Presentation is loading. Please wait.

Presentation is loading. Please wait.

AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.

Published byEdmund Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion."— Presentation transcript:

1 AES: Rijndael 林志信 王偉全

2 Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion

3 Introduction AES (Advanced Encryption Standard) Motivation 01/02/97 NIST announced the initiation.  Security  Computational efficiency  Memory requirement  Hardware and software suitability  Simplicity  Flexibility  Licensing requirements

4 Introduction(Cont.) 10/02/00 NIST announced the AES algorithm is Rijndael Rijndael  Joan Daemen & Vincent Rijmen  Rijndael (Rijmen & Daemen)

5 Mathematical background The field GF(2 8 ) Example: (57) 16  x 6 +x 4 +x 2 +x+1 Addition Multiplication Multiplication by x Polynomials with coefficients in GF(2 8 ) Multiplication by x

6 Mathematical background(Cont.) Addition The sum of two elements is the polynomial with coefficients that are given by the sum modulo 2 (i.e., 1+1=0) of the coefficients of the two terms. Example: 57+83=D4  (x 6 +x 4 +x 2 +x+1)+(x 7 +x+1)=x 7 +x 6 +x 4 +x 2

7 Mathematical background(Cont.) Multiplication Multiplication in GF(2 8 ) corresponds with multiplication of polynomials modulo an irreducible binary polynomial of degree 8. For Rijndael, this polynomial is called m(x) and given by: m(x)=x 8 +x 4 +x 3 +x+1 or (11B) 16. Example: 57  83=C1  (x 6 +x 4 +x 2 +x+1)  (x 7 +x+1) = x 13 +x 11 +x 9 +x 8 +x 6 +x 5 +x 4 +x 3 +1  x 13 +x 11 +x 9 +x 8 +x 6 +x 5 +x 4 +x 3 +1 modulo x 8 +x 4 +x 3 +x+1 = x 7 +x 6 +1

8 Mathematical background(Cont.) The extended algorithm of Euclid The multiplication defined above is associative and there is a neutral element ( ‘ 01 ’ ). For any binary polynomial b( x ) of degree below 8, the extended algorithm of Euclid can be used to compute polynomials a( x ), c( x ) such that b( x ) a( x ) + m( x ) c( x ) = 1. It follows that the set of 256 possible byte values, with the EXOR as addition and the multiplication defined as above has the structure of the finite field GF(2 8 ).

9 Mathematical background(Cont.) Multiplication by x If we multiply b(x) by the polynomial x,we have: b 7 x 8 +b 6 x 7 +b 5 x 6 +b 4 x 5 +b 3 x 4 +b 2 x 3 +b 1 x 2 +b 0 x x  b(x) is obtained by reducing the above result modulo m(x). If b7=0, the reduction is identity operation; if b7=1, m(x) must be subtracted (i.e. EXORed). Example: 57  13 = 57  (01  02  10) = 57  AE  07=FE

10 Mathematical background(Cont.) Polynomials with coefficients in GF(2 8 ) Assume we have two polynomials over GF(2 8 ): a(x)=a 3 x 3 +a 2 x 2 +a 1 x+a 0 b(x)=b 3 x 3 +b 2 x 2 +b 1 x+b 0 c(x)=a(x) * b(x) = c 6 x 6 +c 5 x 5 +c 4 x 4 +c 3 x 3 +c 2 x 2 +c 1 x+c 0

11 Mathematical background(Cont.) Polynomials with coefficients in GF(2 8 ) By reducing c(x) modulo a polynomial of degree 4, the result can be reduced to a polynomial of degree below 4. In Rijndael, the polynomial M(x)=x 4 +1. As x i mod x 4 +1=x i mod 4.

12 Mathematical background(Cont.) Polynomials with coefficients in GF(2 8 ) The modular product of a( x ) and b( x ), denoted by d( x ) = a( x )  b( x ) is given by d( x ) = d 3 x 3 +d 2 x 2 +d 1 x+d 0 with d 0 = a   b 0  a   b 1  a   b 2  a   b 3 d 1 = a   b 0  a   b 1  a   b 2  a   b 3 d 2 = a   b 0  a   b 1  a   b 2  a   b 3 d 3 = a   b 0  a   b 1  a   b 2  a   b 3

13 Mathematical background(Cont.) Polynomials with coefficients in GF(2 8 ) The operation consisting of multiplication by a fixed polynomial a( x ) can be written as matrix multiplication where the matrix is a circulant matrix. We have:

14 Specification Rijndael is an iterated block cipher with a variable block length and a variable key length. The block length and the key length can be independently specified to 128, 192, or 256 bits. Design rationale Most cipher design  Feistel structure Feistel structure Wide Trail Strategy

15 Specification(Cont.) The cipher Rijndael consists of An initial Round Key addition; Nr-1 Rounds; A final round. In pseudo C code, Rijndael(State,CipherKey) { KeyExpansion(CipherKey,ExpandedKey) ; AddRoundKey(State,ExpandedKey); For( i=1 ; i<Nr ; i++ ) Round(State,ExpandedKey + Nb*i) ; FinalRound(State,ExpandedKey + Nb*Nr); }

16 Specification(Cont.) Round(State,RoundKey){ ByteSub(State); ShiftRow(State); MixColumn(State); AddRoundKey(State,RoundKey); } FinalRound(State,RoundKey){ ByteSub(State) ; ShiftRow(State) ; AddRoundKey(State,RoundKey); }

17 Specification(Cont.) State bytes array Variable size : 16,24 or 32 bytes Key bytes array Variable size : 16,24 or 32 bytes

18 Specification(Cont.) Key expansion

19 Specification(Cont.) Key expansion

20 Specification(Cont.) ByteSub Invertible S-Box One single S-Box for completely cipher High non-linearity

21 Specification(Cont.) ShiftRow

22 Specification(Cont.) MixColumn c(x) = ‘03 ’ x 3 + ‘01 ’ x 2 + ‘01 ’ x+ ‘02 ’ High Intra-column diffusion Interaction with Shiftrow  High diffusion over multiple rounds

23 Specification(Cont.) Round key addition

24 Specification(Cont.) Round transfermation

25 Specification(Cont.) Round transfermation

26 Motivation for design choice The reduction polynomial m(x) m(x)=x 8 +x 4 +x 3 +x+1 or (11B) 16 The ByteSub S-box Invertibility Complexity of its algebraic expression in GF(2 8 ) Simplicity of description

27 Motivation for design choice (Cont.) The MixColumn transformation Invertibility Linearity in GF(2) Relevant diffusion power Speed on 8-bit processors Symmetry Simplicity of description

28 Motivation for design choice (Cont.) The ShiftRow offsets The four offsets are different and C 0 = 0 Simplicity The key expansion Use a invertible transformation Diffusion of Cipher Key differences into the Round Keys Simplicity of description

29 Motivation for design choice (Cont.) Number of rounds As a security margin

30 Conclusion Rijndael has the symmetric and parallel structure. Gives implementer a lot of flexibility Have not allowed effective cryptanalytic attacks Rijndael is well adapted to modern processors. Rijndael is suited for Smart cards

31 Future Discussion Strength against known attacks Differential cryptanalysis, linear cryptanalysis, and etc. Weak keys Application

32 Feistel Structure

33 Linear mixing layer Wide Trail Strategy Non-linear layer Key addition layer X i+1 XiXi

Download ppt "AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.

Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.
Advanced Encryption Standard

Advanced Encryption Standard
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.
1 AES Proposal : Rijndael Joan Daeman Vincent Rijmen.

1 AES Proposal : Rijndael Joan Daeman Vincent Rijmen.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
RIJNDAEL Arta Doci University Of Colorado.

RIJNDAEL Arta Doci University Of Colorado.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

Similar presentations

Ads by Google