Scribd
Upload
2 views

Lecture 04 - AES (1)

The document provides an overview of the Advanced Encryption Standard (AES), detailing its structure, internal processes, and key expansion methods. AES is a symmetric block cipher designed to replace DES, featuring a block size of 128 bits and key lengths of 128, 192, or 256 bits, with varying rounds based on key length. Key operations include byte substitution, row shifting, column mixing, and key addition, all aimed at providing security and efficiency in encryption and decryption processes.

Uploaded by

jameel717772
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
2 views

Lecture 04 - AES (1)

The document provides an overview of the Advanced Encryption Standard (AES), detailing its structure, internal processes, and key expansion methods. AES is a symmetric block cipher designed to replace DES, featuring a block size of 128 bits and key lengths of 128, 192, or 256 bits, with varying rounds based on key length. Key operations include byte substitution, row shifting, column mixing, and key addition, all aimed at providing security and efficiency in encryption and decryption processes.

Uploaded by

jameel717772
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Information Security

Lecture 04
Topics
• Introduction to AES
• Structure of AES
• Internal Structure of round
• Byte substitution
• Shift rows
• Mix column
• Key addition
• Decryption
Introduction to AES
• Brief history
• A replacement for DES was needed
• have theoretical attacks that can break it
• have demonstrated exhaustive key search attacks
• can use Triple-DES – but slow, has small blocks
• NIST issued call for ciphers in 1997
• 15 candidates accepted in Jun 98
• 5 were shortlisted in Aug-99
• Rijndael was selected as the AES in Oct-2000
• designed by Vincent Rijmen and joan Daemen in Belgium
Introduction to AES
• High level view
• AES is a block cipher with a block size of 128 bit
• has 128/192/256 bit keys Key
128/192/256
128 128
X AES Y
• Number of rounds depends on the key length
Key size 128 192 256
Plaintext block size 128 128 128
Numbers of rounds 10 12 14
Round key size 128 128 128
Introduction to AES
• AES is by now the most important symmetric algorithm in
the world
• NSA allows AES for classified data upto top secret with 192 or
256 bit key
• Designed to have:
• resistance against known attacks
• speed and code compactness on many CPUs
• design simplicity
AES Structure
• DES USE Feistel network but AES

is not a Feistel cipher


• AES encrypts all 128 bits of the
data path
in one round
• processes data as block of 4
columns of 4 bytes
• data block of 4 columns of 4 bytes
is state
• key is expanded to array of words
AES Structure
• Each round consist of four layer
1. byte substitution (1 S-box used on every
byte)
2. shift rows (permute bytes between
groups/columns)
3. mix columns (subs using matrix multiply
of groups)
4. add round key (XOR state with key
material)
• Last round does not have the mixed layer
• At the beginning of AES and at the very
SubBytes (Byte Substitution)
• In the SubBytes step, each byte bi,j in the state matrix is
replaced with a Byte from substitution box, the Rijndael S-box.
• S box is a table of 16x16 bytes containing a permutation of all
256 8-bit values
• each byte of state is replaced by byte indexed by row (left 4-
bits) & column (right 4-bits)
• e.g. byte {95} is replaced by byte in row 9 column 5
• which has value {2A}
• While performing the decryption, the inverse of S box (another
table) is used
S-box
Inverse S-box
Byte Substitution
Byte Substitution
• Example
Shift Rows
• a circular byte shift in each round
• 1st row is unchanged
• 2nd row does 1 byte circular shift to left
• 3rd row does 2 byte circular shift to left
• 4th row does 3 byte circular shift to left
• decrypt inverts using shifts to right
• since state is processed by columns, this step permutes bytes
between the columns
Shift Rows
Shift Rows
• Example
Mix Columns
• each column is processed separately
• each byte is replaced by a value dependent on all 4 bytes in
the column
• decryption requires the use of inverse matrix
Mix Columns
Add Round Key
• In the Add Round Key step, the subkey is combined with the
state.
• For each round, a subkey is derived from the main key using
Rijndael's key schedule.
• each subkey is the same size as that of state.
• The subkey is added by combining each byte of the state
with the corresponding byte of the subkey using bitwise XOR.
• inverse for decryption identical
• since XOR own inverse, with reversed keys
Add Round Key
• The 128 bits of State are bitwise XORed with the 128 bits of
the round key
• Operation is viewed as a column wise operation between the 4 bytes
of a State column and one word of the round key
• Can also be viewed as a byte‐level operation
Inputs for Single
AES Round
AES Key Expansion
• Takes as input a four‐word (16 byte) key and produces a linear
array of 44 words (176) bytes
• This is sufficient to provide a four‐word round key for the initial
AddRoundKey stage and each of the 10 rounds of the cipher
• Key is copied into the first four words of the expanded key
• The remainder of the expanded key is filled in four words at a time
• Each added word w[i] depends on the immediately preceding
word, w[i – 1], and the word four positions back, w[i – 4]
• In three out of four cases a simple XOR is used
• For a word whose position in the w array is a multiple of 4, a more
complex function is used
AES Key
Expansion
AES Key Expansion
• RotWord performs a one-byte circular left shift on a word. This
means that an input word [B0, B1, B2, B3] is transformed into
[B1, B2, B3, B0].
• SubWord performs a byte substitution on each byte of its input
word, using the S-box (Table).
• The result of steps 1 and 2 is XORed with a round constant,
Rcon[j].
Round Constant
• The round constant is a word in which the three right most
bytes are always 0.
• Thus, the effect of an XOR of a word with Rcon is to only
perform an XOR on the leftmost byte of the word.
• The round constant is different for each round and is defined as
Rcon[j] = (RC[j], 0, 0, 0)
• The values of RC[j] in hexadecimal are
Implementation Aspects
• AES can be implemented very efficiently on an 8‐ bit proessor
• AddRoundKey is a bytewise XOR operation
• ShiftRows is a simple byte‐shifting operation
• SubBytes operates at the byte level and only requires a table of
256 bytes
• MixColumns requires matrix multiplication in the field GF(28),
which means that all operations are carried out on bytes
• Designers believe this very efficient implementation was a key
factor in its selection as the AES cipher

You might also like