Transcript P07A.AES - almuhammadi

ICS 454
Cryptography
Advanced Encryption Standard
(AES)
Sultan Almuhammadi
Outline
 Background
 AES Encryption and Decryption
 Security Issues
 Implementation Issues
Background
 In 1977, the National Bureau of Standards (NBS)
adopted DES.
 In 1994, the National Institute of Standards and
Technology (NIST), reaffirmed DES for federal use for
another 5 years.
 In 1999, NIST adopted 3DES.
 Pros:
 168-bit key  overcomes brute-force attack.
 Cons:
 Triple rounds  relatively slow in software.
 64-bit block size  larger is better.
 3DES is not a good candidate for long-term use.
Background
 In 1997, NIST called for a new Advanced
Encryption Standard (AES)
 AES Requirements:




Must have equal or better security than 3DES.
Must improve the efficiency.
Must be a 128-bit symmetric block cipher.
Must support 128/192/256 bit key lengths.
 In 2001, NIST selected Rijndael (by Rijmen and
Daemen) as the new AES.
 AES will replace 3DES eventually. Until then,
NIST approves 3DES for US government use.
AES (Encryption)
 Not a Feistel structure
(data block is
processed in parallel
in each round)
 Key Expansion
provides 128-bit round
keys (4 words each).
 Each round has 4
stages:
 Substitute bytes: using
an S-box to perform a
byte-by-byte
substitution of the block
 ShiftRows: a simple
permutation
 MixColumns:
substitution using
arithmetic over GF(28)
 AddRoundKey: bitwise
XOR of the current
block with a round key
byte-by-byte substitution using S-box
Simple permutation
Substitution using arithmetic over GF(28)
XOR with round key
AES (Decryption)
 Each stage is easily
reversible:
 Inv. Sub bytes: An
inverse S-box is used.
 Inv. ShiftRows: Inverse
permutation
 Inv. MixColumns:
Inverse substitution
using arithmetic over
GF(28)
 AddRoundKey: XOR
with a round key in
reverse order
(B RK)  RK = B
AES Security Issues
 Only the AddRoundKey stage makes use of the key.
 Other stages are reversible without the key  add no




security.
AddRoundKey stage by itself is just an XOR scheme 
attackable.
Other three stages provide confusion/diffusion/
nonlinearity (i.e. scrambling the block), but no security.
The four stages together in each round make it both
efficient and highly secure.
The S-box is designed such that:
 It is resistant to known cryptanalytic attacks
 It has no fixed point (S-box(n) = n)
 it is not self-inverse. Eg. S-box(95) = 2A, but Inv.S-box(95) = AD
AES Implementation Issues
 Very efficient on 8-bit processor:




AddRoundKey: bytewise XOR operation
ShiftRows: simple byte shifting
SubBytes: operates at byte-level
MixColumns: multiplies matrices in GF(28)
 On 32-bit processor, a more efficient
implementation can be achieved with
operations defined on 32-bit words.
AES Demo
 Pls visit the link below for a full AES demo:
http://www.cs.bc.edu/~straubin/cs38105/blockciphers/rijndael_ingles2004.swf