The document discusses the Advanced Encryption Standard (AES), a symmetric-key block cipher chosen by the U.S. government to replace the Data Encryption Standard (DES). AES uses 128-bit blocks and supports key sizes of 128, 192, and 256 bits. It was developed by two Belgian cryptographers and adopted by the National Institute of Standards and Technology in 2001. AES is more efficient and secure than DES and uses multiple encryption rounds involving substitutions, permutations, mixing of data, and adding round keys derived from the original cipher key.
The document discusses the Advanced Encryption Standard (AES), a symmetric-key block cipher chosen by the U.S. government to replace the Data Encryption Standard (DES). AES uses 128-bit blocks and supports key sizes of 128, 192, and 256 bits. It was developed by two Belgian cryptographers and adopted by the National Institute of Standards and Technology in 2001. AES is more efficient and secure than DES and uses multiple encryption rounds involving substitutions, permutations, mixing of data, and adding round keys derived from the original cipher key.
The document discusses the Advanced Encryption Standard (AES), a symmetric-key block cipher chosen by the U.S. government to replace the Data Encryption Standard (DES). AES uses 128-bit blocks and supports key sizes of 128, 192, and 256 bits. It was developed by two Belgian cryptographers and adopted by the National Institute of Standards and Technology in 2001. AES is more efficient and secure than DES and uses multiple encryption rounds involving substitutions, permutations, mixing of data, and adding round keys derived from the original cipher key.
The document discusses the Advanced Encryption Standard (AES), a symmetric-key block cipher chosen by the U.S. government to replace the Data Encryption Standard (DES). AES uses 128-bit blocks and supports key sizes of 128, 192, and 256 bits. It was developed by two Belgian cryptographers and adopted by the National Institute of Standards and Technology in 2001. AES is more efficient and secure than DES and uses multiple encryption rounds involving substitutions, permutations, mixing of data, and adding round keys derived from the original cipher key.
● published by the National Institute of Standards and Technology (NIST) in December 2001. WHY AES?
To overcome the drawbacks of 3DES and DES.
3DES is relatively sluggish in software. It does not provide efficient software code. DES and 3DES use 64 bit block key. In terms, for efficiency and security, a large block size is desirable. PROPOSAL FOR AES
NIST called for proposal of AES which should have a
security strength equal to or better than 3DES and significantly improved efficiency. NIST specified that AES must be a symmetric block cipher with a block length of 128 bits and support for key lengths of 128, 192, and 256 bits. NIST selected Rijndael as the proposed AES algorithm. The two researchers who developed and submitted Rijndael for the AES are both cryptographers from Belgium: Dr. Joan Daemen and Dr. Vincent Rijmen. AES EVALUATION
Security: Effort required to cryptanalyze an
algorithm. Cost: AES must have high computational efficiency, so as to be usable in high-speed applications, such as broadband links. Algorithm and implementation characteristics: Flexibility and suitability for variety of hardware and software. Simplicity, which makes analysis of security straight forward. Rounds AES is a non-Feistel cipher that encrypts and decrypts a data block of 128 bits. It uses 10, 12, or 14 rounds. The key size, which can be 128, 192, or 256 bits, depends on the number of rounds. AES has defined three versions, with 10, 12, and 14 rounds. Each version uses a different cipher key size (128, 192, or 256), but the round keys are always 128 bits. General Design of AES Encryption cipher
Number of round keys = Nr + 1 ,where Nr defines
number of rounds. DATA UNITS AES uses five units of measurement to refer to data: ● Bits ● Bytes ● Words ● Blocks ● State Block to state and state to block transformation Changing plain text to state Structure of each round at the encryption site Transformations AES uses four types of transformations: ● substitution ● permutation ● mixing ● key-adding Substitution Subbytes The first transformation, SubBytes, is used at the encryption site. To substitute a byte, we interpret the byte as two hexadecimal digits. The left digit defines the row and the right digit defines the column of the substitution table. Subbytes Transformation Invsubbytes Continuation... Example for subbytes transformation Transformation Using the GF(28) Field AES also defines the transformation algebraically using the GF(28) field with the irreducible polynomials (x8 + x4 + x3+ x + 1) Multiplicative Inverse table in GF(2^8) Let us show how the byte 0C is transformed to FE by subbyte routine and transformed back to 0C by the invsubbyte routine. Permutation Another transformation found in a round is shifting, which permutes the bytes. Shift Rows In the encryption, the transformation is called ShiftRows and the shifting is to the left. The number of shifts depends on the row number (0, 1, 2, or 3) of the state matrix. Shift Rows transformation Example for Shift Row Transformation Mixing
We need an interbyte transformation that changes the bits inside a
byte, based on the bits inside the neighboring bytes. We need to mix bytes to provide diffusion at the bit level. MixColumns
The MixColumns transformation operates at the column level; it
transforms each column of the state to a new column. InvMixColumns
● The InvMixColumns transformation is basically
the same as the MixColumns transformation.
● The MixColumns and InvMixColumns are
transformations and inverse of each other. The MixColumns transformation in Example Key Adding ● AddRoundKey ● AddRoundKey proceeds one column at a time. AddRoundKey adds a round key word with each state column matrix; the operation in AddRoundKey is matrix addition.
● The AddRoundKey transformation is the
inverse of itself. Example KEY EXPANSION To create round keys for each round, AES uses a key-expansion process. If the number of rounds is Nr , the key-expansion routine creates Nr + 1 128-bit round keys from one single 128-bit cipher key. Key Expansion in AES-128 Key expansion aes 128 bits The key-expansion routine can either use the above table when calculating the words or use the GF(28) field to calculate the leftmost byte dynamically, as shown below (prime is the irreducible polynomial): keys for each round are calculated assuming that the 128-bit cipher key agreed upon by Alice and Bob is (24 75 A2 B3 34 75 56 88 31 E2 12 00 13 AA 54 87)16. Continued..
Each round key in AES depends on the previous round key. The dependency, however, is nonlinear because of SubWord transformation. The addition of the round constants also guarantees that each round key will be different from the previous one.
The two sets of round keys can be created from two cipher keys that are different only in one bit. Key Expansion in AES-192 and AES-256 Key-expansion algorithms in the AES-192 and AES-256 versions are very similar to the key expansion algorithm in AES-128, with the following differences:
1. In AES-192, the words are generated in groups of six instead of
four.
2. In AES-256, the words are generated in groups of eight instead
of four. Key-Expansion Analysis The key-expansion mechanism in AES has been designed to provide several features that thwart the cryptanalyst. 1. Even if Eve knows only part of the cipher key or the values of the words in some round keys, she still needs to find the rest of the cipher key before she can find all round keys. This is because of the nonlinearity produced by SubWord transformation in the key-expansion process. 2. Two different cipher keys, no matter how similar to each other, produce two expansions that differ in at least a few rounds. 3. Each bit of the cipher key is diffused into several rounds. For example, changing a single bit in the cipher key, will change some bits in several rounds. Key-Expansion Analysis 4. The use of the constants, the RCons, removes any symmetry that may have been created by the other transformations. 5. There are no serious weak keys in AES, unlike in DES. 6. The key-expansion process can be easily implemented on all platforms. 7. The key-expansion routine can be implemented without storing a single table; all calculations can be done using the GF(28) and FG(2) fields. Ciphers AES uses four types of transformations for encryption and decryption. In the standard, the encryption algorithm is referred to as the cipher and the decryption algorithm as the inverse cipher.
AES is a non-Feistel cipher, which means that each
transformation or group of transformations must be invertible Original design Alternative Design
In this version, the transformations in the reverse cipher
are rearranged to make the order of transformations the same in the cipher and reverse cipher. In this design, invertibility is provided for a pair of transformations, not for each single transformation Invertibility of SubBytes and ShiftRows combinations Invertibility of MixColumns and AddRoundKey combination Cipher and reverse cipher in alternate design Security AES was designed after DES. Most of the known attacks on DES were already tested on AES. Brute-Force Attack AES is definitely more secure than DES due to the larger-size key. Statistical Attacks Numerous tests have failed to do statistical analysis of the ciphertext. Differential and Linear Attacks There are no differential and linear attacks on AES as yet. Statistical Attacks Numerous tests have failed to do statistical analysis of the ciphertext.
Differential and Linear Attacks
There are no differential and linear attacks on AES as yet. Implementation AES can be implemented in software, hardware, and firmware. The implementation can use table lookup process or routines that use a well-defined algebraic structure. Simplicity and Cost The algorithms used in AES are so simple that they can be easily implemented using cheap processors and a minimum amount of memory. AES Example - Input (128 bit key and message) Key in English: Thats my Kung Fu (16 ASCII characters, 1 byte each)
