2. AES - Advanced Encryption Standard.
• Published by NIST in Nov 2001: FIPS PUB 197
• Based on a competition won by Rijmen and Daemen (Rijndael) from Belgium
• 22 submissions,
• 7 did not satisfy all requirements
• 15 submissions 5 finalists:
• Mars,
• RC6,
• Rijndael,
• Serpent,
• Twofish.
• Winner: Rijndael.
• Rijndael allows many block sizes and key sizes
• AES restricts it to:
• Block Size: 128 bits
• Key sizes: 128, 192, 256 (AES-128, AES-192, AES-256)
• An iterative rather than Feistel cipher
• operates on entire data block in every round
• Byte operations: Easy to implement in software
3. AES – Advance Encryption Standard.
• The Advanced Encryption Standard (AES) is a symmetric block
cipher chosen by the U.S. government to protect classified
information.
• AES is implemented in software and hardware throughout the world
to encrypt sensitive data. It is essential for government computer
security, cybersecurity and electronic data protection.
• The National Institute of Standards and Technology (NIST) started
development of AES in 1997 when it announced the need for an
alternative to the Data Encryption Standard (DES), which was starting
to become vulnerable to brute-force attacks.
4. • NIST stated that the newer, advanced encryption algorithm would be
unclassified and must be "capable of protecting sensitive government
information well into the [21st] century." It was intended to be easy to
implement in hardware and software, as well as in restricted
environments -- such as a smart card -- and offer decent defenses
against various attack techniques.
• AES was created for the U.S. government with additional voluntary,
free use in public or private, commercial or noncommercial programs
that provide encryption services. However, nongovernmental
organizations choosing to use AES are subject to limitations created by
U.S. export control.
5. What is the AES algorithm?
• The AES algorithm (also known
as the Rijndael algorithm) is a
symmetrical block cipher
algorithm that takes plain text in
blocks of 128 bits and converts
them to ciphertext using keys of
128, 192, and 256 bits. Since the
AES algorithm is considered
secure, it is in the worldwide
standard.
6. How AES encryption works
• AES-128 uses a 128-bit key length
to encrypt and decrypt a block of
messages.
• AES-192 uses a 192-bit key length
to encrypt and decrypt a block of
messages.
• AES-256 uses a 256-bit key length
to encrypt and decrypt a block of
messages.
• Each cipher encrypts and decrypts
data in blocks of 128 bits using
cryptographic keys of 128, 192 and
256 bits, respectively.
7. • Symmetric, also known as secret key, ciphers use the same key for
encrypting and decrypting. The sender and the receiver must both
know -- and use -- the same secret key.
• The government classifies information in three categories:
• Confidential,
• Secret
• Top Secret.
• All key lengths can be used to protect the Confidential and Secret
level. Top Secret information requires either 192- or 256-bit key
lengths.
8. • There are 10 rounds for 128-bit
keys, 12 rounds for 192-bit keys
and 14 rounds for 256-bit keys. A
round consists of several
processing steps that include
substitution, transposition and
mixing of the input plaintext to
transform it into the final output
of ciphertext.
9. • The AES encryption algorithm defines numerous transformations that
are to be performed on data stored in an array. The first step of the
cipher is to put the data into an array, after which the cipher
transformations are repeated over multiple encryption rounds.
• The first transformation in the AES encryption cipher is substitution of
data using a substitution table. The second transformation shifts data
rows. The third mixes columns. The last transformation is performed
on each column using a different part of the encryption key. Longer
keys need more rounds to complete.
10. What are the features of AES?
• NIST specified the new AES algorithm must be a block cipher capable of
handling 128-bit blocks, using keys sized at 128, 192 and 256 bits.
• Other criteria for being chosen as the next AES algorithm included the
following:
• Security. Competing algorithms were to be judged on their ability to resist
attack as compared to other submitted ciphers. Security strength was to be
considered the most important factor in the competition.
• Cost. Intended to be released on a global, nonexclusive and royalty-free
basis, the candidate algorithms were to be evaluated on computational and
memory efficiency.
• Implementation. Factors to be considered included the algorithm's
flexibility, suitability for hardware or software implementation, and overall
simplicity.
11. Creation of Round keys :
• A Key Schedule algorithm is used
to calculate all the round keys
from the key. So the initial key is
used to create many different
round keys which will be used in
the corresponding round of the
encryption.
12. Encryption :
• AES considers each block as a 16 byte (4 byte
x 4 byte = 128 ) grid in a column major
arrangement.
• Each round comprises of 4 steps :
• SubBytes
• ShiftRows
• MixColumns
• Add Round Key
• The last round doesn’t have the MixColumns
round.
• The SubBytes does the substitution and
ShiftRows and MixColumns performs the
permutation in the algorithm.
13. SubBytes :
• This step implements the
substitution.
• In this step each byte is substituted
by another byte.(Its performed
using a lookup table also called the
S-box. This substitution is done in a
way that a byte is never substituted
by itself and also not substituted by
another byte which is a
compliment of the current byte.
The result of this step is a 16 byte
(4 x 4 ) matrix like before.
• The next two steps implement the
permutation.
14. ShiftRows :
• This step is just as it sounds. Each
row is shifted a particular number
of times.
• The first row is not shifted
• The second row is shifted once to
the left.
• The third row is shifted twice to the
left.
• The fourth row is shifted thrice to
the left.
• (A left circular shift is performed.)
15. MixColumns :
• This step is basically a matrix
multiplication. Each column is
multiplied with a specific matrix
and thus the position of each byte
in the column is changed as a
result.
• Or In the third step, the Hill
cipher is used to jumble up the
message more by mixing the
block’s columns.
• This step is skipped in the last
round.
16. Add Round Keys :
• Now the resultant output of the
previous stage is XOR-ed with the
corresponding round key. Here, the
16 bytes is not considered as a grid
but just as 128 bits of data.
• After all these rounds 128 bits of
encrypted data is given back as
output. This process is repeated
until all the data to be encrypted
undergoes this process.
• In the final step, the message is
XORed with the respective round
key.
17. Decryption :
• The stages in the rounds can be easily undone as these stages have an
opposite to it which when performed reverts the changes.Each 128 blocks
goes through the 10,12 or 14 rounds depending on the key size.
• The stages of each round in decryption is as follows :
• Add round key
• Inverse MixColumns
• ShiftRows
• Inverse SubByte
• The decryption process is the encryption process done in reverse so i will
explain the steps with notable differences.
18. Inverse MixColumns :
• This step is similar to the
MixColumns step in encryption,
but differs in the matrix used to
carry out the operation.
19. Inverse SubBytes :
• Inverse S-box is used as a lookup table and using which the bytes are
substituted during decryption.
20. Detailed Structure
1. One noteworthy feature of this structure is
that it is not a Feistel structure. Recall that, in
the classic Feistel structure, half of the data
block is used to
modify the other half of the data block and t
hen the halves are swapped. AES instead
processes the entire data block as a single
matrix during each round using substitutions
and permutation.
2. The key that is provided as input is expand
ed into an array of forty-four 32-
bit words, w[i]. Four distinct words (128 bits)
serve as a round key for each round;
21. • 3. Four different stages are used, one of permutation and three of sub
stitution:
• Substitute bytes: Uses an S-box to perform a byte-by-
byte substitution of the block.
• ShiftRows: A simple permutation.
• MixColumns: A substitution that makes use of arithmetic over GF(28).
• AddRoundKey: A simple bitwise XOR of the current block with a porti
on of the expanded key.
22. • 4. The structure is quite simple. For both encryption and decryption,
the
cipher begins with an AddRoundKey stage, followed by nine rounds th
at each includes all four stages, followed by a tenth
round of three stages. Picture depicts the
structure of a full encryption round.
24. • 5. Only the AddRoundKey stage makes use of the key. For this reason, the c
ipher begins and ends with an AddRoundKey stage. Any other stage, applie
d at the beginning or end, is reversible without knowledge of the key and so
would add no security.
• 6. The AddRoundKey stage is, in effect, a form of Vernam cipher and by
itself would not be formidable. The other three stages together provide
confusion, diffusion, and nonlinearity, but by themselves would provide no
security because
they do not use the key.We can view the cipher as alternating operations of
XOR
encryption (AddRoundKey) of a block, followed by scrambling of the block
(the
other three stages), followed by XOR encryption, and so on. This scheme is
both efficient and highly secure.
25. • 7. Each stage is easily
reversible. For the Substitute Byte, ShiftRows,
and MixColumns stages, an inverse function is used in the decryption
algorithm. For the AddRoundKey stage, the inverse is achieved by XO
Ring the same round key to the block, using the result
that A Ⓧ B Ⓧ B = A.
• 8. As with
most block ciphers, the decryption algorithm
makes use of the expanded key in reverse order. However, the decrypti
on algorithm is not identical to the encryption algorithm. This is a
consequence of the particular structure of AES.
26. • 9. Once it is established t
hat all four stages are reversible, it is easy to verify that decryption
does recover the plaintext. Figure
5.3 lays out encryption and decryption going in opposite
vertical directions. At each
horizontal point (e.g., the dashed line in the figure), State is the same
for both encryption and decryption.
• 10. The final round of both
encryption and decryption consists of only three stages. Again, this is
a consequence of the particular structure of AES and is required to
make the cipher reversible.
27. What's the difference between AES vs. DES?
• The U.S. government developed DES
algorithms more than 40 years ago to
ensure government systems all used
the same, secure standard to facilitate
interconnectivity.
• DES served as the linchpin of
government cryptography for years
until 1999, when researchers broke
the algorithm's 56-bit key using a
distributed computer system. In 2000,
the U.S. government chose to use AES
to protect classified information. DES
is still used in some instances for
backward compatibility.
28. • The two standards are both symmetric block ciphers, but AES is more
mathematically efficient. The main benefit of AES lies in its key length
options. The time required to crack an encryption algorithm is directly
related to the length of the key used to secure the communication --
128-bit, 192-bit or 256-bit keys. Therefore, AES is exponentially
stronger than the 56-bit key of DES. AES encryption is also
significantly faster, so it is ideal for applications, firmware and
hardware that require low latency or high throughput.
29.
30. Key Expansion
• That mean we convert
• Key into hexa.
• Now
• N = 73
• A = 61
• D = 74
• E = 69
• E = 68
• And so on.
36. In G we substitute
subkey with constant
table.
37. • We got here G Function output that is f8 9f 85 40.
• Now we perform XOR the output with Word 0 (W0).
• Now we can’t perform G Function,
• we derived w5 from XOR operation between W1 and W4.
38. • To find out the next key, as per rule we
perform XOR W1 with the result of W4.
• G function perform once only.
• The output showing in the picture.
• First convert both into Binary.
• Perform XOR.
• Convert into Hexa.
• Than this procedure is continue till we got 43
Keys.
• If we findout next key W8. First we put W7 in
Function G, than output XOR with W4.
Output is W8, now XOR with W5 and so on.
• In each router we use 4 words for every next
round we perform full function.
39. Suppose this is our function / algorithm. In key section, each
key is 128 bit mean 32 word. In each round we perform full G
function. Than the output of subkey1 is used for next key
expansion and so on
40. • This the complete structure of
AES, Encryption and Decryption.
• Here first step is Add round key.
• What is this.
41. Add Round Key.
• Supposed we have a message.
• The message is
“secretmessagenow”
• This is 128 bit message.
• We convert it into bytes.
• 73 65 63 72 65 74 6d 65 73 73
61 67 65 6e 6f 77
• Now we put this valued in a
State Array into 4 x 4 matrix.
42. • Now we understand the Add
round key.
• That output put into round 1.
• And what happened in round 1.
• This is the next target we will
understand.
43. Steps in Round
• As per picture,
• There are found steps.
• 1. Substitute Bytes.
• 2. Shift Rows.
• 3. Mix Columns.
• 4. Add Round Key.
44. Byte Substitution.
• There we have an output that we
get from Add round Key. We did
byte substitution.
• First we took first byte that is “0
0”. We look this into table. First “ 0
“ define row number and 2nd byte
define Column. What the value you
get, replace it with “0 0”.
• Same step with 2nd byte and so on.
45. Shift Row.
• Shift Rows simply byte shifts the
rows.
• First row: NO change.
• Second Row: One byte cyclical
left shift.
• Third Row: Two byte Cyclical left
Shift.
• Fourth Row: Three byte cyclical
left shift.
46. MIX Column.
• After shift rows we got an
output.
• We simply multiply this output
with a standard matrix.
48. • In upper slide we perform only
one section of r1, rest we have
three more.
• The value of r1 = (02 * 63) + (03
+ 9c) + (01 * 7b) + (01 * ca)
• We simply multiply 02 x 63
• What is rest value and “ r1”
value
50. • From that way you get all the value of r1, r2, r3 and so on.
• The final step is to add round key.
• And we know how should we add the key.
• But here our message is r1, r2, r3, . . . . . R16 and the key is subkey of
round 2.
• We already discuss how to extract the key.
• We did all these step in all round except or last round.
• In last round we didn’t perform Mix column action.