- Information
- AI Chat
Cryptography (M3) ECE of academic year 2020-2021
Electronic and communication (ECE)
Visvesvaraya Technological University
Recommended for you
Preview text
1
MODULE 3: SYMMETRIC CIPHER
The Advanced Encryption Standard (AES) was published by NIST (National Institute of Standards and Technology) in 2001. AES is a symmetric block cipher that is intended to replace DES as the approved standard for a wide range of applications. The AES cipher form the latest generation of block ciphers, and now we see a significant increase in the block size - from the old standard of 64-bits up to 128-bits; and keys from 128 to 256-bits.
AES characteristics:
Resistance against all known attacks, Speed and code compactness on a wide range of platforms. Design simplicity.
AES Structure
General Structure:
The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, orAES-256, depending on the key length. The input to the encryption and decryption algorithms is a single 128-bit block. This block is depicted as a 4 * 4 square matrix of bytes. This block is copied into the State array, which is modified at each stage of encryption or decryption. After the final stage, State is copied to an output matrix. These operations are depicted in Figure 5. Similarly, the key is depicted as a square matrix of bytes. This key is then expanded into an array of key schedule words. Figure 5 shows the expansion for the 128-bit key. Each word is four bytes, and the total key schedule is 44 words for the 128-bit key. Note that the ordering of bytes within a matrix is by column. So, for example, the first four bytes of a 128-bit plaintext input to the encryption cipher occupy the first column of the in matrix, the second four bytes occupy the second column, and so on. Similarly, the first four bytes of the expanded key, which form a word, occupy the first column of the w matrix. The cipher consists of N rounds, where the number of rounds depends on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key (Table 5). The first N - 1 rounds consist of four distinct transformation functions : SubBytes, ShiftRows, MixColumns, and AddRoundKey. The final round contains only three transformations, and there is a initial single transformation (AddRoundKey) before the first round, which can be considered Round 0.
2
Each transformation takes one or more 4 * 4 matrices as input and produces a 4 * 4 matrix as output. Figure 5 shows that the output of each round is a 4 * 4 matrix, with the output of the final round being the cipher text. Also, the key expansion function generates N + 1 round keys, each of which is a distinct4 * 4 matrix. Each round key serves as one of the inputs to the Add Round Key transformation in each round.
4
The key that is provided as input is expanded into an array of forty-four 32-bit words, w [ i ]. Four distinct words (128 bits) serve as a round key for each round; these are indicated in Figure 5.
Four different stages are used, one of permutation and three of substitution: - Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block. - ShiftRows: A simple permutation. - MixColumns: A substitution that makes use of arithmetic over GF(2 8 ). - AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key.
5
The structure is quite simple. For both encryption and decryption, the cipher begins with an Add Round Key stage, followed by nine rounds that each includes all four stages, followed by a tenth round of three stages. Figure 5 depicts the structure of a full encryption round. Only the Add Round Key stage makes use of the key. For this reason, the cipher begins and ends with an Add Round Key stage. The Add Round Key stage is, in effect, a form of Vernam cipher and by itself would not be formidable. The other three stages together provide confusion, diffusion, and nonlinearity, but by themselves would provide no security because they do not use the key. The cipher as alternating operations of XOR encryption (Add Round Key) of a block, followed by scrambling of the block (the other three stages), followed by XOR encryption, and so on. This scheme is both efficient and highly secure. Each stage is easily reversible. For the Substitute Byte, Shift Rows, and Mix Columns stages, an inverse function is used in the decryption algorithm .For the Add Round Key stage, the inverse is achieved by XORing the same round key to the block, using the result that A ⊕B ⊕B = A. As with most block ciphers, the decryption algorithm makes use of the expanded key in reverse order. However, the decryption algorithm is not identical to the encryption algorithm. This is a consequence of the particular structure of AES. Once it is established that all four stages are reversible, it is easy to verify that decryption does recover the plaintext. Figure 5 lays out encryption and decryption going in opposite vertical directions. At each horizontal point (e., the dashed line in the figure), State is the same for both encryption and decryption. The final round of both encryption and decryption consists of only three stages. Again, this is a consequence of the particular structure of AES and is required to make the cipher reversible.
7
AES Transformation Functions: For each stage, we describe the forward (encryption) algorithm, the inverse (decryption) algorithm, and the rationale for the stage. Substitute Bytes Transformation:- Forward and Inverse Transformations: The forward substitute byte transformation , called SubBytes, is a simple table lookup (Figure 5).
AES defines a 16 * 16 matrix of byte values, called an S-box (Table 5), that contains a permutation of all possible 256 8-bit values. Each individual byte of State is mapped into a new byte in the following way: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value. These row and column values serve as indexes into the S-box to select a unique8-bit output value.
For example, the hexadecimal value {95} references row 9,column 5 of the S-box, which contains the value {2A}. Accordingly, the value {95} is mapped into the value {2A}.
10
1. Initialize the S-box with the byte values in ascending sequence row by row first row contains {00}, {01}, {02}, c, {0F}; the second row contains{10}, {11}, etc.; and so on. Thus, the value of the byte at row y , column x is { yx }. 2. Map each byte in the S-box to its multiplicative inverse in the finite fieldGF(2 8 ); the value {00} is mapped to itself. 3. Consider that each byte in the S-box consists of 8 bits labeled (b7, b6, b5, b4, b3,b2, b1, b0). Apply the following transformation to each bit of each byte in the S-box:.
Where ci is the i th bit of byte c with the value {63}; that is, ( c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0) =(01100011). The prime ( `) indicates that the variable is to be updated by the value on the right. The AES standard depicts this transformation in matrix form as follows.
As an example, consider the input value {95}. The multiplicative inverse in
which is 10001010 in binary.
The result is {2A}, which should appear in row {09} column {05} of the S-box is verified by checking Table 5. The inverse substitute byte transformation , called InvSubBytes, makes useof the inverse S-box shown in Table 5. Note, for example, that the input {2A}produces the output {95}, and the input {95} to the S-box produces {2A}. The inverseS-box is constructed (Figure 5) by applying the inverse of the transformation inEquation (5) followed by taking the multiplicative inverse in GF(2 8 ). The inversetransformation is,
11
where byte d = {05}, or 00000101. We can depict this transformation as follows.
13
of one column are spread out to four different columns. Figure 5 illustrates the effect.
MixColumns Transformation:- Forward and Inverse Transformations: The forward mix column transformation , called Mix Columns, operates on each column individually. Each byte of a column is mapped into a new value that is a function of all four bytes in that column. The transformation can be defined by the following matrix multiplication on State (Figure 5):
14
The MixColumns transformation on a single column of State can be expressed as,
Let us verify the first column of this example. In GF( 28 ), addition is the bitwise XOR operation and that multiplication can be performed according to the rule In particular, multiplication of a value by x (i., by {02}) can be implemented as a 1-bit left shift followed by a conditional bitwise XOR with (0001 1011) if the leftmost bit of the original value (prior to the shift) is 1. Thus, to verify the MixColumns transformation on the first column, we need to show that,
The other equations can be similarly verified. The inverse mix column transformation , called InvMixColumns, is defined by the following matrix multiplication:
16
For students reference
19
AES Key Expansion:-
Key Expansion Algorithm: The AES key expansion algorithm takes as input a four-word (16-byte) key and produces a linear array of 44 words (176 bytes). This is sufficient to provide a four word round key for the initial AddRound Key stage and each of the 10 rounds of the cipher. The pseudocode on the next page describes the expansion. The key is copied into the first four words of the expanded key. The remainder of the expanded key is filled in four words at a time. Each added word w [i]depends on the immediately preceding word, w [i - 1], and the word four position back, w [i - 4]. In three out of four cases, a simple XOR is used. For a word whose position in the w array is a multiple of 4, a more complex function is used.
20
Figure 5 the generation of the expanded key, using the symbol g to represent that complex function. The function g consists of the following subfunctions.
Cryptography (M3) ECE of academic year 2020-2021
Course: Electronic and communication (ECE)
University: Visvesvaraya Technological University
- Discover more from:
