Download Cryptography and its application and more Lecture notes Cryptography and System Security in PDF only on Docsity!
INTRODUCTION TO CRYPTOGRAPHY
Lecture 4: Week 5
Dr. Azni Haslizan bt Ab Halim
CONTENT OF THIS CHAPTER Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 2 / 28
- (^) Overview of the AES algorithm
- (^) Internal structure of AES
- (^) Byte Substitution layer
- (^) Diffusion layer
- (^) Key Addition layer
- (^) Key schedule
- (^) Decryption
- (^) Practical issues
Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 4 / 28 (^) Some Basic Facts
- (^) AES is the most widely used symmetric cipher today
- The algorithm for AES was chosen by the US National Institute of Standards and Technology (NIST) in a multi-year selection process
- The requirements for all AES candidate submissions were:
- (^) Block cipher with 128-bit block size
- Three^ supported^ key^ lengths :^ 128, 192 and 256^ bit
- Security relative to other submitted algorithms
- Efficiency in software and hardware
Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 5 / 28 (^) Chronology of the AES Selection
- (^) The need for a new block cipher announced by NIST in January, 1997
- 15 candidates algorithms accepted in August, 1998
- 5 finalists announced in August, 1999:
- Mars^ – IBM^ Corporation
- RC6 – RSA Laboratories
- Rijndael – J. Daemen & V. Rijmen
- Serpent – Eli Biham et al.
- Twofish – B. Schneier et al.
- In^ October 2000,^ Rijndael^ was^ chosen^ as^ the^ AES
- AES was formally approved as a US federal standard in November 2001
(^) AES: Overview
- (^) Iterated cipher with 10/12/14 rounds
- Each round consists of “Layers” Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 7 / 28
CONTENT OF THIS CHAPTER Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 8 / 28
- (^) Overview of the AES algorithm
- Internal structure^ of^ AES
- (^) Byte Substitution layer
- (^) Diffusion layer
- (^) Key Addition layer
- (^) Key schedule
- Decryption
- Practical^ issues
(^) Internal Structure of AES
- (^) Round function for rounds 1,2,…, nr -1: Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 10 / 28
- (^) Note: In the last round, the MixColumn tansformation is omitted
(^) Byte Substitution Layer
- (^) The Byte Substitution layer consists of 16 S-Boxes with the following properties: The S-Boxes are - identical - the only nonlinear elements of AES, i.e., ByteSub( Ai ) + ByteSub( Aj ) ≠ ByteSub( Ai + Aj ), for i,j = 0,…, - bijective , i.e., there exists a one-to-one mapping of input and output bytes S-Box can be uniquely reversed
- (^) In software implementations, the S-Box is usually realized as a lookup table Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 11 / 28
(^) ShiftRows Sublayer
- (^) Rows of the state matrix are shifted cyclically: Input matrix Output matrix
B 0 B 4 B 8 B 12
B 1 B 5 B 9 B 13
B 2 B 6 B 10 B 14
B 3 B 7 B 11 B 15
Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 13 / 28
B 0 B 4 B 8 B 12
B 5 B 9 B 13 B 1
B 10 B 14 B
2 B 6
B 15 B
3 B 7
B 11 no shift ← one position left shift ← two positions left shift ← three positions left shift
(^) MixColumn Sublayer
- (^) Linear transformation which mixes each column of the state matrix
- Each 4-byte column is considered as a vector and multiplied by a fixed 4x4 matrix, e.g., where 01, 02 and 03 are given in hexadecimal notation
- (^) All arithmetic is done in the Galois field GF (2^8 ) (for more information see Chapter 4.3 in Understanding Cryptography )
^
Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 14 / 28
3 ^ ^ 15
03 ^ ^ B 10
(^01) B 5
02 03 01 01 ^ B 0
03 01 01 02 B
C
C
2
C 1 01
C 0
Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 16 / 28 (^) Key Schedule
- (^) Subkeys are derived recursively from the original 128/192/256-bit input key
- Each round has 1 subkey, plus 1 subkey at the beginning of AES
- (^) Key whitening: Subkey is used both at the input and output of AES # subkeys = # rounds + 1
- (^) There are different key schedules for the different key sizes Key length (bits) Number of subkeys 128 11 192 13 256 15
(^) Key Schedule Example: Key schedule for 128-bit key AES
- (^) Word-oriented: 1 word = 32 bits
- 11 subkeys are stored in W[0]…W[3], W[4]…W[7], … , W[40]…W[43]
- First subkey W[0] … W[3] is the original AES key Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 17 / 28
CONTENT OF THIS CHAPTER Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 19 / 28
- (^) Overview of the AES algorithm
- (^) Internal structure of AES
- (^) Byte Substitution layer
- (^) Diffusion layer
- (^) Key Addition layer
- (^) Key schedule
- Decryption
- Practical^ issues
(^) Decryption
- (^) AES is not based on a Feistel network All layers must be inverted for decryption:
- (^) MixColumn layer → Inv MixColumn layer
- ShiftRows layer→^ Inv ShiftRows^ layer
- Byte Substitution^ layer^ →^ Inv^ Byte Substitution layer
- Key Addition layer is its own inverse Chapter 4 of Understanding Cryptography by Christof Paar and Jan Pelzl 20 / 28