2. What is Encryption
Transform information such that its true meaning is
hidden
Requires “special knowledge” to retrieve the
information
Examples
AES, 3DES, RC4, ROT-13, …
3. Types of Encryption Schemes
Ciphers
Classical Modern
Rotor Machines
Substitution Public KeyTransposition Secret Key
BlockStream
Steganography
5. Data Encryption Standard
OUTLINE
History
Encryption
Key-generation
Decryption
Strength of DES
6. History
DES is a 64 bit block cipher which means that it encrypts
data 64 bits at a time.
In 1971, IBM developed an algorithm, named LUCIFER
which operates on a block of 64 bits, using a 128-bit key
Walter Tuchman, an IBM researcher, refined LUCIFER
and reduced the key size to 56-bit, to fit on a chip.
In 1977, the results of Tuchman’s project of IBM was
adopted as the Data Encryption Standard by NSA (NIST).
AES is an important algorithm and was originally meant
to replace DES
7. A Simplified DES Algorithm
Key words
Substitution is simply a mapping of one value to
another
Permutation is a reordering of the bit positions for
each of the inputs.
techniques are used a number of times in iterations
called rounds
S-boxes are basically non-linear substitution tables
where either the output is smaller than the input or
vice versa
8. A Simplified DES Algorithm
DES expects two inputs the plaintext to be encrypted and
the secret key(64 bit block cipher, key size used is 56
bits)
Initial permutation rearranging the bits to form the
“permuted input”.
followed by 16 iteration of the same function substitution
and permutation.
Finally, the pre output is passed through a permutation
which is simply the inverse of the initial permutation
20. Strength
Criticism
Reduction in key size of 72 bits
Too short to withstand with brute-force attack
S-boxes were classified.
Weak points enable NSA to decipher without key.
56-bit keys have 256 = 7.2 x 1016 values
Brute force search looks hard.
A machine performing one DES encryption per microsecond
would take more than a thousand year to break the cipher.
DES exhibits a strong avalanche effect.
If a small change in either the plaintext or the key, the ciphertext
should change markedly.
22. AES-Origin
Clear a replacement for DES was needed
have theoretical attacks that can break it
have demonstrated exhaustive key search attacks
Can use Triple-DES – but slow, has small blocks
US NIST issued call for ciphers in 1997
15 candidates accepted in Jun 98
5 were shortlisted in Aug-99
Rijndael was selected as the AES in Oct-2000
issued as FIPS PUB 197 standard in Nov-2001
23. The AES Cipher - Rijndael
Designed by Rijmen-Daemen in Belgium
Has 128/192/256 bit keys, 128 bit data
An iterative rather than Feistel (DES) cipher
processes data as block of 4 columns of 4 bytes
operates on entire data block in every round
Designed to have:
resistance against known attacks
speed and code compactness on many CPUs
design simplicity
24. The AES Cipher
Block length is limited to 128 bit
The key size can be independently specified to 128,
192 or 256 bits
Key size
(words/bytes/bits)
4/16/128 6/24/192 8/32/256
Number of rounds 10 12 14
Expanded key size
(words/byte)
44/176 52/208 60/240
26. The AES Cipher
Key received as input array of 4 rows and Nk columns
Nk = 4,6, or 8, parameter which depends key size
Input key is expanded into an array of 44/52/60 words of
32 bits each
4 different words serve as a key for each round
k0 k4 k8 k12
k1
k2
k3
k5
k6
k7
k9
k10
k11
k13
k14
k15
w0 w1 w2 …… w43W42
27. The AES Cipher
AddRoundKey() – round key is added to the State using
XOR operation
MixColumns() – takes all the columns of the State and mixes
their data, independently of one another, making use of
arithmetic over GF(2^8)
ShiftRows() – processes the State by cyclically shifting the
last three rows of the State by different offsets
SubBytes() – uses S-box to perform a byte-by-byte
substitution of State
The four stages are as follows: Substitute bytes, Shift rows,
Mix Columns , Add Round Key
The tenth round simply leaves out the Mix Columns stage.
29. The AES Cipher
Only Add round key makes use of the key
Other three functions are used for diffusion and
confusion
Final round consists of only three stages
31. Substitute Byte
A simple substitution of each byte
It uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
Each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)
S-box constructed using defined transformation of
values in GF(28)
Designed to be resistant to all known attacks
36. Shift Rows
A circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
Decrypt inverts using shifts to right
Since state is processed by columns, this step
permutes bytes between the columns
38. Mix Columns Transformation
Each column is operated on individually
each byte is replaced by a value dependent on all 4 bytes
in the column
The Mix Columns transformation of a single column j (0
j 3) of state can be expressed as:
S0 0,j = (2 • s0,j) (3 • s1,j) s2,j s3,j
S0 1,j = s0,j (2 • s1,j) (3 • s2,j) s3,j
S0 2,j = s0,j s1,j (2 • s2,j) (3 • s3,j)
S0 3,j = (3 • s0,j) s1,j s2,j (2 • s3,j)
41. Add Round Key
XOR each byte of the round key with its corresponding byte in
the state array
S0,0 S0,1 S0,2 S0,3
S1,0 S1,1 S1,2 S1,3
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
S’0,0 S’0,1 S’0,2 S’0,3
S’1,0 S’1,1 S’1,2 S’1,3
S’2,0 S’2,1 S’2,2 S’2,3
S’3,0 S’3,1 S’3,2 S’3,3
S0,1
S1,1
S2,1
S3,1
S’0,1
S’1,1
S’2,1
S’3,1
R0,0 R0,1 R0,2 R0,3
R1,0 R1,1 R1,2 R1,3
R2,0 R2,1 R2,2 R2,3
R3,0 R3,1 R3,2 R3,3
R0,1
R1,1
R2,1
R3,1
XOR
42. AES Key Expansion
takes 128-bit (16-byte) key and expands into
array of 44/52/60 32-bit words
start by copying key into first 4 words
then loop creating words that depend on
values in previous & 4 places back
in 3 of 4 cases just XOR these together
1st word in 4 has rotate + S-box + XOR round
constant on previous, before XOR 4th back
44. AES Decryption
AES decryption is not identical to encryption
since steps done in reverse
but can define an equivalent inverse cipher
with steps as for encryption
but using inverses of each step
with a different key schedule
45. AES Decryption
All functions are easily
reversible and their
inverse form is used in
decryption
Decryption algorithm is
not identical to the
encryption algorithm
Again, final round consists
of only three stages
46. Implementation Aspect
Can efficiently implement on 8-bit CPU
Byte substitution works on bytes using a table of 256
entries
Shift rows is simple byte shift
Add round key works on byte XOR’s
Mix columns requires matrix multiply in GF(28)
which works on byte values, can be simplified to use
table lookups & byte XOR’s
47. Implementation Aspect
Can efficiently implement on 32-bit CPU
redefine steps to use 32-bit words
can pre compute 4 tables of 256-words
then each column in each round can be computed
using 4 table lookups + 4 XORs
at a cost of 4Kb to store tables
Designers believe this very efficient implementation
was a key factor in its selection as the AES cipher