Advanced Encryption Standard (AES) Introduction

ADVANCED ENCRYPTION STANDARD
CHAPTER - 1
INTRODUCTION
1.1 ADVANCED ENCRYPTION STANDARD-RIJNDAEL CIPHER
AES stands for advanced encryption standard. AES is symmetric key encryption algorithm which replaces the commonly used data encryption standard (DES).AES provides strong encryption and was selected by NIST as a federal information processing standard in November 2001 (FIPS-197). The AES algorithm uses three key sizes:128-, 192-, or 256- bit encryption key. Each encryption key size causes the algorithm to behave slightly different, so the increasing key sizes not only offer a large number of bits with which you can scramble the data, but also increases the complexity of cipher algorithm. AES was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. AES is an algorithm for performing encryption (and reverse, decryption).the series of well-defined steps that can be followed as a procedure. The original information is known as plain text,and the encrypted form as cipher text. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt(decipher) information. Encryption converts data to an unintelligible form called cipher text; decrypting the cipher text converts the data back to its original form, called plain text. AES can be used to protect electronic data.
BLOCK DIAGRAM:
Plaintext /ciphertext 128 bit
Encrypt/Decrypt
output 128-bit(plain text)
Round
128 bit key input
Clk2 Secret key 128,192,256
Key Schedule Generation
Department of Electronics and Communication Engineering,SKEC
Page 1
Figure 1.1 block diagram of AES algorithm[1]
The cipher text message contains all the information of the plaintext message, but is not in a format readable by a human or computer without the proper mechanism to decrypt it. The encrypting procedure is varied depending on the key which changes the detailed operation of the algorithm. Without the key, the cipher cannot be used to encrypt or decrypt.
1.2 ENCRYPTION:
Encryption is the transformation of plain text into cipher text through a mathematical process
plain text key cipher
cipher text
ENCRYPTION
Figure 1.2 Block Diagram Of Encryption Process
1.3 DECRYPTION:
Decryption is a process to convert cipher text back into plain text
Cipher text
plain text
Cipher key
DECRYPTION
Figure 1.3 block diagram of decryption process
1.4 APPLICATION OF CRYPOTGRAPHY:

Cryptography helped ensure secrecy in important communications, such as those of government convert operations. This is helpful in wireless security like military communication and mobile telephony where there is a greater emphasis on the speed of communication (military leaders and diplomats).
Cryptography has come to be in widespread use by many civilians
who do not have extraordinary needs for secrecy

Department of Electronics and Communication Engineering,SKEC Page 2
CHAPTER - 2
THEORY 2.1 BACKGROUND OF THE ALGORITHM:
Many algorithms were originally presented by researchers from twelve different Nations. Fifteen (15) algorithms were selected from the first set of submittals. After a study and selection process five, (5) were chosen as finalists. The five algorithms selected were MARS, RC6, RIJNDAEL, SERPENT and TWOFISH. The conclusion was that the five Competitors showed similar characteristics. On October 2nd 2000, NIST announced that the Rijndael Algorithm was the winner of the contest. The Rijndael Algorithm was chosen since it had the best overall scores in security, performance, efficiency, implementation ability and flexibility, [NIS00b]. The Rijndael algorithm was developed by Joan Daemen of Proton World International and Vincent Fijmen of Katholieke University at Leuven. The Rijndael algorithm is a symmetric block cipher that can process data blocks of 128 bits through the use of cipher keys with lengths of 128, 192, and 256 bits. The Rijndael algorithm was also designed to handle additional block sizes and key lengths. However, the additional features were not adopted in the AES. The hardware implementation of the Rijndael algorithm can provide either high performance or low cost for specific applications. At backbone communication channels or heavily loaded servers it is not possible to lose processing speed, which drops the efficiency of the overall system while running cryptography algorithms in software. On the other side, a low cost and small design can be used in smart card applications, which allows a wide range of equipment to operate securely.
2.1.1 AES OVERVIEW:

1976-2000: The Data Encryption Standard (DES) is considered the standard for block ciphers by NIST. 1997-2001: With des becoming outdated NIST announces competition to design a successor.
Page 3
2001:Rijndeal, designed by Joan Daemen and Vincent Rijmen , is selected by NIST as a AES
2.1.2 PROPERTIES OF AES:

Based in finite mathematic, widely analysed and considered secure, Used for US government top secret data, Supports 128, 196, 256 bit keys, Unpatented, Expected to be the standard for 20+years
2.2 TYPES OF CYPHERS:

There are two classes of algorithm in encryption, an asymmetric key and symmetric key.The following sub sections describe the both classes and a brief discussion of algorithm is added as well.
2.2.1 ALGORITHM:
Algorithm is a process for completing a task. An encryption algorithm is a mathematical process (mathematical formula) to encrypt and decrypt messages it typically has two elements:data (for example , plain text or email message that you want to encrypt or decrypt) and a key.
2.2.2 SYMMETRIC ENCRYPTION:

Symmetric encryption uses a secret key value to encrypt and decrypt data. Both the sender and receiver need the same key to encrypt or decrypt. There are two types of symmetric algorithms: stream algorithms and block algorithms. The stream algorithm works on one bit or byte at a time, whereas the block algorithm works on larger blocks of data (typically 64 bits ).the drawback of to this type of system is that if the key is discovered, all the messages can be decrypted. Symmetric key is the key that is used to for encrypting and decrypting a file or a message. Examples of symmetric encryption are DES\3DES, AES, IDEA, RC6 and Blowfish.
Page 4
2.2.3 SYMMETRIC KEY OR PRIVATE KEY:

In a symmetric or private key algorithm, in the ordinary case, the communication only uses only one key. A user A sends the secret private key K c to a B user before the start of the communication between them. Both sides use the same private key to encrypt and decrypt the exchanged information. Data encryption standard (DES) and CAST128 are example of symmetric algorithm. The symmetric algorithm is much faster than a asymmetric key algorithm, which needs a bigger key and complex computation. To encrypt a large amount of data, symmetric key algorithm is used with one secrete key. the public key algorithm then used to encrypt and transmit the symmetric key. At the recipient, the symmetric key is decrypted. After that all communication is made using a symmetrical algorithm. There are two classes of private key cryptography scheme which are commonly distinguished as block ciphers and stream ciphers.
Private key kc Private key kc
Cipher text Plain text
ENCRYPTION
User A
Unsecured channel
DECRYPTION
User B
plaintext
Figure 2.1 2.1private key cryptography
Private key is a secret key of public-private key cryptography system (it is used in asymmetric cryptography). The private key is normally known only to the key owner. Messages are encrypted using a public key and can be decrypted by the owner of the corresponding private key. For the digital signatures, however, a document is signed with a private key and authenticated with the corresponding public key. Private key should not be distributed.
2.2.4 ASYMMETRIC ENCRYPTION:

Asymmetric encryption (asymmetric cipher) uses a separate key for encryption and decryption. The decryption key is very hard or even impossible to derive from the encryption key . the encryption key is public so that anyone can encrypt a message . however , the decryption key is private , so that only the receiver is able to decrypt the message. it is common to set up a pair of keys within a network so that each user has public key and a private key .The public key is made available to everyone so
that they can send messages, but the private key is only made available to the person it belongs to. Asymmetric cipher that uses different (not trivially related) keys for encryption and decryption. Asymmetric cipher that uses different (not trivially related) keys for encryption and decryption. Examples of asymmetric encryption are RSA, ELGAMAL.
2.2.5 ASYMMETRIC KEY FOR PUBLIC KEY:

as an alternative to RSA which In asymmetric key algorithm, there are two keys. One must be public and it is used to encrypt the data. The other key is a private one and it is used to decrypt the information. In communication between A and B,A uses the public key ke of B to encrypt the message ,in a way that only B(neither A).can decrypt this message using his private key Kd. The system is also used to sign a message digitally. Rivest Shamir - Adleman (RSA) is widely used asymmetric key algorithm for decrease elliptic curve cryptography (ECCoffers highest security its small bit length of key.
Private key ke Cipher text Plain text
Private key kd
ENCRYPTION
User A Unsecure channel
DECRYPTION
User B
plaintext
Figure:2.2 public key cryptography.
A public key is the public key of a public-private key cryptography system. Public key is used in asymmetric cryptography. Public keys are used to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message. Cryptography based on methods involving a public key and a private key.
Page 6
2.2.6 CIPHER TEXT:

This is the encrypted message produced by applying the algorithm to the plaintext message using the secret key.
2.7 BLOCK CIPHER:

Block chipper is a type of the symmetric-key encryption algorithm that transforms a fixed-length block of plaintext data into block of cipher text data of the same length. This transformation takes places under the action of a user-provided secret key. Decryption is performed by applying the reverse transformation to the cipher text block using the same secret key. The fixed length is called the block size, and for many block ciphers, the block size is 64 and the block size increase to 128, 192 or 256 bits as processors become more sophisticated. Below figure illustrates the block cipher transformation. The cipher like DES, triple-DES and blowfish are example of block cipher.
Plaintext ciphertext
key
Block encryption
cipher
key
Block decryption
cipher
Ciphertext
Figure 2.3 block cipher
plaintext
Since different plaintext blocks are mapped to different cipher text blocks (to allow unique decryption), a block cipher effectively provides a permutation of the set of all possible messages. The permutation effected during any particular encryption is a secret, since it is a function of the secret key
Page 7
2.3 THE AES CIPHER:

Block length is limited to 128 bit The key size can be independently specified to 128,19 or 256 bits
Key 4/16/192 6/24/192 size(word/byte/bits) Number of rounds 10 12 Expanded key 44/176 size(words/byte) 52/208 8/32/256 14 60/240
Table 2.1: represented of key size, number of rounds, exapanded key size
2.4 NOTATION AND CONVENTIONS:

2.4.1. INPUTS AND OUTPUTS:
The input and output for the AES algorithm consists of sequences of 128 bits. These sequences are referred to as blocks and the numbers of bits they contain are referred to as their length. The Cipher Key for the AES algorithm is a sequence of 128,192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by this standard. The bits within such sequences are numbered starting at zero and ending at one less than the sequence length, which is also termed the block length or key length. The number i attached to a bit is known as its index and will be in one of the ranges 0 i<128, 0 i< 192 or 0 i< 256 depending on the block length or key length specified.
2.4.2. BYTES:
The basic unit of processing in the AES algorithm is a byte , which is a sequence of eight bits treated as a single entity. The input, output and Cipher Key bit sequences described in Section 1.1 are processed as arrays of bytes that are formed by dividing these sequences into groups of eight contiguous bits to form arrays of bytes. For an input, output or Cipher Key denoted by a, the bytes in the resulting array are referenced using one of the two forms, an or a[n], where n will be in a range that depends on the key length. For a key length of 128 bits, n lies in the range 0 n < 16. For a key length of 192 bits, n lies in the range 0 n < 24. For a key length of 256 bits, n lies in the range 0 n < 32.
All byte values in the AES algorithm are presented as the concatenation of the individual bit values, (0 or 1), between braces in the order{b7, b6, b5, b4, b3, b2, b1, b0}.These bytes are interpreted as finite field elements using a polynomial representation b7 x7+ b6 x6+ b5 x5+ b4 x4+ b3 x3+ b2 x2+ b1 x1+ b0x0=bi xi ---------->(1) For example, {01100011} identifies the specific finite field element x6 + x5 + x +1. It is also convenient to denote byte values using hexadecimal notation with each of two groups of four bits being denoted by a single hexadecimal character. The hexadecimal notation scheme is depicted in Figure.1.
Table 2.2 Hexadecimal Representation of Bit Patterns[1]
Hence the element {01100011} can be represented as {63}, where the character denoting the four-bit group containing the higher numbered bits is again to the left. Some finite field operations involve one additional bit {b8} to the left of an 8bit byte. When the b8 bit is present, it appears as {01} immediately preceding the 8bit byte. For example, a 9-bit sequence is presented as {01} {1b}.
2.4.3. ARRAYS OF BYTES:

Arrays of bytes are represented in the form a0a1a2a15. The bytes and the bit ordering within bytes are derived from the 128-bit input sequence, input0input1input2 input126input127 as a0 = {input0, input1, , input7} , a1 = {input8, input9, , input15} with the pattern continuing up to a15 = {input120, input121, , input127}. The pattern can be extended to longer sequences associated with 192 and 256 bit keys. In general, an = {input8n, input8n+1, , input8n+7}.
Page 9
An example of byte designation and numbering within bytes for a given input sequence is presented in Figure 2.
Figure 2.4: Indices for Bytes and Bits [1]
2.4.4. THE STATE:

Internally, the AES algorithms operations are performed on a two dimensional array of bytes called the State. The State consists of four rows of bytes. Each row of a state contains Nb numbers of bytes, where Nb is the block length divided by 32. In the State array, which is denoted by the symbol S, each individual byte has two indices. The first byte index is the row number r, which lies in the range 0 r 3 and the second byte index is the column number c, which lies in the range 0 c Nb1. Such indexing allows an individual byte of the State to be referred to as Sr,c or S[r,c]. For the AES Nb = 4, which means that 0 c 3. At the beginning of the Encryption and Decryption the input, which is the array of bytes symbolized by in0in1in15 is copied into the State array. This activity is illustrated in Figure 3. The Encryption or Decryption operations are conducted on the State array. After manipulation of the state array has completed its final value is copied to the output, which is an array of bytes symbolized by out0out1out15.
Input state array output byte
Figure 2.5: State Array Input and Output [1]
At the start of the Encryption or Decryption the input array is copied to the State array with S[r, c] = in[r + 4c]
Page 10
where 0 r 3 and 0 c Nb1 At the end of the Encryption and Decryption the State is copied to the output array with out[r + 4c] = S[r,c] where 0 r 3 and 0 c Nb1.Input Bytes State Array Output Bytes
2.4.5. THE STATE AS AN ARRAY OF COLUMNS:

The four bytes in each column of the State form 32-bit words, where the row number r provides an index for the four bytes within each word. Therefore, the state can be interpreted as a one-dimensional array of 32 bit words, which is symbolized by w0...w3. The column number c provides an index into this linear State array. Considering the State depicted in Figure3, the State can be considered as an array of four words where w0 = S0,0 S1,0 S2,0 S3,0, w1 = S0,1 S1,1 S2,1 S3,1, w2 = S0,2 S1,2 S2,2 S3,2 w3 =S 0,3 S1,3 S2,3 S3,3.
2.4.6 MATHEMATICAL BACKGROUND:

Every byte in the AES algorithm is interpreted as a finite field element using the notation introduced in Section.1.1.2. All Finite field elements can be added and multiplied. However, these operations differ from those used for numbers and their use requires investigation.
2.4.6(A) ADDITION:
The addition of two elements in a finite field is achieved by adding the coefficients for the corresponding powers in the polynomials for the two elements. The addition is performed through use of the XOR operation, which is denoted by the operator symbol . Such addition is performed modulo-2. In modulo-2 addition
Page 11
1 1 = 0, 1 0 = 1, 01=1 and 0 0 =0.
Consequently, subtraction of polynomials is identical to addition of polynomials. Alternatively, addition of finite field elements can be described as the modulo-2 addition of corresponding bits in the byte. For two bytes {a7a6a5a4a3a2a1a0} and{b7b6b5b4b3b2b1b0}, the sum is {c7c6c5c4c3c2c1c0}, where each ci = ai bi where i represents corresponding bits. For example, the following expressions are equivalent to one another. (x6 + x4 + x2 + x +1) + (x7 + x +1) = x7 + x6 + x4 + x2 (Polynomial notation) {01010111} {10000011} = {11010100} (Binary notation) {57}{83} = {d4} (Hexadecimal notation)
2.4.6(B) MULTIPLICATION:
In the polynomial representation, multiplication in Galois Field GF (28) (denoted by) corresponds with the multiplication of polynomials modulo an irreducible polynomial of degree 8. A polynomial is irreducible if its only divisors are one and itself. For the AES algorithm, this irreducible polynomial is given by the equation (2). m(x) = x8 + x4 + x3 + x +1 For example, {57}{83} = {c1} because (2)
Page 12
(x6 + x4 + x2 + x +1)(x7 + x +1) = x13 + x11 + x9 + x8 + x7 + x7 + x5 + x3 +x2 + x + x6 + x4 + x2 + x + 1 = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 Modulo (x8 + x4 + x3 + x +1) = x7 + x6 +1. The modular reduction by m(x) ensures that the result will be a binary polynomial of degree less than 8, which can be represented by a byte. Unlike addition, there is no simple operation at the byte level that corresponds to this multiplication. The multiplication defined above is associative and the element {01} is the multiplicative identity. For any non-zero binary polynomial b(x) of degree less than 8, the multiplicative inverse of b(x), denoted b-1(x), can be found. The inverse is found through use of the extended Euclidean algorithm to compute polynomials a( x) and c(x) such that b(x)a(x) + m(x)c(x) = 1. Hence, a(x) b(x) mod m(x) = 1, which means b1 (x) = a(x)modm(x) Moreover, for any a(x), b(x) and c(x) in the field, it holds that a(x) (b(x) + c(x)) = a(x) b(x) + a(x) c(x) (5) (4) (3)
It follows that the set of 256 possible byte values, with XOR used as addition and multiplication defined as above, has the structure of the finite field GF (28).
2.4.6(C) MULTIPLICATION BY X:
Page 13
Multiplying the binary polynomial defined in equation (1) with the polynomial x results in b7 x8+ b6 x7+ b5 x6+ b4 x5+ b3 x4+ b2 x3+ b1 x2+ b0x1 (6) The result x b(x) is obtained by reducing the above result modulo m(x). If b7 equals zero the result is already in reduced form. If b7 equals one the reduction is accomplished by subtracting the polynomial m(x). It follows that multiplication by x, which is represented by {00000010} or {02}, can be implemented at the byte level as a left shift and a subsequent conditional bitwise XOR with {1b}. This operation on bytes is denoted by xtime(). Multiplication by higher powers of x can be implemented by repeated application of xtime(). Through the addition of intermediate results, multiplication by any constant can be implemented. For example, {57} {13} = {fe} because {57} {02} = xtime ({57}) = {ae} {57} {04} = xtime ({ae}) = {47} {57} {08} = xtime ({47}) = {8e}
{57} {10} = xtime ({8e}) = {07}, Thus, {57} {13} = {57} ({01} {02} {10}) = {57} {ae} {07} = {fe}.
2.5 Polynomials with Coefficients in GF (28):

Four-term polynomials can be defined with coefficients that are finite field elements as the following equation (7) a(x) = a3 x3 + a2 x2+ a1 x1 + a (7)
which will be denoted as a word in the form [a0 , a1 , a2 , a3 ]. Note that the polynomials in this section behave somewhat differently than the polynomials used in the definition of finite field elements, even though both types of polynomials use the same indeterminate, x. The coefficients in this section are themselves finite field elements, i.e., bytes, instead of bits; also, the multiplication of four-term polynomials
Page 14
uses a different reduction polynomial, defined below. To illustrate the addition and multiplication operations, let b(x) = b3 x3+ b2 x2 + b1 x1 + b (8)
define a second four-term polynomial. Addition is performed by adding the finite field coefficients of like powers of x. This addition corresponds to an XOR operation between the corresponding bytes in each of the words in other words, the XOR of the complete word values Thus, using the equations of (7) and (8), a( x) + b( x) = (a3b3) x3 + (a2b2)x2 + (a1 b1) x1 + (a0 b0)x0 Multiplication is achieved in two steps. In the first step, the polynomial product c(x) = a(x) b(x) is algebraically expanded, and like powers are collected to give c(x) = c6 x6 + c 5x5 + c4 x4 + c3 x3 + c2 x2 + c1 x1 + c0x0 where c0= a0. b0 c1= a1.b0 a0. b1 c2=a2 .b0 a1. b1 a0. b2 c3= a3. b0 a2. b1 a1. b2 a0. b3 c4=a3 .b1 a2. b2 a0. b3 c5= a3. b2 a2.b3 c6= a3. b3 The result, c(x), does not represent a four-byte word. Therefore, the second step of the multiplication is to reduce c(x) modulo a polynomial of degree 4; the result can be reduced to a polynomial of degree less than 4. For the AES algorithm, this is accomplished with the polynomial x4 + 1, so that xi mod(x4 +1) = ximod 4 . (11) (10) (9)
Page 15
The modular product of a(x) and b(x), denoted by a(x) b(x), is given by the fourterm polynomial d(x), defined as follows d(x) = d3 x3 + d2 x2 + d1 x1 + d0 with d0= (a0 .b0) (a3. b1) (a2 .b2) (a1. b3) d1 =(a1. b0) (a0. b1) (a3. b2) (a2. b3) d2= (a2 .b0) (a1. b1) (a0 .b2) (a3. b3) d3= (a3. b0) (a2 .b1) (a1. b2)( a0. b3) When a(x) is a fixed polynomial, the operation defined in equation (12) can be written in matrix form as the following equation (13) (12)
d0 d1 = d2 d3
a0 a3 a2
a1
b0 b1 b3 (13)
a1 a0 a3 a2 a2 a1 a0 a2 b2 a3 a2 a1 a0
Because x4 + 1 is not an irreducible polynomial over GF(28), multiplication by a fixed four-term polynomial is not necessarily invertible. However, the AES algorithm specifies a fixed four-term polynomial that does have an inverse is given by a(x) = {03}x3 +{01}x2 +{01}x +{02 a1 (x) = {0b}x3 +{0d}x2 +{09}x +{0e} (14) (15)
Another polynomial used in the AES algorithm has a0 = a1 = a2 = {00} and a3 ={01}, which is the polynomial x3. Inspection of equation (13) above will show that its effect is to form the output word by rotating bytes in the input word. This means that [b0,b1,b2, b3] is transformed into [b1, b2, b3, b0].
2.6. ENCRYPTION PROCESS:
Page 16
This block diagram is generic for aes specifications.it consists of a number of different transformations applied consecutively over the data block bits, in a fixed number of iterations, called rounds. The number of rounds depends on the length of the key used for the encryption process. A 128 bit input and output block of AES is mapped to an AES state by putting thefirst byte of the block in the upper left corner of the matrix and by filling in the remaining bytes column by column. A round consists of a fixed sequence of transformations. Except for the first round and the last round,
Block diagram:
SubBytes
ShiftRows Plain text
Mix Columns
Add Round Key
Roundkey
AddRoundKey
1st Round
SubBytes Roundkey Repeat Nr-1 Round Shift Rows MixColumns AddRoundKey
SubBytes Last Roundkey Round ShiftRows AddRoundKey
Figure 2.6:Block Diagram Of Encryption
.The other rounds are identical and consist of four transformations. The four
transformations are invertible, hence the round itself is invertibleData block
Page 17
SUBBYTES SHIFTROWS
MIXCOLUMNS Key ADDROUNDKEY
Data block
Figure 2.7:Structure Of The One Round
2.6.1. BYTES SUBSTITUTION TRANSFORMATION:

The bytes substitution transformation subbytes (state) is a non-linear substitution of bytes that operates independently on each byte of the State using a substitution table (Sbox) presented in figure7. This S-box which is invertible, is constructed by composing two transformations 1. Take the multiplicative inverse in the finite field GF (28), described in Section 1.3.2. The element {00} is mapped to itself. 2. Apply the following affine transformation (over GF (2)) b=bi b (i+4)mod8 b(i+5)mod8 b(i+6)mod8 b(i+7)mod8 ci (16) for 0 i 8 , where bi is the ith bit of the byte, and ci is the ith bit of a byte c with the value {63} or {01100011}. Here and elsewhere, a prime on a variable (e.g., b ) indicates that the variable is to be updated with the value on the right. In matrix form, the affine transformation element of the S-box can be expressed as
b0 1 0 0 0 b1 1 1 0 0 b2 1 1 1 0 b3 = 1 1 1 1 b4 1 1 1 1 b5 0 1 1 1 b6 0 0 1 1 b7 0 0 0 1 1 1 1 0 1 1 0 0 1 0 0 0 1 0 0 1 1 0 1 1 1 1 1 1 1 1 1 1 0 0 0 1 b0 b1 b2 b3 b4 b5 b6 b7 1 1 0 0 0 0 1 0
Figure 2.8 Matrix Notation Of S-Box
Page 18
Figure 2.9. Application of S-box to the Each Byte of the State [1]
The S-box used in the Sub Bytes transformation is presented in hexadecimal form in figure 7. For example, if =S1,1= {53}, then the substitution value would be determined by the intersection of the row with index 5 and the column with index 3 in figure 7. This would result in S'1,1having a value of {ed}.
Figure 2.10. S-box Values for All 256 Combinations in Hexadecimal Format [1]
2.6.2. Shift Rows Transformation:

In the Shift Rows transformation ShiftRows( ), the bytes in the last three rows of the State are cyclically shifted over different numbers of bytes (offsets). The first row, r =0, is not shifted. Specifically, the ShiftRows( ) transformation proceeds as follows S`r ,c = Sr,(c shift(r,Nb))modNb for 0< r < 4 and 0 cNb,
Page 19
Where the shift value shift(r, Nb) depends on the row number, r, as follows (Nb = 4) Shift(1,4) = 1: Shift(2,4) = 2; Shift(3,4) = 3. This has the effect of moving bytes to lower positions in the row (i.e.,lower values of c in a given row), while the lowest bytes wrap around into the top of the row (i.e., higher values of c in a given row). Figure 7 illustrates the ShiftRows() transformation.
Figure 2.11. Cyclic Shift of the Last Three Rows of the State [1]
2.6.3. Mixing of Columns Transformation:

This transformation is based on Galois Field multiplication. Each byte of a column is replaced with another value that is a function of all four bytes in the given column. The MixColumns( ) transformation operates on the State column-by-column, treating each column as a four-term polynomial as described in Section.1.3.4. The columns are considered as polynomials over GF (28) and multiplied modulo x4 + 1 with a fixed polynomial a(x), given by the following equation. a(x) = {03}x3 +{01}x2 +{01}x1 +{02}x0. As described in Section. 1.3.4, this can be written as a matrix multiplication. Let S ' (x) = a(x) S(x)
Page 20
S '0,c S '1,c = S '2,c

S '3,c
02 03 01 01 01 02 03 01 01 01 02 03
S0,c S1,c S2,c

S3,c for 0 c < Nb.
03 01 01 02
As a result of this multiplication, the four bytes in a column are replaced by the following S '0,c =({02}. S0,c ) ({03}.S1,c) ({01}.S2,c) ({01}.S3,c ) S '1,c =({01}. S0,c ) ({02}.S1,c) ({01}.S2,c) ({01}.S3,c ) S '2,c =({01}. S0,c ) ({01}.S1,c) ({02}.S2,c) ({03}.S3,c ) S '3,c =({03}. S0,c ) ({01}.S1,c) ({01}.S2,c) ({02}.S3,c )
Figure 2.12. Mixing of Columns of the State [1]
Understanding Of Calculations For Mix-Columns
For detailed understanding of calculations for mix-columns is as follows The mix columns theory is calculated using this formula[1]: r0 r1 r2 r3 = 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2 a0 a1 a2 a3
Page 21
where r0, r1, r2 and r3 are the results after the transformation. a0 a3 can be obtain from the matrix after the data undergoes substitution process in the S-Boxes. Let's take this example:
a0-a3
r0-r3 02 d4 01 Bf 5d 30 03 01 01 02 03 01 = 04 66 81 e5 01 01 02 03 03 01 01 02
In this
example, a0 a3 is equals
to d4 30 and r0 r3 is equals to 04 e5. note that in this it still follows the matrix multiplication rules: row x column. Currently the matrix size looks like this: [4 x 1] . [4 x 4] [4 x 1] Remember matrix idea of multiplication, to obtain [4 x 1], then the formula to be [4 x 4] . [4 x 1] = [4 x 1] Therefore to switch matrices over.
d4 bf 5d 30 01 02 03 01 x 01 01 02 03 03 01 01 02 = 04 66 81 e5
02 03 01 01
Page 22
To calculate the results, multiply the rows with the column. Firstly, take the first row of the first matrix and multiply the values with a's values. To get the r0 value, the formula goes like this: r0 = {02.d4} + {03.bf} + {01.5d} + {01.30} But when calculating directly go into the steps one at a time. 1. {02.d4} Now converting d4 to binary. d4 is a byte so when using the Calculator change it to byte under Hex mode. d4 = 1101 0100 Now d4 is exactly 8 bits. In the case where never get a 8 bits long characters such as 25 in Hex (converted: 100101), pad on with 0 in the front of the result until 8 characters of 1's and 0's. (25 ends up with 0010 0101) Now another thing to remember, there is a rule established in the multiplication of the values as written in the book, Cryptography and Network Security[2], that multiplication of a value by x (ie. by 02) can be implemented as a 1bit left shift followed by a conditional bitwise XOR with (00011011) if the leftmost bit of the original value (before the shift) is 1. now implement the rule in the calculation. {d4}.{02} = 1101 0100 << 1 (<< is left shift, 1 is the number of shift done, pad on with 0's) = 1010 1000 XOR 0001 1011 (because the leftmost is a 1 before shift) = 1011 0011 (ans) Calculation: 1010 1000 0001 1011 (XOR) 1011 0011 Now do the same for next set of values, {03.bf}
Page 23
2. {03.bf} Similarly, convert bf into binary: bf = 1011 1111 In this case, multiply 03 to bf. split 03 up in its binary form. 03 = 11 = 10 XOR 01 It is now able to calculate the result. {03} . {bf} = {10 XOR 01} . {1011 1111} = {1011 1111 . 10} XOR {1011 1111 . 01} = {1011 1111 . 10} XOR {1011 1111} (Because {1011 1111} x 1[in decimal] = 1011 1111) = 0111 1110 XOR 0001 1011 XOR 1011 1111 = 1101 1010 (ans) {01.5d} and {01.30} is basically multiplying 5d and 30 with 1(in decimal) which end up with the original values. There isn't a need to calculate them using the above method. But its is not needed to convert values to binary form. 5d = 0101 1101 30 = 0011 0000 Now, add those values together. As the values are in binary form, addition will be using XOR. r0 = {02.d4} + {03.bf} + {01.5d} + {01.30} = 1011 0011 XOR 1101 1010 XOR 0101 1101 XOR 0011 0000 = 0000 0100 = 04 (in Hex)
Page 24
Now for the next row. r1 = {01.d4} + {02.bf} + {03.5d} + {01.30} 1. {02.bf} {bf} . {02} = 1011 1111 << 1 = 0111 1110 XOR 0001 1011 = 0110 0101 2. {03.5d} {5d} . {03} = {0101 1101. 02} XOR { 0101 1101} = 1011 1010 XOR 0101 1101 = 1110 0111 Therefore, r1 = {01.d4} + {02.bf} + {03.5d} + {01.30} = 1101 0100 XOR 0110 0101 XOR 1110 0111 XOR 0011 0000 = 0110 0110 = 66 (in Hex) second values are obtained, 66. Do the same for the rest and will get all the results.
2.6.4 Addition of Round Key Transformation

In the Addition of Round Key transformation AddRoundKey( ), a Round Key is added to the State by a simple bitwise XOR operation. Each Round Key consists of Nb words from the key schedule generation (described in following section 2.6). Those Nb words are each added into the columns of the State, such that [S'0,c , S'1,c , S'2,c , S'3,c ] = [S0,c ,S1,c,S2,c ,S3,c ] [Wround
Nb
] for 0 c<Nb
Page 25
Figure 2.13. Exclusive-OR Operation of State and Cipher Key Words [1]
where [wi] are the key generation words described in chapter 3, and round is a value in the range in the Encryption, the initial Round Key addition occurs when round = 0, prior to the first application of the round function. The application of the AddRoundKey ( ) transformation to the Nr rounds of the encryption occurs when 1 round Nr. The action of this transformation is illustrated in figure10, where l = round * Nb. The byte address with in words of the key schedule was described in Section1.2.1.
2.6.5 Key Schedule Generation

Each round key is a 4-word (128-bit) array generated as a product of the previous round key, a constant that changes each round, and a series of S-Box (figure6) lookups for each 32-bit word of the key. The first round key is the same as the original user input. Each byte (w0 - w3) of initial key is XORd with a constant that depends on the current round, and the result of the S-Box lookup for wi, to form the next round key. Key length (nk words) 4 6 8
Table 2.3. Key-Block- Round Combinations [1]
AES-128 AES-192 AES-256
Block size (nb word) 4 4 4
Number of Rounds(nr) 10 12 14
Page 26
The Key schedule Expansion generates a total of Nb(Nr + 1) words: the algorithm requires an initial set of Nb words, and each of the Nr rounds requires Nb words of key data. The resulting key schedule consists of a linear array of 4-byte words, denoted [wi], with i in the range 0 i < Nb(Nr + 1). Prior to encryption or decryption the key must be explanded.the expanded key is used in the add round key function. Each time the add round key function is called a different part of the expanded key is XORed against the state. In order for this to work the expanded key must be large enough so that it can provide key material for every time the add round key function is executed. The add round key function gets called for each round as well as one extra time at the beginning of the algorithm. Therefore the size of the expanded key will always be equal to: The 16 in the above function is actually the size of the block in bytes.tis provides key material for every byte in the block during every round +1. Since the key size is much smaller than the size of the sub keys,the key is actually streached out to provide enough key space for the algorithm. The key expansion routine executes a maximum of 4 consecutive functions.these functions are:
ROT WORD SUB WORD RCON
An iteration of the above steps is caller a round.the amount of rounds of the key expansion depends on the key size. Key size (bytes) 16 24 32 Block size (bytes) 16 16 16 Expansion algorithm rounds 44 52 60 Expanded bytes round 4 4 4 Rounds / key copy 4 6 8 Rounds key expansion 40 46 52 Expanded key (bytes) 176 208 240
Table 2.4 Representation Of AES-128, AES-192,AES-256 Bit Block Size, Expansion Algorithm, Round Key Copy, Round Key
Page 27
The first bytes of the expanded keys are always equal to the key.if the key is 16 bytes long the first 16 bytes of the expanded key will be the same as the original key. If the key size is 32 bytes then the first 32 bytes of the expanded key will be the same as the original key. Each round adds 4 bytes to the expanded key. With the exception of the first rounds each round also takes the previous rounds 4 bytes as input operates and returns 4 bytes. One more important note is that not all of the 4 functions are always called in each round. The algorithm only calls all 4 of the functions every 4 rounds for 16 bytes key 6 rounds for 24 bytes key 8 rounds for 32 bytes key The rest of the rounds only a k function result is XORed with the result of the EK function. There is an exception of this rule where if the key is 32 bytes long an additional call to the sub word function is called every 8 rounds starting on the 13 th round. Rijndaels key schedule utilizes a number of operations, which will be described before describing the key schedule.
ROTATE The rotate operation takes a32 bit word like this (in hexa decimal): 1d2c3a4f And rotates it eight bits to left: 2c3a4f1d
RCON
Page 28
Rcon is what the rijndael documentation calls the exponentiation of 2 to a user-specified values. Note that this operation is not performed with regular integers, but in rijndaels finite field. In polynomial form , 2 is 2 =00000010 =0x7 + 0x6 + 0x5 + 0x4 + 0x3 + 0x2 + 1x1 + 0x0 = x, and compute rcon(i) =x(254+i) in F28 or equivalently, i >1 (254+i) 8 4 3 rcon(i) =x mod x + x +x +x1 +1 in F2. For example, the rcon(1)=1,the rcon(2)=2, the rcon(3)=4,and the rcon (9) is the hexadecimal number 0x1b(27 decimal). The below is rcon table for encryption process 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 04 00 00 00 08 10 2 0 00 00 0 0 00 00 0 0 00 00 0 0 40 80 1B 36 00 00 00 00 00 00 00 00 00 00 00 00
Table 2.5 rcon table in encryption process
Page 29
CHAPTER 3
IMPLEMETATION
3.AES ENCRYPTION PROCESS:
3.1.1 ENCRYPTION IMPLEMENTATION:
Key Schedule
VHDL is used as the hardware description language because of the flexibility to exchange among environments. The code is pure VHDL that could easily be implemented on other devices, without changing the design. The software used for this work is Xilinx ISE 8.1i. This is used for writing, debugging and optimizing efforts, and also for fitting, simulating and checking the performance results using the simulation tools available on Xilinx ISE design software.
3.1.2 STEPS FOLLOWED IN ENCRYPTION PROCESS:

Addroundkey (state, roundkey) i=Nr
Invsubbytes (state) Invshiftrows (state) Invmixcolumns (state) Addroundkey(State,Roundkey) i=i-1
Invsubbytes(state) Invshiftrows(state) Department of Electronics and Communication Engineering,SKEC Addroundkey(state,roundkey)

Page 30
Figure 3.1:Flow Chart Representation For AES Decryption Process
3.1.3. ADD ROUND KEY:

Add round key is an XOR between the state and the round key. this transformation is its own inverse. AES operation-add round key. Each byte of the round key is XORed with the corresponding byte in the state table inverse operation is identical since XOR a second time returns the original values XOR each byte of the round key with the state table def addroundkey(state,roundkey):for i in range(len(state)):state[i]^roundkey[i]
3.1.4.SUB BYTES:
sub byte is a substitute of each byte in the block independent of the position in the state. This is an s-box. This is the non-linear transformation. The s-box used is proved to be optimal with regards to non-linearity. The s-box is based on arithmetic in GF(28). AES operation sub bytes
Each byte of the state table is substituted with the values in the linearity(algorithm not equal to the sum of its parts)
s-box whose index is the value of the state table byte. Provide non-
3.1.5. SHIFT ROWS:

Shift rows is a cyclic shift of the bytes in the rows in the state and is clearly invertible (by a shift in the opposite direction by the same amount). AES operation shift rows Each row in the state table is shifted left by the number of bytes represented by the row number.
3.1.6. MIX COLUMNS:

Linear mixing layer (shift row and mix column) which guarantees high diffusion. Non linear s boxes protects against linear and differential cryptanalysis.
Page 31
AES operation mix columns Mix columns is performed by multiplying each column (within the galois finite filed).
3.1.7. KEY EXPANSION:

AES-expansion operations AES key expansion consists of several primitive operations:
Rotate takes a 4-byte word and rotates everything one byte to the left, e.g.rotate([1,2,3,4])[2,3,4,1]
Sub bytes-each byte of the word is substituted with the value in the s-box whose index is the value of the original byte Rcon-the first byte of a word is XORed with the round constant. Each value of the rcon table is a member of the rijndael finite field.
3.1.8.KEY SCHEDULE CORE:

This operation is used as an inner loop in the key schedule, and is done thus:
The input is a 32-bit word and an iteration number i. The output is a 32-bit word. Copy the input over to the output. Use the above described rotate operation to rotate the output eight bits to the left.
Apply rijndaels s-box on all four individual bytes in the output
word
On just the first(leftmost) byte of the output word,exclusive or
the byte with 2 to the power of(i-1). In other words,perform the rcon operation with i as the input,and exclusive or the rcon output with the first byte of the output word.
3.1.9.CONSTANTS:
Page 32
Since the key schedule for 128-bit, 192-bit, and 256-bit encryption are very similar, with only some constants changed, the following key size constants are defined here N has a value of 16 for 128-bit keys,24 for 192-bit keys, and 32 for 256-bit keys has a value of 176 for 128-bit keys,208 for 192-bit keys, and 240 for 256-bit keys.
CHAPTER - 4
RESULTS AND DISCUSIONS
VHDL CODE FOR AES ENCRYPTION PACKAGE
-Package File Template --Purpose: This package defines supplemental types, subtypes, constants, and functions library IEEE; use IEEE.STD_LOGIC_1164.all; use IEEE.STD_LOGIC_ARITH.ALL; use IEEE.STD_LOGIC_UNSIGNED.ALL; package aesencrypt is type ROM_Array is array (0 to 255) of std_logic_vector(7 downto 0); constant Content_EN: ROM_Array := ( b"01100011", b"01111100", b"01110111", b"01111011", b"11110010", b"01101011", b"01101111", b"11000101", b"00110000", b"00000001", b"01100111", b"00101011", b"11111110", b"11010111", b"10101011", b"01110110", b"11001010", b"10000010", b"11001001", b"01111101", b"11111010", b"01011001", b"01000111", b"11110000", b"10101101", b"11010100", b"10100010", b"10101111", b"10011100", b"10100100",b"01110010",b"11000000",
b"10110111", b"11111101", b"10010011", b"00100110", b"00110110", b"00111111", b"11110111", b"11001100", b"00110100", b"10100101", b"11100101", b"11110001", b"01110001", b"11011000", b"00110001", b"00010101", b"00000100", b"11000111", b"00100011", b"11000011", b"00011000", b"10010110", b"00000101", b"10011010", b"00000111", b"00010010", b"10000000", b"11100010", b"11101011", b"00100111", b"10110010", b"01110101", b"00001001", b"10000011", b"00101100", b"00011010", b"00011011", b"01101110", b"01011010", b"10100000", b"01010010", b"00111011", b"11010110", b"10110011", b"00101001", b"11100011", b"00101111", b"10000100", b"01010011", b"11010001", b"00000000", b"11101101", b"00100000", b"11111100", b"10110001", b"01011011", b"01101010", b"11001011", b"10111110", b"00111001", b"01001010", b"01001100", b"01011000", b"11001111", b"11010000", b"11101111", b"10101010", b"11111011", b"01000011", b"01001101", b"00110011", b"10000101", b"01000101", b"11111001", b"00000010", b"01111111", b"01010000", b"00111100", b"10011111", b"10101000", b"01010001", b"10100011", b"01000000", b"10001111", b"10010010", b"10011101", b"00111000", b"11110101", b"10111100", b"10110110", b"11011010", b"00100001", b"00010000", b"11111111", b"11110011", b"11010010", b"11001101", b"00001100", b"00010011", b"11101100", b"01011111", b"10010111", b"01110011", --60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db --e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 --e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 --ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a --70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e --e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
b"01000100",b"00010111",
b"11000100",
b"10100111",
b"01111110", b"00111101", b"01100100", b"01011101", b"00011001",
--8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16 b"01100000", b"10000001", b"01001111", b"11011100",b"00100010", b"00101001", b"11011011", b"11100000",b"00110010",b"00111010",b"00001010",b"01001001",b"0000 0110",b"00100100",b"01011100",b"11000010",b"11010011",b"10101100",b" 01100010",b"10010001",b"10010101",b"11100100",b"01111001", b"11100111",b"11001000",b"00110111",b"01101101",b"10001101",b"1101 0101",b"01001110",b"10101001",b"01101100",b"01010110",b"11110100",b" 11101010",b"01100101",b"01111010",b"10101110",b"00001000", b"10111010",b"01111000",b"00100101",b"00101110",b"00011100",b"1010 0110",b"10110100",b"11000110",b"11101000",b"11011101",b"01110100",b" 00011111",b"01001011",b"10111101",b"10001011",b"10001010", b"01110000",b"00111110",b"10110101",b"01100110",b"01001000",b"0000 0011",b"11110110",b"00001110",b"01100001",b"00110101",b"01010111",b" 10111001",b"10000110",b"11000001", b"00011101",b"10011110", b"11100001",b"11111000",b"10011000",b"00010001",b"01101001",b"1101 1001",b"10001110",b"10010100",b"10011011",b"00011110",b"10000111",b" 11101001",b"11001110" ,b"01010101",b"00101000",b"11011111", b"10001100",b"10100001",b"10001001",b"00001101",b"10111111",b"1110 0110" ,b"01000010",b"01101000",b"01000001",b"10011001",b"00101101",b"0000 1111",b"10110000",b"01010100",b"10111011",b"00010110", others => B"00000000"); function subword(op1: in std_logic_vector(31 downto 0)) return std_logic_vector; function subword_128(op1: in std_logic_vector(127 downto 0)) return std_logic_vector ; function rotword(op1 : in std_logic_vector(31 downto 0)) return std_logic_vector; function keygen(op1 : in std_logic_vector(127 downto 0)) return std_logic_vector;
b"10010000",b"10001000",b"01000110",b"11101110",
b"10111000", b"00010100", b"11011110", b"01011110", b"00001011",
function matrixmul(op1,op2 : in std_logic_vector(127 downto 0)) return std_logic_vector; function To_init(op2 : in std_logic_vector(7 downto 0))return integer; function gfmul(op1,op2 : in std_logic_vector(7 downto 0)) return std_logic_vector; function shiftrow(op1: in std_logic_vector(127 downto 0))return std_logic_vector; function encryption(en_input1:in std_logic_vector(1535 downto 0)) return std_logic_vector; end aesencrypt; package body aesencrypt is -- Example 2 function matrixmul(op1,op2 : in std_logic_vector(127 downto 0)) return std_logic_vector is variable output : std_logic_vector(127 downto 0); variable temp1,temp2,temp3,temp4,element : std_logic_vector(7 downto 0); begin --(1,1) 1 temp1:=gfmul(op1(127 downto 120),op2(127 downto 120)); temp2:=gfmul(op1(119 downto 112) , op2(95 downto 88)); temp3:=gfmul(op1(111 downto 104) , op2(63 downto 56)); temp4:=gfmul(op1(103 downto 96) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(127 downto 120):=element; --(1,2) 2 temp1:=gfmul(op1(127 downto 120) , op2(119 downto 112)); temp2:=gfmul(op1(119 downto 112) , op2(87 downto 80)); temp3:=gfmul(op1(111 downto 104) , op2(55 downto 48)); temp4:=gfmul(op1(103 downto 96) , op2(23 downto 16)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4;
output(119 downto 112):=element; --(1,3) 3 temp1:=gfmul(op1(127 downto 120) , op2(111 downto 104)); temp2:=gfmul(op1(119 downto 112) , op2(79 downto 72)); temp3:=gfmul(op1(111 downto 104) , op2(47 downto 40)); temp4:=gfmul(op1(103 downto 96) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(111 downto 104):=element; --(1,4) 4 temp1:=gfmul(op1(127 downto 120) , op2(103 downto 96)); temp2:=gfmul(op1(119 downto 112) , op2(71 downto 64)); temp3:=gfmul(op1(111 downto 104) , op2(39 downto 32)); temp4:=gfmul(op1(103 downto 96) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(103 downto 96):=element; --(2,1) 5 temp1:=gfmul(op1(95 downto 88) , op2(127 downto 120)); temp2:=gfmul(op1(87 downto 80) , op2(95 downto 88)); temp3:=gfmul(op1(79 downto 72) , op2(63 downto 56)); temp4:=gfmul(op1(71 downto 64) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(95 downto 88):=element; --(2,2) 6 temp1:=gfmul(op1(95 downto 88) , op2(119 downto 112)); temp2:=gfmul(op1(87 downto 80) , op2(87 downto 80)); temp3:=gfmul(op1(79 downto 72) , op2(55 downto 48)); temp4:=gfmul(op1(71 downto 64) , op2(23 downto 16)); element:=temp1 xor temp2;
element:=element xor temp3; element:=element xor temp4; output(87 downto 80):=element; --(2,3) 7 temp1:=gfmul(op1(95 downto 88) , op2(111 downto 104)); temp2:=gfmul(op1(87 downto 80) , op2(79 downto 72)); temp3:=gfmul(op1(79 downto 72) , op2(47 downto 40)); temp4:=gfmul(op1(71 downto 64) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(79 downto 72):=element; --(2,4) temp1:=gfmul(op1(95 downto 88) , op2(103 downto 96)); temp2:=gfmul(op1(87 downto 80) , op2(71 downto 64)); temp3:=gfmul(op1(79 downto 72) , op2(39 downto 32)); temp4:=gfmul(op1(71 downto 64) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(71 downto 64):=element; --(3,1) 9 temp1:=gfmul(op1(63 downto 56) , op2(127 downto 120)); temp2:=gfmul(op1(55 downto 48) , op2(95 downto 88)); temp3:=gfmul(op1(47 downto 40) , op2(63 downto 56)); temp4:=gfmul(op1(39 downto 32) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(63 downto 56):=element; --(3,2) 10 temp1:=gfmul(op1(63 downto 56) , op2(119 downto 112)); temp2:=gfmul(op1(55 downto 48) , op2(87 downto 80)); temp3:=gfmul(op1(47 downto 40) , op2(55 downto 48));
temp4:=gfmul(op1(39 downto 32) , op2(23 downto 16)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(55 downto 48):=element; --(3,3) 11 temp1:=gfmul(op1(63 downto 56) , op2(111 downto 104)); temp2:=gfmul(op1(55 downto 48) , op2(79 downto 72)); temp3:=gfmul(op1(47 downto 40) , op2(47 downto 40)); temp4:=gfmul(op1(39 downto 32) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(47 downto 40):=element; --(3,4) 12 temp1:=gfmul(op1(63 downto 56) , op2(103 downto 96)); temp2:=gfmul(op1(55 downto 48) , op2(71 downto 64)); temp3:=gfmul(op1(47 downto 40) , op2(39 downto 32)); temp4:=gfmul(op1(39 downto 32) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(39 downto 32):=element; --(4,1) 13 temp1:=gfmul(op1(31 downto 24) , op2(127 downto 120)); temp2:=gfmul(op1(23 downto 16) , op2(95 downto 88)); temp3:=gfmul(op1(15 downto 8) , op2(63 downto 56)); temp4:=gfmul(op1(7 downto 0) , op2(31 downto 24)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(31 downto 24):=element; --(4,2) 14 temp1:=gfmul(op1(31 downto 24) , op2(119 downto 112));
temp2:=gfmul(op1(23 downto 16) , op2(87 downto 80)); temp3:=gfmul(op1(15 downto 8) , op2(55 downto 48)); temp4:=gfmul(op1(7 downto 0) , op2(23 downto 16)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(23 downto 16):=element; --(4,3) 15 temp1:=gfmul(op1(31 downto 24) , op2(111 downto 104)); temp2:=gfmul(op1(23 downto 16) , op2(79 downto 72)); temp3:=gfmul(op1(15 downto 8) , op2(47 downto 40)); temp4:=gfmul(op1(7 downto 0) , op2(15 downto 8)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(15 downto 8):=element; --(4,4) 16 temp1:=gfmul(op1(31 downto 24) , op2(103 downto 96)); temp2:=gfmul(op1(23 downto 16) , op2(71 downto 64)); temp3:=gfmul(op1(15 downto 8) , op2(39 downto 32)); temp4:=gfmul(op1(7 downto 0) , op2(7 downto 0)); element:=temp1 xor temp2; element:=element xor temp3; element:=element xor temp4; output(7 downto 0):=element; return output; end matrixmul function To_init(op2 : in std_logic_vector(7 downto 0))return integer is variable output:integer RANGE 0 to 255; --variable output : std_logic_vector(7 downto 0); begin output:=0; if(op2(0)='1')then
output:=output+1; end if; if(op2(1)='1')then output:=output+2; end if; if(op2(2)='1')then output:=output+4; end if; if(op2(3)='1')then output:=output+8; end if; if(op2(4)='1')then output:=output+16; end if; if(op2(5)='1')then output:=output+32; end if; if(op2(6)='1')then output:=output+64; end if; if(op2(7)='1')then output:=output+128; end if; return output; end To_init; function gfmul(op1,op2 : in std_logic_vector(7 downto 0))return std_logic_vector is variable temp : std_logic_vector(15 downto 0):="0000000000000000"; variable output : std_logic_vector(7 downto 0):="00000000"; variable poly : std_logic_vector(8 downto 0):="100011011"; begin for i in 0 to 7 loop if(op1(7-i)='1')then temp((14-i)downto(7-i)):=temp((14-i)downto(7-i)) xor op2;
end if; end loop; for i in 0 to 7 loop if(temp(15-i)='1')then temp((15-i)downto (7-i)):=temp((15-i)downto (7-i)) xor poly; end if; end loop; output:=temp(7 downto 0); return output; end gfmul; function keygen(op1 : in std_logic_vector(127 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(1407 downto 0); variable afterrotword,aftersubword,afterrcon,keyout: std_logic_vector(31 downto 0); begin temp_output(1407 downto 1280):=op1; keyout:=op1(31 downto 0);
----------------------------stage 1---------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00000001000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1407 downto 1376); --0 temp_output(1279 downto 1248):=keyout; --4
keyout:=keyout xor temp_output(1375 downto 1344); --1 temp_output(1247 downto 1216):=keyout; --5
Page 42
keyout:=keyout xor temp_output(1311 downto 1280);--3 temp_output(1183 downto 1152):=keyout; --7
--------------------------------stage 2---------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00000010000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1279 downto 1248); --4 temp_output(1151 downto 1120):=keyout; --8
-----------------------------stage 3------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00000100000000000000000000000000";

afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1151 downto 1120); --8 temp_output(1023 downto 992):=keyout; --12
-----------------------------stage 4-----------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00001000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(1023 downto 992); --12 temp_output(895 downto 864):=keyout; --16
Page 44
-------------------------------stage 5--------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00010000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(895 downto 864); --16 temp_output(767 downto 736):=keyout; --20
----------------------------------stage 6----------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00100000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(767 downto 736); --20 temp_output(639 downto 608):=keyout; --24
keyout:=keyout xor temp_output(735 downto 704); --21

temp_output(607 downto 576):=keyout;
--25
-------------------------stage 7-------------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="01000000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(639 downto 608); --24 temp_output(511 downto 480):=keyout; --28
keyout:=keyout xor temp_output(543 downto 512);--27 temp_output(415 downto 384):=keyout; --31 8
---------------------------------------stage -----------------------------------------------
Page 46
afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="10000000000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(511 downto 480); --28 temp_output(383 downto 352):=keyout; --32
keyout:=keyout xor temp_output(415 downto 384);--31 temp_output(287 downto 256):=keyout; --35 9
----------------------------------------stage --------------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00011011000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(383 downto 352); --32 temp_output(255 downto 224):=keyout; --36
Page 47
----------------------------stage 10---------------------------------------afterrotword:=rotword(keyout); aftersubword:=subword(afterrotword); afterrcon:="00110110000000000000000000000000"; afterrcon:=afterrcon xor aftersubword; keyout:=afterrcon xor temp_output(255 downto 224); --36 temp_output(127 downto 96):=keyout; --40
keyout:=keyout xor temp_output(191 downto 160); --38 temp_output(63 downto 32):=keyout; keyout:=keyout xor temp_output(159 downto 128);--39 temp_output(31 downto 0):=keyout; return temp_output; end keygen; function rotword(op1: in std_logic_vector(31 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(31 downto 0); begin temp_output(31 downto 24):=op1(23 downto 16); temp_output(23 downto 16):=op1(15 downto 8);
--43
temp_output(15 downto 8):=op1(7 downto 0); temp_output(7 downto 0):=op1(31 downto 24); return temp_output; end rotword; function subword(op1: in std_logic_vector(31 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(31 downto 0); begin temp_output(31 downto 24):=Content_EN(conv_integer(op1(31 downto 24))); temp_output(23 downto 16):=Content_EN(conv_integer(op1(23 downto 16))); temp_output(15 downto 8):=Content_EN(conv_integer(op1(15 downto 8))); temp_output(7 downto 0):=Content_EN(conv_integer(op1(7 downto 0))); return temp_output; end subword; function subword_128(op1: in std_logic_vector(127 downto 0)) return std_logic_vector is variable temp_output : std_logic_vector(127 downto 0); begin temp_output(127 downto 96):=subword(op1(127 downto 96)); temp_output(95 downto 64):=subword(op1(95 downto 64)); temp_output(63 downto 32):=subword(op1(63 downto 32)); temp_output(31 downto 0):=subword(op1(31 downto 0)); return temp_output; end subword_128; function shiftrow(op1: in std_logic_vector(127 downto 0))return std_logic_vector is variable temp_output: std_logic_vector(127 downto 0); begin
---1 st row---temp_output(127 downto 96):= op1(127 downto 96);--1 temp_output(95 downto 88):= op1(95 downto 88);--5 temp_output(63 downto 56):= op1(63 downto 56); --9 temp_output(31 downto 24):= op1(31 downto 24);--13 ----2nd row----temp_output(119 downto 112):= op1(87 downto 80);--2 temp_output(87 downto 80):= op1(55 downto 48);--6 temp_output(55 downto 48):= op1(23 downto 16);--10 temp_output(23 downto 16):= op1(119 downto 112);--14 ----3 rd row----temp_output(111 downto 104):= op1(47 downto 40); temp_output(79 downto 72):= op1(15 downto 8); temp_output(47 downto 40):= op1(111 downto 104); temp_output(15 downto 8):= op1(79 downto 72); -------4th row------temp_output(103 downto 96):= op1(7 downto 0); temp_output(71 downto 64):= op1(103 downto 96); temp_output(39 downto 32):= op1(71 downto 64); temp_output(7 downto 0):= op1(39 downto 32); return temp_output; end shiftrow function encrpytion(en_input1:in std_logic_vector(1535 downto 0)) return std_logic_vector is
variable temp_output,temp1,temp2,temp3,temp4 : std_logic_vector(127 downto 0); variable mixmat: std_logic_vector(127 downto 0):="0000001000000001000000010000001100000011000000100000000100 00000100000001000000110000001000000001000000010000000100000011 00000010";
begin --------------------step 1--------------------------------------temp1:=en_input1(1535 downto 1408) xor en_input1(1407 downto 1280); -------------------step2 --------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(1279 downto 1152); --------------------step3 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(1151 downto 1024); --------------------step4 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(1023 downto 896);
--------------------step5 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(895 downto 768); --------------------step6 -----------------------------------------------temp2:=subword_128(temp1);
temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(767 downto 640); --------------------step7 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(639 downto 512); --------------------step8 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(511 downto 384) --------------------step9 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(383 downto 256); --------------------step10 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); temp4:=matrixmul(temp3,mixmat); temp1:=temp4 xor en_input1(255 downto 128); --------------------step11 -----------------------------------------------temp2:=subword_128(temp1); temp3:=shiftrow(temp2); --temp4:=matrixmul(temp3,mixmat,); temp1:=temp3 xor en_input1(127 downto 0); return temp1; end encryption;
MAIN CODE
----------------------------------------------------------------------------------- Company: -- Engineer:
Page 52
-- Create Date: library IEEE;
11:49:45 10/16/2012
---------------------------------------------------------------------------------use IEEE.STD_LOGIC_1164.ALL; use IEEE.STD_LOGIC_ARITH.ALL; use IEEE.STD_LOGIC_UNSIGNED.ALL; use work.aesencrypt.all; -- Uncomment the following lines to use the declarations that are -- provided for instantiating Xilinx primitive components. --library UNISIM; --use UNISIM.VComponents.all; entity encryption11 is Port ( input_ENCRYPTION :in std_logic_vector(127 downto 0); input_KEY:in std_logic_vector(127 downto 0); out_KEYS: out std_logic_vector(1407 downto 0); output_ENCRYPTION: out std_logic_vector(127 downto 0); clk : in std_logic); end encryption11; architecture Behavioral of encryption11 is begin process(clk,input_ENCRYPTION) variable x1 : std_logic_vector(1535 downto 0); variable x2 : std_logic_vector(1407 downto 0); variable x3 : std_logic_vector(127 downto 0); begin if(clk='1')and(clk'EVENT) then x2:=keygen(input_KEY); x1(1535 downto 1408):=input_ENCRYPTION; x1(1407 downto 0):= x2; x3:=encription(x1); end if; output_ENCRYPTION<=x3; out_KEYS<=x2; end process;
end aesencrypt;
1.2: RTL SCHEMATIC FOR ENCRYPTION:
4.2 TECHNOLOGY SCHEMATIC FOR ENCRYPTION:
Page 54
4.3 SIMULATION WAVE FORM FOR AES ENCRYPTION:

plain text:where are you ra (57484552452041524520594f55205241)this is ascii value key:howareyounow.(484f572041524520594f55204e4f572e) cipher text : 17029EEB2EEAC4EA0E7C265902375C2F
4.4 SYNTHESIS REPORT SCMATIC FOR AES ENCRYPTION
Page 56
============================================================= ============ * ============ Final Results RTL Top Level Output File Name Top Level Output File Name Output Format Optimization Goal Keep Hierarchy Design Statistics # IOs Cell Usage : # BELS # # # # # # # # # # # # # # # # GND INV LUT1 LUT2 LUT2_L LUT3 LUT3_D LUT3_L LUT4 LUT4_D LUT4_L MUXF5 MUXF6 MUXF7 MUXF8 VCC : 47282 :1 : 182 : 164 : 1776 : 111 : 231 :8 : 609 : 22881 : 14 : 273 : 11338 : 5698 : 2839 : 1156 :1 : 2784
Page 57
Final Report
=============================================================
: encryption.ngr : encryption
: NGC : Speed : NO
: 258
# FlipFlops/Latches
# # # # # # #
FD FDE FDR FDS SRL16 BUFGP OBUF
: 2626 : 129 : 26 :3 : 11 : 11 :1 :1 : 256 : 256
# Shift Registers # Clock Buffers # IO Buffers
============================================================= ============ Device utilization summary: --------------------------Selected Device : 3s500efg320-5 Number of Slices: Number of Slice Flip Flops: Number of 4 input LUTs: Number used as logic: Number of IOs: Number of bonded IOBs: Number of GCLKs: Number used as Shift registers: 258 257 out of 1 out of 232 110% (*) 24 4% 14517 out of 4656 311% (*) 2784 out of 9312 26249 11 29% 26260 out of 9312 282% (*)
WARNING:Xst:1336 - (*) More than 100% of Device resources are used --------------------------Partition Resource Summary: --------------------------No Partitions were found in this design.
---------------------------
============================================================= ============ TIMING REPORT NOTE: THESE TIMING NUMBERS ARE ONLY A SYNTHESIS ESTIMATE. FOR ACCURATE TIMING INFORMATION PLEASE REFER TO THE TRACE REPORT GENERATED AFTER PLACE-and-ROUTE. Clock Information: ----------------------------------------------------+------------------------+-------+ Clock Signal clk | Clock buffer(FF name) | Load | | BUFGP | 2795 | -----------------------------------+------------------------+-------+ -----------------------------------+------------------------+-------+ Asynchronous Control Signals Information: ---------------------------------------No asynchronous control signals found in this design Timing Summary: --------------Speed Grade: -5 Minimum period: 6.654ns (Maximum Frequency: 150.280MHz) Minimum input arrival time before clock: No path found Maximum output required time after clock: 4.040ns Maximum combinational path delay: No path found
Page 59
Timing Detail: -------------All values displayed in nanoseconds (ns) ============================================================= ============ Timing constraint: Default period analysis for Clock 'clk' Clock period: 6.654ns (frequency: 150.280MHz) Total number of paths / destination ports: 591072 / 2926 ------------------------------------------------------------------------Delay: Source: Destination: Source Clock: 6.654ns (Levels of Logic = 7) a35/x05_15 (FF) a39/x05_109 (FF) clk rising
Destination Clock: clk rising Data Path: a35/x05_15 to a39/x05_109 Gate Cell:in->out FD:C->Q LUT4:I3->O LUT4:I2->O LUT4:I2->O MUXF5:I1->O (a38/s2/Mrom_sbout_f5) MUXF6:I1->O (a38/s2/Mrom_sbout_f6) MUXF7:I1->O (a38/s2/Mrom_sbout_f7) MUXF8:I1->O FD:D Total 1 0.451 0.000 a38/s2/Mrom_sbout_f8 (sb9<8>) 0.268 a39/x05_104 1 0.451 0.000 a38/s2/Mrom_sbout_f7 1 0.451 0.000 a38/s2/Mrom_sbout_f6 Net fanout Delay Delay Logical Name (Net Name) 11 0.514 0.796 a35/x05_15 (a35/x05_15) 3 0.612 0.481 a36/h1<12>_SW0 (N1659) 125 0.612 1.128 Mxor_data9_Result<12>1 (data9<12>) 1 0.612 0.000 a38/s2/Mrom_sbout1 (a38/s2/Mrom_sbout) 1 0.278 0.000 a38/s2/Mrom_sbout_f5
---------------------------------------- ------------
---------------------------------------6.654ns (4.249ns logic, 2.405ns route)

Page 60
(63.9% logic, 36.1% route) ============================================================= ============ Timing constraint: Default OFFSET OUT AFTER for Clock 'clk' Total number of paths / destination ports: 128 / 128 ------------------------------------------------------------------------Offset: Source: Destination: Source Clock: 4.040ns (Levels of Logic = 1) eout_127 (FF) eout<127> (PAD) clk rising
Data Path: eout_127 to eout<127> Gate Cell:in->out FDE:C->Q OBUF:I->O Total Net fanout Delay Delay Logical Name (Net Name) 1 0.514 0.357 eout_127 (eout_127) 3.169 eout_127_OBUF (eout<127>)
---------------------------------------- ------------
---------------------------------------4.040ns (3.683ns logic, 0.357ns route) (91.2% logic, 8.8% route)
Total REAL time to Xst completion: 359.00 secs Total CPU time to Xst completion: 359.06 secs Total memory usage is 302972 kilobyte Number of errors : Number of infos 0 ( 0 filtered) Number of warnings : 376 ( 0 filtered) : 34 ( 0 filtered)
CHAPTER - 5
Page 61
SUMMARY
5.1. PROJECT SUMMARY:
The Advanced Encryption Standard (AES) is a security standard that became effective on May 26,2002 by NIST to replace DES. the cryptography scheme is asymmetric block cipher that encrypts and decrypts 128-bit blocks of data lengths of 128,192 and 256 bits are standard key lengths used by AES. Plain text refers to the data to be encrypted. Cipher text refers to the data after going through the cipher as well as the data that will be going into the decipher. The state is an intermediate form of the cipher or deciphers result usually displayed as a rectangular table of bytes with 4 rows and 4 columns The first stage subbytes transformation a non-linear byes substitution for each byte of the block. The second stageshiftrows transformation cyclically shifts(permutes) the bytes within the block. The third stagemixcolumns transformation groups 4-bytes together forming 4-term polynomials and multiplies the polynomials with a fixed polynomial mod(X4+1).The fourth stageadd roundkeytransformation adds the round key with the block of data. The decipher is simply the inverse of cipher The algorithm consists of four stages that make up a round which is iterated 10 times for a 128-bit length key, 12 times for 192-bit key and 14 times for a 256-bit key
5.2. CONCLUSION:
Page 62
The main advantage with the Advanced Encryption Standard is to maintain the secret communication between the Encryption and Decryption. It is the symmetric key encryption algorithm. This reduces the complexity of the Encrypt and Decrypt the data. Cipher key is same for both the Encryption and Decryption process VHDL code is used to develop the implementation of Encryption and Decryption process. Each program is tested with the some of the sample vectors provided by NIST and output results are perfect with minimal delay. In the case of 192,256-bit key algorithm, it requires 192,256-bit plain text and 128-bit cipher key. AES is important to understand the using the algorithm, it will greatly increase the reliability and safety of software systems. Therefore, AES can indeed be implemented with reasonable efficiency on an FPGA, with the encryption and decryption taking an average of 320 and 340 ns respectively (for every 128 bits). The time varies from chip to chip and the calculate delay time can only be regarded as approximate. Adding data pipelines and some parallel combinational logic in the key scheduler and round calculator can further optimize this design.There is currently no evidence that AES has any weakness making any attack other than exhaustive search. Even AES-128 bit offers a sufficiently large number of possible keys, making an exhaustive search impractical for many decades, provided no technological breakthrough causes the computational power available to increase dramtically and that theoretical research does not find a short cut to bypass the need for exhaustive search. There are many pitfalls to avoid when encryption is implemented and keys are generated. It is necessary to ensure each and every implementations security, an important correctly implemented AES-128 is likely to protect against a million dollar budget for at least 50-60 years and against individual budgets for at least another ten years.
5.3. SCOPE OF EXPANSION :

This algorithm is also implemented with the 192,256-bit keys. By using with this design we are also implemented as a cryptoprocessor for secret communication. This algorithm is also used to implement as crypto processor for smartcard performance, efficiency, implementability, and flexibility are extended by using efficient techniques.
Large amount of data can be transmitted by extending block sizes.
Page 64
REFERENCES
[1] FIPS 197, Advanced Encryption Standard (AES), November 26, 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [2] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999 http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip [3] FPGA Simulations of Round 2 Advanced Encryption Standards http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/presentations/elbirt.pdf. [4] http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm [5] Tilborg, Henk C. A. van. Fundamentals of Cryptology: A Professional Reference and Interactive Tutorial, New York Kluwer Academic Publishers, 2002 [6] Peter J. Ashenden, The students Guide to VHDL, 2nd Edition, San Francisco, CA, Morgan Kaufmann, 2002 References:understanding mix columns [7 Wikipedia Rijndael mix columns, [Online] Available: http://en.wikipedia.org/wiki/Rijndael_mix_columns [8] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) Multiplication, in Cryptography and Network Security: Principles and Practices, Page 125 126. References:understanding inverse mix columns [9] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) Multiplication, in Cryptography and Network Security: Principles and Practices, Page 125 126.
[10] Kit Choy Xintong (2009), Understanding AES Mix-Columns Transformation Calculation [Available]Online: http://sites.google.com/site/kitworldoftheory/Home/mixcolumns.pdf? attredirects=0 [11] AES page available via http://www.nist.gov/CryptoToolkit.4 [12] Computer Security Objects Register (CSOR): http://csrc.nist.gov/csor/. [13] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999, available at [1]. [14] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research and Applications, LNCS 1820, Springer-Verlag, pp. 288-296. [15] B. Gladmans AES related home page http://fp.gladman.plus.com/cryptography_technology/. [16] A. Lee, NIST Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government, National Institute of Standards and Technology, November 1999. [17] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, New York, 1997, p. 81-83. [18] J. Nechvatal, ET. al., Report on the Development of the Advanced Encryption Standard (AES), National Institute of Standards and Technology, October 2, 2000, available at [1]. [19]^ Vincent Rijmen (2010). "Practical-Titled Attack on AES-128 Using ChosenText Relations". [20]^ Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
(2011). "Biclique Cryptanalysis of the Full AES". [21]^ a b "Index of formal scientific papers". Cr.yp.to. Retrieved 2008-11-02. [22]^ Bruce Schneier. "AES Timing Attack". Archived from the original on 12 February 2007. Retrieved 2007-03-17.
Page 66
[23]^ Dag Arne Osvik1; Adi Shamir2 and Eran Tromer2 (2005-11-20) (PDF). Cache Attacks and Countermeasures: the Case of AES. Retrieved 2008-11-02. [24] ^ Dhiman Saha, Debdeep Mukhopadhyay, Dipanwita RoyChowdhury (PDF). A Diagonal Fault Attack on the Advanced Encryption Standard. Archived from the original on 22 December 2009. Retrieved 2009-12-08. [25]^ Endre Bangerter, David Gullasch and Stephan Krenn (2010). "Cache Games Bringing Access-Based Cache Attacks on AES to Practice". [26] ^ "Breaking AES-128 in realtime, no ciphertext required | Hacker News". News.ycombinator.com. Retrieved 2012-12-23. [27] ^ a b http://www.cnss.gov/Assets/pdf/nstissp_11_fs.pdf [28] ^ "NIST.gov - Computer Security Division - Computer Security Resource Center". Csrc.nist.gov. Retrieved 2012-12-23. [29] ^ a b OpenSSL, openssl@openssl.org. "OpenSSL's certification". Openssl.org. Retrieved 2012-12-23. Notes about FIPS
[30]^ "Performance Comparisons of the AES submissions" (PDF). 1999-02-01. Retrieved 2010-12-28.
Page 67

Advanced Encryption Standard (AES) Introduction

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advanced Encryption Standard (AES) Introduction

Uploaded by

Copyright:

Available Formats

ADVANCED ENCRYPTION STANDARD

output 128-bit(plain text)

128 bit key input

Clk2 Secret key 128,192,256

Key Schedule Generation

Department of Electronics and Communication Engineering,SKEC