AES
AES
CHAPTER - 1
INTRODUCTION
1.1 ADVANCED ENCRYPTION STANDARD-RIJNDAEL CIPHER
AES stands for advanced encryption standard. AES is symmetric key encryption algorithm which replaces the commonly used data encryption standard (DES).AES provides strong encryption and was selected by NIST as a federal information processing standard in November 2001 (FIPS-197). The AES algorithm uses three key sizes:128-, 192-, or 256- bit encryption key. Each encryption key size causes the algorithm to behave slightly different, so the increasing key sizes not only offer a large number of bits with which you can scramble the data, but also increases the complexity of cipher algorithm. AES was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. AES is an algorithm for performing encryption (and reverse, decryption).the series of well-defined steps that can be followed as a procedure. The original information is known as plain text,and the encrypted form as cipher text. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt(decipher) information. Encryption converts data to an unintelligible form called cipher text; decrypting the cipher text converts the data back to its original form, called plain text. AES can be used to protect electronic data.
BLOCK DIAGRAM:
Plaintext /ciphertext 128 bit
Encrypt/Decrypt
Round
Page 1
The cipher text message contains all the information of the plaintext message, but is not in a format readable by a human or computer without the proper mechanism to decrypt it. The encrypting procedure is varied depending on the key which changes the detailed operation of the algorithm. Without the key, the cipher cannot be used to encrypt or decrypt.
1.2 ENCRYPTION:
Encryption is the transformation of plain text into cipher text through a mathematical process
plain text key cipher
cipher text
ENCRYPTION
1.3 DECRYPTION:
Decryption is a process to convert cipher text back into plain text
Cipher text
plain text
Cipher key
DECRYPTION
CHAPTER - 2
THEORY 2.1 BACKGROUND OF THE ALGORITHM:
Many algorithms were originally presented by researchers from twelve different Nations. Fifteen (15) algorithms were selected from the first set of submittals. After a study and selection process five, (5) were chosen as finalists. The five algorithms selected were MARS, RC6, RIJNDAEL, SERPENT and TWOFISH. The conclusion was that the five Competitors showed similar characteristics. On October 2nd 2000, NIST announced that the Rijndael Algorithm was the winner of the contest. The Rijndael Algorithm was chosen since it had the best overall scores in security, performance, efficiency, implementation ability and flexibility, [NIS00b]. The Rijndael algorithm was developed by Joan Daemen of Proton World International and Vincent Fijmen of Katholieke University at Leuven. The Rijndael algorithm is a symmetric block cipher that can process data blocks of 128 bits through the use of cipher keys with lengths of 128, 192, and 256 bits. The Rijndael algorithm was also designed to handle additional block sizes and key lengths. However, the additional features were not adopted in the AES. The hardware implementation of the Rijndael algorithm can provide either high performance or low cost for specific applications. At backbone communication channels or heavily loaded servers it is not possible to lose processing speed, which drops the efficiency of the overall system while running cryptography algorithms in software. On the other side, a low cost and small design can be used in smart card applications, which allows a wide range of equipment to operate securely.
Page 3
2001:Rijndeal, designed by Joan Daemen and Vincent Rijmen , is selected by NIST as a AES
2.2.1 ALGORITHM:
Algorithm is a process for completing a task. An encryption algorithm is a mathematical process (mathematical formula) to encrypt and decrypt messages it typically has two elements:data (for example , plain text or email message that you want to encrypt or decrypt) and a key.
Page 4
ENCRYPTION
User A
Unsecured channel
DECRYPTION
User B
plaintext
Private key is a secret key of public-private key cryptography system (it is used in asymmetric cryptography). The private key is normally known only to the key owner. Messages are encrypted using a public key and can be decrypted by the owner of the corresponding private key. For the digital signatures, however, a document is signed with a private key and authenticated with the corresponding public key. Private key should not be distributed.
that they can send messages, but the private key is only made available to the person it belongs to. Asymmetric cipher that uses different (not trivially related) keys for encryption and decryption. Asymmetric cipher that uses different (not trivially related) keys for encryption and decryption. Examples of asymmetric encryption are RSA, ELGAMAL.
Private key kd
ENCRYPTION
User A Unsecure channel
DECRYPTION
User B
plaintext
A public key is the public key of a public-private key cryptography system. Public key is used in asymmetric cryptography. Public keys are used to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message. Cryptography based on methods involving a public key and a private key.
Page 6
key
Block encryption
cipher
key
Block decryption
cipher
Ciphertext
Figure 2.3 block cipher
plaintext
Since different plaintext blocks are mapped to different cipher text blocks (to allow unique decryption), a block cipher effectively provides a permutation of the set of all possible messages. The permutation effected during any particular encryption is a secret, since it is a function of the secret key
Page 7
Table 2.1: represented of key size, number of rounds, exapanded key size
2.4.2. BYTES:
The basic unit of processing in the AES algorithm is a byte , which is a sequence of eight bits treated as a single entity. The input, output and Cipher Key bit sequences described in Section 1.1 are processed as arrays of bytes that are formed by dividing these sequences into groups of eight contiguous bits to form arrays of bytes. For an input, output or Cipher Key denoted by a, the bytes in the resulting array are referenced using one of the two forms, an or a[n], where n will be in a range that depends on the key length. For a key length of 128 bits, n lies in the range 0 n < 16. For a key length of 192 bits, n lies in the range 0 n < 24. For a key length of 256 bits, n lies in the range 0 n < 32.
Department of Electronics and Communication Engineering,SKEC Page 8
All byte values in the AES algorithm are presented as the concatenation of the individual bit values, (0 or 1), between braces in the order{b7, b6, b5, b4, b3, b2, b1, b0}.These bytes are interpreted as finite field elements using a polynomial representation b7 x7+ b6 x6+ b5 x5+ b4 x4+ b3 x3+ b2 x2+ b1 x1+ b0x0=bi xi ---------->(1) For example, {01100011} identifies the specific finite field element x6 + x5 + x +1. It is also convenient to denote byte values using hexadecimal notation with each of two groups of four bits being denoted by a single hexadecimal character. The hexadecimal notation scheme is depicted in Figure.1.
Hence the element {01100011} can be represented as {63}, where the character denoting the four-bit group containing the higher numbered bits is again to the left. Some finite field operations involve one additional bit {b8} to the left of an 8bit byte. When the b8 bit is present, it appears as {01} immediately preceding the 8bit byte. For example, a 9-bit sequence is presented as {01} {1b}.
Page 9
An example of byte designation and numbering within bytes for a given input sequence is presented in Figure 2.
At the start of the Encryption or Decryption the input array is copied to the State array with S[r, c] = in[r + 4c]
Page 10
where 0 r 3 and 0 c Nb1 At the end of the Encryption and Decryption the State is copied to the output array with out[r + 4c] = S[r,c] where 0 r 3 and 0 c Nb1.Input Bytes State Array Output Bytes
2.4.6(A) ADDITION:
The addition of two elements in a finite field is achieved by adding the coefficients for the corresponding powers in the polynomials for the two elements. The addition is performed through use of the XOR operation, which is denoted by the operator symbol . Such addition is performed modulo-2. In modulo-2 addition
Page 11
Consequently, subtraction of polynomials is identical to addition of polynomials. Alternatively, addition of finite field elements can be described as the modulo-2 addition of corresponding bits in the byte. For two bytes {a7a6a5a4a3a2a1a0} and{b7b6b5b4b3b2b1b0}, the sum is {c7c6c5c4c3c2c1c0}, where each ci = ai bi where i represents corresponding bits. For example, the following expressions are equivalent to one another. (x6 + x4 + x2 + x +1) + (x7 + x +1) = x7 + x6 + x4 + x2 (Polynomial notation) {01010111} {10000011} = {11010100} (Binary notation) {57}{83} = {d4} (Hexadecimal notation)
2.4.6(B) MULTIPLICATION:
In the polynomial representation, multiplication in Galois Field GF (28) (denoted by) corresponds with the multiplication of polynomials modulo an irreducible polynomial of degree 8. A polynomial is irreducible if its only divisors are one and itself. For the AES algorithm, this irreducible polynomial is given by the equation (2). m(x) = x8 + x4 + x3 + x +1 For example, {57}{83} = {c1} because (2)
Page 12
(x6 + x4 + x2 + x +1)(x7 + x +1) = x13 + x11 + x9 + x8 + x7 + x7 + x5 + x3 +x2 + x + x6 + x4 + x2 + x + 1 = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 Modulo (x8 + x4 + x3 + x +1) = x7 + x6 +1. The modular reduction by m(x) ensures that the result will be a binary polynomial of degree less than 8, which can be represented by a byte. Unlike addition, there is no simple operation at the byte level that corresponds to this multiplication. The multiplication defined above is associative and the element {01} is the multiplicative identity. For any non-zero binary polynomial b(x) of degree less than 8, the multiplicative inverse of b(x), denoted b-1(x), can be found. The inverse is found through use of the extended Euclidean algorithm to compute polynomials a( x) and c(x) such that b(x)a(x) + m(x)c(x) = 1. Hence, a(x) b(x) mod m(x) = 1, which means b1 (x) = a(x)modm(x) Moreover, for any a(x), b(x) and c(x) in the field, it holds that a(x) (b(x) + c(x)) = a(x) b(x) + a(x) c(x) (5) (4) (3)
It follows that the set of 256 possible byte values, with XOR used as addition and multiplication defined as above, has the structure of the finite field GF (28).
2.4.6(C) MULTIPLICATION BY X:
Page 13
Multiplying the binary polynomial defined in equation (1) with the polynomial x results in b7 x8+ b6 x7+ b5 x6+ b4 x5+ b3 x4+ b2 x3+ b1 x2+ b0x1 (6) The result x b(x) is obtained by reducing the above result modulo m(x). If b7 equals zero the result is already in reduced form. If b7 equals one the reduction is accomplished by subtracting the polynomial m(x). It follows that multiplication by x, which is represented by {00000010} or {02}, can be implemented at the byte level as a left shift and a subsequent conditional bitwise XOR with {1b}. This operation on bytes is denoted by xtime(). Multiplication by higher powers of x can be implemented by repeated application of xtime(). Through the addition of intermediate results, multiplication by any constant can be implemented. For example, {57} {13} = {fe} because {57} {02} = xtime ({57}) = {ae} {57} {04} = xtime ({ae}) = {47} {57} {08} = xtime ({47}) = {8e}
{57} {10} = xtime ({8e}) = {07}, Thus, {57} {13} = {57} ({01} {02} {10}) = {57} {ae} {07} = {fe}.
which will be denoted as a word in the form [a0 , a1 , a2 , a3 ]. Note that the polynomials in this section behave somewhat differently than the polynomials used in the definition of finite field elements, even though both types of polynomials use the same indeterminate, x. The coefficients in this section are themselves finite field elements, i.e., bytes, instead of bits; also, the multiplication of four-term polynomials
Page 14
uses a different reduction polynomial, defined below. To illustrate the addition and multiplication operations, let b(x) = b3 x3+ b2 x2 + b1 x1 + b (8)
define a second four-term polynomial. Addition is performed by adding the finite field coefficients of like powers of x. This addition corresponds to an XOR operation between the corresponding bytes in each of the words in other words, the XOR of the complete word values Thus, using the equations of (7) and (8), a( x) + b( x) = (a3b3) x3 + (a2b2)x2 + (a1 b1) x1 + (a0 b0)x0 Multiplication is achieved in two steps. In the first step, the polynomial product c(x) = a(x) b(x) is algebraically expanded, and like powers are collected to give c(x) = c6 x6 + c 5x5 + c4 x4 + c3 x3 + c2 x2 + c1 x1 + c0x0 where c0= a0. b0 c1= a1.b0 a0. b1 c2=a2 .b0 a1. b1 a0. b2 c3= a3. b0 a2. b1 a1. b2 a0. b3 c4=a3 .b1 a2. b2 a0. b3 c5= a3. b2 a2.b3 c6= a3. b3 The result, c(x), does not represent a four-byte word. Therefore, the second step of the multiplication is to reduce c(x) modulo a polynomial of degree 4; the result can be reduced to a polynomial of degree less than 4. For the AES algorithm, this is accomplished with the polynomial x4 + 1, so that xi mod(x4 +1) = ximod 4 . (11) (10) (9)
Page 15
The modular product of a(x) and b(x), denoted by a(x) b(x), is given by the fourterm polynomial d(x), defined as follows d(x) = d3 x3 + d2 x2 + d1 x1 + d0 with d0= (a0 .b0) (a3. b1) (a2 .b2) (a1. b3) d1 =(a1. b0) (a0. b1) (a3. b2) (a2. b3) d2= (a2 .b0) (a1. b1) (a0 .b2) (a3. b3) d3= (a3. b0) (a2 .b1) (a1. b2)( a0. b3) When a(x) is a fixed polynomial, the operation defined in equation (12) can be written in matrix form as the following equation (13) (12)
d0 d1 = d2 d3
a0 a3 a2
a1
b0 b1 b3 (13)
a1 a0 a3 a2 a2 a1 a0 a2 b2 a3 a2 a1 a0
Because x4 + 1 is not an irreducible polynomial over GF(28), multiplication by a fixed four-term polynomial is not necessarily invertible. However, the AES algorithm specifies a fixed four-term polynomial that does have an inverse is given by a(x) = {03}x3 +{01}x2 +{01}x +{02 a1 (x) = {0b}x3 +{0d}x2 +{09}x +{0e} (14) (15)
Another polynomial used in the AES algorithm has a0 = a1 = a2 = {00} and a3 ={01}, which is the polynomial x3. Inspection of equation (13) above will show that its effect is to form the output word by rotating bytes in the input word. This means that [b0,b1,b2, b3] is transformed into [b1, b2, b3, b0].
Page 16
This block diagram is generic for aes specifications.it consists of a number of different transformations applied consecutively over the data block bits, in a fixed number of iterations, called rounds. The number of rounds depends on the length of the key used for the encryption process. A 128 bit input and output block of AES is mapped to an AES state by putting thefirst byte of the block in the upper left corner of the matrix and by filling in the remaining bytes column by column. A round consists of a fixed sequence of transformations. Except for the first round and the last round,
Block diagram:
SubBytes
Mix Columns
Roundkey
AddRoundKey
1st Round
.The other rounds are identical and consist of four transformations. The four
Page 17
SUBBYTES SHIFTROWS
Data block
Figure 2.7:Structure Of The One Round
Page 18
Figure 2.9. Application of S-box to the Each Byte of the State [1]
The S-box used in the Sub Bytes transformation is presented in hexadecimal form in figure 7. For example, if =S1,1= {53}, then the substitution value would be determined by the intersection of the row with index 5 and the column with index 3 in figure 7. This would result in S'1,1having a value of {ed}.
Figure 2.10. S-box Values for All 256 Combinations in Hexadecimal Format [1]
Page 19
Where the shift value shift(r, Nb) depends on the row number, r, as follows (Nb = 4) Shift(1,4) = 1: Shift(2,4) = 2; Shift(3,4) = 3. This has the effect of moving bytes to lower positions in the row (i.e.,lower values of c in a given row), while the lowest bytes wrap around into the top of the row (i.e., higher values of c in a given row). Figure 7 illustrates the ShiftRows() transformation.
Figure 2.11. Cyclic Shift of the Last Three Rows of the State [1]
Page 20
02 03 01 01 01 02 03 01 01 01 02 03
03 01 01 02
As a result of this multiplication, the four bytes in a column are replaced by the following S '0,c =({02}. S0,c ) ({03}.S1,c) ({01}.S2,c) ({01}.S3,c ) S '1,c =({01}. S0,c ) ({02}.S1,c) ({01}.S2,c) ({01}.S3,c ) S '2,c =({01}. S0,c ) ({01}.S1,c) ({02}.S2,c) ({03}.S3,c ) S '3,c =({03}. S0,c ) ({01}.S1,c) ({01}.S2,c) ({02}.S3,c )
For detailed understanding of calculations for mix-columns is as follows The mix columns theory is calculated using this formula[1]: r0 r1 r2 r3 = 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2 a0 a1 a2 a3
Page 21
where r0, r1, r2 and r3 are the results after the transformation. a0 a3 can be obtain from the matrix after the data undergoes substitution process in the S-Boxes. Let's take this example:
a0-a3
r0-r3 02 d4 01 Bf 5d 30 03 01 01 02 03 01 = 04 66 81 e5 01 01 02 03 03 01 01 02
In this
example, a0 a3 is equals
to d4 30 and r0 r3 is equals to 04 e5. note that in this it still follows the matrix multiplication rules: row x column. Currently the matrix size looks like this: [4 x 1] . [4 x 4] [4 x 1] Remember matrix idea of multiplication, to obtain [4 x 1], then the formula to be [4 x 4] . [4 x 1] = [4 x 1] Therefore to switch matrices over.
d4 bf 5d 30 01 02 03 01 x 01 01 02 03 03 01 01 02 = 04 66 81 e5
02 03 01 01
Page 22
To calculate the results, multiply the rows with the column. Firstly, take the first row of the first matrix and multiply the values with a's values. To get the r0 value, the formula goes like this: r0 = {02.d4} + {03.bf} + {01.5d} + {01.30} But when calculating directly go into the steps one at a time. 1. {02.d4} Now converting d4 to binary. d4 is a byte so when using the Calculator change it to byte under Hex mode. d4 = 1101 0100 Now d4 is exactly 8 bits. In the case where never get a 8 bits long characters such as 25 in Hex (converted: 100101), pad on with 0 in the front of the result until 8 characters of 1's and 0's. (25 ends up with 0010 0101) Now another thing to remember, there is a rule established in the multiplication of the values as written in the book, Cryptography and Network Security[2], that multiplication of a value by x (ie. by 02) can be implemented as a 1bit left shift followed by a conditional bitwise XOR with (00011011) if the leftmost bit of the original value (before the shift) is 1. now implement the rule in the calculation. {d4}.{02} = 1101 0100 << 1 (<< is left shift, 1 is the number of shift done, pad on with 0's) = 1010 1000 XOR 0001 1011 (because the leftmost is a 1 before shift) = 1011 0011 (ans) Calculation: 1010 1000 0001 1011 (XOR) 1011 0011 Now do the same for next set of values, {03.bf}
Page 23
2. {03.bf} Similarly, convert bf into binary: bf = 1011 1111 In this case, multiply 03 to bf. split 03 up in its binary form. 03 = 11 = 10 XOR 01 It is now able to calculate the result. {03} . {bf} = {10 XOR 01} . {1011 1111} = {1011 1111 . 10} XOR {1011 1111 . 01} = {1011 1111 . 10} XOR {1011 1111} (Because {1011 1111} x 1[in decimal] = 1011 1111) = 0111 1110 XOR 0001 1011 XOR 1011 1111 = 1101 1010 (ans) {01.5d} and {01.30} is basically multiplying 5d and 30 with 1(in decimal) which end up with the original values. There isn't a need to calculate them using the above method. But its is not needed to convert values to binary form. 5d = 0101 1101 30 = 0011 0000 Now, add those values together. As the values are in binary form, addition will be using XOR. r0 = {02.d4} + {03.bf} + {01.5d} + {01.30} = 1011 0011 XOR 1101 1010 XOR 0101 1101 XOR 0011 0000 = 0000 0100 = 04 (in Hex)
Page 24
Now for the next row. r1 = {01.d4} + {02.bf} + {03.5d} + {01.30} 1. {02.bf} {bf} . {02} = 1011 1111 << 1 = 0111 1110 XOR 0001 1011 = 0110 0101 2. {03.5d} {5d} . {03} = {0101 1101. 02} XOR { 0101 1101} = 1011 1010 XOR 0101 1101 = 1110 0111 Therefore, r1 = {01.d4} + {02.bf} + {03.5d} + {01.30} = 1101 0100 XOR 0110 0101 XOR 1110 0111 XOR 0011 0000 = 0110 0110 = 66 (in Hex) second values are obtained, 66. Do the same for the rest and will get all the results.
] for 0 c<Nb
Page 25
Figure 2.13. Exclusive-OR Operation of State and Cipher Key Words [1]
where [wi] are the key generation words described in chapter 3, and round is a value in the range in the Encryption, the initial Round Key addition occurs when round = 0, prior to the first application of the round function. The application of the AddRoundKey ( ) transformation to the Nr rounds of the encryption occurs when 1 round Nr. The action of this transformation is illustrated in figure10, where l = round * Nb. The byte address with in words of the key schedule was described in Section1.2.1.
Number of Rounds(nr) 10 12 14
Page 26
The Key schedule Expansion generates a total of Nb(Nr + 1) words: the algorithm requires an initial set of Nb words, and each of the Nr rounds requires Nb words of key data. The resulting key schedule consists of a linear array of 4-byte words, denoted [wi], with i in the range 0 i < Nb(Nr + 1). Prior to encryption or decryption the key must be explanded.the expanded key is used in the add round key function. Each time the add round key function is called a different part of the expanded key is XORed against the state. In order for this to work the expanded key must be large enough so that it can provide key material for every time the add round key function is executed. The add round key function gets called for each round as well as one extra time at the beginning of the algorithm. Therefore the size of the expanded key will always be equal to: The 16 in the above function is actually the size of the block in bytes.tis provides key material for every byte in the block during every round +1. Since the key size is much smaller than the size of the sub keys,the key is actually streached out to provide enough key space for the algorithm. The key expansion routine executes a maximum of 4 consecutive functions.these functions are:
ROT WORD SUB WORD RCON
An iteration of the above steps is caller a round.the amount of rounds of the key expansion depends on the key size. Key size (bytes) 16 24 32 Block size (bytes) 16 16 16 Expansion algorithm rounds 44 52 60 Expanded bytes round 4 4 4 Rounds / key copy 4 6 8 Rounds key expansion 40 46 52 Expanded key (bytes) 176 208 240
Table 2.4 Representation Of AES-128, AES-192,AES-256 Bit Block Size, Expansion Algorithm, Round Key Copy, Round Key
Page 27
The first bytes of the expanded keys are always equal to the key.if the key is 16 bytes long the first 16 bytes of the expanded key will be the same as the original key. If the key size is 32 bytes then the first 32 bytes of the expanded key will be the same as the original key. Each round adds 4 bytes to the expanded key. With the exception of the first rounds each round also takes the previous rounds 4 bytes as input operates and returns 4 bytes. One more important note is that not all of the 4 functions are always called in each round. The algorithm only calls all 4 of the functions every 4 rounds for 16 bytes key 6 rounds for 24 bytes key 8 rounds for 32 bytes key The rest of the rounds only a k function result is XORed with the result of the EK function. There is an exception of this rule where if the key is 32 bytes long an additional call to the sub word function is called every 8 rounds starting on the 13 th round. Rijndaels key schedule utilizes a number of operations, which will be described before describing the key schedule.
ROTATE The rotate operation takes a32 bit word like this (in hexa decimal): 1d2c3a4f And rotates it eight bits to left: 2c3a4f1d
RCON
Page 28
Rcon is what the rijndael documentation calls the exponentiation of 2 to a user-specified values. Note that this operation is not performed with regular integers, but in rijndaels finite field. In polynomial form , 2 is 2 =00000010 =0x7 + 0x6 + 0x5 + 0x4 + 0x3 + 0x2 + 1x1 + 0x0 = x, and compute rcon(i) =x(254+i) in F28 or equivalently, i >1 (254+i) 8 4 3 rcon(i) =x mod x + x +x +x1 +1 in F2. For example, the rcon(1)=1,the rcon(2)=2, the rcon(3)=4,and the rcon (9) is the hexadecimal number 0x1b(27 decimal). The below is rcon table for encryption process 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 04 00 00 00 08 10 2 0 00 00 0 0 00 00 0 0 00 00 0 0 40 80 1B 36 00 00 00 00 00 00 00 00 00 00 00 00
Page 29
CHAPTER 3
IMPLEMETATION
3.AES ENCRYPTION PROCESS:
3.1.1 ENCRYPTION IMPLEMENTATION:
Key Schedule
VHDL is used as the hardware description language because of the flexibility to exchange among environments. The code is pure VHDL that could easily be implemented on other devices, without changing the design. The software used for this work is Xilinx ISE 8.1i. This is used for writing, debugging and optimizing efforts, and also for fitting, simulating and checking the performance results using the simulation tools available on Xilinx ISE design software.
3.1.4.SUB BYTES:
sub byte is a substitute of each byte in the block independent of the position in the state. This is an s-box. This is the non-linear transformation. The s-box used is proved to be optimal with regards to non-linearity. The s-box is based on arithmetic in GF(28). AES operation sub bytes
Each byte of the state table is substituted with the values in the linearity(algorithm not equal to the sum of its parts)
s-box whose index is the value of the state table byte. Provide non-
Page 31
AES operation mix columns Mix columns is performed by multiplying each column (within the galois finite filed).
Rotate takes a 4-byte word and rotates everything one byte to the left, e.g.rotate([1,2,3,4])[2,3,4,1]
Sub bytes-each byte of the word is substituted with the value in the s-box whose index is the value of the original byte Rcon-the first byte of a word is XORed with the round constant. Each value of the rcon table is a member of the rijndael finite field.
The input is a 32-bit word and an iteration number i. The output is a 32-bit word. Copy the input over to the output. Use the above described rotate operation to rotate the output eight bits to the left.
word
On just the first(leftmost) byte of the output word,exclusive or
the byte with 2 to the power of(i-1). In other words,perform the rcon operation with i as the input,and exclusive or the rcon output with the first byte of the output word.
3.1.9.CONSTANTS:
Page 32
Since the key schedule for 128-bit, 192-bit, and 256-bit encryption are very similar, with only some constants changed, the following key size constants are defined here N has a value of 16 for 128-bit keys,24 for 192-bit keys, and 32 for 256-bit keys has a value of 176 for 128-bit keys,208 for 192-bit keys, and 240 for 256-bit keys.
CHAPTER - 4
RESULTS AND DISCUSIONS
VHDL CODE FOR AES ENCRYPTION PACKAGE
-Package File Template --Purpose: This package defines supplemental types, subtypes, constants, and functions library IEEE; use IEEE.STD_LOGIC_1164.all; use IEEE.STD_LOGIC_ARITH.ALL; use IEEE.STD_LOGIC_UNSIGNED.ALL; package aesencrypt is type ROM_Array is array (0 to 255) of std_logic_vector(7 downto 0); constant Content_EN: ROM_Array := ( b"01100011", b"01111100", b"01110111", b"01111011", b"11110010", b"01101011", b"01101111", b"11000101", b"00110000", b"00000001", b"01100111", b"00101011", b"11111110", b"11010111", b"10101011", b"01110110", b"11001010", b"10000010", b"11001001", b"01111101", b"11111010", b"01011001", b"01000111", b"11110000", b"10101101", b"11010100", b"10100010", b"10101111", b"10011100", b"10100100",b"01110010",b"11000000",
Department of Electronics and Communication Engineering,SKEC Page 33
b"10110111", b"11111101", b"10010011", b"00100110", b"00110110", b"00111111", b"11110111", b"11001100", b"00110100", b"10100101", b"11100101", b"11110001", b"01110001", b"11011000", b"00110001", b"00010101", b"00000100", b"11000111", b"00100011", b"11000011", b"00011000", b"10010110", b"00000101", b"10011010", b"00000111", b"00010010", b"10000000", b"11100010", b"11101011", b"00100111", b"10110010", b"01110101", b"00001001", b"10000011", b"00101100", b"00011010", b"00011011", b"01101110", b"01011010", b"10100000", b"01010010", b"00111011", b"11010110", b"10110011", b"00101001", b"11100011", b"00101111", b"10000100", b"01010011", b"11010001", b"00000000", b"11101101", b"00100000", b"11111100", b"10110001", b"01011011", b"01101010", b"11001011", b"10111110", b"00111001", b"01001010", b"01001100", b"01011000", b"11001111", b"11010000", b"11101111", b"10101010", b"11111011", b"01000011", b"01001101", b"00110011", b"10000101", b"01000101", b"11111001", b"00000010", b"01111111", b"01010000", b"00111100", b"10011111", b"10101000", b"01010001", b"10100011", b"01000000", b"10001111", b"10010010", b"10011101", b"00111000", b"11110101", b"10111100", b"10110110", b"11011010", b"00100001", b"00010000", b"11111111", b"11110011", b"11010010", b"11001101", b"00001100", b"00010011", b"11101100", b"01011111", b"10010111", b"01110011", --60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db --e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 --e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 --ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a --70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e --e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
Department of Electronics and Communication Engineering,SKEC Page 34
b"01000100",b"00010111",
b"11000100",
b"10100111",
--8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16 b"01100000", b"10000001", b"01001111", b"11011100",b"00100010", b"00101001", b"11011011", b"11100000",b"00110010",b"00111010",b"00001010",b"01001001",b"0000 0110",b"00100100",b"01011100",b"11000010",b"11010011",b"10101100",b" 01100010",b"10010001",b"10010101",b"11100100",b"01111001", b"11100111",b"11001000",b"00110111",b"01101101",b"10001101",b"1101 0101",b"01001110",b"10101001",b"01101100",b"01010110",b"11110100",b" 11101010",b"01100101",b"01111010",b"10101110",b"00001000", b"10111010",b"01111000",b"00100101",b"00101110",b"00011100",b"1010 0110",b"10110100",b"11000110",b"11101000",b"11011101",b"01110100",b" 00011111",b"01001011",b"10111101",b"10001011",b"10001010", b"01110000",b"00111110",b"10110101",b"01100110",b"01001000",b"0000 0011",b"11110110",b"00001110",b"01100001",b"00110101",b"01010111",b" 10111001",b"10000110",b"11000001", b"00011101",b"10011110", b"11100001",b"11111000",b"10011000",b"00010001",b"01101001",b"1101 1001",b"10001110",b"10010100",b"10011011",b"00011110",b"10000111",b" 11101001",b"11001110" ,b"01010101",b"00101000",b"11011111", b"10001100",b"10100001",b"10001001",b"00001101",b"10111111",b"1110 0110" ,b"01000010",b"01101000",b"01000001",b"10011001",b"00101101",b"0000 1111",b"10110000",b"01010100",b"10111011",b"00010110", others => B"00000000"); function subword(op1: in std_logic_vector(31 downto 0)) return std_logic_vector; function subword_128(op1: in std_logic_vector(127 downto 0)) return std_logic_vector ; function rotword(op1 : in std_logic_vector(31 downto 0)) return std_logic_vector; function keygen(op1 : in std_logic_vector(127 downto 0)) return std_logic_vector;
Department of Electronics and Communication Engineering,SKEC Page 35
b"10010000",b"10001000",b"01000110",b"11101110",
function matrixmul(op1,op2 : in std_logic_vector(127 downto 0)) return std_logic_vector; function To_init(op2 : in std_logic_vector(7 downto 0))return integer; function gfmul(op1,op2 : in std_logic_vector(7 downto 0)) return std_logic_vector; function shiftrow(op1: in std_logic_vector(127 downto 0))return std_logic_vector; function encryption(en_input1:in std_logic_vector(1535 downto 0)) return std_logic_vector; end aesencrypt; package body aesencrypt is -- Example 2 function matrixmul(op1,op2 : in std_logic_vector(127 downto 0)) return std_logic_vector is variable output : std_logic_vector(127 downto 0); variable temp1,temp2,temp3,temp4,element : std_logic_vector(7 downto 0); begin --(1,1) 1 temp1:=gfmul(op1(127 downto 120),op2(127 downto 120)); temp2:=gfmul(op1(119 downto 112) , op2(95 downto 88)); temp3:=gfmul(op1(111 downto 104) , op2(63 downto 56)); temp4:=gfmul(op1(103 downto 96) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(127 downto 120):=element; --(1,2) 2 temp1:=gfmul(op1(127 downto 120) , op2(119 downto 112)); temp2:=gfmul(op1(119 downto 112) , op2(87 downto 80)); temp3:=gfmul(op1(111 downto 104) , op2(55 downto 48)); temp4:=gfmul(op1(103 downto 96) , op2(23 downto 16)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4;
Department of Electronics and Communication Engineering,SKEC Page 36
output(119 downto 112):=element; --(1,3) 3 temp1:=gfmul(op1(127 downto 120) , op2(111 downto 104)); temp2:=gfmul(op1(119 downto 112) , op2(79 downto 72)); temp3:=gfmul(op1(111 downto 104) , op2(47 downto 40)); temp4:=gfmul(op1(103 downto 96) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(111 downto 104):=element; --(1,4) 4 temp1:=gfmul(op1(127 downto 120) , op2(103 downto 96)); temp2:=gfmul(op1(119 downto 112) , op2(71 downto 64)); temp3:=gfmul(op1(111 downto 104) , op2(39 downto 32)); temp4:=gfmul(op1(103 downto 96) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(103 downto 96):=element; --(2,1) 5 temp1:=gfmul(op1(95 downto 88) , op2(127 downto 120)); temp2:=gfmul(op1(87 downto 80) , op2(95 downto 88)); temp3:=gfmul(op1(79 downto 72) , op2(63 downto 56)); temp4:=gfmul(op1(71 downto 64) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(95 downto 88):=element; --(2,2) 6 temp1:=gfmul(op1(95 downto 88) , op2(119 downto 112)); temp2:=gfmul(op1(87 downto 80) , op2(87 downto 80)); temp3:=gfmul(op1(79 downto 72) , op2(55 downto 48)); temp4:=gfmul(op1(71 downto 64) , op2(23 downto 16)); element:=temp1 xor temp2;
Department of Electronics and Communication Engineering,SKEC Page 37
element:=element xor temp3; element:=element xor temp4; output(87 downto 80):=element; --(2,3) 7 temp1:=gfmul(op1(95 downto 88) , op2(111 downto 104)); temp2:=gfmul(op1(87 downto 80) , op2(79 downto 72)); temp3:=gfmul(op1(79 downto 72) , op2(47 downto 40)); temp4:=gfmul(op1(71 downto 64) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(79 downto 72):=element; --(2,4) temp1:=gfmul(op1(95 downto 88) , op2(103 downto 96)); temp2:=gfmul(op1(87 downto 80) , op2(71 downto 64)); temp3:=gfmul(op1(79 downto 72) , op2(39 downto 32)); temp4:=gfmul(op1(71 downto 64) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(71 downto 64):=element; --(3,1) 9 temp1:=gfmul(op1(63 downto 56) , op2(127 downto 120)); temp2:=gfmul(op1(55 downto 48) , op2(95 downto 88)); temp3:=gfmul(op1(47 downto 40) , op2(63 downto 56)); temp4:=gfmul(op1(39 downto 32) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(63 downto 56):=element; --(3,2) 10 temp1:=gfmul(op1(63 downto 56) , op2(119 downto 112)); temp2:=gfmul(op1(55 downto 48) , op2(87 downto 80)); temp3:=gfmul(op1(47 downto 40) , op2(55 downto 48));
Department of Electronics and Communication Engineering,SKEC Page 38
temp4:=gfmul(op1(39 downto 32) , op2(23 downto 16)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(55 downto 48):=element; --(3,3) 11 temp1:=gfmul(op1(63 downto 56) , op2(111 downto 104)); temp2:=gfmul(op1(55 downto 48) , op2(79 downto 72)); temp3:=gfmul(op1(47 downto 40) , op2(47 downto 40)); temp4:=gfmul(op1(39 downto 32) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(47 downto 40):=element; --(3,4) 12 temp1:=gfmul(op1(63 downto 56) , op2(103 downto 96)); temp2:=gfmul(op1(55 downto 48) , op2(71 downto 64)); temp3:=gfmul(op1(47 downto 40) , op2(39 downto 32)); temp4:=gfmul(op1(39 downto 32) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(39 downto 32):=element; --(4,1) 13 temp1:=gfmul(op1(31 downto 24) , op2(127 downto 120)); temp2:=gfmul(op1(23 downto 16) , op2(95 downto 88)); temp3:=gfmul(op1(15 downto 8) , op2(63 downto 56)); temp4:=gfmul(op1(7 downto 0) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(31 downto 24):=element; --(4,2) 14 temp1:=gfmul(op1(31 downto 24) , op2(119 downto 112));
Department of Electronics and Communication Engineering,SKEC Page 39
temp2:=gfmul(op1(23 downto 16) , op2(87 downto 80)); temp3:=gfmul(op1(15 downto 8) , op2(55 downto 48)); temp4:=gfmul(op1(7 downto 0) , op2(23 downto 16)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(23 downto 16):=element; --(4,3) 15 temp1:=gfmul(op1(31 downto 24) , op2(111 downto 104)); temp2:=gfmul(op1(23 downto 16) , op2(79 downto 72)); temp3:=gfmul(op1(15 downto 8) , op2(47 downto 40)); temp4:=gfmul(op1(7 downto 0) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(15 downto 8):=element; --(4,4) 16 temp1:=gfmul(op1(31 downto 24) , op2(103 downto 96)); temp2:=gfmul(op1(23 downto 16) , op2(71 downto 64)); temp3:=gfmul(op1(15 downto 8) , op2(39 downto 32)); temp4:=gfmul(op1(7 downto 0) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(7 downto 0):=element; return output; end matrixmul function To_init(op2 : in std_logic_vector(7 downto 0))return integer is variable output:integer RANGE 0 to 255; --variable output : std_logic_vector(7 downto 0); begin output:=0; if(op2(0)='1')then
Department of Electronics and Communication Engineering,SKEC Page 40
output:=output+1; end if; if(op2(1)='1')then output:=output+2; end if; if(op2(2)='1')then output:=output+4; end if; if(op2(3)='1')then output:=output+8; end if; if(op2(4)='1')then output:=output+16; end if; if(op2(5)='1')then output:=output+32; end if; if(op2(6)='1')then output:=output+64; end if; if(op2(7)='1')then output:=output+128; end if; return output; end To_init; function gfmul(op1,op2 : in std_logic_vector(7 downto 0))return std_logic_vector is variable temp : std_logic_vector(15 downto 0):="0000000000000000"; variable output : std_logic_vector(7 downto 0):="00000000"; variable poly : std_logic_vector(8 downto 0):="100011011"; begin for i in 0 to 7 loop if(op1(7-i)='1')then temp((14-i)downto(7-i)):=temp((14-i)downto(7-i)) xor op2;
Department of Electronics and Communication Engineering,SKEC Page 41
end if; end loop; for i in 0 to 7 loop if(temp(15-i)='1')then temp((15-i)downto (7-i)):=temp((15-i)downto (7-i)) xor poly; end if; end loop; output:=temp(7 downto 0); return output; end gfmul; function keygen(op1 : in std_logic_vector(127 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(1407 downto 0); variable afterrotword,aftersubword,afterrcon,keyout: std_logic_vector(31 downto 0); begin temp_output(1407 downto 1280):=op1; keyout:=op1(31 downto 0);
----------------------------stage 1---------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00000001000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1407 downto 1376); --0 temp_output(1279 downto 1248):=keyout; --4
keyout:=keyout xor temp_output(1375 downto 1344); --1 temp_output(1247 downto 1216):=keyout; --5
Page 42
keyout:=keyout xor temp_output(1343 downto 1312); --2 temp_output(1215 downto 1184):=keyout; --6
--------------------------------stage 2---------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00000010000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1279 downto 1248); --4 temp_output(1151 downto 1120):=keyout; --8
keyout:=keyout xor temp_output(1247 downto 1216); --5 temp_output(1119 downto 1088):=keyout; --9
keyout:=keyout xor temp_output(1215 downto 1184); --6 temp_output(1087 downto 1056):=keyout; --10
afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1151 downto 1120); --8 temp_output(1023 downto 992):=keyout; --12
keyout:=keyout xor temp_output(1119 downto 1088); --9 temp_output(991 downto 960):=keyout; --13
keyout:=keyout xor temp_output(1087 downto 1056); --10 temp_output(959 downto 928):=keyout; --14
-----------------------------stage 4-----------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00001000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1023 downto 992); --12 temp_output(895 downto 864):=keyout; --16
keyout:=keyout xor temp_output(991 downto 960); --13 temp_output(863 downto 832):=keyout; --17
keyout:=keyout xor temp_output(959 downto 928); --14 temp_output(831 downto 800):=keyout; --18
Page 44
-------------------------------stage 5--------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00010000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(895 downto 864); --16 temp_output(767 downto 736):=keyout; --20
keyout:=keyout xor temp_output(863 downto 832); --17 temp_output(735 downto 704):=keyout; --21
keyout:=keyout xor temp_output(831 downto 800); --18 temp_output(703 downto 672):=keyout; --22
----------------------------------stage 6----------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00100000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(767 downto 736); --20 temp_output(639 downto 608):=keyout; --24
--25
keyout:=keyout xor temp_output(703 downto 672); --22 temp_output(575 downto 544):=keyout; --26
-------------------------stage 7-------------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="01000000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(639 downto 608); --24 temp_output(511 downto 480):=keyout; --28
keyout:=keyout xor temp_output(607 downto 576); --25 temp_output(479 downto 448):=keyout; --29
keyout:=keyout xor temp_output(575 downto 544); --26 temp_output(447 downto 416):=keyout; --30
---------------------------------------stage -----------------------------------------------
Page 46
afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="10000000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(511 downto 480); --28 temp_output(383 downto 352):=keyout; --32
keyout:=keyout xor temp_output(479 downto 448); --29 temp_output(351 downto 320):=keyout; --33
keyout:=keyout xor temp_output(447 downto 416); --30 temp_output(319 downto 288):=keyout; --34
----------------------------------------stage --------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00011011000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(383 downto 352); --32 temp_output(255 downto 224):=keyout; --36
keyout:=keyout xor temp_output(351 downto 320); --33 temp_output(223 downto 192):=keyout; --37
Page 47
keyout:=keyout xor temp_output(319 downto 288); --34 temp_output(191 downto 160):=keyout; --38
----------------------------stage 10---------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00110110000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(255 downto 224); --36 temp_output(127 downto 96):=keyout; --40
keyout:=keyout xor temp_output(223 downto 192); --37 temp_output(95 downto 64):=keyout; --41
keyout:=keyout xor temp_output(191 downto 160); --38 temp_output(63 downto 32):=keyout; keyout:=keyout xor temp_output(159 downto 128);--39 temp_output(31 downto 0):=keyout; return temp_output; end keygen; function rotword(op1: in std_logic_vector(31 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(31 downto 0); begin temp_output(31 downto 24):=op1(23 downto 16); temp_output(23 downto 16):=op1(15 downto 8);
Department of Electronics and Communication Engineering,SKEC Page 48
--43
temp_output(15 downto 8):=op1(7 downto 0); temp_output(7 downto 0):=op1(31 downto 24); return temp_output; end rotword; function subword(op1: in std_logic_vector(31 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(31 downto 0); begin temp_output(31 downto 24):=Content_EN(conv_integer(op1(31 downto 24))); temp_output(23 downto 16):=Content_EN(conv_integer(op1(23 downto 16))); temp_output(15 downto 8):=Content_EN(conv_integer(op1(15 downto 8))); temp_output(7 downto 0):=Content_EN(conv_integer(op1(7 downto 0))); return temp_output; end subword; function subword_128(op1: in std_logic_vector(127 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(127 downto 0); begin temp_output(127 downto 96):=subword(op1(127 downto 96)); temp_output(95 downto 64):=subword(op1(95 downto 64)); temp_output(63 downto 32):=subword(op1(63 downto 32)); temp_output(31 downto 0):=subword(op1(31 downto 0)); return temp_output; end subword_128; function shiftrow(op1: in std_logic_vector(127 downto 0))return std_logic_vector is variable temp_output: std_logic_vector(127 downto 0); begin
Department of Electronics and Communication Engineering,SKEC Page 49
---1 st row---temp_output(127 downto 96):= op1(127 downto 96);--1 temp_output(95 downto 88):= op1(95 downto 88);--5 temp_output(63 downto 56):= op1(63 downto 56); --9 temp_output(31 downto 24):= op1(31 downto 24);--13 ----2nd row----temp_output(119 downto 112):= op1(87 downto 80);--2 temp_output(87 downto 80):= op1(55 downto 48);--6 temp_output(55 downto 48):= op1(23 downto 16);--10 temp_output(23 downto 16):= op1(119 downto 112);--14 ----3 rd row----temp_output(111 downto 104):= op1(47 downto 40); temp_output(79 downto 72):= op1(15 downto 8); temp_output(47 downto 40):= op1(111 downto 104); temp_output(15 downto 8):= op1(79 downto 72); -------4th row------temp_output(103 downto 96):= op1(7 downto 0); temp_output(71 downto 64):= op1(103 downto 96); temp_output(39 downto 32):= op1(71 downto 64); temp_output(7 downto 0):= op1(39 downto 32); return temp_output; end shiftrow function encrpytion(en_input1:in std_logic_vector(1535 downto 0)) return std_logic_vector is
variable temp_output,temp1,temp2,temp3,temp4 : std_logic_vector(127 downto 0); variable mixmat: std_logic_vector(127 downto 0):="0000001000000001000000010000001100000011000000100000000100 00000100000001000000110000001000000001000000010000000100000011 00000010";
Department of Electronics and Communication Engineering,SKEC Page 50
begin --------------------step 1--------------------------------------temp1:=en_input1(1535 downto 1408) xor en_input1(1407 downto 1280); -------------------step2 --------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(1279 downto 1152); --------------------step3 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(1151 downto 1024); --------------------step4 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(1023 downto 896);
--------------------step5 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(895 downto 768); --------------------step6 -----------------------------------------------temp2:=subword_128(temp1);
Department of Electronics and Communication Engineering,SKEC Page 51
temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(767 downto 640); --------------------step7 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(639 downto 512); --------------------step8 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(511 downto 384) --------------------step9 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(383 downto 256); --------------------step10 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(255 downto 128); --------------------step11 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); --temp4:=matrixmul(temp3,mixmat,); temp1:=temp3 xor en_input1(127 downto 0); return temp1; end encryption;
MAIN CODE
----------------------------------------------------------------------------------- Company: -- Engineer:
Page 52
11:49:45 10/16/2012
---------------------------------------------------------------------------------use IEEE.STD_LOGIC_1164.ALL; use IEEE.STD_LOGIC_ARITH.ALL; use IEEE.STD_LOGIC_UNSIGNED.ALL; use work.aesencrypt.all; -- Uncomment the following lines to use the declarations that are -- provided for instantiating Xilinx primitive components. --library UNISIM; --use UNISIM.VComponents.all; entity encryption11 is Port ( input_ENCRYPTION :in std_logic_vector(127 downto 0); input_KEY:in std_logic_vector(127 downto 0); out_KEYS: out std_logic_vector(1407 downto 0); output_ENCRYPTION: out std_logic_vector(127 downto 0); clk : in std_logic); end encryption11; architecture Behavioral of encryption11 is begin process(clk,input_ENCRYPTION) variable x1 : std_logic_vector(1535 downto 0); variable x2 : std_logic_vector(1407 downto 0); variable x3 : std_logic_vector(127 downto 0); begin if(clk='1')and(clk'EVENT) then x2:=keygen(input_KEY); x1(1535 downto 1408):=input_ENCRYPTION; x1(1407 downto 0):= x2; x3:=encription(x1); end if; output_ENCRYPTION<=x3; out_KEYS<=x2; end process;
Department of Electronics and Communication Engineering,SKEC Page 53
end aesencrypt;
Page 54
plain text:where are you ra (57484552452041524520594f55205241)this is ascii value key:howareyounow.(484f572041524520594f55204e4f572e) cipher text : 17029EEB2EEAC4EA0E7C265902375C2F
Page 56
============================================================= ============ * ============ Final Results RTL Top Level Output File Name Top Level Output File Name Output Format Optimization Goal Keep Hierarchy Design Statistics # IOs Cell Usage : # BELS # # # # # # # # # # # # # # # # GND INV LUT1 LUT2 LUT2_L LUT3 LUT3_D LUT3_L LUT4 LUT4_D LUT4_L MUXF5 MUXF6 MUXF7 MUXF8 VCC : 47282 :1 : 182 : 164 : 1776 : 111 : 231 :8 : 609 : 22881 : 14 : 273 : 11338 : 5698 : 2839 : 1156 :1 : 2784
Page 57
Final Report
=============================================================
: encryption.ngr : encryption
: NGC : Speed : NO
: 258
# FlipFlops/Latches
# # # # # # #
============================================================= ============ Device utilization summary: --------------------------Selected Device : 3s500efg320-5 Number of Slices: Number of Slice Flip Flops: Number of 4 input LUTs: Number used as logic: Number of IOs: Number of bonded IOBs: Number of GCLKs: Number used as Shift registers: 258 257 out of 1 out of 232 110% (*) 24 4% 14517 out of 4656 311% (*) 2784 out of 9312 26249 11 29% 26260 out of 9312 282% (*)
WARNING:Xst:1336 - (*) More than 100% of Device resources are used --------------------------Partition Resource Summary: --------------------------No Partitions were found in this design.
Department of Electronics and Communication Engineering,SKEC Page 58
---------------------------
============================================================= ============ TIMING REPORT NOTE: THESE TIMING NUMBERS ARE ONLY A SYNTHESIS ESTIMATE. FOR ACCURATE TIMING INFORMATION PLEASE REFER TO THE TRACE REPORT GENERATED AFTER PLACE-and-ROUTE. Clock Information: ----------------------------------------------------+------------------------+-------+ Clock Signal clk | Clock buffer(FF name) | Load | | BUFGP | 2795 | -----------------------------------+------------------------+-------+ -----------------------------------+------------------------+-------+ Asynchronous Control Signals Information: ---------------------------------------No asynchronous control signals found in this design Timing Summary: --------------Speed Grade: -5 Minimum period: 6.654ns (Maximum Frequency: 150.280MHz) Minimum input arrival time before clock: No path found Maximum output required time after clock: 4.040ns Maximum combinational path delay: No path found
Page 59
Timing Detail: -------------All values displayed in nanoseconds (ns) ============================================================= ============ Timing constraint: Default period analysis for Clock 'clk' Clock period: 6.654ns (frequency: 150.280MHz) Total number of paths / destination ports: 591072 / 2926 ------------------------------------------------------------------------Delay: Source: Destination: Source Clock: 6.654ns (Levels of Logic = 7) a35/x05_15 (FF) a39/x05_109 (FF) clk rising
Destination Clock: clk rising Data Path: a35/x05_15 to a39/x05_109 Gate Cell:in->out FD:C->Q LUT4:I3->O LUT4:I2->O LUT4:I2->O MUXF5:I1->O (a38/s2/Mrom_sbout_f5) MUXF6:I1->O (a38/s2/Mrom_sbout_f6) MUXF7:I1->O (a38/s2/Mrom_sbout_f7) MUXF8:I1->O FD:D Total 1 0.451 0.000 a38/s2/Mrom_sbout_f8 (sb9<8>) 0.268 a39/x05_104 1 0.451 0.000 a38/s2/Mrom_sbout_f7 1 0.451 0.000 a38/s2/Mrom_sbout_f6 Net fanout Delay Delay Logical Name (Net Name) 11 0.514 0.796 a35/x05_15 (a35/x05_15) 3 0.612 0.481 a36/h1<12>_SW0 (N1659) 125 0.612 1.128 Mxor_data9_Result<12>1 (data9<12>) 1 0.612 0.000 a38/s2/Mrom_sbout1 (a38/s2/Mrom_sbout) 1 0.278 0.000 a38/s2/Mrom_sbout_f5
---------------------------------------- ------------
(63.9% logic, 36.1% route) ============================================================= ============ Timing constraint: Default OFFSET OUT AFTER for Clock 'clk' Total number of paths / destination ports: 128 / 128 ------------------------------------------------------------------------Offset: Source: Destination: Source Clock: 4.040ns (Levels of Logic = 1) eout_127 (FF) eout<127> (PAD) clk rising
Data Path: eout_127 to eout<127> Gate Cell:in->out FDE:C->Q OBUF:I->O Total Net fanout Delay Delay Logical Name (Net Name) 1 0.514 0.357 eout_127 (eout_127) 3.169 eout_127_OBUF (eout<127>)
---------------------------------------- ------------
Total REAL time to Xst completion: 359.00 secs Total CPU time to Xst completion: 359.06 secs Total memory usage is 302972 kilobyte Number of errors : Number of infos 0 ( 0 filtered) Number of warnings : 376 ( 0 filtered) : 34 ( 0 filtered)
CHAPTER - 5
Page 61
SUMMARY
5.1. PROJECT SUMMARY:
The Advanced Encryption Standard (AES) is a security standard that became effective on May 26,2002 by NIST to replace DES. the cryptography scheme is asymmetric block cipher that encrypts and decrypts 128-bit blocks of data lengths of 128,192 and 256 bits are standard key lengths used by AES. Plain text refers to the data to be encrypted. Cipher text refers to the data after going through the cipher as well as the data that will be going into the decipher. The state is an intermediate form of the cipher or deciphers result usually displayed as a rectangular table of bytes with 4 rows and 4 columns The first stage subbytes transformation a non-linear byes substitution for each byte of the block. The second stageshiftrows transformation cyclically shifts(permutes) the bytes within the block. The third stagemixcolumns transformation groups 4-bytes together forming 4-term polynomials and multiplies the polynomials with a fixed polynomial mod(X4+1).The fourth stageadd roundkeytransformation adds the round key with the block of data. The decipher is simply the inverse of cipher The algorithm consists of four stages that make up a round which is iterated 10 times for a 128-bit length key, 12 times for 192-bit key and 14 times for a 256-bit key
5.2. CONCLUSION:
Page 62
The main advantage with the Advanced Encryption Standard is to maintain the secret communication between the Encryption and Decryption. It is the symmetric key encryption algorithm. This reduces the complexity of the Encrypt and Decrypt the data. Cipher key is same for both the Encryption and Decryption process VHDL code is used to develop the implementation of Encryption and Decryption process. Each program is tested with the some of the sample vectors provided by NIST and output results are perfect with minimal delay. In the case of 192,256-bit key algorithm, it requires 192,256-bit plain text and 128-bit cipher key. AES is important to understand the using the algorithm, it will greatly increase the reliability and safety of software systems. Therefore, AES can indeed be implemented with reasonable efficiency on an FPGA, with the encryption and decryption taking an average of 320 and 340 ns respectively (for every 128 bits). The time varies from chip to chip and the calculate delay time can only be regarded as approximate. Adding data pipelines and some parallel combinational logic in the key scheduler and round calculator can further optimize this design.There is currently no evidence that AES has any weakness making any attack other than exhaustive search. Even AES-128 bit offers a sufficiently large number of possible keys, making an exhaustive search impractical for many decades, provided no technological breakthrough causes the computational power available to increase dramtically and that theoretical research does not find a short cut to bypass the need for exhaustive search. There are many pitfalls to avoid when encryption is implemented and keys are generated. It is necessary to ensure each and every implementations security, an important correctly implemented AES-128 is likely to protect against a million dollar budget for at least 50-60 years and against individual budgets for at least another ten years.
This algorithm is also implemented with the 192,256-bit keys. By using with this design we are also implemented as a cryptoprocessor for secret communication. This algorithm is also used to implement as crypto processor for smartcard performance, efficiency, implementability, and flexibility are extended by using efficient techniques.
Page 64
REFERENCES
[1] FIPS 197, Advanced Encryption Standard (AES), November 26, 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [2] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999 http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip [3] FPGA Simulations of Round 2 Advanced Encryption Standards http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/presentations/elbirt.pdf. [4] http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm [5] Tilborg, Henk C. A. van. Fundamentals of Cryptology: A Professional Reference and Interactive Tutorial, New York Kluwer Academic Publishers, 2002 [6] Peter J. Ashenden, The students Guide to VHDL, 2nd Edition, San Francisco, CA, Morgan Kaufmann, 2002 References:understanding mix columns [7 Wikipedia Rijndael mix columns, [Online] Available: http://en.wikipedia.org/wiki/Rijndael_mix_columns [8] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) Multiplication, in Cryptography and Network Security: Principles and Practices, Page 125 126. References:understanding inverse mix columns [9] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) Multiplication, in Cryptography and Network Security: Principles and Practices, Page 125 126.
Department of Electronics and Communication Engineering,SKEC Page 65
[10] Kit Choy Xintong (2009), Understanding AES Mix-Columns Transformation Calculation [Available]Online: http://sites.google.com/site/kitworldoftheory/Home/mixcolumns.pdf? attredirects=0 [11] AES page available via http://www.nist.gov/CryptoToolkit.4 [12] Computer Security Objects Register (CSOR): http://csrc.nist.gov/csor/. [13] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999, available at [1]. [14] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research and Applications, LNCS 1820, Springer-Verlag, pp. 288-296. [15] B. Gladmans AES related home page http://fp.gladman.plus.com/cryptography_technology/. [16] A. Lee, NIST Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government, National Institute of Standards and Technology, November 1999. [17] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, New York, 1997, p. 81-83. [18] J. Nechvatal, ET. al., Report on the Development of the Advanced Encryption Standard (AES), National Institute of Standards and Technology, October 2, 2000, available at [1]. [19]^ Vincent Rijmen (2010). "Practical-Titled Attack on AES-128 Using ChosenText Relations". [20]^ Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
(2011). "Biclique Cryptanalysis of the Full AES". [21]^ a b "Index of formal scientific papers". Cr.yp.to. Retrieved 2008-11-02. [22]^ Bruce Schneier. "AES Timing Attack". Archived from the original on 12 February 2007. Retrieved 2007-03-17.
Page 66
[23]^ Dag Arne Osvik1; Adi Shamir2 and Eran Tromer2 (2005-11-20) (PDF). Cache Attacks and Countermeasures: the Case of AES. Retrieved 2008-11-02. [24] ^ Dhiman Saha, Debdeep Mukhopadhyay, Dipanwita RoyChowdhury (PDF). A Diagonal Fault Attack on the Advanced Encryption Standard. Archived from the original on 22 December 2009. Retrieved 2009-12-08. [25]^ Endre Bangerter, David Gullasch and Stephan Krenn (2010). "Cache Games Bringing Access-Based Cache Attacks on AES to Practice". [26] ^ "Breaking AES-128 in realtime, no ciphertext required | Hacker News". News.ycombinator.com. Retrieved 2012-12-23. [27] ^ a b http://www.cnss.gov/Assets/pdf/nstissp_11_fs.pdf [28] ^ "NIST.gov - Computer Security Division - Computer Security Resource Center". Csrc.nist.gov. Retrieved 2012-12-23. [29] ^ a b OpenSSL, [email protected]. "OpenSSL's certification". Openssl.org. Retrieved 2012-12-23. Notes about FIPS
[30]^ "Performance Comparisons of the AES submissions" (PDF). 1999-02-01. Retrieved 2010-12-28.
Page 67