The document summarizes cryptographic algorithms DES and AES. It describes the basic concepts of encryption, the history and workings of DES including key generation and encryption/decryption processes. It then explains the AES cipher which was selected to replace DES, including the cipher structure involving substitution, shifting, mixing and adding round keys in multiple rounds of processing. The key expansion process is also summarized.

1. CRYPTOGRAPHIC ALGORITHMS
(DES AND AES)
BY- ANAMIKA SINGH ,B.TECH. VIIth sem

2. What is Encryption
 Transform information such that its true meaning is
hidden
 Requires “special knowledge” to retrieve the
information
 Examples
 AES, 3DES, RC4, ROT-13, …

3. Types of Encryption Schemes
Ciphers
Classical Modern
Rotor Machines
Substitution Public KeyTransposition Secret Key
BlockStream
Steganography

4. Symmetric Encryption Terms

Alice
Bob
Plain text Plain textCipher text
Key Key
Encryption
Algorithm
Decryption
Algorithm

5. Data Encryption Standard
 OUTLINE
 History
 Encryption
 Key-generation
 Decryption
 Strength of DES

6. History
 DES is a 64 bit block cipher which means that it encrypts
data 64 bits at a time.
 In 1971, IBM developed an algorithm, named LUCIFER
which operates on a block of 64 bits, using a 128-bit key
 Walter Tuchman, an IBM researcher, refined LUCIFER
and reduced the key size to 56-bit, to fit on a chip.
 In 1977, the results of Tuchman’s project of IBM was
adopted as the Data Encryption Standard by NSA (NIST).
 AES is an important algorithm and was originally meant
to replace DES

7. A Simplified DES Algorithm
 Key words
 Substitution is simply a mapping of one value to
another
 Permutation is a reordering of the bit positions for
each of the inputs.
 techniques are used a number of times in iterations
called rounds
 S-boxes are basically non-linear substitution tables
where either the output is smaller than the input or
vice versa

8. A Simplified DES Algorithm
 DES expects two inputs the plaintext to be encrypted and
the secret key(64 bit block cipher, key size used is 56
bits)
 Initial permutation rearranging the bits to form the
“permuted input”.
 followed by 16 iteration of the same function substitution
and permutation.
 Finally, the pre output is passed through a permutation
which is simply the inverse of the initial permutation

9. Encryption

10. Encryption(round 1)

11. Initial Permutation
 IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
 IP-1
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

12. Expansion
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 45 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
9 13 30 6 22 11 4 25
 E  P
ExpansionExpansion

13. Encryption(round 1)

14. Encryption(round 1) S-Box

15. Encryption(round 1) S-Box

16. Key Generation

17. Key Generation
D0C0
Input Key
Permuted Choice One (PC-1)
Permuted Choice Two (PC-2)
Schedule of Left Shifts
Di-1Ci-1
DiCi
▪
▪
▪
▪
▪
▪
Key
i

18. Key Generation
1 2 3 4 5 6 7 8
9 10 11 12 13 14 15 16
17 18 19 20 21 22 23 24
25 26 27 28 29 30 31 32
33 34 35 36 37 38 39 30
41 42 43 44 45 46 47 48
49 50 51 52 53 54 55 56
57 58 59 60 61 62 63 64
Input key
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 26
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
PC-1

19. Key Generation
14 17 11 24 1 5 3 28
15 6 21 10 23 19 12 4
26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40
51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32
PC-2
RN 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Bits 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Schedule of Line Shift

20. Strength
 Criticism
 Reduction in key size of 72 bits
 Too short to withstand with brute-force attack
 S-boxes were classified.
 Weak points enable NSA to decipher without key.
 56-bit keys have 256 = 7.2 x 1016 values
 Brute force search looks hard.
 A machine performing one DES encryption per microsecond
would take more than a thousand year to break the cipher.
 DES exhibits a strong avalanche effect.
 If a small change in either the plaintext or the key, the ciphertext
should change markedly.

21. Advance Encryption Standard
 Outline
 Origin
 The AES Cipher
 AES Encryption & Decryption
 AES Key Expansion
 Implementation Aspect

22. AES-Origin
 Clear a replacement for DES was needed
 have theoretical attacks that can break it
 have demonstrated exhaustive key search attacks
 Can use Triple-DES – but slow, has small blocks
 US NIST issued call for ciphers in 1997
 15 candidates accepted in Jun 98
 5 were shortlisted in Aug-99
 Rijndael was selected as the AES in Oct-2000
 issued as FIPS PUB 197 standard in Nov-2001

23. The AES Cipher - Rijndael
 Designed by Rijmen-Daemen in Belgium
 Has 128/192/256 bit keys, 128 bit data
 An iterative rather than Feistel (DES) cipher
 processes data as block of 4 columns of 4 bytes
 operates on entire data block in every round
 Designed to have:
 resistance against known attacks
 speed and code compactness on many CPUs
 design simplicity

24. The AES Cipher
 Block length is limited to 128 bit
 The key size can be independently specified to 128,
192 or 256 bits
Key size
(words/bytes/bits)
4/16/128 6/24/192 8/32/256
Number of rounds 10 12 14
Expanded key size
(words/byte)
44/176 52/208 60/240

25. AES
Encryption

26. The AES Cipher
 Key received as input array of 4 rows and Nk columns
 Nk = 4,6, or 8, parameter which depends key size
 Input key is expanded into an array of 44/52/60 words of
32 bits each
 4 different words serve as a key for each round
k0 k4 k8 k12
k1
k2
k3
k5
k6
k7
k9
k10
k11
k13
k14
k15
w0 w1 w2 …… w43W42

27. The AES Cipher
 AddRoundKey() – round key is added to the State using
XOR operation
 MixColumns() – takes all the columns of the State and mixes
their data, independently of one another, making use of
arithmetic over GF(2^8)
 ShiftRows() – processes the State by cyclically shifting the
last three rows of the State by different offsets
 SubBytes() – uses S-box to perform a byte-by-byte
substitution of State
 The four stages are as follows: Substitute bytes, Shift rows,
Mix Columns , Add Round Key
 The tenth round simply leaves out the Mix Columns stage.

28. The AES Cipher(Round-1)
Add round key
Substitute bytes
Shift rows
Mix columns
Add Round key
Substitute bytes
Shift rows
Mix columns
Add round key
Substitute bytes
Shift rows
Add round key
plaintext
Cipher text
key
W[4,7] W[36,39] W[40,43]
Round1
Round9

29. The AES Cipher
 Only Add round key makes use of the key
 Other three functions are used for diffusion and
confusion
 Final round consists of only three stages

30. The AES Structure

31. Substitute Byte
 A simple substitution of each byte
 It uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
 Each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)
 S-box constructed using defined transformation of
values in GF(28)
 Designed to be resistant to all known attacks

32. Substitute Byte

33. S-Box Substitution

34. S-Box Substitution

35. Substitute Byte Example

36. Shift Rows
 A circular byte shift in each each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
 Decrypt inverts using shifts to right
 Since state is processed by columns, this step
permutes bytes between the columns

37. Shift Rows Example

38. Mix Columns Transformation
 Each column is operated on individually
 each byte is replaced by a value dependent on all 4 bytes
in the column
 The Mix Columns transformation of a single column j (0
j 3) of state can be expressed as:
 S0 0,j = (2 • s0,j) (3 • s1,j) s2,j s3,j
 S0 1,j = s0,j (2 • s1,j) (3 • s2,j) s3,j
 S0 2,j = s0,j s1,j (2 • s2,j) (3 • s3,j)
 S0 3,j = (3 • s0,j) s1,j s2,j (2 • s3,j)

39. Mix Columns Transformation

40. Mix Columns Example

41. Add Round Key
XOR each byte of the round key with its corresponding byte in
the state array
S0,0 S0,1 S0,2 S0,3
S1,0 S1,1 S1,2 S1,3
S2,0 S2,1 S2,2 S2,3
S3,0 S3,1 S3,2 S3,3
S’0,0 S’0,1 S’0,2 S’0,3
S’1,0 S’1,1 S’1,2 S’1,3
S’2,0 S’2,1 S’2,2 S’2,3
S’3,0 S’3,1 S’3,2 S’3,3
S0,1
S1,1
S2,1
S3,1
S’0,1
S’1,1
S’2,1
S’3,1
R0,0 R0,1 R0,2 R0,3
R1,0 R1,1 R1,2 R1,3
R2,0 R2,1 R2,2 R2,3
R3,0 R3,1 R3,2 R3,3
R0,1
R1,1
R2,1
R3,1
XOR

42. AES Key Expansion
 takes 128-bit (16-byte) key and expands into
array of 44/52/60 32-bit words
 start by copying key into first 4 words
 then loop creating words that depend on
values in previous & 4 places back
 in 3 of 4 cases just XOR these together
 1st word in 4 has rotate + S-box + XOR round
constant on previous, before XOR 4th back

43. AES Key Expansion

44. AES Decryption
 AES decryption is not identical to encryption
since steps done in reverse
 but can define an equivalent inverse cipher
with steps as for encryption
 but using inverses of each step
 with a different key schedule

45. AES Decryption
All functions are easily
reversible and their
inverse form is used in
decryption
Decryption algorithm is
not identical to the
encryption algorithm
Again, final round consists
of only three stages

46. Implementation Aspect
 Can efficiently implement on 8-bit CPU
 Byte substitution works on bytes using a table of 256
entries
 Shift rows is simple byte shift
 Add round key works on byte XOR’s
 Mix columns requires matrix multiply in GF(28)
which works on byte values, can be simplified to use
table lookups & byte XOR’s

47. Implementation Aspect
 Can efficiently implement on 32-bit CPU
 redefine steps to use 32-bit words
 can pre compute 4 tables of 256-words
 then each column in each round can be computed
using 4 table lookups + 4 XORs
 at a cost of 4Kb to store tables
 Designers believe this very efficient implementation
was a key factor in its selection as the AES cipher