Cryptography Lecture 6

1
CryptographyLecture 6

• Advanced Encryption Standard (AES)

2
Reading Assignment

• Reading assignments for Lecture 5
• Required
• Pfleeger 2.6
• Recommended
• AES News http//www.counterpane.com/crypto-gram-02
  09.html1
• Reading assignments for next class
• Required
• Pfleeger Ch 2.8 Key Exchange

3
Advanced Encryption Standard (AES) Motivations

• Replacement of DES
• Known vulnerabilities
• Broken by exhaustive key search attack
• Triple DES secure but slow
• Need new standard that is
• Secure practical cryptanalysis, resist known
  attacks
• Cost effective
• Easy to implement (software, hardware) and
  portable
• Flexible

4
AES Origin

• Started in 1997 and lasted for several years
• Requirements specified by NIST
• Algorithm unclassified and publicly available
• Available royalty free world wide
• Symmetric key
• Operates on data blocks of 128 bits
• Key sizes of 128, 192, and 256 bits
• Fast, secure, and portable
• Active life of 20-30 years
• Provides full specifications

5

• AES Finalists
• 1999

6
Rijndael Algorithm

• Chosen for security, performance, efficiency,
  ease of implementation, and flexibility
• Block cipher (variable block and key length)
• Federal Information Processing Standard (FIPS)

7

• Rijndael
• Symmetric, block cipher
• Key size 128, 192, or 256 bits
• Block size 128
• Processed as 4 groups of 4 bytes (state)
• Operates on the entire block in every round
• Number of rounds depending on key size
• Key128 ? 9 rounds
• Key192 ? 11 rounds
• Key256 ? 13 rounds

8

• Rijndael Basic Steps
• Byte Substitution Non-linear function for
  confusion
• S-box used on every byte (table look-up)
• Shift Rows Linear mixing function for diffusion
• Permutes bytes between columns
• Different for different block sizes (128, 192
  same, 256 different)
• Mix columns Transformation
• Shifting left and XOR bits
• Effect matrix multiplication
• Add Round Key incorporates key and creates
  confusion
• XOR state with unique key
• All operations can be combined into XOR and table
  look-ups ? Very fast and efficient

9
Strength of Algorithm

• New little experimental results
• Cryptanalysis results
• Few theoretical weakness
• No real problem
• No relation to government agency ? no allegations
  of tampering with code
• Has sound mathematical foundation

10
Byte Substitution

• Simple substitution for each byte
• S-box 16x16 bytes
• Each byte of state is replaced by byte in row
  (left 4 bits) and column (right 4 bits)
• S-box is designed to resist known attacks (Galois
  Field(28))

11
s00 s01 s02 s03 s10 s11 s12 s13 s20 s21
s22 s23 s30 s31 s32 s33
S-box
s'00 s'01 s'02 s'03 s'10 s'11 s'12
s'13 s'20 s'21 s'22 s'23 s'30 s'31 s'32
s'33
e.g., if s00 5B and row 5 and Column B in S-box
contains value 39, then s'00 39
12
Shift Row

• Circular byte shift (128 or 192 bits block)
• 1st row unchanged
• 2nd row 1 byte circular shift to left
• 3rd row 2 bytes circular shift to left
• 4th row 3 bytes circular shift to left
• Decryption shift to right

13
Shift Row Transformation
s'0,0 s'0,1 s'0,2 s'0,3 s'1,1 s'1,2 s'1,3
s'1,0 s'2,2 s'2,3 s'2,0 s'2,1 s'3,3 s'3,0
s'3,1 s'3,2
s0,0 s0,1 s0,2 s0,3 s1,0 s1,1 s1,2
s1,3 s2,0 s2,1 s2,2 s2,3 s3,0 s3,1 s3,2
s3,3
14
Mix Column

• Each column is processed separately
• Each byte is replaced by a value depending on all
  4 bytes in the column
• Each element of the column is multiplied with a
  plynomial

15
Add Subkey

• Generate unique subkey
• Create new words depending on
• Previous word and 4 places back
• 3 and 4 cases XOR together
• Every 4th has s-box rotate XOR constant
• Designed to resist attack
• XOR state with unique key

16
AES Decryption

• Non-identical to encryption
• Steps done in reverse
• Different key schedule

17

• Operating Modes
• Electronic Code Book (ECB) Mode
• Cipher Blosk Chaining (CBC) Mode
• Cipher Feedback (CFB) Mode
• Output Feedback (OFB) Mode

18
Next class
Summary of Secret Key Encryption Project
Information