AES.ppt
BincySam2
1,737 views
39 slides
Jun 09, 2023
Slide 1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
About This Presentation
Advanced Encryption system
Slide Content
AES-Advanced Encryption
Standard
Standard
Module-2 (Modern Symmetric Key Cryptosystems)
Symmetric key ciphers –Block vs Stream ciphers, Block cipher
components, Product ciphers, Feistel and Non-Feistel ciphers.
Data Encryption Standard (DES) –Structure, Key generation,
Design criteria, Weaknesses, Double DES, Triple DES.
Advanced Encryption Standard (AES) –Structure, Key
expansion.
Block cipher modes of operation –Electronic Codebook Mode
(ECB), Cipher Block Chaining Mode (CBC), Cipher Feedback
Mode (CFB), Output Feedback Mode (OFB), Counter Mode
(CTR).
Stream ciphers –Structure, RC4.
Symmetric key ciphers –Block vs Stream ciphers, Block cipher
components, Product ciphers, Feistel and Non-Feistel ciphers.
Data Encryption Standard (DES) –Structure, Key generation,
Design criteria, Weaknesses, Double DES, Triple DES.
Advanced Encryption Standard (AES) –Structure, Key
expansion.
Block cipher modes of operation –Electronic Codebook Mode
(ECB), Cipher Block Chaining Mode (CBC), Cipher Feedback
Mode (CFB), Output Feedback Mode (OFB), Counter Mode
(CTR).
Stream ciphers –Structure, RC4.
Origins
•A replacement for DES was needed.
•Solution =Triple-DES –but slow and small block size(64) with 168
bit key.
•US NIST(National institute of Standards & Technology) issued call
for ciphers in 1997.
•15 algorithms were chosen.
•5 were then shortlisted.
•Rijndael(RINE dahl)[named after Vincent Rijmenand Joan
Daemen) –Belgium-was selected as the AES in 2001
•A replacement for DES was needed.
•Solution =Triple-DES –but slow and small block size(64) with 168
bit key.
•US NIST(National institute of Standards & Technology) issued call
for ciphers in 1997.
•15 algorithms were chosen.
•5 were then shortlisted.
•Rijndael(RINE dahl)[named after Vincent Rijmenand Joan
Daemen) –Belgium-was selected as the AES in 2001
EVALUATION CRITERIA USED BY NIST FOR
SELECTING AES
Security
This refer to efforts required to Cryptanalyze an Algorithm
(Resistance to cryptanalysis), Soundness of Math,
Randomness of Output, etc.
Cost
Computational Efficiency (Speed)
Memory Requirements
Algorithm and Implementation Characteristics
Flexibility, Hardware and Software Suitability, Algorithm
Simplicity.
SELECTING AES
Security
This refer to efforts required to Cryptanalyze an Algorithm
(Resistance to cryptanalysis), Soundness of Math,
Randomness of Output, etc.
Cost
Computational Efficiency (Speed)
Memory Requirements
Algorithm and Implementation Characteristics
Flexibility, Hardware and Software Suitability, Algorithm
Simplicity.
RIJNDAEL AS AES
•The RIJNDAEL PROPOSAL FOR AES DEFINED A CIPHER IN WHICH THE
BLOCK LENGTH AND KEY LENGTH CAN BE INDEPENDENTLY
SPECIFIED TO BE 128,192, OR 256 BITS
•THE AES SPECIFICATION USES THE SAME 3 KEY SIZE ALTERNATIVES
BUT LIMITS THE BLOCK LENGTH TO 128 –BITS.
•A NUMBER OF AES PARAMETERS DEPEND ON THE KEY LENGTH
•RIJNDAEL WAS DESIGNED TO HAVE THE FOLLOWING
CHARECTERISTICS
•RESISTANCE AGAINST ALL KNOWN ATTACKS
•SPEED AND CODE COMPACTNESS ON A WIDE RANGE OF
PLATFORMS
•DESIGN SIMPLICITY.
•The RIJNDAEL PROPOSAL FOR AES DEFINED A CIPHER IN WHICH THE
BLOCK LENGTH AND KEY LENGTH CAN BE INDEPENDENTLY
SPECIFIED TO BE 128,192, OR 256 BITS
•THE AES SPECIFICATION USES THE SAME 3 KEY SIZE ALTERNATIVES
BUT LIMITS THE BLOCK LENGTH TO 128 –BITS.
•A NUMBER OF AES PARAMETERS DEPEND ON THE KEY LENGTH
•RIJNDAEL WAS DESIGNED TO HAVE THE FOLLOWING
CHARECTERISTICS
•RESISTANCE AGAINST ALL KNOWN ATTACKS
•SPEED AND CODE COMPACTNESS ON A WIDE RANGE OF
PLATFORMS
•DESIGN SIMPLICITY.
AES Requirements
•Private key Symmetric Block Cipher
•Resistance against all known attacks.
•Block Size of 128-bit data(16 * 8).
•128/192/256-bit keys can be used
•Stronger & faster than Triple-DES
•Private key Symmetric Block Cipher
•Resistance against all known attacks.
•Block Size of 128-bit data(16 * 8).
•128/192/256-bit keys can be used
•Stronger & faster than Triple-DES
•AES is an S-P cipher involving N-rounds (N depends on Key-
Length).
AES has defined Three Versions, with 10, 12, and 14 rounds.
Each version uses a different cipher key size (128, 192, or
256), but the round keys are always 128 bits.
A cycle of AES involves One Substitution and 2 Permutation
Functions. And A Key Function.
Length).
AES has defined Three Versions, with 10, 12, and 14 rounds.
Each version uses a different cipher key size (128, 192, or
256), but the round keys are always 128 bits.
A cycle of AES involves One Substitution and 2 Permutation
Functions. And A Key Function.
General design of AES encryption cipher
The AES Cipher -Rijndael
•An Iterativerather than Feistelcipher
•Processes data as Block of 4 columns of 4 bytes
•Operates on entire data block in every round
•Input to Encryption and Decryption Algorithm is a
single 128 bit block.
•This block is copied into a State Array which is
modified at each stage of Encryption/Decryption.
•An Iterativerather than Feistelcipher
•Processes data as Block of 4 columns of 4 bytes
•Operates on entire data block in every round
•Input to Encryption and Decryption Algorithm is a
single 128 bit block.
•This block is copied into a State Array which is
modified at each stage of Encryption/Decryption.
Rijndael
•Data block of 4 columns of 4 bytes is called State.
•Initial 128 bit Key is expanded to Array of Words
•(11*4bytes=44words)
•4 different Stages are used
•Byte Substitution(S-box used on every byte)
•Shift Rows (permute bytes between groups/columns)
•Mix Columns (subs using matrix multiply of groups)
•Add Round Key (XOR state with key material)
•Data block of 4 columns of 4 bytes is called State.
•Initial 128 bit Key is expanded to Array of Words
•(11*4bytes=44words)
•4 different Stages are used
•Byte Substitution(S-box used on every byte)
•Shift Rows (permute bytes between groups/columns)
•Mix Columns (subs using matrix multiply of groups)
•Add Round Key (XOR state with key material)
Rijndael-AES
Overall AES Structure.
•Structure-Starts with Add Round Key followed by 9 rounds of
4 stages followed by a tenth round of 3 stages.
•Cipher begins and ends with Add round Key stage-Better
Security.
•Each Stage is easily revertible.
•Decryption Algorithm uses Keys in Reverse Order.
•AES uses Arithmetic in the Finite Field GF(2^8) with the
irreducible Polynomial m(x)=x^8+x^4+x^3+x+1.
•Structure-Starts with Add Round Key followed by 9 rounds of
4 stages followed by a tenth round of 3 stages.
•Cipher begins and ends with Add round Key stage-Better
Security.
•Each Stage is easily revertible.
•Decryption Algorithm uses Keys in Reverse Order.
•AES uses Arithmetic in the Finite Field GF(2^8) with the
irreducible Polynomial m(x)=x^8+x^4+x^3+x+1.
AES SINGLE ROUND
General design of AES encryption cipher
Byte Substitution(S-Box)
•AES defines a 16*16 matrix of byte values called an S-Box.
•Uses one table of 16x16 bytes containing a permutation of all 256 8-
bit values.
•A simple substitution of each byte.
•Each byte of state is replaced by byte indexed by row (left 4-bits) &
column (right 4-bits).
•eg. byte {95} is replaced by byte in row 9 column 5
•which has value {2A}
•S-box constructed using defined transformation of values in GF(2
8
).
•Designed to be resistant to all known attacks.
•AES defines a 16*16 matrix of byte values called an S-Box.
•Uses one table of 16x16 bytes containing a permutation of all 256 8-
bit values.
•A simple substitution of each byte.
•Each byte of state is replaced by byte indexed by row (left 4-bits) &
column (right 4-bits).
•eg. byte {95} is replaced by byte in row 9 column 5
•which has value {2A}
•S-box constructed using defined transformation of values in GF(2
8
).
•Designed to be resistant to all known attacks.
Byte Substitution
Construction of S-Box
AES S-Box
For example, the output from S-box of 95 is 2A
For example, the output from S-box of 95 is 2A
Inverse S-box
It is calculated by first calculating the inverse affine
transformation on the input value, followed by the multiplicative
inverse.
The inverse affine transformation is as follows
It is calculated by first calculating the inverse affine
transformation on the input value, followed by the multiplicative
inverse.
The inverse affine transformation is as follows
AES INVERSE S-Box
Acircular Byte Shift
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
Decrypt inverts using shifts to right
Since state is processed by columns, this step
permutes bytes between the columns
Shift Rows
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
Decrypt inverts using shifts to right
Since state is processed by columns, this step
permutes bytes between the columns
Shift Rows
Mix Columns
•Each column is processed separately
•Each byte is replaced by a value dependent on all 4 bytes in the
column
•Each column is processed separately
•Each byte is replaced by a value dependent on all 4 bytes in the
column
MixColumns
TheMixColumnstransformationoperatesatthecolumn
level;ittransformseachcolumnofthestatetoanewcolumn.
MixColumns transformation
TheMixColumnstransformationoperatesatthecolumn
level;ittransformseachcolumnofthestatetoanewcolumn.
MixColumns transformation
Constant matrices used by
MixColumns and InvMixColumns
MixColumns and InvMixColumns
Mix Columns•CanexpresseachColumnas4Equations
•DecryptionrequiresuseofInverseMatrix
•Weneedaninterbytetransformationthat
changesthebitsinsideabyte,basedonthebits
insidetheneighboringbytes.Weneedtomix
bytestoprovidediffusionatthebitlevel.
•DecryptionrequiresuseofInverseMatrix
•Weneedaninterbytetransformationthat
changesthebitsinsideabyte,basedonthebits
insidetheneighboringbytes.Weneedtomix
bytestoprovidediffusionatthebitlevel.
Add Round Key
•XOR state with 128-bits of the round key
•Processed by column
•Inverse for decryption identical
•since XOR own inverse, with reversed keys
•AddRoundKeyproceedsonecolumnatatime.
AddRoundKeyaddsaroundkeywordwitheach
statecolumnmatrix;theoperationin
AddRoundKeyismatrixaddition.
•XOR state with 128-bits of the round key
•Processed by column
•Inverse for decryption identical
•since XOR own inverse, with reversed keys
•AddRoundKeyproceedsonecolumnatatime.
AddRoundKeyaddsaroundkeywordwitheach
statecolumnmatrix;theoperationin
AddRoundKeyismatrixaddition.
AddRoundKey transformation
AddRoundKey proceeds one column at a time. AddRoundKey
adds a round key word with each state column matrix; the
operation in AddRoundKey is matrix addition.
AddRoundKey proceeds one column at a time. AddRoundKey
adds a round key word with each state column matrix; the
operation in AddRoundKey is matrix addition.
Add Round Key
AES Key Expansion
•Takes 128-bit (16-byte) key and expands into array of 44 32-bit words
•Start by copying key into first 4 words
•Then loop creating words that depend on values in previous & 4 places
back
•in 3 of 4 cases just XOR these together
•1
st
word in 4 has rotate + S-box + XOR round constant on previous,
before XOR 4
th
back
Tocreateroundkeysforeachround,AESusesakey-expansion
process.IfthenumberofroundsisN
r,thekey-expansion
routinecreatesN
r+1128-bitroundkeysfromonesingle128-
bitcipherkey.
•Takes 128-bit (16-byte) key and expands into array of 44 32-bit words
•Start by copying key into first 4 words
•Then loop creating words that depend on values in previous & 4 places
back
•in 3 of 4 cases just XOR these together
•1
st
word in 4 has rotate + S-box + XOR round constant on previous,
before XOR 4
th
back
Tocreateroundkeysforeachround,AESusesakey-expansion
process.IfthenumberofroundsisN
r,thekey-expansion
routinecreatesN
r+1128-bitroundkeysfromonesingle128-
bitcipherkey.
AES Key Expansion
Key expansion in AES
Key Expansion(every 4
th
word)
•For a word whose posnin W array is a multiple of 4.
•The Function “g”consists of the following subfns
•Rotword-one byte left shift on a word.
•SubWord-byte substitution on each byte of its input word
using the S-Box
•Result of steps 1 and 2 are XORedusing a round constatnt
Rcon[j].
•Round Constant is a word in which the 3 right most bytes
are always 0.
•Round const is diff for each round and is defined as
•Rcon[j]=(RC[j],0,0,0), with RC[1]=1;RC[j]=2*RC[j-1].
•Multiplication is defined over GF(2^8).
•[ie,01,02,04,08,10,20,40,80,1B,36]
th
word)
•For a word whose posnin W array is a multiple of 4.
•The Function “g”consists of the following subfns
•Rotword-one byte left shift on a word.
•SubWord-byte substitution on each byte of its input word
using the S-Box
•Result of steps 1 and 2 are XORedusing a round constatnt
Rcon[j].
•Round Constant is a word in which the 3 right most bytes
are always 0.
•Round const is diff for each round and is defined as
•Rcon[j]=(RC[j],0,0,0), with RC[1]=1;RC[j]=2*RC[j-1].
•Multiplication is defined over GF(2^8).
•[ie,01,02,04,08,10,20,40,80,1B,36]
AES Decryption
•AES decryption is not identical to encryption since steps
done in reverse
•But can define an equivalent inverse cipher with steps as
for encryption
•but using inverses of each step
•with a different key schedule
•AES decryption is not identical to encryption since steps
done in reverse
•But can define an equivalent inverse cipher with steps as
for encryption
•but using inverses of each step
•with a different key schedule
AES Decryption
Summary
•Have considered:
•The AES selection process
•The details of Rijndael –the AES cipher
•Looked at the steps in each round
•The key expansion
•Have considered:
•The AES selection process
•The details of Rijndael –the AES cipher
•Looked at the steps in each round
•The key expansion
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,737
- Slides 39
- Favorites 2
- Age 907 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views