Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski.

Published byFerdinand Conley Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski."— Presentation transcript:

1 Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski

2 Advanced Encryption Standard Need for a new cipher  DES no longer sufficient ... even with DESX and TripleDES NIST’s call for algorithms in 1997  MARS  RC6  Rijndael  Serpent  Twofish Requirements for new cipher  keys: 128, 192, 256 bits  block: 128 bits  easily implemented 8 bit CPU’s 32 bit CPU’s... finalists

3 AES Winner  Rijndael Pronounciation: Anything different from „region deal” The algorithm  not a Feistel system  works in rounds, like DES  firm mathematical grounds (GF(2 8 ) + algebra) Modes of operation  ECB – electronic codebook  CBC – cipher block chaining  CFB – cipher feedback  OFB – output feedback  CTR – counter Note  decryption slower than encryption

4 Rijndael – AES Keys  128 bit  our focus  192 bit  256 bit Algorithm outline  ARK  9 rounds BS  SR  MC  ARK  1 round BS  SR  ARK Rounds  a round: BS – ByteSub Transformation SR – Shift Row Transformation MC – MixColumn Transofrmation ARK – AddRoundKey  Key schedule 4 layers

5 Rijndael – AES ByteSub Transform  nonlinear  anti differential and linear cryptanalysis  big substitution ShiftRow Transform  mixing step  diffusion of bits over different rounds MixColumn Transform  similar purpose as shiftrow  moves bits around AddRoundKey  round key is XORed with the result of the previous layer

6 The Layers: Encoding Data Input:  128 bits of data  16 bytes, 8 bits each  arranged into 4x4 matrix a 00, a 10, a 20,... a 33 a 00, a 01, a 02,... a 03 a 10, a 11, a 12,... a 13 a 20, a 21, a 22,... a 23 a 30, a 31, a 32,... a 33 Interpretation  bytes  elements of GF(2 8 )  bytes  polynomials  P(X) = X 8 + X 4 + X 3 + X + 1

7 The Layers: ByteSub ByteSub Transform  each byte is substituted depending on its value  16 x 16 S-box  Indexing the S-box: byte = abcdefgh abcd  row efgh  column  The S-box is invertible Data  Input: 4x4 matrix  Outout: 4x4 matrix  Note: transformation depends only on the value of each byte, not on its position

8 AES S-Box | 0 1 2 3 4 5 6 7 8 9 a b c d e f ---|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--| 00 |63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76 10 |ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 20 |b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 30 |04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 40 |09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 50 |53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf 60 |d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 70 |51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 80 |cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 90 |60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db a0 |e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 b0 |e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 c0 |ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a d0 |70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e e0 |e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df f0 |8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16

9 The Layers: ByteSub S-boxes  mysterious in DES  very clear in AES! result of a simple mathematical operation Motivation  inverse – highly nonlinear matrix multiplication and the vector – to obfuscate Operation of the S-box  input: x  Step 1: y = x -1 inverse in GF(2 8 )  Step 2: 1 0 0 0 1 1 1 1 y 0 1 z 0 1 1 0 0 0 1 1 1 y 1 1 z 1 1 1 1 0 0 0 1 1 y 2 0 z 2 1 1 1 1 0 0 0 1 y 3 + 0 = z 3 1 1 1 1 1 0 0 0 y 4 0 z 4 0 1 1 1 1 1 0 0 y 5 1 z 5 0 0 1 1 1 1 1 0 y 6 1 z 6 0 0 0 1 1 1 1 1 y 7 0 z 7

10 The Layers: ShiftRow ShiftRow Transform  Input: 4x4 matrix  Output: 4x4 matrix  Operation rotate the first row cyclically by... 0 rotate the second row cyclically by... 1 rotate the third row cyclically by... 2 rotate the fourth row cyclically by... 3 Comments:  rotation to the left  clearly invertible

11 The Layers: MixColumn MixColumn Transform  Input: 4x4 matrix  output: 4x4 matrix Operation  Mutiply the input matrix by a fixed matrix  All computation in GF(2 8 ) Matrix used:  a = 00000010  b = 00000001  c = 00000011 a c b b b a c b b b a c c b b a

12 The Layers: AddRoundKey AddRoundKey  Input: 4x4 matrix  Key: 4x4 matrix – the round key  Output: 4x4 matrix  Operation: XOR the bits of the input and the key

13 Key Schedule Keys  Original key: 128 bits  4x4 matrix  columns: W(0) W(1) W(2) W(3)  Further keys 40 more columns  Round key for i’th round W(4i), W(4i+1), W(4i+2), W(4i+3) Generating i’th column  i is not a multiple of 4 W(i) = W(i-4)  W(i-1)  i is a multiple of 4 W(i) = W(i-4)  T(W(i-1)) T – transformation of the key column

14 Key Schedule Generating i’th column  i is not a multiple of 4 W(i) = W(i-4)  W(i-1)  i is a multiple of 4 W(i) = W(i-4)  T(W(i-1)) T – transformation of the key column T transformation  T(W(i-1)) W(i-1) = (a, b, c, d) Apply the S-box to b,c,d,a to get e,f,g,h r(i) = 00000010 (i-4)/4  GF(2 8 ) !!! T(W(i-1)) is then  (e  r(i), f, g, h )

15 Decryption  possible – all steps are invertible IBS – inverted BS ISR – inverted SR IMC – inverted MC ARK – inverted ARK  we can just run them backwards Encryption ARK BS, SR, MC, ARK... BS, SR, MC, ARK BS, SR, ARK Decryption ARK, ISR, IBS ARK, IMC, ISR, IBS... ARK, IMC, ISR, IBS ARK

16 Decryption  possible – all steps are invertible IBS – inverted BS ISR – inverted SR IMC – inverted MC ARK – inverted ARK  we can just run them backwards Note: We want decryption to resemble encryption Encryption ARK BS, SR, MC, ARK... BS, SR, MC, ARK BS, SR, ARK Decryption ARK, ISR, IBS ARK, IMC, ISR, IBS... ARK, IMC, ISR, IBS ARK

17 Decryption  IBS and ISR – can be executed in any order IBS manipulates single bytes  ARK and IMC can be reversed as well a little more involved IMC, IARK Encryption ARK BS, SR, MC, ARK... BS, SR, MC, ARK BS, SR, ARK Decryption ARK, ISR, IBS ARK, IMC, ISR, IBS... ARK, IMC, ISR, IBS ARK

18 Decryption  IBS and ISR – can be executed in any order IBS manipulates single bytes  ARK and IMC can be reversed as well a little more involved IMC, IARK Encryption ARK BS, SR, MC, ARK... BS, SR, MC, ARK BS, SR, ARK Decryption ARK, IBS, ISR, IMC, IARK, IBS, ISR... IMC, IARK, IBS, ISR ARK

19 Decryption Encryption  ARK  9 rounds: BS  SR  MC  ARK  1 round: BS  SR  ARK Decryption  ARK  9 rounds: IBS  ISR  IMC  IARK  1 round: IBS  ISR  ARK  Keys used in reverse order Encryption ARK BS, SR, MC, ARK... BS, SR, MC, ARK BS, SR, ARK Decryption ARK, IBS, ISR, IMC, IARK, IBS, ISR... IMC, IARK, IBS, ISR ARK

Download ppt "Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski."

Similar presentations

Computer Science 653 --- Lecture 7 Rijndael – Advanced Encryption Algorithm Professor Wayne Patterson Howard University Fall 2009.

Computer Science Lecture 7 Rijndael – Advanced Encryption Algorithm Professor Wayne Patterson Howard University Fall 2009.
AES Sub-Key Generation By Muhammad Naseem. Rotate Word 09CF4F3C.

AES Sub-Key Generation By Muhammad Naseem. Rotate Word 09CF4F3C.
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 5: Advanced Encryption Standard (AES) Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.

Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.

Announcements: Quiz grades entered Quiz grades entered Homework 4 updated with more details. Homework 4 updated with more details. Discussion forum is.
Session 3 Symmetric ciphers 2 part 2. Triple DES Ordinary DES is now considered obsolete ‒Its key length is only 56 bits. ‒With today’s technology, it.

Session 3 Symmetric ciphers 2 part 2. Triple DES Ordinary DES is now considered obsolete ‒Its key length is only 56 bits. ‒With today’s technology, it.
Advanced Encryption Standard

Advanced Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.

Algorithm Scheme. AddRoundKey Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
Session 3: Secret key cryptography – block ciphers – part 2.

Session 3: Secret key cryptography – block ciphers – part 2.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 2 Data Encryption algorithms Part II.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.

Similar presentations

Ads by Google