3. Origins
• A replacement for DES was needed.
• Solution =Triple-DES – but slow and small block size(64) with 168
bit key.
• US NIST(National institute of Standards &Technology) issued call
for ciphers in 1997.
• 15 algorithms were chosen.
• 5 were then shortlisted.
• Rijndael (RINE dahl)[named afterVincent Rijmen and Joan
Daemen) – Belgium- was selected as the AES in 2001
4. EVALUATION CRITERIA USED BY NIST FOR
SELECTING AES
Security
This refer to efforts required to Cryptanalyze an Algorithm
(Resistance to cryptanalysis), Soundness of Math,
Randomness of Output, etc.
Cost
Computational Efficiency (Speed)
Memory Requirements
Algorithm and Implementation Characteristics
Flexibility, Hardware and Software Suitability, Algorithm
Simplicity.
5. RIJNDAEL AS AES
• The RIJNDAEL PROPOSAL FOR AES DEFINED A CIPHER IN WHICHTHE
BLOCK LENGTH AND KEY LENGTH CAN BE INDEPENDENTLY
SPECIFIEDTO BE 128,192, OR 256 BITS
• THE AES SPECIFICATION USESTHE SAME 3 KEY SIZE ALTERNATIVES
BUT LIMITSTHE BLOCK LENGTHTO 128 –BITS.
• A NUMBER OF AES PARAMETERS DEPEND ONTHE KEY LENGTH
• RIJNDAEL WAS DESIGNED TO HAVETHE FOLLOWING
CHARECTERISTICS
• RESISTANCE AGAINST ALL KNOWN ATTACKS
• SPEED AND CODE COMPACTNESS ON A WIDE RANGE OF
PLATFORMS
• DESIGN SIMPLICITY.
6. AES Requirements
• Private key Symmetric Block Cipher
• Resistance against all known attacks.
• Block Size of 128-bit data(16 * 8).
• 128/192/256-bit keys can be used
• Stronger & faster thanTriple-DES
7. • AES is an S-P cipher involving N-rounds (N depends on Key-
Length).
AES has definedThreeVersions, with 10, 12, and 14 rounds.
Each version uses a different cipher key size (128, 192, or
256), but the round keys are always 128 bits.
A cycle ofAES involves One Substitution and 2 Permutation
Functions. And A Key Function.
9. The AES Cipher - Rijndael
• An Iterative rather than Feistel cipher
• Processes data as Block of 4 columns of 4 bytes
• Operates on entire data block in every round
• Input to Encryption and Decryption Algorithm is a
single 128 bit block.
• This block is copied into a State Array which is
modified at each stage of Encryption/Decryption.
10. Rijndael
• Data block of 4 columns of 4 bytes is called State.
• Initial 128 bit Key is expanded to Array ofWords
• (11*4bytes=44words)
• 4 different Stages are used
• Byte Substitution (S-box used on every byte)
• Shift Rows (permute bytes between groups/columns)
• Mix Columns (subs using matrix multiply of groups)
• Add Round Key (XOR state with key material)
12. Overall AES Structure.
• Structure-Starts with Add Round Key followed by 9 rounds of
4 stages followed by a tenth round of 3 stages.
• Cipher begins and ends with Add round Key stage-Better
Security.
• Each Stage is easily revertible.
• Decryption Algorithm uses Keys in Reverse Order.
• AES uses Arithmetic in the Finite Field GF(2^8) with the
irreducible Polynomial m(x)=x^8+x^4+x^3+x+1.
15. Byte Substitution(S-Box)
• AES defines a 16*16 matrix of byte values called an S-Box.
• Uses one table of 16x16 bytes containing a permutation of all 256 8-
bit values.
• A simple substitution of each byte.
• Each byte of state is replaced by byte indexed by row (left 4-bits) &
column (right 4-bits).
• eg. byte {95} is replaced by byte in row 9 column 5
• which has value {2A}
• S-box constructed using defined transformation of values in GF(28).
• Designed to be resistant to all known attacks.
21. Inverse S-box
It is calculated by first calculating the inverse affine
transformation on the input value, followed by the multiplicative
inverse.
The inverse affine transformation is as follows
23. A circular Byte Shift
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
Decrypt inverts using shifts to right
Since state is processed by columns, this step
permutes bytes between the columns
Shift Rows
24.
25. Mix Columns
• Each column is processed separately
• Each byte is replaced by a value dependent on all 4 bytes in the
column
28. Mix Columns
• Can express each Column as 4 Equations
• Decryption requires use of Inverse Matrix
• We need an inter byte transformation that
changes the bits inside a byte, based on the bits
inside the neighboring bytes. We need to mix
bytes to provide diffusion at the bit level.
29. Add Round Key
• XOR state with 128-bits of the round key
• Processed by column
• Inverse for decryption identical
• since XOR own inverse, with reversed keys
• AddRoundKey proceeds one column at a time.
AddRoundKey adds a round key word with each
state column matrix; the operation in
AddRoundKey is matrix addition.
32. AES Key Expansion
• Takes 128-bit (16-byte) key and expands into array of 44 32-bit words
• Start by copying key into first 4 words
• Then loop creating words that depend on values in previous & 4 places
back
• in 3 of 4 cases just XOR these together
• 1st word in 4 has rotate + S-box + XOR round constant on previous,
before XOR 4th back
To create round keys for each round, AES uses a key-expansion
process. If the number of rounds is Nr , the key-expansion
routine creates Nr + 1 128-bit round keys from one single 128-
bit cipher key.
36. Key Expansion(every 4th word)
• For a word whose posn inW array is a multiple of 4.
• The Function “g” consists of the following subfns
• Rotword-one byte left shift on a word.
• SubWord-byte substitution on each byte of its input word
using the S-Box
• Result of steps 1 and 2 are XORed using a round constatnt
Rcon[j].
• Round Constant is a word in which the 3 right most bytes
are always 0.
• Round const is diff for each round and is defined as
• Rcon[j]=(RC[j],0,0,0), with RC[1]=1;RC[j]=2*RC[j-1].
• Multiplication is defined over GF(2^8).
• [ie,01,02,04,08,10,20,40,80,1B,36]
37. AES Decryption
• AES decryption is not identical to encryption since steps
done in reverse
• But can define an equivalent inverse cipher with steps as
for encryption
• but using inverses of each step
• with a different key schedule
39. Summary
• Have considered:
• The AES selection process
• The details of Rijndael – the AES cipher
• Looked at the steps in each round
• The key expansion