![The AES Cipher(Round-1)
Add round key
Substitute bytes
Shift rows
Mix columns
Add Round key
Substitute bytes
Shift rows
Mix columns
Add round key
Substitute bytes
Shift rows
Add round key
plaintext
Cipher text
key
W[4,7] W[36,39] W[40,43]
Round1
Round9](https://image.slidesharecdn.com/cryptographicalgorithms-170218054459/85/Cryptographic-algorithms-28-320.jpg)
Cryptographic algorithms
- 1. CRYPTOGRAPHIC ALGORITHMS (DES AND AES) BY- ANAMIKA SINGH ,B.TECH. VIIth sem
- 2. What is Encryption Transform information such that its true meaning is hidden Requires “special knowledge” to retrieve the information Examples AES, 3DES, RC4, ROT-13, …
- 3. Types of Encryption Schemes Ciphers Classical Modern Rotor Machines Substitution Public KeyTransposition Secret Key BlockStream Steganography
- 4. Symmetric Encryption Terms Alice Bob Plain text Plain textCipher text Key Key Encryption Algorithm Decryption Algorithm
- 5. Data Encryption Standard OUTLINE History Encryption Key-generation Decryption Strength of DES
- 6. History DES is a 64 bit block cipher which means that it encrypts data 64 bits at a time. In 1971, IBM developed an algorithm, named LUCIFER which operates on a block of 64 bits, using a 128-bit key Walter Tuchman, an IBM researcher, refined LUCIFER and reduced the key size to 56-bit, to fit on a chip. In 1977, the results of Tuchman’s project of IBM was adopted as the Data Encryption Standard by NSA (NIST). AES is an important algorithm and was originally meant to replace DES
- 7. A Simplified DES Algorithm Key words Substitution is simply a mapping of one value to another Permutation is a reordering of the bit positions for each of the inputs. techniques are used a number of times in iterations called rounds S-boxes are basically non-linear substitution tables where either the output is smaller than the input or vice versa
- 8. A Simplified DES Algorithm DES expects two inputs the plaintext to be encrypted and the secret key(64 bit block cipher, key size used is 56 bits) Initial permutation rearranging the bits to form the “permuted input”. followed by 16 iteration of the same function substitution and permutation. Finally, the pre output is passed through a permutation which is simply the inverse of the initial permutation
- 9. Encryption
- 11. Initial Permutation IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 IP-1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
- 12. Expansion 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 45 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 9 13 30 6 22 11 4 25 E P ExpansionExpansion
- 16. Key Generation
- 17. Key Generation D0C0 Input Key Permuted Choice One (PC-1) Permuted Choice Two (PC-2) Schedule of Left Shifts Di-1Ci-1 DiCi ▪ ▪ ▪ ▪ ▪ ▪ Key i
- 18. Key Generation 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 30 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 Input key 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 26 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 PC-1
- 19. Key Generation 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 PC-2 RN 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Bits 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 Schedule of Line Shift
- 20. Strength Criticism Reduction in key size of 72 bits Too short to withstand with brute-force attack S-boxes were classified. Weak points enable NSA to decipher without key. 56-bit keys have 256 = 7.2 x 1016 values Brute force search looks hard. A machine performing one DES encryption per microsecond would take more than a thousand year to break the cipher. DES exhibits a strong avalanche effect. If a small change in either the plaintext or the key, the ciphertext should change markedly.
- 21. Advance Encryption Standard Outline Origin The AES Cipher AES Encryption & Decryption AES Key Expansion Implementation Aspect
- 22. AES-Origin Clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks Can use Triple-DES – but slow, has small blocks US NIST issued call for ciphers in 1997 15 candidates accepted in Jun 98 5 were shortlisted in Aug-99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001
- 23. The AES Cipher - Rijndael Designed by Rijmen-Daemen in Belgium Has 128/192/256 bit keys, 128 bit data An iterative rather than Feistel (DES) cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round Designed to have: resistance against known attacks speed and code compactness on many CPUs design simplicity
- 24. The AES Cipher Block length is limited to 128 bit The key size can be independently specified to 128, 192 or 256 bits Key size (words/bytes/bits) 4/16/128 6/24/192 8/32/256 Number of rounds 10 12 14 Expanded key size (words/byte) 44/176 52/208 60/240
- 25. AES Encryption
- 26. The AES Cipher Key received as input array of 4 rows and Nk columns Nk = 4,6, or 8, parameter which depends key size Input key is expanded into an array of 44/52/60 words of 32 bits each 4 different words serve as a key for each round k0 k4 k8 k12 k1 k2 k3 k5 k6 k7 k9 k10 k11 k13 k14 k15 w0 w1 w2 …… w43W42
- 27. The AES Cipher AddRoundKey() – round key is added to the State using XOR operation MixColumns() – takes all the columns of the State and mixes their data, independently of one another, making use of arithmetic over GF(2^8) ShiftRows() – processes the State by cyclically shifting the last three rows of the State by different offsets SubBytes() – uses S-box to perform a byte-by-byte substitution of State The four stages are as follows: Substitute bytes, Shift rows, Mix Columns , Add Round Key The tenth round simply leaves out the Mix Columns stage.
- 28. The AES Cipher(Round-1) Add round key Substitute bytes Shift rows Mix columns Add Round key Substitute bytes Shift rows Mix columns Add round key Substitute bytes Shift rows Add round key plaintext Cipher text key W[4,7] W[36,39] W[40,43] Round1 Round9
- 29. The AES Cipher Only Add round key makes use of the key Other three functions are used for diffusion and confusion Final round consists of only three stages
- 31. Substitute Byte A simple substitution of each byte It uses one table of 16x16 bytes containing a permutation of all 256 8-bit values Each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits) S-box constructed using defined transformation of values in GF(28) Designed to be resistant to all known attacks
- 32. Substitute Byte
- 36. Shift Rows A circular byte shift in each each 1st row is unchanged 2nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left Decrypt inverts using shifts to right Since state is processed by columns, this step permutes bytes between the columns
- 38. Mix Columns Transformation Each column is operated on individually each byte is replaced by a value dependent on all 4 bytes in the column The Mix Columns transformation of a single column j (0 j 3) of state can be expressed as: S0 0,j = (2 • s0,j) (3 • s1,j) s2,j s3,j S0 1,j = s0,j (2 • s1,j) (3 • s2,j) s3,j S0 2,j = s0,j s1,j (2 • s2,j) (3 • s3,j) S0 3,j = (3 • s0,j) s1,j s2,j (2 • s3,j)
- 41. Add Round Key XOR each byte of the round key with its corresponding byte in the state array S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S’0,0 S’0,1 S’0,2 S’0,3 S’1,0 S’1,1 S’1,2 S’1,3 S’2,0 S’2,1 S’2,2 S’2,3 S’3,0 S’3,1 S’3,2 S’3,3 S0,1 S1,1 S2,1 S3,1 S’0,1 S’1,1 S’2,1 S’3,1 R0,0 R0,1 R0,2 R0,3 R1,0 R1,1 R1,2 R1,3 R2,0 R2,1 R2,2 R2,3 R3,0 R3,1 R3,2 R3,3 R0,1 R1,1 R2,1 R3,1 XOR
- 42. AES Key Expansion takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words start by copying key into first 4 words then loop creating words that depend on values in previous & 4 places back in 3 of 4 cases just XOR these together 1st word in 4 has rotate + S-box + XOR round constant on previous, before XOR 4th back
- 44. AES Decryption AES decryption is not identical to encryption since steps done in reverse but can define an equivalent inverse cipher with steps as for encryption but using inverses of each step with a different key schedule
- 45. AES Decryption All functions are easily reversible and their inverse form is used in decryption Decryption algorithm is not identical to the encryption algorithm Again, final round consists of only three stages
- 46. Implementation Aspect Can efficiently implement on 8-bit CPU Byte substitution works on bytes using a table of 256 entries Shift rows is simple byte shift Add round key works on byte XOR’s Mix columns requires matrix multiply in GF(28) which works on byte values, can be simplified to use table lookups & byte XOR’s
- 47. Implementation Aspect Can efficiently implement on 32-bit CPU redefine steps to use 32-bit words can pre compute 4 tables of 256-words then each column in each round can be computed using 4 table lookups + 4 XORs at a cost of 4Kb to store tables Designers believe this very efficient implementation was a key factor in its selection as the AES cipher