Scribd Logo
Upload

Welcome to Scribd!

  • AES

    Uploaded by

    Jacob Lee
    44 views21 pages
    AES presentation

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AES presentation

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views21 pages

    AES

    Uploaded by

    Jacob Lee
    AES presentation

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    AES

    DES challenge
    DES
    Challenge

    1997 1 96

    R.Verser

    -DESHALL
    -
    - 24.6%

    II

    1998 1 41

    Distributed.Net - 22,000
    - 50,000 CPU

    II-2

    1998 7 56

    EFF

    III

    1999 1 22
    15

    EFF
    -Deep Crack
    &
    - 10 PC
    Distrubuted.Net - 2,450

    -DES Cracker ($250,000)


    - 880

    AES (Advanced Encryption


    Standard)
    1997

    Aes

    1998

    15

    1999

    MARS ,RC6 ,Rijndael


    ,Serpent ,
    Twofish

    2001

    Rijndael


    : 128
    : 128/192/256

    : J.Daemen, v.Rijmen

    AES Pseudo
    AES(in,out,key)
    {
    KeyExpansion(Key,RoundKey)
    state = in
    AddRoundKey (state,RoundKey[0])
    for round=1 step 1 to Nr-1
    SubBytes(stats)
    ShiftRows(stats)
    MixColumns(stats)
    AddRoundKey(stats,RoundKey[i]
    end for
    SubBytes(stats)
    ShiftRows(stats)
    AddRoundKey(stats,RoundKeyp[Nr])
    out = stats
    }

    Smplified Rijndael Scheme

    Rijndeal Structure
    : 128 , : 128/192/256
    : 10 / 12 / 14 SPN
    Nr
    - Byte
    - layer
    Linear mixing
    layer

    Nb=4

    Nb=6

    Nb=8

    Nk=4

    10

    12

    14

    Nk=6

    12

    12

    14

    Nr : rounds

    Nk=8

    14

    14

    14

    Nb : block size /
    32bit


    ShiftRow(state) ,
    MixColumn(state)

    Non-linear Layer S-box


    ByteSub(state)
    Key Addition
    Layer

    state EXOR
    AddRoundKey(state)

    Nk : key size /
    32bit

    State

    Rijndael (state) 2
    State 2 . 4 ,
    Nb .
    A0,0

    A0,1

    A0,2

    A0,3

    K0,0

    K0,1

    K0,2

    K0,3

    A1,1

    A1,1

    A1,2

    A1,3

    K1,1

    K1,1

    K1,2

    K1,3

    A2,0

    A2,1

    A2,2

    A2,3

    K2,0

    K2,1

    K2,2

    K2,3

    A3,0

    A3,1

    A3,2

    A3,3

    K3,0

    K3,1

    K3,2

    K3,3

    Nb =4 block state Nk = 4
    key state

    ex) 128 : EA 83 5C F0 04 45 33 2D 65 5D 98 AD
    85 96 B0 C5
    EA

    04

    65

    85

    83

    45

    5D

    96

    5C

    33

    98

    B0

    F0

    2D

    AD

    C5

    GF(28)

    GCD(d,f)=1 d modulo f .
    d<f , dd-1=1 mod f d-1<f
    Extended Euclid(d,f)
    1. (X1, X2, X3)<-(1,0,f);(Y1, Y2, Y3)<-(0,1,d)
    2. If X3= 0 return X3=GCD(d,f); no inverse
    3. If X3 = 1 return Y3=GCD(d,f); Y2=d-1 mod f
    4. Q = X3 / Y3
    5. (T1, T2, T3) <- (X1-QY1, X2-QY2, X3-QY3)
    6. (X1, X2, X3) <- (Y1, Y2, Y3)
    7. (Y1, Y2, Y3) <- (T1, T2, T3)
    8. Goto 2

    GF(28)
    ex) GF(28) 95
    GCD(95,m(x))=1
    m(x)=x8 +x4 +x3+x+1
    b(x)=x7 +x4 +x2+1
    A1(x)=1 , A2(x)=0 , A3(x) = x8 +x4 +x3+x+1
    B1(x)=0 , B2(x)=1 , B3(x) = x7 +x4 +x2+1
    1.Q(x)=(x8 +x4 +x3+x+1) /(x7 +x4 +x2+1) = x
    [T1,T2,T3]<-[1-x0 ,0-x1 , (x8 +x4 +x3+x+1) x(x7 +x4 +x2+1)]
    A1(x)=0 A2(x)=1 A3(x)=x7 +x4 +x2+1
    B1(x)=1 B2(x)=x B3(x)=x5 +x4+1
    2.Q(x)= (x7 +x4 +x2+1) / (x5 +x4+1) = x2 +x+1
    [T1,T2,T3]<-[0-(x2 +x+1)1 ,1-(x2 +x+1)x , (x7 +x4 +x2+1) (x2 +x+1)(x5 +x4 +1)]
    A1(x)=1 A2(x)=x A3(x)=x5 +x4 +1
    B1(x)=x2 +x+1 B2(x)=x3+x2 +x+1 B3(x)=x
    3.Q(x)=(x5+x4 +1) / x = x4 +x3
    [T1,T2,T3]<-[1-(x4 +x3)(x2 +x+1) ,x-(x4 +x3)(x3+x2 +x+1) , (x5 +x4 +1) (x4 +x3)x]
    <-[x6 +x3 , x7+x3 +x ,1]
    A1(x)=x2 +x+1 A2(x)=x3+x2 +x+1 A3(x)=x
    B1(x)=x6 +x3 B2(x)=x7+x3 +x B3(x)=1
    B3(x)=1 B2(x)=B(x)-1 mod m(x)
    B2(x)=x7+x3 +x = 8A
    95-1 = 8A

    Substitute Bytes
    Transformation
    state

    16x16 s-box
    8 4 , 4 .

    Substitute Bytes Transformation


    S-box() m(x) = x8 +x4 +x3+x+1 .

    s-box() 00,01,...,FF .
    GF(28) . 00 -> 00
    b7b6b5b4b3b2b1b0 .
    bi =bi b(i+4)mod 8 b(i+6)mod 8 b(i+7)mod 8 ci
    i 0 ~ 7 . 63 1 .

    95 =

    95-1 = 8A

    S-box

    Inverse Substitute Bytes


    Transformation
    Inverse s-box s-box() bi =bi b(i+4)mod 8 b(i+6)mod 8 b(i+7)mod 8 ci

    GF(28) .

    bi = b(i+2)mod 8 b(i+5)mod 8 b(i+7)mod 8 di


    0 0 1 0 0 1 0 1

    d 63 05 .
    1 0 0 1 0 0 1 0

    b 0

    b0
    0 1 0 0 1

    b 1
    b 2
    b

    b 4
    b 5
    b 6
    b

    0 0 1

    1 0 1 0 0 1 0 0

    =
    0 1 0 1 0 0 1 0
    0 0 1 0 1 0 0 1
    1 0 0 1 0 1 0 0
    0 1 0 0 1 0 1 0

    b1
    b2
    b3
    b4
    b5
    b6
    b7

    1
    0
    1
    0
    0
    0
    0
    0

    Inverse S-box

    Shift row Transformation


    index circular shift .

    Mix Column
    Mix column state column GF() a(x)
    c(x) a(x) c(x) mod (x4+1) .
    c(x) = 03 x3 + 01 x2 + 01 x + 02
    d(x) = 0Bx3 + 0Dx2 + 09x + 0E
    m(x) = x4+1
    4 a(x) b(x)
    a(x)= a3x3 +a2x2 +a1x+a0 , b(x)= b3x3 +b2x2 +b1x+b0
    c(x)= a(x)b(x)
    c(x)= c6x6 +c5x5 +c4x4 +c3x3 +c2x2 +c1x1+c0
    c0 = a0b0
    c1 = a1b0
    c2 = a2b0
    c3 = a3b0
    a0b3
    c4 = a3b1
    c5 = a3b2
    c6 = a3b3

    a0 b1
    a1b1 a0b2
    a2b1 a1b2
    a2b2 a1b3
    a2b3

    Mix Column
    c(x) 4 mod m(x)
    .
    c(x)mod m(x)= d(x) = d3x3 +d2x2 +d1x+d0
    = c3x3 +c2x2+c6x2 +c1x+c5x+c4
    +c0
    d0 = a0b0 a3b1 a2b2
    d1 = a1b0 a0b1 a3b2
    d2 = a2b0 a1b1 a0b2
    d3 = a3b0 a2b1 a1b2

    .
    a0
    a3 a
    2 a1

    d2
    d3

    a1b3
    a2 b3
    a3 b3
    a0 b3

    b0

    d0

    a1 a0 a3 a2
    =
    a2 a1 a0 a3

    b1

    d1

    b2

    d2

    02 03 01 01 b
    0
    01 02 03 01 b1
    =
    01 01 02 03 b2

    a3 a2 a1 a0

    b3

    d3

    03 01 01 02 b3

    d0
    d1

    Mix Column

    02 03 01 01
    01 02 03 01
    01 01 02 03
    03 01 01 02

    87
    6E
    46
    A6

    47
    37
    94
    ED

    The round key addition


    state EXOR .

    Key expansion Pseudo code

    Key expansion
    128 4Nr+4 32

    You might also like