Scribd
Upload
10 views

Ch06 Crypto7e

Uploaded by

zzk9014
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
10 views

Ch06 Crypto7e

Uploaded by

zzk9014
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 34

Cryptograph

y and
Network
Security
Seventh Edition, Global Edition
by William Stallings

© 2017 Pearson Education, Ltd., All rights reserved.


Chapter 6
Advanced Encryption Standard

© 2017 Pearson Education, Ltd., All rights reserved.


Finite Field
Arithmetic
• In the Advanced Encryption Standard (AES) all
operations are performed on 8-bit bytes
• The arithmetic operations of addition, multiplication, and
division are performed over the finite field GF(28)
• A field is a set in which we can do addition, subtraction,
multiplication, and division without leaving the set
• Division is defined with the following rule:
• a /b = a (b-1 )

• An example of a finite field (one with a finite number of


elements) is the set Zp consisting of all the integers
{0, 1, . . . . , p - 1}, where p is a prime number and
in which arithmetic is carried out modulo p
© 2017 Pearson Education, Ltd., All rights reserved.
Finite Field
Arithmetic
If one of the operations For convenience and for
used in the algorithm is implementation
division, then we need efficiency we would like
to work in arithmetic to work with integers
defined over a field that fit exactly into a
• Division requires that each given number of bits
nonzero element have a with no wasted bit
multiplicative inverse
patterns
• Integers in the range 0 through
2n – 1, which fit into an n-bit
word

The set of such integers, A finite field containing


Z2n, using modular 2n elements is referred
to as GF(2n)
arithmetic, is not a field
• Every polynomial in GF(2n)
• For example, the integer 2 has
can be represented by an n-
no multiplicative inverse in Z 2n, bit number
that is, there is no integer b,
such that 2b mod 2n = 1

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Table 6.1
AES Parameters

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
Detailed Structure
• Processes the entire data block as a single matrix during each round using
substitutions and permutation
• The key that is provided as input is expanded into an array of forty-four 32-bit
words, w[i]

Four different stages are used:

•Substitute bytes – uses an S-box to perform a byte-by-byte substitution


• of cipher
The the block
begins and ends with an AddRoundKey stage
•ShiftRows – a simple permutation
• Can view the cipher as alternating operations of XOR encryption (AddRoundKey) of
•MixColumns – a substitution that makes use of arithmetic over GF(28)
a•AddRoundKey
block, followed –by
a scrambling of the
simple bitwise block
XOR (thecurrent
of the other three stages),
block with a followed
portion by
XOR encryption,
of the expanded andkey
so on
• Each stage is easily reversible
• The decryption algorithm makes use of the expanded key in reverse order,
however the decryption algorithm is not identical to the encryption algorithm
• State is the same for both encryption and decryption
• Final round of both encryption and decryption consists of only three stages
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Table 6.2

(a) S-box
(Table can be found on page 163 in
textbook)
© 2017 Pearson Education, Ltd., All rights reserved.
Table 6.2

(b) Inverse S-box

(Table can be found on page 163 in textbook)

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
S-Box Rationale
• The S-box is designed to be resistant
to known cryptanalytic attacks

• The Rijndael developers sought a


design that has a low correlation
between input bits and output bits and
the property that the output is not a
linear mathematical function of the
input

• The nonlinearity is due to the use of


the multiplicative inverse
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Shift Row Rationale
• More substantial than it may first appear

• The State, as well as the cipher input and output,


is treated as an array of four 4-byte columns

• On encryption, the first 4 bytes of the plaintext are


copied to the first column of State, and so on

• The round key is applied to State column by


column
• Thus, a row shift moves an individual byte from one
column to another, which is a linear distance of a
multiple of 4 bytes

• Transformation ensures that the 4 bytes of one


column are spread out to four different columns
© 2017 Pearson Education, Ltd., All rights reserved.
Mix Columns
Rationale
• Coefficients of a matrix based on a
linear code with maximal distance
between code words ensures a good
mixing among the bytes of each
column

• The mix column transformation


combined with the shift row
transformation ensures that after a few
rounds all output bits depend on all
input bits
© 2017 Pearson Education, Ltd., All rights reserved.
AddRoundKey
Transformation
• The 128 bits of State
are bitwise XORed
with the 128 bits of Rationale:
the round key

• Operation is viewed as Is as simple as


a columnwise possible and affects
every bit of State
operation between the
4 bytes of a State
The complexity of the
column and one word round key expansion
of the round key plus the complexity of
• Can also be viewed as the other stages of AES
ensure security
a byte-level operation

© 2017 Pearson Education, Ltd., All rights reserved.


© 2017 Pearson Education, Ltd., All rights reserved.
AES Key Expansion
• Takes as input a four-word (16 byte) key and produces a
linear array of 44 words (176) bytes
• This is sufficient to provide a four-word round key for the
initial AddRoundKey stage and each of the 10 rounds of
the cipher

• Key is copied into the first four words of the expanded


key
• The remainder of the expanded key is filled in four words
at a time

• Each added word w[i] depends on the immediately


preceding word, w[i – 1], and the word four positions
back, w[i – 4]
• In three out of four cases a simple XOR is used
• For a word whose position in the w array is a multiple of
4, Ltd.,
© 2017 Pearson Education, a more complex function is used
All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Key Expansion
Rationale
• The Rijndael
developers designed
the expansion key The specific criteria
algorithm to be that were used are:
resistant to known
cryptanalytic attacks

• Inclusion of a round-
dependent round • Knowledge of a part of the cipher key or round key does
constant eliminates not enable calculation of many other round-key bits
• An invertible transformation
the symmetry • Speed on a wide range of processors
• Usage of round constants to eliminate symmetries
between the ways in • Diffusion of cipher key differences into the round keys
• Enough nonlinearity to prohibit the full determination of
which round keys are round key differences from cipher key differences only
• Simplicity of description
generated in different
rounds
© 2017 Pearson Education, Ltd., All rights reserved.
Table 6.3

AES
Example
Key
Expansion
(Table is located on page 175
in textbook)

© 2017 Pearson Education, Ltd., All rights reserved.


Table 6.4

AES
Example
(Table is located on page 177
in textbook)

© 2017 Pearson Education, Ltd., All rights reserved.


Table
6.5

Avalanche
Effect
in AES:
Change in
Plaintext
(Table is located on page 178
in textbook)

© 2017 Pearson Education, Ltd., All rights reserved.


Table
6.6

Avalanche
Effect
in AES:
Change
in Key
(Table is located on page 179
in textbook)

© 2017 Pearson Education, Ltd., All rights reserved.


Equivalent Inverse
Cipher
• AES decryption cipher is
T
h
e

f
ir
s
t
t
w
o

s
t
a
g
e
s

o
f
t
h
e

d
e
c
r
y
p
ti
o
n

r
o
u
n
d

n
e
e
d

t
o

b
e
i
n
t
e
r
c
h
a
n
g
e
d

T
h
e

not identical to the s


e
c
o

encryption cipher
n
d

t
w
o

• The sequence of s
t
a
g

transformations differs e
s

although the form of the


f

t
h
e

key schedules is the d


e
c

same
r
y
p
t
i
o

• Has the disadvantage n

r
o

that two separate


u
n
d

software or firmware
e
e
d

modules are needed for


t
o

b
e

applications that require i


n
t

both encryption and


e
r
c
h
a

decryption
n
g
e
d

© 2017 Pearson Education, Ltd., All rights reserved.


Interchanging
InvShiftRows and
InvSubBytes
• InvShiftRows affects the sequence of
bytes in State but does not alter byte
contents and does not depend on byte
contents to perform its transformation
• InvSubBytes affects the contents of bytes
in State but does not alter byte sequence
and does not depend on byte sequence
to perform its transformation

Thus, these two operations commute


and can be interchanged
© 2017 Pearson Education, Ltd., All rights reserved.
Interchanging
AddRoundKey and
InvMixColumns
If we view the
The key as a
transformatio sequence of
ns words, then These two
AddRoundKey both operations
and AddRoundKey are linear
InvMixColumn and with respect
s do not alter InvMixColumn to the column
the sequence s operate on input
of bytes in State one
State column at a
time
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
Implementation
Aspects
• AES can be implemented very efficiently on
an 8-bit processor

• AddRoundKey is a bytewise XOR operation

• ShiftRows is a simple byte-shifting operation

• SubBytes operates at the byte level and


only requires a table of 256 bytes

• MixColumns requires matrix multiplication


in the field GF(28), which means that all
operations are carried out on bytes
© 2017 Pearson Education, Ltd., All rights reserved.
Implementation
Aspects
• Can efficiently implement on a 32-bit
processor
• Redefine steps to use 32-bit words
• Can precompute 4 tables of 256-words
• Then each column in each round can be
computed using 4 table lookups + 4 XORs
• At a cost of 4Kb to store tables

• Designers believe this very efficient


implementation was a key factor in its
selection as the AES cipher

© 2017 Pearson Education, Ltd., All rights reserved.


Summary
• AES transformation
• Finite field
functions
arithmetic
• Substitute bytes
• AES structure • ShiftRows
• General structure • MixColumns
• Detailed structure • AddRoundKey

• AES key expansion • AES


• Key expansion implementation
algorithm • Equivalent inverse
• Rationale cipher
• Implementation
© 2017 Pearson Education, Ltd., All rights reserved.
aspects

You might also like