal to the block length Nb. zAddRoundKey is its own inverse. Round Step 4 : Round Key Addition

17 17 Key Schedule zThe total number of Round Key bits is equal to the block length multiplied by the number of rounds plus 1. yEx : Nb= 4 (128 bits), Nr=10  Round Key bits = 128*11=1408 bits zThe Cipher Key is expanded into Expanded Key zRound Keys are taken from the Expanded Key ythe first Round Key consists of the first Nb words the second one of the following Nb words, and so on. zThe Expanded Key is a linear array of 4-byte words and is denoted by W[Nb*(Nr+1)]. zThe key expansion function depends on the value of Nk yNk ≦ 6 yNk > 6

18 18 zKey Expansion yNk ≦ 6 x Key Schedule  The first Nk words contain the Cipher Key

19 19 z Key Schedule  RotByte(W[i])  ( a,b,c,d )  ( b,c,d,a )  SubByte(W[i])  Rijndael S-box to the byte at the corresponding position in the input word  Round constants  Rcon[i] = ( RC[i], ‘00’, ‘00’, ‘00’)  RC[1]=1  RC[i]= x  (RC[i-1]) = x i-1  RC[i]  GF(2 8 )

20 20 Key Schedule zNk > 6 y

21 21 zRound Key Selection yRound Key i is given by the Round Key buffer words W[Nb*i] to W[Nb*(i+1)] yEx : Nb=4 Key Schedule

22 22 Encryption

23 23 Decryption

24 24 Decryption

25 25  The ByteSub step and the ShiftRow step can change their order without affecting the cipher.  A BSMA BSMA BSMA …….. BSMA BSA A SBMA SBMA SBMA ………SBMA SBA  ASB AMSB AMSB …….. AMSB AMSB A  y = [x  c]  k x’ = [y  d]  k’  x’ = {{[x  c]  k}  d }  k’ = [x  c  d ]  [k  d ]  k’  if k’ = k  d  x’ = x Decryption xy y x’

26 26 Rijndael on Modern Processors

27 27 Rijndael on Modern Processors  Define tables T 0 to T 3 :  4 tables with 256 4-byte  total : 4KByte

28 28 Rijndael on Modern Processors

29 29 Rijndael in Hardware

Download ppt "1 AES Proposal : Rijndael Joan Daeman Vincent Rijmen."

Similar presentations

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
The Advanced Encryption Standard (AES) Simplified.

The Advanced Encryption Standard (AES) Simplified.
Sukesh Jain – Media Informatics

Sukesh Jain – Media Informatics
Advanced Encryption Standard

Advanced Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
RIJNDAEL Arta Doci University Of Colorado.

RIJNDAEL Arta Doci University Of Colorado.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Similar presentations

Ads by Google