AES(Advanced Encryption Standard) - PowerPoint PPT Presentation

1 / 30

About This Presentation

Title:

AES(Advanced Encryption Standard)

Description:

Title: PowerPoint Author: Crypto Last modified by: Created Date: 4/23/2002 1:55:16 AM Document presentation format: – PowerPoint PPT presentation

Number of Views:352

Avg rating:3.0/5.0

Slides: 31

Provided by: Cry116

Category:

more less

Transcript and Presenter's Notes

Title: AES(Advanced Encryption Standard)

1
AES(Advanced Encryption Standard)
2
AES(Advanced Encryption Standard)

NIST?? ?? ????? ??? ?? ???? ???? ?? ???? ??? ???
????? ??? Rijndael ????? ???
????? ??? ??? ???(finite field)? ???
? ??? ?? ??
AES-128 128??? Cipher Key ??
AES-192 192??? Cipher Key ??
AES-256 256??? Cipher Key ??

3
AES

Nb Number of columns (32-bit words) comprising
the State.
For this standard, Nb 4.
Nk Number of 32-bit words comprising the Cipher
Key.
For this standard, Nk 4, 6, or 8.
Nr Number of rounds
Nk ? ???? Nb? ?? ???
For this standard, Nr 10, 12, or 14.
Byte? ?? ? ??
? Exclusive-OR operation
Finite field multiplication
Word? ??
? Multiplication of two polynomials (each with
degree lt 4) modulo x4 1

4
AES

Byte? bits? ??

Input bit sequence 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Byte number in0 in0 in0 in0 in0 in0 in0 in0 in1 in1 in1 in1 in1 in1 in1 in1
Bit Numbers in byte 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
in0 in4 in8 in12
in1 in5 in9 in13
in2 in6 in10 in14
in3 in7 in11 in15
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
out0 out4 out8 out12
out1 out5 out9 out13
out2 out6 out10 out14
out3 out7 out11 out15
Input bytes State array
Output bytes
5
??? ??

The finite field GF(28) ? Byte? ??? ??? ????
???
??? ??
b
b7x7 b6x6 b5x5 b4x4 b3x3
b2x2 b1x b0
ex) 57 (0101 0111)2 x6 x4 x2 x 1
? byte? ?? Addition in GF(28)
b c defined ?

6
??? ??

The finite field GF(28) ? Byte? ???? ??
? byte? ?? 7?? ??????,? byte? ??? ??? ?? ??? ???
????
???? ??? ??? ?? ??? m(x)? ?? ????? ??? ??? ??.
m(x) x8 x4 x3 x 1 11Bx
ex) 57 ? 83 C1
(x6 x4 x2 x 1)(x7 x 1)
x13 x11 x9 x8 x6 x5 x4 x3
1
x13x11x9x8x6x5x4x31 (mod x8 x4 x3 x
1)
x7 x6 1 C1

7
??? ??

The finite field GF(28) ?? ??? ??? ??
???? ??? ?? ???? 0? ??.
m(x) x8 x4 x3 x 1 11Bx
(irreducible
over Z2)
x8 x4 x3 x 1
x9 x ? x8 x ? (x4 x3 x 1) x5
x4 x2 x
x10 x2 ? x8 x2 ? (x4 x3 x 1) x6 x5
x3 x2
x11 x3 ? x8 x3 ? (x4 x3 x 1) x7 x6
x4 x3
x12 x4 ? x8 x4 ? (x4 x3 x 1) x8 x7
x5 x4
(x4 x3 x 1) x7 x5 x4 x7
x5 x3 x 1
and so on.

8
??? ??

xtime(b) ?? ??? ??? ?? ??
If we multiply b(x) by the polynomial x, we have
x ? b b7x8 b6x7 b5x6 b4x5 b3x4 b2x3
b1x2 b0x
IF b7 0, then next reduction is identity
operation
x ? b b6x7 b5x6 b4x5 b3x4 b2x3 b1x2
b0x LeftShiftb
IF b7 1, then x8 x4 x3 x 1 must be
subtracted (i.e., XORed)
x ? b b7x8 b6x7 b5x6 b4x5 b3x4 b2x3
b1x2 b0x
(x4 x3 x 1) b6x7 b5x6 b4x5
b3x4 b2x3 b1x2 b0x
b6x7 b5x6 b4x5 (b3 ? 1)x4 (b2 ?
1)x3 (b0 ? 1)x 1
LeftShiftb ? 00011011
This operation is denoted by xtime(b)
Multiplication by higher powers of x can be
implemented by iterations

9
??? ??

Ex) 57 ? 13 FE
57 ? 02 xtime(57) AE
57 ? 04 xtime(AE) 47
57 ? 08 xtime(47) 8E
57 ? 10 xtime(8E) 07
57 ? 13 57 ? (10 ? 02 ? 01)
07 ? AE ? 57 FE

10
??? ??

Word? ?? ? ??
4?? byte? ???? word? 3?, 2?, 1?, ??? ?? ????? ???
Byte x ?? ??
Word y ?? ??
Word? ??? bitwise XOR ???
??? byte ???? ?? ??? ??? (y4 1)
A(y) a3y3 a2y2 a1y a0
B(y) b3y3 b2y2 b1y b0
where ai, bi ?GF(28) i.e., bytes

A(y)
a0
4Byte Word
a1
a2
a3
11
AES

Key-Block-Round Combinations

Key Length (Nk words) Block size (Nb words) Number of Rounds (Nr)
AES-128 4 4 10
AES-192 6 4 12
AES-256 8 4 14
12
AES

??? ??(Ciphering)
Cipher(byte in4Nb, byte out4Nb, word
wNb(Nr1))
begin
byte state4, Nb
state in
AddRoundKey(state, w0, Nb-1) // ?? ? ?? add ?
for round 1 step 1 to Nr1 // ??? ? ?? ? ? ??
???
SubBytes(state)
ShiftRows(state)
MixColumns(state)
AddRoundKey(state, wroundNb, (round1)Nb-1)
end for
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, wNrNb, (Nr1)Nb-1)

13
AES

???? ??(Ciphering) ????
SubBytes() Transformation
ShiftRows() Transformation
MixColumn() Transformation
AddRoundKey() Transformation

14
AES

SubBytes() Transformation
?? 2?? ???? ??
S-1 ?? ? byte? ???? ??? ?? ??? ?? ?? ??
? 00? ?? ?? 00?? ???
Affine ?? ? ???? fixed ??? ??? fixed ??? XOR
? ?? ??? Lookup table ??? ? ??
28 Byte array needed

S-Box
s-1 ?? Affine ??
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
s'0,0 s'0,1 s'0,2 s'0,3
s'1,0 s'1,1 s'1,2 s'1,3
s'2,0 s'2,1 s'2,2 s'2,3
s'3,0 s'3,1 s'3,2 s'3,3
sr,c
s'r,c
15
AES

SubBytes() Transformation
Affine ??
b0 1 0 0 0 1 1 1 1 b0 1
b1 1 1 0 0 0 1 1 1 b1 1
b2 1 1 1 0 0 0 1 1 b2 0
b3 1 1 1 1 0 0 0 1 b3 0
b4 1 1 1 1 1 0 0 0 b4 0
b5 0 1 1 1 1 1 0 0 b5 1
b6 0 0 1 1 1 1 1 0 b6 1
b7 0 0 0 1 1 1 1 1 b7 0

Right to Left
16
AES

SubBytes() Transformation
S-box Lookup Table input xy-values

y y y y
0 1 2
x 0 63 7c 77
x 1 ca 82 c9
x 2 b7 fd 93
x
17
AES

ShiftRows() Transformation
? ?? LeftRotation? different offsets

s'0,0 s'0,1 s'0,2 s'0,3
s'1,0 s'1,1 s'1,2 s'1,3
s'2,0 s'2,1 s'2,2 s'2,3
s'3,0 s'3,1 s'3,2 s'3,3
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
18
AES

MixColumn() Transformation
? ?(word)??? ??? ??? a(y) ???? ?? ??? ???
Word ?? a(y) ? s(y)? ???
a(x) 03x3 01x2 01x 02
??? ?? ??? ?? ??? ?? ? ??
s0,c 02 03 01 01 s0,c
s1,c 01 02 03 01 s1,c
s2,c 01 01 02 03 s2,c
s3,c 03 01 01 02 s3,c

19
AES

MixColumn() Transformation
Column-by-column
???? a(x)? ??? ??
?????? ?? ??? a-1(x)? ??? ?
?.??? ??? different

MixColumn()
s0,c
s0,c
s'0,0 s'0,1 s'0,2 s'0,3
s'1,0 s'1,1 s'1,2 s'1,3
s'2,0 s'2,1 s'2,2 s'2,3
s'3,0 s'3,1 s'3,2 s'3,3
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
s1,c
s1,c
s2,c
s2,c
s3,c
s3,c
?
20
AES

AddRoundKey() Transformation
? coulmn? RoundKey? XOR ?? ??
?.??? ??? ???? ??? Key ??? ???

AddRoundKey()
s0,c
s0,c
s'0,0 s'0,1 s'0,2 s'0,3
s'1,0 s'1,1 s'1,2 s'1,3
s'2,0 s'2,1 s'2,2 s'2,3
s'3,0 s'3,1 s'3,2 s'3,3
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
s1,c
s1,c
s2,c
s2,c
s3,c
s3,c
21
AES

Key Expansion
Cipher key ?? K(128, 192 or 256 bits)??? ??
Key ??? 256 bits? ?? ?? ?? ??? ???
? round? ??? key-words ???? ??
Total Nb(Nr 1) words? ???
SubWord()
Input, output 4 byte word
? byte? S-box? lookup table? ??? ????
RotWord()
Input word a0, a1, a2, a3
Output word a1, a2, a3, a0
Rconi
Word xi-1, 00, 00, 00 where xi-1? byte?
???

22
AES

KeyExpansion(byte key4Nk, word wNb(Nr1),
Nk)
begin
word temp
i 0
while (i lt Nk)
wi word(key4i, key4i1, key4i2,
key4i3)
i i1
end while
i Nk
while (i lt Nb (Nr1)
temp wi-1
if (i mod Nk 0)
temp SubWord(RotWord(temp)) xor Rconi/Nk
else if (Nk gt 6 and i mod Nk 4)
temp SubWord(temp)
end if
wi wi-Nk xor temp

23
AES

Key Expansion of a 128-bit Cipher Key (Nk 4)
Cipher Key 2b7e1516 28aed2a6 abf71588 09cf4f3c
w0 2b7e1516 w1 28aed2a6 w2 abf71588 w3
09cf4f3c

i (dec) temp After RotWord() After SubWord() Rconi/Nk After XOR with Rcon wi-Nk wi temp XOR wi-Nk
4 09cf4f3c cf4f3c09 8a84eb01 01000000 8b84eb01 2b7e1516 a0fafe17
5 a0fafe17 28aed2a6 88542cb1
6 88542cb1 abf71588 23a33939
7 23a33939 09cf4f3c 2a6c7605
8 2a6c7605 6c76052a 50386be5 02000000 52386be5 a0fafe17 f2c295f2
9 f2c295f2 88542cb1 7a96b943

24
AES