2 2 5 advanced encryption standard aes a collection of
play

2.2.5 Advanced Encryption Standard (AES) A collection of proposals - PDF document

Dec 23, 2023 •679 likes •767 views

2.2.5 Advanced Encryption Standard (AES) A collection of proposals has been studied by the (American) National Institute of Standards and Technology (NIST for short) for a new industrial standard for a block cipher. The names of these proposals

  1. 2.2.5 Advanced Encryption Standard (AES) A collection of proposals has been studied by the (American) National Institute of Standards and Technology (NIST for short) for a new industrial standard for a block cipher. The names of these proposals are CAST-256, CRYPTON, DFC, DEAL, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, RIJNDAAEL, SAFER+, SERPENT and TWOFISH (see the web page Advanced Encryption Standard). The second round of the selection was concluded in August 1999. The following contenders remained in the race: MARS (IBM), RC6TM (RSA Laboratories), RIJNDAEL (Daemen and Rijmen), SERPENT (Ross Anderson, Eli Biham, and Lars Knudsen) and TWOFISH (Bruce Schneier e.a.). On October 2, 2000, the final selection was made: RIJNDAEL! 2.2.6 Rijndael Like most modern block ciphers, Rijndael is an iterated block cipher: it specifies a transformation, also called the round function, and the number of times this function is iterated on the data block to be encrypted/decrypted, also referred to as the number of rounds. Rijndael is a substitution-linear transformation network, i.e. it is not a Feistel-type block cipher like e.g. DES. The block length and the key length can be independently specified to 128, 192, and 256 bits. The number of rounds in Rijndael depends in the following way on the the block length and the key length. cipher \ key 128 192 256 128 10 12 14 192 12 12 14 256 14 14 14 The round function consists of the following operations: • ByteSub (affects individual bytes), • ShiftRow (shifts rows), • MixColumn (affects each column), • RoundKey addition (overall XOR). These are applied to the intermediate cipher result, also called the State: a 4 ¥ 4, 4 ¥ 6, resp. 4 ¥ 8 matrix of which the entries consist of 8 bits, i.e. one byte. For example, when the block length is 192, one gets

  2. Euforce.nb 2 a 0,0 a 0,1 a 0,2 a 0,3 a 0,4 a 0,5 a 1,0 a 1,1 a 1,2 a 1,3 a 1,4 a 1,5 a 2,0 a 2,1 a 2,2 a 2,3 a 2,4 a 2,5 a 3,0 a 3,1 a 3,2 a 3,3 a 3,4 a 3,5 where each a i , j consists of 8 bits, so it has the form 8H a i , j L 0 , H a i , j L 1 , …, H a i , j L 7 < . For example, a 0,0 = 8 1, 0, 1, 1, 0, 0, 0, 1 < . Sometimes, we use the one-dimensional ordering (columnwise) i.e. a 0,0 , a 1,0 , a 2,0 , a 3,0 , a 0,1 , …, a 3,5 . We define N b as the number of columns in the array above. So, the the block cipher length is 32 N b bits, or 4 N b bytes (each byte consists of 8 bits), or N b 4-byte words. Similarly, the Cipher Key length consists of 32 N k bits, or 4 N k bytes, or N k 4-byte words. É One Round ByteSub This is the only non-linear part in each round. Apply to each byte a i , j two operations: Interpret a i , j as element in GF H 2 8 L and replace it by its multiplicative inverse, 1) if it is not 0, otherwise leave it the same. Replace the resulting 8-tuple, say H x 0 , x 1 , …, x 7 L by 2) 1 0 0 0 1 1 1 1 x 0 1 i y i y i y j 1 1 0 0 0 1 1 1 z j x 1 z j 1 z j z j z j z j z j z j z j z j z j z j z j z j z 1 1 1 0 0 0 1 1 x 2 0 j z j z j z j z j z j z j z j z j z j z j z j z 1 1 1 1 0 0 0 1 x 3 0 j z j z j z j z j z j z . j z j z j z j z j z j z 1 1 1 1 1 0 0 0 x 4 0 j z j z + j z j z j z j z j z j z j z j z j z j z j 0 1 1 1 1 1 0 0 z j x 5 z j 1 z j z j z j z j z j z j z j z j z j z j z j z j z 0 0 1 1 1 1 1 0 x 6 1 j z j z j z j z j z j z j z j z j z j z j z j z j z j z j z 0 0 0 1 1 1 1 1 x 7 0 k { k { k { The finite field GF H 2 8 L is made by means of the irreducible polynomial m H a L = 1 + a + a 3 + a 4 + a 8 . This polynomial is not primitive! Note that both operations are invertible. <<Algebra`FiniteFields`

  3. Euforce.nb 3 f256 = GF @ 2, 8 1, 1, 0, 1, 1, 0, 0, 0, 1 <D ; one = f256 @8 1, 0, 0, 0, 0, 0, 0, 0 <D α = f256 @8 0, 1, 0, 0, 0, 0, 0, 0 <D 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 8 0, 1, 0, 0, 0, 0, 0, 0 < 2 in = 8 0, 1, 0, 0, 0, 0, 0, 0 < ; 8 in @@ i DD α i − 1 pol = ‚ i = 1 inver = 1 ê pol 8 0, 1, 0, 0, 0, 0, 0, 0 < 2 8 1, 0, 1, 1, 0, 0, 0, 1 < 2 1 0 0 0 1 1 1 1 i y j 1 1 0 0 0 1 1 1 z j z j z j z j z 1 1 1 0 0 0 1 1 j z j z j z j z 1 1 1 1 0 0 0 1 j z j z A = ; j z j z j 1 1 1 1 1 0 0 0 z j z j z j z j z 0 1 1 1 1 1 0 0 j z j z j z j z 0 0 1 1 1 1 1 0 j z j z j z j z z j 0 0 0 1 1 1 1 1 k { b = 8 1, 1, 0, 0, 0, 1, 1, 0 < ; Mod @ A.inver @@ 1 DD + b, 2 D 8 1, 1, 1, 0, 1, 1, 1, 0 < Instead of performing these calculations, one can also replace them by one substitution table: the ByteSub S-box. ShiftRow The rows of the State are shifted cyclically to the left using different offsets: do not shift row 0, shift row 1 over c 1 bytes, row 2 over c 2 bytes, and row 3 over c 3 bytes, where

  4. Euforce.nb 4 c 1 c 2 c 3 128 1 2 3 . 192 1 2 3 256 1 3 4 So a 0,0 a 0,1 a 0,2 a 0,3 a 0,4 a 0,5 a 1,0 a 1,1 a 1,2 a 1,3 a 1,4 a 1,5 a 2,0 a 2,1 a 2,2 a 2,3 a 2,4 a 2,5 a 3,0 a 3,1 a 3,2 a 3,3 a 3,4 a 3,5 becomes a 0,0 a 0,1 a 0,2 a 0,3 a 0,4 a 0,5 a 1,1 a 1,2 a 1,3 a 1,4 a 1,5 a 1,0 a 2,2 a 2,3 a 2,4 a 2,5 a 2,0 a 2,1 a 3,3 a 3,4 a 3,5 a 3,0 a 3,1 a 3,2 MixColumn Interpret each column as a polynomial of degree 3 over GF H 2 8 L and multiply it with H 1 + a L x 3 + x 2 + x + a modulo x 4 + 1. Note that the above polynomial is invertible modulo x 4 + 1. g @ x_ D = H 1 + α L x 3 + one x 2 + one x + α 8 0, 1, 0, 0, 0, 0, 0, 0 < 2 + x 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 + x 2 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 + x 3 8 1, 1, 0, 0, 0, 0, 0, 0 < 2 Suppose that the first column looks like col = 8 1 + α + α 3 + α 6 + α 7 , one, α 2 + α 4 + α 5 + α 6 , α < ; col êê TableForm 8 1, 1, 0, 1, 0, 0, 1, 1 < 2 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 8 0, 0, 1, 0, 1, 1, 1, 0 < 2 8 0, 1, 0, 0, 0, 0, 0, 0 < 2

  5. Euforce.nb 5 colpol @ x_ D = col @@ 1 DD + col @@ 2 DD x + col @@ 3 DD x 2 + col @@ 4 DD x 3 x 2 8 0, 0, 1, 0, 1, 1, 1, 0 < 2 + x 3 8 0, 1, 0, 0, 0, 0, 0, 0 < 2 + x 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 + 8 1, 1, 0, 1, 0, 0, 1, 1 < 2 ownexpand @ expr_ D : = Collect @ expr ê . 8 GF → GF$ < , x D ê . 8 GF$ → GF < pr @ x_ D = ownexpand @ colpol @ x D ∗ g @ x DD prod @ x_ D = PolynomialMod @ pr @ x D , x 4 − 1 D x 2 8 0, 1, 0, 0, 0, 1, 0, 0 < 2 + x 6 8 0, 1, 1, 0, 0, 0, 0, 0 < 2 + x 5 8 0, 1, 1, 1, 1, 0, 0, 1 < 2 + x 8 1, 0, 0, 1, 0, 0, 1, 1 < 2 + x 4 8 1, 0, 1, 0, 1, 1, 1, 0 < 2 + 8 1, 0, 1, 1, 0, 0, 0, 1 < 2 + x 3 8 1, 1, 1, 0, 1, 1, 0, 0 < 2 8 0, 0, 0, 1, 1, 1, 1, 1 < 2 + x 2 8 0, 0, 1, 0, 0, 1, 0, 0 < 2 + x 8 1, 1, 1, 0, 1, 0, 1, 0 < 2 + x 3 8 1, 1, 1, 0, 1, 1, 0, 0 < 2 The inverse operation is a multiplication by h @ x_ D = H 1 + α + α 3 L x 3 + H 1 + α 2 + α 3 L x 2 + H 1 + α 3 L x + H α + α 2 + α 3 L ; ownexpand @ PolynomialMod @ g @ x D ∗ h @ x D , x 4 − 1 DD 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 ownexpand @ PolynomialMod @ prod @ x D ∗ h @ x D , x 4 − 1 DD x 2 8 0, 0, 1, 0, 1, 1, 1, 0 < 2 + x 3 8 0, 1, 0, 0, 0, 0, 0, 0 < 2 + x 8 1, 0, 0, 0, 0, 0, 0, 0 < 2 + 8 1, 1, 0, 1, 0, 0, 1, 1 < 2 Round Key Addition XOR the whole matrix with a similar sized matrix (i.e. the Round Key) obtained from the cipher key in a way that depends on the round index. Note that the XOR applied to a byte, really is an XOR applied to the 8 bits in the byte. For example, if

  6. Euforce.nb 6 a 0,0 a 0,1 a 0,2 a 0,3 a 0,4 a 0,5 k 0,0 k 0,1 k 0,2 k 0,3 k 0,4 k 0,5 a 1,0 a 1,1 a 1,2 a 1,3 a 1,4 a 1,5 k 1,0 k 1,1 k 1,2 k 1,3 k 1,4 k 1,5 ≈ a 2,0 a 2,1 a 2,2 a 2,3 a 2,4 a 2,5 k 2,0 k 2,1 k 2,2 k 2,3 k 2,4 k 2,5 a 3,0 a 3,1 a 3,2 a 3,3 a 3,4 a 3,5 k 3,0 k 3,1 k 3,2 k 3,3 k 3,4 k 3,5 u 0,1 u 0,2 u 0,3 u 0,4 u 0,5 u 0,0 u 1,0 u 1,1 u 1,2 u 1,3 u 1,4 u 1,5 . u 2,0 u 2,1 u 2,2 u 2,3 u 2,4 u 2,5 = u 3,0 u 3,1 u 3,2 u 3,3 u 3,4 u 3,5 with u 0,0 = a 0,0 ≈ k 0,0 , the coordinate-wise exclusive or. a 0,0 = 8 1, 1, 1, 1, 0, 0, 0, 0 < ; k 0,0 = 8 1, 1, 0, 0, 1, 0, 1, 0 < ; Mod @ a 0,0 + k 0,0 , 2 D 8 0, 0, 1, 1, 1, 0, 1, 0 < There is also an initial Round Key addition and one final round that differs slightly from the others (the MixColumn is omitted) . É Key Schedule The round keys are derived from the Cipher Key by the key schedule, consisting of two components. First the Cipher Key is expanded to the so-called Expanded Key of length equal to 32 N b H N r + 1 L bits, which equals 4 N b H N r + 1 L bytes, where N r denotes the number of rounds and where the + 1 comes from the initial round key addition. For example, when the block length is equal to 128 and the number of rounds is 10, one needs 128 ¥ H 10 + 1 L = 1408 bits of expanded key. Then the Round Keys are selected from this Expanded key: the initial Round Key addition uses the first 32 N b bits, i.e. the first 4 N b bytes, of the Expanded Key, the first round the next 32 N b bits of the Expanded Key, etcetera.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Encryption Standard

Advanced Encryption Standard

Advanced Encryption Standard 1 Advanced Encryption Standard (AES) Advanced Encryption Standard (AES) 1997 NIST call for candidate larger key size (bits): 128, 192, 256

645 views • 40 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Advanced Encryption Standard different hardware implementations: 8 bit - 32 bit 1998 15

Advanced Encryption Standard different hardware implementations: 8 bit - 32 bit 1998 15

Advanced Encryption Standard (AES) Advanced Encryption Standard (AES) 1997 NIST call for candidate larger key size (bits): 128, 192, 256 larger block size (bits): 128 larger block size (bits): 128 Advanced Encryption Standard

733 views • 7 slides
The Advanced Encryption Standard - see Susan Landaus paper: Communications security for the

The Advanced Encryption Standard - see Susan Landaus paper: Communications security for the

The Advanced Encryption Standard - see Susan Landaus paper: Communications security for the twenty-first century: the advanced encryption standard. In 1997, the NIST (the National Institute of Standards and Technology, formerly the NBS)

160 views • 15 slides
The Advanced Encryption Standard - see Susan Landaus paper: Communications security for the

The Advanced Encryption Standard - see Susan Landaus paper: Communications security for the

The Advanced Encryption Standard - see Susan Landaus paper: Communications security for the twenty-first century: the advanced encryption standard. In 1997, the NIST (the National Institute of Standards and Technology, formerly the NBS)

477 views • 24 slides
Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography

Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography

Cryptography Advanced Encryption Standard Overview of AES Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography AES in OpenSSL AES in Python School of Engineering and Technology CQUniversity

456 views • 30 slides
Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography

Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography

Cryptography Advanced Encryption Standard Overview of AES Advanced Encryption Standard Simplified-AES Simplified-AES Example Details of AES Cryptography AES in OpenSSL AES in Python School of Engineering and Technology CQUniversity

2.59k views • 30 slides
Cryptanalysis of the Advanced Encryption Standard Vincent Rijmen Albena 2013 Content AES

Cryptanalysis of the Advanced Encryption Standard Vincent Rijmen Albena 2013 Content AES

Cryptanalysis of the Advanced Encryption Standard Vincent Rijmen Albena 2013 Content AES Bounding the EDP of differentials over 2, 4 rounds of AES AES and the hypothesis of stochastic equivalence The Advanced Encryption

664 views • 48 slides
CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate

CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate

CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate Conference August 20-22, 1998 Orchestrating Enterprise Security 1997 Entrust Technologies Vital Statistics ! Name CAST-256 ! Inventors

608 views • 33 slides
Advanced Encryption Standard (AES) AES Group March 3, 2019 Content 1 Introduction Methods

Advanced Encryption Standard (AES) AES Group March 3, 2019 Content 1 Introduction Methods

Faculty of Information Engineering and Technology Advanced Encryption Standard (AES) AES Group March 3, 2019 Content 1 Introduction Methods AddRoundKey SubBytes ShiftRows MixColumns Key Expansion Conclusion AES Group | The Feather

926 views • 31 slides
Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute

Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute

Kryptographie Advanced Encryption Standard Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group 1 / 23 History Due to severe problems, DES, 3DES had to be replaced 1997: NIST

523 views • 23 slides
Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering

Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering

CPE 542: CRYPTOGRAPHY &amp; NETWORK SECURITY Chapter 5: Advanced Encryption Standard (AES) Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 History

323 views • 8 slides
The Encryption Standards Appendix F Computer Security: Art and Science, 2 nd Edition Version 1.0

The Encryption Standards Appendix F Computer Security: Art and Science, 2 nd Edition Version 1.0

The Encryption Standards Appendix F Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide F - 1 Outline Data Encryption Standard Algorithm Advanced Encryption Standard Background mathematics Algorithm Computer

499 views • 31 slides
An Overview of Cryptanalysis Research for the Advanced Encryption Standard Alan Kaminsky,

An Overview of Cryptanalysis Research for the Advanced Encryption Standard Alan Kaminsky,

An Overview of Cryptanalysis Research for the Advanced Encryption Standard Alan Kaminsky, Rochester Institute of Technology Michael Kurdziel, Harris Corporation Stanisaw Radziszowski, Rochester Institute of Technology November 2, 2010 1

219 views • 19 slides
Data Encryption Standard (DES)

Data Encryption Standard (DES)

Data Encryption Standard (DES) 1 DES DES Data Encryption Standard (Data Encryption Data Encryption Standard (Data Encryption Algorithm, DEA) 1973 National

1.28k views • 82 slides
Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Cryptography Data Encryption Standard Overview of the Data Encryption Standard (DES) Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in Python School of Engineering and Technology CQUniversity

594 views • 30 slides
S as a State Function Note: adiabatic ( d /Q = 0) constant S if the change is quasistatic.

S as a State Function Note: adiabatic ( d /Q = 0) constant S if the change is quasistatic.

ENTROPY AND THE 2nd LAW 2 1 2 1 T bath dS 1 dQ 1 / T bath dS 0 8.044 L10B1 S as a State Function Note: adiabatic ( d /Q = 0) constant S if the change is quasistatic. This is the origin of the sub- script S on the adiabatic

181 views • 16 slides
Soft Theorems from Effective Field Theory Andrew Larkoski MIT AJL, D. Neill, I. Stewart

Soft Theorems from Effective Field Theory Andrew Larkoski MIT AJL, D. Neill, I. Stewart

Soft Theorems from Effective Field Theory Andrew Larkoski MIT AJL, D. Neill, I. Stewart 1412.3108 SCET, March 25, 2015 A (1 , . . . , N, s ) S (0) ( s ) A (1 , . . . , N ) N gT i s p i (Prehistory) Weinberg 1964, 1965 S

545 views • 28 slides
Multicriteria Optimization Some continuous and discrete dynamics Guillaume Garrigos Institut de

Multicriteria Optimization Some continuous and discrete dynamics Guillaume Garrigos Institut de

Multicriteria Optimization Some continuous and discrete dynamics Guillaume Garrigos Institut de Mathmatiques et de Modlisation de Montpellier Universidad Tecnica Federico Santa Maria Sestri-Levante: Franco/Italian workshop 8-12 September

798 views • 52 slides
WHY? 1 26/01/18 1. Can be used to simulate molecular motion in a viscous medium, without

WHY? 1 26/01/18 1. Can be used to simulate molecular motion in a viscous medium, without

26/01/18 ADVANCED TECHNIQUES (MC/MD) A (seemingly) random selection. Daan Frenkel Beyond Newtonian MD 1. Langevin dynamics 2. Brownian dynamics 3. Stokesian dynamics 4. Dissipative particle dynamics 5. Etc. etc. WHY? 1 26/01/18 1. Can be used

994 views • 48 slides
Order Statistics Carola Wenk Slides courtesy of Charles Leiserson with small changes by Carola

Order Statistics Carola Wenk Slides courtesy of Charles Leiserson with small changes by Carola

CS 5633 -- Spring 2008 Order Statistics Carola Wenk Slides courtesy of Charles Leiserson with small changes by Carola Wenk 2/12/08 CS 5633 Analysis of Algorithms 1 Order statistics Select the i th smallest of n elements (the element with

948 views • 32 slides
The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and

The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and

Representing Recursive Functions The Representability of Partial Recursive Yan Steimle Functions in Arithmetical Theories and Definitions Main Categories theorems Statements Proof Total recursive functions Yan Steimle Conclusion

574 views • 32 slides
Lecture 1.5: Multisets and multichoosing Matthew Macauley Department of Mathematical Sciences

Lecture 1.5: Multisets and multichoosing Matthew Macauley Department of Mathematical Sciences

Lecture 1.5: Multisets and multichoosing Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4190, Discrete Mathematical Structures M. Macauley (Clemson) Lecture 1.5: Multisets

599 views • 10 slides
Are sample means in multi-armed bandits positively or negatively biased? Jaehyeok Shin 1 , Aaditya

Are sample means in multi-armed bandits positively or negatively biased? Jaehyeok Shin 1 , Aaditya

Are sample means in multi-armed bandits positively or negatively biased? Jaehyeok Shin 1 , Aaditya Ramdas 1,2 and Alessandro Rinaldo 1 Dept. of Statistics and Data Science 1 , Machine Learning Dept. 2 , CMU Poster #12 @ Hall B + C Stochastic

504 views • 28 slides

More recommend