ANALYSIS OF AES

This section is a brief review of the three

characteristics of AES
AES..

Topics discussed in this section:

7.6.1 Security
7.6.2 Implementation
7.6.3 Simplicity and Cost

7.1
College of Engineering, Pune
 7.6.1 Security

AES was designed after DES

DES.. Most of the known attacks
on DES were already tested on AES
AES..
Brute-Force Attack
Brute-
AES is definitely more secure than DES due to the
larger--size key
larger key..
Statistical Attacks
Numerous tests have failed to do statistical analysis of
the ciphertext
ciphertext..

Differential and Linear Attacks

There are no differential and linear attacks on AES as
yet..
yet 7.2
College of Engineering, Pune
 7.6.1 Continue

Statistical Attacks
Numerous tests have failed to do statistical analysis of
the ciphertext
ciphertext..

Differential and Linear Attacks

There are no differential and linear attacks on AES as
yet..
yet

7.3
College of Engineering, Pune
 7.6.2 Implementation

AES can be implemented in software, hardware, and

firmware.. The implementation can use table lookup
firmware
process or routines that use a well
well--defined algebraic
structure..
structure

7.4
College of Engineering, Pune
 7.6.3 Simplicity and Cost

The algorithms used in AES are so simple that they can

be easily implemented using cheap processors and a
minimum amount of memory
memory..

7.5
College of Engineering, Pune
Concerning to the implementation aspects:
a) Rijndael can be implemented on a Smart
Card in a small account of code, using a
small account of RAM and taking a small
number of cycles; and
b) The round transformation is parallel by
design, which is an important advantage in
future processors and dedicated hardware.

College of Engineering, Pune

 Comparison of AES with DES

AES DES

Block size (in bits) 128 64

Key size (in bits) 128, 192, 256 56
Speed High Low
Encryption Substitution, Substitution,
primitives shift, permutation
bit mixing
Cryptographic Confusion, Confusion,
primitives Diffusion Diffusion
College of Engineering, Pune
 Comparison with Triple-DES

AES Triple DES

Type of Symmetric, Symmetric,
algorithm block cipher feistel cipher
Key size 128, 192, 256 112 or 168
(in bits)
Speed High Low
Time to crack 149 trillion 4.6 billion years
years
Resource Low Medium
consumption
College of Engineering, Pune
 IDEA,
RC-4, RC-5

College of Engineering, Pune

 International Data Encryption
Algorithm (IDEA)

College of Engineering, Pune

 Overview
• DES algorithm has been a popular secret key
encryption algorithm and is used in many
commercial and financial applications. However, its
key size is too small by current standards and its
entire 56 bit key space can be searched in
approximately 22 hours
• IDEA is a block cipher designed by Xuejia Lai and
James L. Massey in 1991
• It is a minor revision of an earlier cipher, PES
(Proposed Encryption Standard)
• IDEA was originally called IPES (Improved PES) and
was developed to replace DES
College of Engineering, Pune
 Overview (cont’)
• It entirely avoids the use of any lookup tables
or S-boxes
• IDEA was used as the symmetric cipher in
early versions of the Pretty Good Privacy
cryptosystem

College of Engineering, Pune

 Detailed description of IDEA
• IDEA operates with 64-bit plaintext and cipher
text blocks and is controlled by a 128-bit key
• Completely avoid substitution boxes and table
lookups used in the block ciphers
• The algorithm structure has been chosen such
that when different key sub-blocks are used,
the encryption process is identical to the
decryption process

College of Engineering, Pune

 Key generation
• The 64-bit plaintext block is
partitioned into four 16-bit
sub-blocks
• six 16-bit key are generated
from the 128-bit key. Since a
further four 16-bit key-sub-
blocks are required for the
subsequent output
transformation, a total of 52
(= 8 x 6 + 4) different 16-bit
sub-blocks have to be
generated from the 128-bit
key.

College of Engineering, Pune

 Key generation process
• First, the 128-bit key is partitioned into eight 16-
bit sub-blocks which are then directly used as the
first eight key sub-blocks
• The 128-bit key is then cyclically shifted to the left
by 25 positions, after which the resulting 128-bit
block is again partitioned into eight 16-bit sub-
blocks to be directly used as the next eight key
sub-blocks
• The cyclic shift procedure described above is
repeated until all of the required 52 16-bit key
sub-blocks have been generated

College of Engineering, Pune

 Encryption of the key sub-blocks
• The key sub-blocks used for the encryption and the
decryption in the individual rounds are shown in
Table 1

College of Engineering, Pune

 Encryption
• the first four 16-bit key sub-blocks
are combined with two of the 16-bit
plaintext blocks using addition
modulo 216, and with the other two
plaintext blocks using multiplication
modulo 216 + 1
• At the end of the first encryption
round four 16-bit values are
produced which are used as input to
the second encryption round
• The process is repeated in each of
the subsequent 7 encryption rounds
• The four 16-bit values produced at
the end of the 8th encryption round
are combined with the last four of
the 52 key sub-blocks using addition
modulo 216 and multiplication
modulo 216 + 1 to form the resulting
four 16-bit ciphertext blocks

College of Engineering, Pune

 Decryption
• The computational process used for decryption of
the ciphertext is essentially the same as that used for
encryption
• The only difference is that each of the 52 16-bit key
sub-blocks used for decryption is the inverse of the
key sub-block used during encryption
• In addition, the key sub-blocks must be used in the
reverse order during decryption in order to reverse
the encryption process

College of Engineering, Pune

 Modes of operation
• IDEA supports all modes of operation such as:
– Electronic Code Book (ECB) mode
– Cipher Block Chaining (CBC)
– Cipher Feedback (CFB)
– Output Feedback (OFB) modes
• For plaintext exceeding this fixed size, the simplest
approach is to partition the plaintext into blocks of
equal length and encrypt each separately. This
method is named Electronic Code Book (ECB) mode.
However, Electronic Code Book is not a good system
to use with small block sizes (for example, smaller
than 40 bits)

College of Engineering, Pune

 Applications of IDEA
• Today, there are hundreds of IDEA-based security
solutions available in many market areas, ranging
from Financial Services, and Broadcasting to
Government
• The IDEA algorithm can easily be embedded in any
encryption software. Data encryption can be used to
protect data transmission and storage. Typical fields
are:
– Audio and video data for cable TV, pay TV, video
conferencing, distance learning
– Sensitive financial and commercial data
– Email via public networks
– Smart cards
College of Engineering, Pune
 Conclusion
• As electronic communications grow in importance,
there is also an increasing need for data protection
• When PGP was designed, the developers were
looking for maximum security. IDEA was their first
choice for data encryption
• The fundamental criteria for the development of
IDEA were military strength for all security
requirements and easy hardware and software
implementation

College of Engineering, Pune

 Stream Ciphers
• process the message bit by bit (as a stream)
• typically have a (pseudo) random stream key
• combined (XOR) with plaintext bit by bit
• randomness of stream key completely destroys any
statistically properties in the message
– Ci = Mi XOR StreamKeyi
• what could be simpler!!!!
• but must never reuse stream key
– otherwise can remove effect and recover messages

College of Engineering, Pune

 Stream Cipher Properties
• some design considerations are:
– long period with no repetitions
– statistically random
– depends on large enough key
– large linear complexity
– correlation immunity
– confusion
– diffusion
– use of highly non-linear boolean functions

College of Engineering, Pune

 RC4
• a proprietary cipher owned by RSA DSI
• another Ron Rivest design, simple but effective
• variable key size, byte-oriented stream cipher
• widely used (web SSL/TLS, wireless WEP)
• key forms random permutation of all 8-bit values
• uses that permutation to scramble input info
processed a byte at a time

College of Engineering, Pune

 RC4 Key Schedule
• Initialization of S
• starts with an array S of numbers: 0..255
• use key to well and truly shuffle
• S forms internal state of the cipher
• given a key k of length l bytes
for i = 0 to 255 do
S[i] = i
j = 0
for i = 0 to 255 do
j = (j + S[i] + k[i mod l]) (mod 256)
swap (S[i], S[j])

College of Engineering, Pune

 RC4 Encryption
• Stream Generation
• encryption continues shuffling array values
• sum of shuffled pair selects "stream key" value
• XOR with next byte of message to en/decrypt
i = j = 0
for each message byte Mi
i = (i + 1) (mod 256)
j = (j + S[i]) (mod 256)
swap(S[i], S[j])
t = (S[i] + S[j]) (mod 256)
Ci = Mi XOR S[t]

College of Engineering, Pune

 RC4 Security
• claimed secure against known attacks
– have some analyses, none practical
• result is very non-linear
• since RC4 is a stream cipher, must never reuse
a key
• have a concern with WEP, but due to key
handling rather than RC4 itself

College of Engineering, Pune

 Block Cipher Characteristics
• features seen in modern block ciphers are:
– variable key length / block size / no rounds
– mixed operators, data/key dependent rotation
– key dependent S-boxes
– more complex key scheduling
– operation of full data in each round
– varying non-linear functions

College of Engineering, Pune

 RC5
• a proprietary cipher owned by RSADSI
• designed by Ron Rivest (of RSA fame)
• used in various RSADSI products
• can vary key size / data size / no rounds
• very clean and simple design
• easy implementation on various CPUs
• close to Blowfish speeds
• yet still regarded as secure

College of Engineering, Pune

 RC5 Ciphers
• RC5 is a family of ciphers RC5-w/r/b
– w = word size in bits (16/32/64) nb data=2w
– r = number of rounds (0…255)
– b = number of bytes in key (0…255)
• nominal version is RC5-32/12/16
– ie 32-bit words so encrypts 64-bit data blocks
– using 12 rounds
– with 16 bytes (128-bit) secret key

College of Engineering, Pune

 RC5 Key Expansion
• RC5 uses t=2r+2 subkey words (w-bits)
• subkeys are stored in array S[i], i=0..t-1
• then the key schedule consists of
– initializing S to a fixed pseudorandom value, based
on constants e and Φ
– the key is copied into a c-word array L
– a mixing operation then combines L and S to form
the final S array

College of Engineering, Pune

 RC5 Encryption
• split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2i ];
Ri = ((Ri-1 XOR Li) <<< Li) + S[2i + 1];
• each round is like DES rounds
• note rotation is main source of non-linearity
• need reasonable number of rounds (eg 12-16)

College of Engineering, Pune

College of Engineering, Pune
 RC5 Modes
• RFC2040 defines 4 modes used by RC5
– RC5 Block Cipher, in ECB mode
– RC5-CBC, is CBC mode
– RC5-CBC-PAD, is CBC with padding by bytes with
value being the number of padding bytes
– RC5-CTS, a variant of CBC which is the same size
as the original message, uses ciphertext stealing to
keep size same as original

College of Engineering, Pune