Abstract

Advanced Encryption Standard (AES), also known as Rijndael, is an encryption standard used for securing information. AES was publis ed by !"S# (!ational "nstitute of Standards and #ec nology). AES is a block cip er algorit m t at as been analy$ed e%tensively and is now used widely. AES is a symmetric block cip er t at is intended to replace &ES as t e approved standard for a wide range of applications. # e block cip er Rijndael was designed by &r. 'oan &iemen and &r. (incent Rijmen and t e name of t e algorit m is a combination of t e names of its two creators. Rijndael is very secure and as no known weakness. Rijndael is conventional (symmetric key) system and is relatively simple cip er in many respects. "t takes an input block of a certain si$e, usually )*+,),* or *-. and produces a corresponding output block of t e same si$e. # e transformation re/uires a second input, w ic )1. # e project is intended to design and implement AES algorit m and to ma%imi$e t e encryption t roug put w ile minimi$ing t e area consumption at t e same time minimi$ing t e critical pat s and solve t e memory access conflicts. # e (2&3 code can be simulated to verify its functionality. "n 'une *004, t e !ational Security Agency (!SA) announced t at AES5)*+ may be used for classified information at t e SE6RE# level and AES5),*7*-. for #89 SE6RE# level documents. is t e secret key. "t is important to know t at t e secret key. All encryptions are done in a certain number of rounds w ic varies between )0, )* and

CHAPTER 1 INTRODUCTION 1.1 INTRODUCTION

&ata t at can be read and understood wit out any special measures is called plaintext or clear text. # e met od of disguising plainte%t in suc a way as to ide its substance is called encryption. Encrypting plainte%t results in unreadable gibberis called cipher text. :ou use encryption to ensure t at information is idden from anyone for w om it is not intended, even t ose w o can see t e encrypted data. # e process of reverting cip er te%t to its original plainte%t is called decryption. ;igure ).) illustrates t is process.

Figure 1.1 Encryption and decryption

#o en ance t e security of t e data, code language for writing messages were used. # e branc of mat ematics t at investigates t e code languages and met ods is called cryptology. 6ryptology consists of two streams namely cryptograp y and cryptanalysis. 6ryptograp y is a science of coding message secretly w ile cryptanalysis is a science of breaking codes. CRYPTOLOGY

CRYPTOGRAPHY

CRYPTANALYSIS

8ur project is concerned wit cryptograp y. 6ryptograp y is a science of using mat ematics to encrypt and decrypt data. 6ryptograp y enables to store sensitive information or transmit it across insecure networks so t at it cannot be read by any one e%cept t e intended recipient.

6ryptograp y or 6ryptology is derived from <reek kryptos = idden> and t e verb grafo =write> or legein =to speak> is t e practice and study of iding information. "n modern times, 6ryptology is considered to be a branc of bot mat ematics and computer science, and is afflicted closely wit information t eory, computer security and engineering. 6ryptograp y is used in applications present in tec nology advanced in societies? e%amples include t e security of t e A#@ cards, computer pass words and electronic commerce w ic all depend upon 6ryptograp y. 6ryptograp y embraces bot cryptograp y and cryptanalysis. A ile cryptograp y is science of securing data, cryptanalysis is a science of analy$ing and breaking secure communication. 6lassical involves and interesting combination of analytical reasoning, application of mat ematical tools, pattern finding, determination, and luck. 6ryptanalysts are also attackers. # ere are two kinds of cryptograp y in t is worldB cryptograp y t at will stop major governments from reading our files. 9<9 is also about t e latter sort of cryptograp y. 6ryptograp y can be strong or weak, as e%plained above. 6ryptograp y strengt is measured in t e time and t e resources it would re/uire to recover plain te%t. # e result of t e strong 6ryptograp y is cip er te%t t at is very difficult to decip er wit out possession of t e appropriate decoding tool. 2ow difficultC <iven all todayDs computing power and available time5 even a billion computers doing a billion c ecks a second E it is not possible to decip er t e result of strong cryptograp y before t e end of t e universe. 8ne would t ink, t en, t at strong 6ryptograp y would old up rat er well against even an e%tremely determined cryptanalyst. A oDs really to sayC !o can prove t at t e strongest encryption obtainable today will old up under tomorrowDs computing power. (igilance and conservatism will protect us better, owever, t an claims of impenetrability. HOW DOES CRYPTOGRAPHY WORK A cryptographic algorithm, or cipher, is a mat ematical function used in t e encryption and decryption process. A cryptograp ic algorit m works in combination wit a keyFa word, number, or p raseFto encrypt t e plainte%t. # e same plainte%t encrypts to different cip er te%t wit different keys. # e security of encrypted data is entirely dependent on two t ingsB t e strengt of t e cryptograp ic algorit m and t e secrecy of t e key.

A cryptograp ic algorit m, plus all possible keys and all t e protocols t at make it work comprise a cryptosystem. 9<9 is a cryptosystem. 6ryptosystem can be divided in to Software and 2ardware. CRYPTOSYSTEM

SOFTWARE THE PURPOSE OF CRYPTOGRAPHY

HARDWARE

6ryptograp y is t e science of writing in secret code and is an ancient art? t e first documented use of cryptograp y in writing dates back to circa ),00 G.6. w en an Egyptian scribe used non5standard ieroglyp s in an inscription. Some e%perts argue t at cryptograp y appeared spontaneously sometime after writing was invented, wit applications ranging from diplomatic missives to war5time battle plans. "t is no surprise, t en, t at new forms of cryptograp y came soon after t e widespread development of computer communications. "n data and telecommunications, cryptograp y is necessary w en communicating over any un5trusted medium, w ic includes just about any network, particularly t e "nternet. Ait in t e conte%t of any application5to5application communication, t ere are some specific security re/uirements includingB

Authentication: # e process of proving oneHs identity. (# e primary forms of ost5to5 ost aut entication on t e "nternet today are name5based or address5based, bot of w ic are notoriously weak.)

Privacy/confidentiality: Ensuring t at no one can read t e message e%cept t e intended receiver. Integrity: Assuring t e receiver t at t e received message as not been altered in any way from t e original. Non-repudiation: A mec anism to prove t at t e sender really sent t is message.

6ryptograp y, t en, not only protects data from t eft or alteration, but can also be used for user aut entication. # ere are, in general, t ree types of cryptograp ic sc emes typically used to accomplis t ese goalsB secret key (or symmetric)

cryptograp y, public5key (or asymmetric) cryptograp y, and as functions, eac of w ic is described below. "n all cases, t e initial unencrypted data is referred to as plaintext. "t is encrypted into cipher text, w ic will in turn (usually) be decrypted into usable plainte%t. "n many of t e descriptions below, two communicating parties will be referred to as Alice and Gob? t is is t e common nomenclature in t e crypto field and literature to make it easier to identify t e communicating parties. "f t ere is a t ird or fourt party. party to t e communication, t ey will be referred to as 6arol and &ave. @allory is a malicious party, Eve is an eavesdropper, and #rent is a trusted t ird

1.1 Existi ! s"st#$

"n t is e%isting system, t e &ata Encryption Standard (&ES) is a widely used met od of data encryption .t is is a c ipper t at operates on .15bit blocks of data, using a -.5bit key. "t is a private key system. # e key is always presented as a .15bit block, every +t bit of w ic is ignored. Eac group of +bits as an odd number of bits as set to ).use of multiple lengt keys leads us to t e #riple E &ES algorit m, in w ic &ES is applied t ree times. # e disadvantage of &ES is t at t ey are insecure to many applications? t is is due to -. bit key si$e being too small. "t is vulnerable to brute force attacks and &ES can be easily broken wit attacks

1.% Pr&'&s#( s"st#$

Advanced encryption standard is a symmetric )*+5bit block data encryption tec ni/ue developed by Gelgian cryptograp ers 'oan &aemon and Rijmen. "t replaces t e des encryption tec ni/ue.aes works at multiple network layers. t e !"S# of I.S department of commerce selected t e algorit m called Rijndael.AES as a fi%ed block si$e of )*+ bits and a key si$e of )*+ bits. "t is based on a design principle of substitution5permutation network

1.% METHODS OF ENCRYPTION

Alt oug t ere can be several pieces to an encryption met od, t e two main pieces are t e algorit ms and t e keys. As stated earlier, algorit ms are usually comple% mat ematical formulas t at dictate t e rules of ow t e plainte%t will be turned into cip er te%t. A key is a string of random bits t at will be inserted into t e

algorit m. ;or two entities to be able to communicate via encryption, t ey must use t e same algorit m and, many times, t e same key. "n some encryption met ods, t e receiver and t e sender use t e same key and in ot er encryption met ods, t ey must use different keys for encryption and decryption purposes. # e following sections e%plain t e difference between t ese two types of encryption met ods. Symmetric versus Asymmetric Algorithms 6ryptograp y algorit ms use eit er symmetric keys, also called secret keys, or asymmetric keys, also called public keys. As encryption was not complicated enoug , t e titles t at are used to describe t e key typeDs only make it worse. 'ust pay close attention and we will get t roug t is just fine. 1.%.1 SYMMETRIC CRYPTOGRAPHY "n a cryptosystem t at uses symmetric cryptograp y, bot parties will be using t e same key for encryption and decryption, as s own in ;igure ).*. # is provides dual functionality. As we said, symmetric keys are also called secret keys because t is type of encryption relies on eac user to keep t e key a secret and properly protected. "f t is key got into an intruderDs and, t at intruder would ave t e ability to decrypt any intercepted message encrypted wit t is key. Eac pair of users w o want to e%c ange data using symmetric key encryption must ave t eir own set of keys. # is means if &an and "//i want to communicate, bot need to obtain a copy of t e same key. "f &an also wants to communicate using symmetric encryption wit !orm and &ave, e now needs to ave t ree separate keys, one for eac friend.

Fi!)r# 1.% Usi ! s"$$#tric a*!&rit+$s, t+# s# (#r a ( r#c#i-#r )s# t+# sa$# .#" /&r # cr"'ti& a ( (#cr"'ti& /) cti& s. # is mig t not sound like a big deal until &an reali$es t at communicate wit e may undreds of people over a period of several mont s, and keeping

track and using t e correct key t at corresponds to eac specific receiver can become a very daunting task. "f &an were going to communicate wit )0 ot er people, t en e would need to keep track of 1- different keys. "f &an were going to communicate wit )00 ot er people, t en e would ave to maintain and keep up wit 1,,-0 symmetric keys. &an is a pretty brig t guy, but does not necessarily want to spend is days looking for t e rig t key to be able to communicate wit &ave. # e security of t e symmetric encryption met od is completely dependent on ow well users protect t e key. # is s ould raise red flags to you if you ave ever ad to depend on a w ole staff of people to keep a secret. "f a key is compromised, t en all messages encrypted wit t at key can be decrypted and read by an intruder. # is is complicated furt er by ow symmetric keys are actually s ared and updated w en necessary. "f &an wants to communicate to !orm for t e first time, &an as to figure out ow to get !orm t e rig t key. "t is not safe to just send it in an e5mail message because t e key is not protected and it can be easily intercepted and used by attackers. &an as to get t e key to !orm t roug an out-of-band method. &an can save t e key on a floppy disk and walk over to !ormDs desk, send it to im via snail mail, or ave a secure carrier deliver it to !orm. # is is a uge assle, and eac met od is very clumsy and insecure. Gecause bot users use t e same key to encrypt and decrypt messages, symmetric cryptosystems can provide confidentiality, but t ey cannot provide aut entication or non5repudiation. # ere is no way to prove w o actually sent a message if two people are using t e e%act same key. Aell, if symmetric cryptosystems ave so many problems and flaws, w y use t em at allC # ey are very fast and can be ard to break. 6ompared to asymmetric systems, symmetric algorit ms scream in speed. # ey can encrypt and decrypt large amounts of data t at would take an unacceptable amount of time if an asymmetric algorit m was used instead. "t is also very difficult to uncover data t at is encrypted wit a symmetric algorit m if a large key si$e was used. # e following list outlines t e strengt s and weakness of symmetric key systemsB

Strengt s @uc faster t an asymmetric systems 2ard to break if using a large key si$e Aeaknesses K#" (istrib)ti& "t re/uires a secure mec anism to deliver keys properly. Sca*abi*it" Eac pair of users needs a uni/ue pair of keys, so t e number of Jeys grow e%ponentially. Li$it#( s#c)rit" "t can provide confidentiality, but not aut enticity or non5 repudiation.

# e following are e%amples of symmetric key cryptograp y algorit msB

&ata Encryption Standard (&ES) #riple &ES (4&ES) Advanced Encryption Standard (AES)

1.%.% ASYMMETRIC CRYPTOGRAPHY Some things you can tell the pu lic! ut some things you "ust #ant to keep private. "n symmetric key cryptograp y, a single secret key is used between entities, w ereas in public key systems, eac entity as different keys, or asymmetric keys. # e two different asymmetric keys are mat ematically related. "f a message is encrypted by one key, t e ot er key is re/uired to decrypt t e message. "n a public key system, t e pair of keys is made up of one public key and one private key. # e public key can be known to everyone, and t e private key must only be known to t e owner. @any times, public keys are listed in directories and databases of e5mail addresses so t ey are available to anyone w o wants to use t ese keys to encrypt or decrypt data w en communicating wit a particular person. ;igure ).4 illustrates an asymmetric cryptosystem.

Fi!)r# 1.0 As"$$#tric cr"'t&s"st#$ # e public and private keys are mat ematically related, but cannot be derived from eac ot er. # is means t at if an evildoer gets a copy of GobDs public key, it does not mean e can now use some mat ematical magic and find out GobDs private key. "f Gob encrypts a message wit is private key, t e receiver must ave a copy of GobDs public key to decrypt it. # e receiver can decrypt GobDs message and decide to reply back to Gob in an encrypted form. All s e needs to do is encrypt er reply wit GobDs public key, and t en Gob can decrypt t e message wit asymmetric key encryption tec nology. Gob can encrypt a message wit is private key and t e receiver can t en decrypt it wit GobDs public key. Gy decrypting t e message wit GobDs public key, t e receiver can be sure t at t e message really came from Gob. A message can only be decrypted wit a public key if t e message was encrypted wit t e corresponding private key. # is provides aut entication, because Gob is t e only one w o is supposed to ave is private key. A en t e receiver wants to make sure Gob is t e only one t at can read er reply, s e will encrypt t e response wit necessary private key. !ow t e receiver can also encrypt er response wit er private key instead of using GobDs public key. A y would s e do t atC S e wants Gob to know t at t e is public key. 8nly Gob will be able to decrypt t e message because e is t e only one w o as t e is private key. "t is not possible to encrypt and decrypt using t e e%act same key w en using an

message came from er and no one else. "f s e encrypted t e response wit GobDs public key, it does not provide aut enticity because anyone can get a old of GobDs public key. "f s e uses er private key to encrypt t e message, t en Gob can be sure t at t e message came from er and no one else. Symmetric keys do not provide aut enticity because t e same key is used on bot ends. Ising one of t e secret keys does not ensure t at t e message originated from a specific entity. "f confidentiality is t e most important security service to a sender, s e would encrypt t e file wit t e receiverDs public key. # is is called a secure message format because it can only be decrypted by t e person w o as t e corresponding private key. "f aut entication is t e most important security service to t e sender, t en s e would encrypt t e message wit er private key. # is provides assurance to t e receiver t at t e only person w o could ave encrypted t e message is t e individual w o as possession of t at private key. "f t e sender encrypted t e message wit t e receiverDs public key, aut entication is not provided because t is public key is available to anyone. Encrypting a message wit t e senderDs private key is called an open message format because anyone wit a copy of t e corresponding public key can decrypt t e message? t us, confidentiality is not ensured. ;or a message to be in a secure and signed format, t e sender would encrypt t e message wit er private key and t en encrypt it again wit t e receiverDs public is own private key key. # e receiver would t en need to decrypt t e message wit

and t en decrypt it again wit t e senderDs public key. # is provides confidentiality and aut entication for t at delivered message. # e different encryption met ods are s own in ;igure ).1.

Fi!)r# 1.1 T"'# &/ s#c)rit" s#r-ic# t+at 2i** b# 'r&-i(#(. Eac key type can be used to encrypt and decrypt, so do not get confused and t ink t e public key is only for encryption and t e private key is only for decryption. # ey bot ave t e capability to encrypt and decrypt data. An asymmetric cryptosystem works muc slower t an symmetric systems, but can provide confidentiality, aut entication, and non repudiation depending on its configuration and use. Asymmetric systems also provide for easier and more manageable key distribution t an symmetric systems and do not ave t e scalability issues of symmetric systems. # e following outlines t e strengt s and weaknesses of asymmetric key systemsB Strengt s Getter key distribution t an symmetric systems Getter scalability t an symmetric systems 6an provide confidentiality, aut entication, and non repudiation Aeaknesses Aorks muc slower t an symmetric systems # e following are e%amples of asymmetric key algorit msB

RSA Elliptic 6urve 6ryptosystem (E66) &iffie52ellman El <amal &igital Signature Standard (&SS)

1.0 TYPES OF CRYPTOGRAPHIC ALGORITHMS

# ere are several ways of classifying cryptograp ic algorit ms. ;or purposes of t is paper, t ey will be categori$ed based on t e number of keys t at are employed for encryption and decryption, and furt er defined by t eir application and use. # e t ree types of algorit ms t ose are discussed in ;igure ).-. Secret Jey 6ryptograp y (SJ6)B Ises a single key for bot encryption and decryption 9ublic Jey 6ryptograp y (9J6)B Ises one key for encryption and anot er for decryption 2as ;unctionsB Ises a mat ematical transformation to irreversibly KencryptK information

Fi!)r# 1.3 T+r## t"'#s &/ cr"'t&!ra'+ic a*!&rit+$s

1.1 INTRODUCTION TO AES

# e Advanced Encryption Standard (AES) specifies a ;"9S5approved cryptograp ic algorit m t at can be used to protect electronic data. AES algorit m is a symmetric block cip er t at can encrypt (encip er) and decrypt (decip er) information. Encryption converts data to an unintelligible form called cip er5te%t? decrypting t e cip er5te%t converts t e data back into its original form, called plainte%t.
8riginal @essage )*+ 6ip er @essage )*+ 8riginal @essage )*+

E cr"'ti& A*!&rit+$

D#cr"'ti& A*!&rit+$

)*+ Secret Jey

;igure ).. 8verall Representations of Encryption and &ecryption # e Advanced Encryption Standard, after t e &ata Encryption Standard was found too weak because of its small key si$e and t e tec nological advancements in processor power. ;ifteen candidates were accepted and based on public comments t e pool was reduced to five. 8ne of t ese five algorit ms was selected as t e fort coming standardB a slig tly modified version of t e Rijndael. # e Rijndael, w ose name is based on t e names of its two Gelgian inventors, 'oan &aemen and (incent Rijmen is a Glock cip er, w ic means t at it works on fi%ed lengt group of bits, w ic are called locks. "t takes an input block of a certain si$e, usually )*+ bits, and produces a corresponding output block of t e same si$e. # e transformation re/uires a second input, w ic is t e secret key wit lengt s of )*+, ),* and *-. bits. Inlike &ES, w ic is based on ;eistel network, AES is a substitution5permutation network, w ic is a series of mat ematical operations t at use substitutions (also called S5Go%) and permutations (95Go%es) and t eir careful definition implies t at eac output bit depends on every input bit. 1.1.1 4LOCK CIPHER A en a block cipher algorit m is used for encryption and decryption purposes, t e message is divided into blocks of bits. # ese blocks are t en put t roug substitution, transposition, and ot er mat ematical functions. # e algorit m dictates all t e possible functions available to be used on t e message, and it is t e key t at will determine w at order t ese functions will take place. Strong

algorit ms make reengineering or trying to figure out all t e functions t at took place on t e message, basically impossible. "t as been said t at t e properties of a cip er s ould contain confusion and diffusion. &ifferent unknown key values cause confusion, because t e attacker does not know t ese values, and diffusion is accomplis ed by putting t e bits wit in t e plainte%t t roug many different functions so t at t ey are dispersed t roug out t e algorit m. Glock cip ers use diffusion and confusion in t eir met ods. Advantages of AES: # roug AES, input message of lengt )*+ bits can be encrypted w ic is more t an t e &ES and #riple &ES. AES as t e various secret key lengt s suc as )*+ bits, ),* bits and *-. bits, w ereas &ES and #riple &ES ave fi%ed lengt of .1 bits. # e cip er key is e%panded into a larger key, w ic is later used for t e actual operation. # e E%panded Jey s all A3AA:S be derived from t e 6ip er Jey and never be specified directly. AES is very ard to attack or crack w en compared to &ES. AES will be faster w en compared to t e #riple &ES.

1.3 APPLICATION
# is standard may be used by ;ederal departments and agencies w en an agency determines t at sensitive (unclassified) information (as defined in 9. 3. )005*4-) re/uires cryptograp ic protection 2ig speed A#@7Et ernet7;iber56 annel switc es Secure video teleconferencing Routers and Remote Access Servers "n addition, t is standard may be adopted and used by non5;ederal <overnment organi$ations. Suc use is encouraged w en it provides t e desired security for commercial and private organi$ations.

CHAPTER 0 AD5ANCED ENCRYPTION STANDARD ALGORITHM 0.1 INTRODUCTION

# e main objectives of AES are ig level security, adoptable to diverse application, efficient and e%portable. "n t is project work, t e plain te%t of )*+ bits is given as input to encryption block in w ic encryption of data is made and t e cip er te%t of )*+ bits is t roug out as output. # e key lengt of )*+ bits is used in process of encryption. # e AES algorit m is a block cip er t at uses t e same binary key bot to encrypt and decrypt data blocks is called a symmetric key cip er. A commonly accepted definition of a good symmetric key algorit m, suc as t e AES, is t at t ere e%ists no attack better t an key e% austion to read an encrypted message.

0.% TERMINOLOGIES
# e various terminologies and t eir definitions used in t is project were discussed in t is section. S.N&. ) * 4 1 . L + , )0 )) )* T#r$ AES Array Git Glock Gyte 6ip er 6ip er Jey 6ip er te%t "nverse 6ip er Jey E%pansion 9lainte%t Rijndael D#/i iti& Advanced Encryption Standard An enumerated collection of identical entities (e.g., an array of bytes). A binary digit aving a value of 0 or ). Se/uence of binary bits t at comprise t e input, output, State and Round Jey. # e lengt of a se/uence is t e number of bits it contains. Glocks are also interpreted as arrays of bytes. A group of eig t bits t at is treated eit er as a single entity or as an array of + individual bits. Series of transformations t at converts plainte%t to cip er te%t using t e 6ip er Jey. Secret, cryptograp ic key t at is used by t e Jey E%pansion routine to generate a set of Round Jeys? can be pictured as a rectangular array of bytes, aving four rows and Nk columns. &ata output from t e 6ip er or input to t e "nverse 6ip er. Series of transformations t at converts cip er te%t to plainte%t using t e 6ip er Jey. Routine used to generate a series of Round Jeys from t e 6ip er Jey. &ata input to 6ip er or output from t e "nverse 6ip er. 6ryptograp ic algorit m specified in t is Advanced Encryption Standard (AES).

)4 )1

)).

Round keys are values derived from t e 6ip er Jey Round Jey using t e Jey E%pansion routine? t ey are applied to t e State in t e 6ip er and "nverse 6ip er. "ntermediate 6ip er result t at can be pictured as a State rectangular array of bytes, aving four rows and Nb columns. !on5linear substitution table used in several byte substitution transformations and in t e Jey E%pansion S5bo% routine to perform a one5for5one substitution of a byte value. A group of 4* bits t at is treated eit er as a single entity Aord or as an array of 1 bytes. Tab*# %.1 T#r$i &*&!i#s a ( t+#ir D#/i iti& s

0.0 ALGORITHM PARAMETERS

# e different parameters and symbols used in t is project were discussed in t is section. S.N&. Para$#t#rs 6 S"$b&*s AddRoundJey D#/i iti& #ransformation in t e 6ip er and "nverse 6ip er in w ic a Round Jey is added to t e State using an M8R operation. # e lengt of a Round Jey e/uals t e si$e of t e State (i.e., for N N 1, t e Round Jey lengt e/uals )*+ bits7). bytes). #ransformation in t e "nverse 6ip er t at is t e inverse of @i% 6olumns. #ransformation in t e "nverse 6ip er t at is t e inverse of S ift Rows. #ransformation in t e "nverse 6ip er t at is t e inverse of Sub Gytes. 6ip er Jey. #ransformation in t e 6ip er t at takes all of t e columns of t e State and mi%es t eir data (independently of one anot er) to produce new columns. !umber of columns (4*5bit words) comprising t e State. ;or t is standard, N N 1. !umber of 4*5bit words comprising t e 6ip er Jey. ;or t is standard, Nk N 1. !umber of rounds, w ic is a function of Nk and N (w ic is fi%ed). ;or t is standard, Nr N )0. # e round constant word array. ;unction used in t e Jey E%pansion routine t at takes a four5byte word and performs a cyclic permutation. #ransformation in t e 6ip er t at processes t e State by cyclically s ifting t e last t ree rows of t e State by different offsets.

* 4 1 . L + , )0 )) )*

"nv@i%6olumns "nvS iftRows "nvSubGytes J @i% 6olumns !b !k !r Rcon Rot Aord S ift Rows

)4 )1 )-

#ransformation in t e 6ip er t at processes t e State Sub Gytes using a nonlinear byte substitution table (S5bo%) t at operates on eac of t e State bytes independently. ;unction used in t e Jey E%pansion routine t at takes a Sub Aord four5byte input word and applies an S5bo% to eac of t e four bytes to produce an output word. M8R E%clusive58R operation. Tab*# 0.% Para$#t#rs, S"$b&*s a ( t+#ir D#/i iti& s

0.1 AES ALGORITHM

# e AES is an iterated symmetric block cip er, w ic means t at, AES works by repeating t e same defined steps multiple times. AES is a secret key encryption algorit m. AES operates on a fi%ed number of bytes AES as well as most encryption algorit ms is reversible. # is means t at almost t e same steps are performed to complete bot encryption and decryption in reverse order. # e AES algorit m operates on bytes, w ic implement. %.1.1 SPECIFICATION ;or t e AES algorit m, t+# *# !t+ &/ t+# i ')t b*&c., t+# &)t')t b*&c. a ( t+# Stat# is 1%7 bits. # is is represented by Nb N 1, w ic reflects t e number of 4*5 bit words (number of columns) in t e State. ;or t e AES algorit m , t+# *# !t+ &/ t+# Ci'+#r K#", K, is 1%7 bits. # e key lengt is represented by Nk N 1, w ic reflects t e number of 4*5bit words (number of columns) in t e 6ip er Jey. ;or t e AES algorit m, t e number of rounds to be performed during t e e%ecution of t e algorit m is dependent on t e key si$e. # e number of rounds is represented by Nr, w ere Nr N )0 w en Nk N 1. %.1.% DESCRIPTION # e AES is an iterated block cip er wit a fi%ed block si$e of )*+ and a variable key lengt . # e different transformations operate on t e intermediate results, called state. # e state is a rectangular array of bytes and since t e block si$e is )*+ bits, w ic is ). bytes, t e rectangular array is of dimensions 1%1. # e basic unit for processing in t e AES algorit m is a b"t#, a se/uence of eig t bits treated as a single entity. # e input, output and 6ip er Jey bit se/uences w ic are processed as arrays makes it simpler to

of bytes t at are formed by dividing t ese se/uences into groups of eig t contiguous bits to form arrays of bytes. "n t e Rijndael version wit variable block si$e, t e row si$e is fi%ed to four and t e number of columns varies. # e number of columns is t e block si$e divided by 4* and denoted !b. # e cip er key is similarly pictured as a rectangular array wit four rows. # e number of columns of t e cip er key, denoted !k, is e/ual to t e key lengt divided by 4*. AES uses a variable number of rounds, w ic are fi%edB A key of si$e )*+ as )0 rounds.
AES
Input Data Data Valid

Input Data

ROUND OUT 0

ROUND OUT 09

DOUT VALID 0

Round 0)

Round 0,

DOUT VALID 09

Round 3ast

Data Out ( !"# D $ut Valid

R8I!& JE: 0

R8I!& JE: )

R8I!& JE: ,

R8I!& JE: 3AS#

ROUND KEYS
Key ( !"# Key _En CLK

Key Reg

JE: EM9A!S"8!

Fi!)r# %.1 T&' L#-#* 4*&c. Dia!ra$ &/ AES A*!&rit+$ # e above figure *.) s ows t e top level blocks available in t e AES algorit m. Also t e basic inputs to t e system and t e outputs from t e system were clearly represented. As per t e standard, )0 rounds for )*+ bits key lengt were carried out in w ic t e last round will be performed separately. ;or bot its 6ip er and "nverse 6ip er, t e AES algorit m uses a round function t at is composed of four different byte5oriented transformationsB

 Gyte substitution using a substitution table (S5bo%) S ifting rows of t e State array by different offsets @i%ing t e data wit in eac column of t e State array Adding a Round Jey to t e State Above mentioned functions were carried out for every individual round and in t e last round t e t ird function, t at is, @i%ing t e data wit in eac column of t e State array will not be performed. 2ence t e last round is carried out separately. Gased on t e key provided, t e new set of keys will be generated in t e Jey E%pansion block and is given to t e eac round as input.

0.3 ENCRYPTION
AES operations: Sub Bytes, Shift o!, "i# $olumn and Add oundKey O T+# A((R&) (K#" &'#rati& 8 "n t is operation, a Round Jey is applied to t e state by a simple bitwise M8R. # e Round Jey is derived from t e 6ip er Jey by t e means of t e key sc edule. # e Round Jey lengt is e/ual to t e block key lengt (N). bytes). At t e start of t e Encryption or 6ip er, t e input data and t e input key were copied to t e State array using t e conventions. "nitially t e M8R operation s ould be performed between eac byte of t e input data and t e input key and t e output will be given as t e input of t e Round5). After an initial Round Jey addition, t e State array is transformed by implementing a round function )0 times, wit t e final round differing slig tly from t e first Nr%) rounds. # e final State is t en copied to t e output. # e round function is parameteri$ed using a key sc edule t at consists of a one5dimensional array of four5byte words derived using t e Jey E%pansion routine. # e individual transformations t at carried out are listed below. Sub Gytes S ift Rows @i% 6olumns AddRoundJey

Tab*# 0.0 AES # cr"'ti& ci'+#r )si ! a 19 b"t# .#" #able 4.4 represents t e operation performed at eac round and its order in w ic eac one is carried out. All Nr rounds are identical wit t e e%ception of t e final round, w ic does not include t e Mix C&*)$ s transformation. # us t e cip er te%t, t at is, encrypted data will be ac ieved at t e end of t e final round. 0.3.1 AES CIPHER FUNCTIONS # e block diagram s own in t e figure *.* represents t e functions carried out in eac round and t e functions performed in t e last round.

Fi!)r# 0.% 4*&c. Dia!ra$ /&r AES R&) ( a ( AES Last R&) (

0.3.1.1 S)b 4"t#s Tra s/&r$ati& # e Sub Gytes operation is a non5linear byte substitution, operating on eac byte of t e state independently. # e s)bstit)ti& tab*# :S;4&x< is invertible and is constructed by t e composition of two transformationsB #ake t e multiplicative inverse in Rijndael finite field Apply an affine transformation Since t e S5Go% is independent of any input, pre5calculated forms are used, if enoug memory (*-. bytes for one S5Go%) is available. Eac byte of t e state is t en substituted by t e value in t e S5Go% w ose inde% corresponds to t e value in t e state. ;igure *.4 illustrates t e effect of t e S)b 4"t#s transformation on t e State clearly.

Fi!)r# 0.0 S)b 4"t#s O'#rati& &/ t+# Stat# # e S5Go% for t e Encryption is given in t e Appendi%5) for t e reference. # e S5Go% will be of a ).M). matri% in w ic t e row is represented as =%> and t e column is represented by =y>. # e S5bo% used in t e S)b 4"t#s transformation is presented in e%adecimal form and ence t e substitution value would be determined by t e intersection of t e row and t e column. ;or e%ample, if S),) N P-4Q, t en t e substitution value would be determined by t e intersection of t e row wit inde% R-D and t e column wit inde% R4D. # is would result in S),) aving a value of PedQ. # ese values can be referred in t e S5Go% present in t e Appendi%5). 0.3.1.% S+i/t R&2s Tra s/&r$ati& Arranges t e state in a matri% and t en performs a circular s ift for eac row. # is is not a bit wise s ift. # e circular s ift just moves eac byte one space over. A byte t at was in t e second position may end up in t e t ird position after t e s ift.

# e circular part of it specifies t at t e byte in t e last position s ifted one space will end up in t e first position in t e same row. 2ence in t is S iftRows operation, eac row of t e state is cyclically s ifted to t e left, depending on t e row inde%. # is as t e effect of moving bytes to =lower> positions in t e row, w ile t e =lowest> bytes wrap around into t e =top> of t e row.

Fi!)r# 0.1 S+i/t R&2s O'#rati& &/ t+# Stat# ;igure 4.1 illustrates t e S+i/t R&2s transformation. # e s ifting operation will be carried out ori$ontally as follows. # e )st row is s ifted 0 positions to t e left. # e *nd row is s ifted ) position to t e left. # e 4rd row is s ifted * positions to t e left. # e 1t row is s ifted 4 positions to t e left. 0.3.1.0 Mix C&*)$ s Tra s/&r$ati& "n @i% 6olumns operation, parts of t e state are multiplied against w ic parts of t e matri%. # e transformation operates on t e State column5by5column. # e sate is arranged into a 1 row table (as described in t e S ift Row function). # e multiplication is performed one column at a time (1 bytes). Eac value in t e column is eventually multiplied against every value of t e matri% (). total multiplications). # e results of t ese multiplications are M8Red toget er to produce only 1 result bytes for t e ne%t state. # ere fore 1 bytes input, ). multiplications )* M8Rs and 1 bytes

output. # e multiplication is performed one matri% row at a time against eac value of a state column. # e pre5defined 1M1 matri% value and t e first column of t e S iftRows state are represented as follows, for t e multiplication.

# e first result byte is calculated by multiplying 1 values of t e state column against 1 values of t e first row of t e matri%. # e result of eac multiplication is t en M8Red to produce ) Gyte.

# e second result byte is calculated by multiplying t e same 1 values of t e state column against 1 values of t e second row of t e matri%. # e result of eac multiplication is t en M8Red to produce ) Gyte.

# e t ird result byte is calculated by multiplying t e same 1 values of t e state column against 1 values of t e t ird row of t e matri%. # e result of eac multiplication is t en M8Red to produce ) Gyte.

# e fourt result byte is calculated by multiplying t e same 1 values of t e state column against 1 values of t e fourt row of t e matri%. # e result of eac multiplication is t en M8Red to produce ) Gyte.

# is procedure is repeated again wit t e ne%t column of t e state, until t ere are no more state columns. 2ence putting it all toget er, t e first column will include state bytes )51 and will be multiplied against t e matri% in t e following mannerB

;igure 4.- illustrates t e Mix C&*)$ s transformation

Fi!)r# %.3 Mix C&*)$ s &'#rat#s & t+# Stat# c&*)$ ;b";c&*)$ 2ence t e pictorial representation of t e @i% 6olumns operation represented above gives t e clear view on t is transformation. 0.3.1.1 A((R&) (K#" Tra s/&r$ati& "n t e A((R&) (K#" transformation, a Round Jey is added to t e State by a simple bitwise M8R operation. Eac of t e ). bytes of t e state is M8Red against eac of t e ). bytes of a portion of t e e%panded key for t e current round. # e E%panded Jey bytes are never reused. So once t e first ). bytes are M8Red against t e first ). bytes of t e e%panded key t en t e e%panded key bytes )5). are never used again. # e ne%t time t e Add Round Jey function is called bytes )L54* are M8Red against t e state. # e first time Add Round Jey gets e%ecuted.

# e second time Add Round Jey is e%ecuted.

# is process will be continued until t e operation ends. # e grap ical representation of t is operation can be seen below.

Fi!)r# 0.9 A((R&) (K#" O'#rati& # e above figure *.. represents t e clear view on t e AddRoundJey transformation w ic takes place between t e results of @i% 6olumns and Jey E%pansion and gives t e resultant matri% t at is used as t e input to t e ne%t round. 0.3.% KEY E=PANSION 9rior to encryption or decryption t e key must be e%panded. # e e%panded key is used in t e A(( R&) ( Jey function defined above. Eac time t e Add Round Jey function is called a different part of t e e%panded key is M8Red against t e state. "n order for t is to work t e E%panded Jey must be large enoug so t at it can provide key material for every time t e Add Round Jey function is e%ecuted. # e Add Round Jey function gets called for eac round as well as one e%tra time at beginning of t e algorit m. # e AES algorit m takes t e 6ip er Jey, K, and performs a Jey E%pansion routine to generate a key sc edule. # e Jey E%pansion generates a total of Nb (Nr S )) wordsB t e algorit m re/uires an initial set of Nb words, and eac of t e Nr rounds re/uires Nb words of key data. # e resulting key sc edule consists of a linear array of 15byte words.

Since t e key si$e is muc smaller t an t e si$e of t e sub keys, t e key is actually =stretc ed out> to provide enoug key space for t e algorit m. 2ence an )*+ bit key is e%panded to an )L. byte key. # ere is a relation between t e cip er key si$e, t e number of rounds and t e E%panded Jey si$e. ;or an )*+5bit key, t ere is one initial AddRoundJey operation plus t ere are )0 rounds and eac round needs a new ). byte key, t erefor we re/uire )0S) Round Jeys of ). byte, w ic e/uals )L. byte. An iteration of t e above steps is called a round. # e amount of rounds of t e key e%pansion algorit m depends on t e key si$e.

Tab*#0.1 K#" Ex'a si& # e first bytes of t e e%panded key are always e/ual to t e key. "f t e key is ). bytes long t e first ). bytes of t e e%panded key will be t e same as t e original key. "f t e key si$e is 4* bytes t en t e first 4* bytes of t e e%panded key will be t e same as t e original key. Eac round adds 1 bytes to t e E%panded Jey. Ait t e e%ception of t e first rounds eac round also takes t e previous rounds 1 bytes as input operates and returns 1 bytes. # e key e%pansion routine e%ecutes a ma%imum of 1 consecutive functions. # ese functions areB R8# A8R& SIG A8R& R68! M8R
Rot Word (4 bytes)

# is does a circular s ift on 1 bytes similar to t e S ift Row ;unction. # e 15 byte word is cyclically s ifted ) byte to t e left. ;or E%ample, letDs take a se/uence ),*,4,1 w ic will be rotated and obtain t e result as *,4,1,).

Sub &ord '( bytes)

# e Jey Sc edule uses t e same S5Go% substitution as t e main algorit m body. # is step applies t e S5bo% value substitution as described in SubGytes function to eac of t e 1 bytes in t e argument. # e S5Go% is present in t e Appendi%5) for t e reference. con Gasically t is function returns a 1 byte value based on t e following table. R&) ( N)$b#r ) * 4 1 . L + , )0 Rc& Rcon()) Rcon(*) Rcon(4) Rcon(1) Rcon(-) Rcon(.) Rcon(L) Rcon(+) Rcon(,) Rcon()0) Tab*# 0.3 Rc& Tab*# 5a*)# 0)000000 0*000000 01000000 0+000000 )0000000 *0000000 10000000 +0000000 )G000000 4.000000

# e result of t e Sub Aords s ould be M8Red wit t e above mentioned Rcon values wit respect to t e corresponding round number. "t can be seen t at t e first Nk words of t e e%panded key are filled wit t e 6ip er Jey. Every following word, wTiU, is e/ual to t e M8R of t e previous word, wTi5)U, and t e word Nk positions earlier, wTi5NkU. ;or words in positions t at are a multiple of Nk, a transformation is applied to w Ti5)U prior to t e M8R, followed by an M8R wit a round constant, RconTiU. Steps in Key E#pansion # e first n bytes of t e e%panded key are simply t e cip er key (n N t e si$e of t e encryption key) # e Rcon value i is set to ) Intil we ave enoug bytes of e%panded key, we do t e following to generate n more bytes of e%panded key (please note once again t at KnK is used ere, t is varies depending on t e key si$e) ). we do t e following to generate four bytes we use a temporary 15byte word called t we assign t e previous 1 bytes to t we perform t e key sc edule core on t, wit i as Rcon value

we increment i we M8R t wit t e 15byte word n bytes before in t e e%panded Jey (w ere n is once ). bytes)

*. we do t e following % times to generate t e ne%t %V1 bytes of t e e%panded Jey (% N 4 for nN).) we assign t e previous 15byte word to t we M8R t wit t e 15byte word n bytes before in t e e%panded Jey (w ere n is once ). bytes) 2ence, for nN)., we generateB 1 S 4V1 bytes N ). bytes per iteration. "n t is operation, eac row of t e state is cyclically s ifted to t e left, depending on t e row inde%. # e )st row is s ifted 0 positions to t e left. # e *nd row is s ifted ) position to t e left. # e 4rd row is s ifted * positions to t e left. # e 1t row is s ifted 4 positions to t e left. A !ra'+ica* r#'r#s# tati& &/ t+is &'#rati& ca b# /&) ( b#*&28 # e inverse of S+i/t R&2 is t e same cyclically s ift but to t e rig t. "t will be needed later for decoding. O *he Sub Bytes operation8 # e S)b 4"t#s operation is a non5linear byte substitution, operating on Eac byte of t e state independently. # e s)bstit)ti& tab*# :S;4&x< is "nvertible and is constructed by t e composition of two transformationsB ). #ake t e multiplicative inverse in Ri> (a#* /i it# /i#*( *. Apply an affine transformation w ic is documented in t e Rijndael &ocumentation. Since t e S5Go% is independent of any input, pre5calculated forms are Ised. Eac byte of t e state is t en substituted by t e value in t e S5Go% A ose inde% corresponds to t e value in t e stateB a(i,j) N S Go%Ta(i,j)U # e inverse of Sub Gytes is t e same operation, using t e inversed S5Go%, w ic is also precalculated. O *he "i# $olumn operation: # is section involves advance mat ematical calculations in t e Ri> (a#* Fi it#

Fi#*(. "t corresponds to t e matri% multiplication wit B *4)) )*4) ))*4 4))* And t at t e addition and multiplication operations are different from t e normal 8nes. O *he i+ndael Key Schedule O # e Jey Sc edule is responsible for e%panding a s ort key into a larger key, A ose parts are used during t e different iterationsC Eac key si$e is e%panded to a different si$eB A )*+ bit key is e%panded to a )L. byte key. A ),* bit key is e%panded to a *0+ byte key. A *-. bit key is e%panded to a *10 byte key. # ere is a relation between t e cip er key si$e, t e number of rounds and t e E%panded Jey si$e. ;or a )*+5bit key, t ere is one initial AddRoundJey 8peration plus t ere are )0 rounds and eac round needs a new ). byte key, t erefore we re/uire )0S) Round Jeys of ). byte, w ic e/uals )L. byte. # e Same logic can be applied to t e two ot er cip er key si$es. # e general formula is t atB E%pandedJeySi$e N (nbrRoundsS)) V Glock Si$e O RotateB # e 15byte word is cyclically s ifted ) byte to t e leftB O RconB 'ust note t at t e Rcon values can be pre5calculated, w ic results in a simple Substitution (a table lookup) in a fi%ed Rcon table. O S5Go%B # e Jey Sc edule uses t e same S5Go% substitution as t e main algorit m Gody. O # e Jey Sc edule 6oreB "n t e below code, word as a si$e of 1 bytes and i is t e iteration counter from t e Jey Sc edule K#"Sc+#()*#C&r# :2&r(< ?

R&tat#:2&r(<@ S4&xS)bstit)ti& :2&r(<@ 2&r(ABC D 2&r(ABC =OR RCONAiC@ E O *he Key E#pansion: JeyE%pansion(byte JeyT1V!kU word AT!bV(!rS))U) P for(i N 0? i W !k? iSS) ATiU N (JeyT1ViU,JeyT1ViS)U,JeyT1ViS*U,JeyT1ViS4U)? for(i N !k? i W !b V (!r S ))? iSS) P temp N ATi 5 )U? if (i X !k NN 0) temp N SubGyte(RotGyte(temp)) Y RconTi 7 !kU? ATiU N ATi 5 !kU Y temp? Q Q O ,mplementation: *he Key Schedule Ae will start t e implementation of AES wit t e 6ip er Jey e%pansion. Ae intend to enlarge our input cip er key, w ose si$e varies between )*+ and *-. bits into a larger key, from w ic different RoundJeys can be derived. O ,mplementation: S-Bo# # e S5Go% values can eit er be calculated on5t e5fly to save memory or t e precalculated values can be stored in an array. Ae will store t e values in an array. 2ereHs t e code for t e * S5Go%es, itHs only a table5lookup t at returns t e value in t e array w ose inde% is specified as a parameter of t e functionB unsigned c ar sbo%T*-.U N P 770 ) * 4 1 - . L + , A G 6 & E ; Bx90, BxFc, BxFF, BxFb, Bx/%, Bx9b, Bx9/, Bxc3, Bx0B, BxB1, Bx9F, Bx%b, Bx/#, Bx(F, Bxab, BxF9, GGB Bxca, Bx7%, BxcH, BxF(, Bx/a, Bx3H, Bx1F, Bx/B, Bxa(, Bx(1, Bxa%, Bxa/, BxHc, Bxa1, BxF%, BxcB, GG1

BxbF, Bx/(, BxH0, Bx%9, Bx09, Bx0/, Bx/F, Bxcc, Bx01, Bxa3, Bx#3, Bx/1, BxF1, Bx(7, Bx01, Bx13, GG% BxB1, BxcF, Bx%0, Bxc0, Bx17, BxH9, BxB3, BxHa, BxBF, Bx1%, Bx7B, Bx#%, Bx#b, Bx%F, Bxb%, BxF3, GG0 BxBH, Bx70, Bx%c, Bx1a, Bx1b, Bx9#, Bx3a, BxaB, Bx3%, Bx0b, Bx(9, Bxb0, Bx%H, Bx#0, Bx%/, Bx71, GG1 Bx30, Bx(1, BxBB, Bx#(, Bx%B, Bx/c, Bxb1, Bx3b, Bx9a, Bxcb, Bxb#, Bx0H, Bx1a, Bx1c, Bx37, Bxc/, GG3 Bx(B, Bx#/, Bxaa, Bx/b, Bx10, Bx1(, Bx00, Bx73, Bx13, Bx/H, BxB%, BxF/, Bx3B, Bx0c, BxH/, Bxa7, GG9 Bx31, Bxa0, Bx1B, Bx7/, BxH%, BxH(, Bx07, Bx/3, Bxbc, Bxb9, Bx(a, Bx%1, Bx1B, Bx//, Bx/0, Bx(%, GGF Bxc(, BxBc, Bx10, Bx#c, Bx3/, BxHF, Bx11, Bx1F, Bxc1, BxaF, BxF#, Bx0(, Bx91, Bx3(, Bx1H, BxF0, GG7 Bx9B, Bx71, Bx1/, Bx(c, Bx%%, Bx%a, BxHB, Bx77, Bx19, Bx##, Bxb7, Bx11, Bx(#, Bx3#, BxBb, Bx(b, GGH Bx#B, Bx0%, Bx0a, BxBa, Bx1H, BxB9, Bx%1, Bx3c, Bxc%, Bx(0, Bxac, Bx9%, BxH1, BxH3, Bx#1, BxFH, GGA Bx#F, Bxc7, Bx0F, Bx9(, Bx7(, Bx(3, Bx1#, BxaH, Bx9c, Bx39, Bx/1, Bx#a, Bx93, BxFa, Bxa#, BxB7, GG4 Bxba, BxF7, Bx%3, Bx%#, Bx1c, Bxa9, Bxb1, Bxc9, Bx#7, Bx((, BxF1, Bx1/, Bx1b, Bxb(, Bx7b, Bx7a, GGC BxFB, Bx0#, Bxb3, Bx99, Bx17, BxB0, Bx/9, BxB#, Bx91, Bx03, Bx3F, BxbH, Bx79, Bxc1, Bx1(, BxH#, GGD Bx#1, Bx/7, BxH7, Bx11, Bx9H, Bx(H, Bx7#, BxH1, BxHb, Bx1#, Bx7F, Bx#H, Bxc#, Bx33, Bx%7, Bx(/, GGE Bx7c, Bxa1, Bx7H, BxB(, Bxb/, Bx#9, Bx1%, Bx97, Bx11, BxHH, Bx%(, BxB/, BxbB, Bx31, Bxbb, Bx19 GGF E@ unsigned c ar rsbo%T*-.U N ? Bx3%, BxBH, Bx9a, Bx(3, Bx0B, Bx09, Bxa3, Bx07, Bxb/, Bx1B, Bxa0, BxH#, Bx71, Bx/0, Bx(F, Bx/b

, BxFc, Bx#0, Bx0H, Bx7%, BxHb, Bx%/, Bx//, Bx7F, Bx01, Bx7#, Bx10, Bx11, Bxc1, Bx(#, Bx#H, Bxcb , Bx31, BxFb, BxH1, Bx0%, Bxa9, Bxc%, Bx%0, Bx0(, Bx##, Bx1c, BxH3, BxBb, Bx1%, Bx/a, Bxc0, Bx1# , BxB7, Bx%#, Bxa1, Bx99, Bx%7, Bx(H, Bx%1, Bxb%, BxF9, Bx3b, Bxa%, Bx1H, Bx9(, Bx7b, Bx(1, Bx%3 , BxF%, Bx/7, Bx/9, Bx91, Bx79, Bx97, BxH7, Bx19, Bx(1, Bxa1, Bx3c, Bxcc, Bx3(, Bx93, Bxb9, BxH% , Bx9c, BxFB, Bx17, Bx3B, Bx/(, Bx#(, BxbH, Bx(a, Bx3#, Bx13, Bx19, Bx3F, BxaF, Bx7(, BxH(, Bx71 , BxHB, Bx(7, Bxab, BxBB, Bx7c, Bxbc, Bx(0, BxBa, Bx/F, Bx#1, Bx37, BxB3, Bxb7, Bxb0, Bx13, BxB9 , Bx(B, Bx%c, Bx1#, Bx7/, Bxca, Bx0/, BxB/, BxB%, Bxc1, Bxa/, Bxb(, BxB0, BxB1, Bx10, Bx7a, Bx9b , Bx0a, BxH1, Bx11, Bx11, Bx1/, Bx9F, Bx(c, Bx#a, BxHF, Bx/%, Bxc/, Bxc#, Bx/B, Bxb1, Bx#9, BxF0 , BxH9, Bxac, BxF1, Bx%%, Bx#F, Bxa(, Bx03, Bx73, Bx#%, Bx/H, Bx0F, Bx#7, Bx1c, BxF3, Bx(/, Bx9# , Bx1F, Bx/1, Bx1a, BxF1, Bx1(, Bx%H, Bxc3, Bx7H, Bx9/, BxbF, Bx9%, BxB#, Bxaa, Bx17, Bxb#, Bx1b , Bx/c, Bx39, Bx0#, Bx1b, Bxc9, Bx(%, BxFH, Bx%B, BxHa, Bx(b, BxcB, Bx/#, BxF7, Bxc(, Bx3a, Bx/1 , Bx1/, Bx((, Bxa7, Bx00, Bx77, BxBF, BxcF, Bx01, Bxb1, Bx1%, Bx1B, Bx3H, Bx%F, Bx7B, Bx#c, Bx3/ , Bx9B, Bx31, BxF/, BxaH, Bx1H, Bxb3, Bx1a, BxB(, Bx%(, Bx#3, BxFa, BxH/, BxH0, BxcH, BxHc, Bx#/ , BxaB, Bx#B, Bx0b, Bx1(, Bxa#, Bx%a, Bx/3, BxbB, Bxc7, Bx#b, Bxbb, Bx0c, Bx70, Bx30, BxHH, Bx91 , Bx1F, Bx%b, BxB1, BxF#, Bxba, BxFF, Bx(9, Bx%9, Bx#1, Bx9H, Bx11, Bx90, Bx33, Bx%1, BxBc, BxF( E@ unsigned c ar getSGo%(alue(unsigned c ar num) P return sbo%TnumU?

Q unsigned c ar getSGo%"nvert(unsigned c ar num) P return rsbo%TnumU? Q O ,mplementation: otate ;rom t e t eoretical part, "t is known already t at Rotate takes a word (a 15byte array) and rotates it + bit to t e left. Since + bit correspond to one byte and our array type is c aracter (w ose si$e is one byte), rotating + bit to t e left corresponds to s ifting cyclically t e array values one to t e left. H#r#Is t+# c&(# /&r t+# R&tat# /) cti& BB void rotate(unsigned c ar Vword) P unsigned c ar c? int i? c N wordT0U? for (i N 0? i W 4? iSS) wordTiU N wordTiS)U? wordT4U N c? Q O ,mplementation: con ) si! #( c+ar Rc& A%33C D ? 0%+d, 0%0), 0%0*, 0%01, 0%0+, 0%)0, 0%*0, 0%10, 0%+0, 0%)b, 0%4., 0%.c, 0%d+, 0%ab, 0%1d, 0%,a, 0%*f, 0%-e, 0%bc, 0%.4, 0%c., 0%,L, 0%4-, 0%.a, 0%d1, 0%b4, 0%Ld, 0%fa, 0%ef, 0%c-, 0%,), 0%4,, 0%L*, 0%e1, 0%d4, 0%bd, 0%.), 0%c*, 0%,f, 0%*-, 0%1a, 0%,1, 0%44, 0%.., 0%cc, 0%+4, 0%)d, 0%4a, 0%L1, 0%e+, 0%cb, 0%+d, 0%0), 0%0*, 0%01, 0%0+, 0%)0, 0%*0, 0%10, 0%+0, 0%)b, 0%4., 0%.c, 0%d+, 0%ab, 0%1d, 0%,a, 0%*f, 0%-e, 0%bc, 0%.4, 0%c., 0%,L, 0%4-, 0%.a, 0%d1, 0%b4, 0%Ld, 0%fa, 0%ef, 0%c-, 0%,), 0%4,, 0%L*, 0%e1, 0%d4, 0%bd, 0%.), 0%c*, 0%,f, 0%*-, 0%1a, 0%,1, 0%44, 0%.., 0%cc, 0%+4, 0%)d, 0%4a, 0%L1, 0%e+, 0%cb, 0%+d, 0%0), 0%0*, 0%01, 0%0+, 0%)0, 0%*0, 0%10, 0%+0, 0%)b, 0%4., 0%.c, 0%d+, 0%ab, 0%1d, 0%,a, 0%*f, 0%-e, 0%bc, 0%.4, 0%c., 0%,L, 0%4-, 0%.a, 0%d1, 0%b4, 0%Ld, 0%fa, 0%ef, 0%c-, 0%,), 0%4,, 0%L*, 0%e1, 0%d4, 0%bd, 0%.), 0%c*, 0%,f, 0%*-, 0%1a,

0%,1, 0%44, 0%.., 0%cc, 0%+4, 0%)d, 0%4a, 0%L1, 0%e+, 0%cb, 0%+d, 0%0), 0%0*, 0%01, 0%0+, 0%)0, 0%*0, 0%10, 0%+0, 0%)b, 0%4., 0%.c, 0%d+, 0%ab, 0%1d, 0%,a, 0%*f, 0%-e, 0%bc, 0%.4, 0%c., 0%,L, 0%4-, 0%.a, 0%d1, 0%b4, 0%Ld, 0%fa, 0%ef, 0%c-, 0%,), 0%4,, 0%L*, 0%e1, 0%d4, 0%bd, 0%.), 0%c*, 0%,f, 0%*-, 0%1a, 0%,1, 0%44, 0%.., 0%cc, 0%+4, 0%)d, 0%4a, 0%L1, 0%e+, 0%cb, 0%+d, 0%0), 0%0*, 0%01, 0%0+, 0%)0, 0%*0, 0%10, 0%+0, 0%)b, 0%4., 0%.c, 0%d+, 0%ab, 0%1d, 0%,a, 0%*f, 0%-e, 0%bc, 0%.4, 0%c., 0%,L, 0%4-, 0%.a, 0%d1, 0%b4, 0%Ld, 0%fa, 0%ef, 0%c-, 0%,), 0%4,, 0%L*, 0%e1, 0%d4, 0%bd, 0%.), 0%c*, 0%,f, 0%*-, 0%1a, 0%,1, 0%44, 0%.., 0%cc, 0%+4, 0%)d, 0%4a, 0%L1, 0%e+, 0%cb Q? unsigned c ar getRcon(alue(unsigned c ar num) P return RconTnumU? Q O ,mplementation: Key Schedule $ore 6ode applies t e operations one after t e ot er on t e 15byte word. # e parameters are t e 15byte word and t e iteration counter, on w ic Rc& depends. void core(unsigned c ar Vword, int iteration) P int i? 7V rotate t e 4*5bit word + bits to t e left V7 rotate(word)? 7V apply S5Go% substitution on all 1 parts of t e 4*5bit word V7 for (i N 0? i W 1? SSi) P wordTiU N getSGo%(alue(wordTiU)? Q 7V M8R t e output of t e rcon operation wit i to t e first part (leftmost) only V7 wordT0U N wordT0UYgetRcon(alue(iteration)? Q O ,mplementation: Key E#pansion enum keySi$e P S"ZE[). N ).,

S"ZE[*1 N *1, S"ZE[4* N 4* Q? 8ur key e%pansion function basically needs only two t ingsB O t e input cip er key O t e output e%panded key Since in 6, it is not possible to know t e si$e of an array passed as pointer to a function, t e cip er key si$e (of type Kenum key Si$eK) is added and t e e%panded key si$e (of type si$e[t) to t e parameter list of our function. # e prototype looks like t e followingB -&i( #x'a (K#":) si! #( c+ar J#x'a (#(K#", ) si! #( c+ar J.#", # )$ .#"SiK#, siK#Lt #x'a (#(K#"SiK#<@ T+# .#"#x'a si& /) cti& is s+&2 b#*&28 void e%pandJey(unsigned c ar Ve%pandedJey, unsigned c ar Vkey, enum keySi$e si$e, si$e[t e%pandedJeySi$e) P 7V current e%panded keySi$e, in bytes V7 int currentSi$e N 0? int rcon"teration N )? int i? unsigned c ar tT1U N P0Q? 77 temporary 15byte variable 7V set t e ).,*1,4* bytes of t e e%panded key to t e input key V7 for (i N 0? i W si$e? iSS) e%pandedJeyTiU N keyTiU? currentSi$e SN si$e? w ile (currentSi$e W e%pandedJeySi$e) P 7V assign t e previous 1 bytes to t e temporary value t V7 for (i N 0? i W 1? iSS) P tTiU N e%pandedJeyT(currentSi$e 5 1) S iU? Q

7V every ).,*1,4* bytes we apply t e core sc edule to t V and increment rcon"teration afterwards V7 if(currentSi$e X si$e NN 0) P core(t, rcon"terationSS)? Q 7V ;or *-.5bit keys, we add an e%tra sbo% to t e calculation V7 if(si$e NN S"ZE[4* \\ ((currentSi$e X si$e) NN ).)) P for(i N 0? i W 1? iSS) tTiU N getSGo%(alue(tTiU)? Q 7V Ae M8R t wit t e four5byte block ).,*1,4* bytes before t e new e%panded key. V # is becomes t e ne%t four bytes in t e e%panded key. V7 for(i N 0? i W 1? iSS) P e%pandedJeyTcurrentSi$eU N e%pandedJeyTcurrentSi$e 5 si$eU Y tTiU? currentSi$eSS? Q Q Q As it can be seen,no inner loops ave been used to repeat an operation, t e only inner loops are to iterate over t e 1 parts of t e temporary array t. # e modulo operator ave been used to c eck to apply t e operationB O if$currentSi%e & si%e '' ()B w enever we ave ave created n bytes of e%pandedJey (w ere n is t e cip erkey si$e), we run t e key e%pansion core once O if$si%e '' SI*+,-. // $$currentSi%e & si%e) '' 01))B if we are e%panding an 4*5bit cip erkey and if we ave already generated ). bytes (as " e%plained above, in t e 4*5bit version we run t e first loop only 4 times, w ic generates )* bytes S t e 1 bytes from t e core), we add one additional S5Go% substitution O ,mplementation: -sing the Key E#pansion

H#r# ar# s#-#ra* t#st r#s)*ts8 # e Jey E%pansion of an )*+5bit key consisting of null c aracters (like t e e%ample above)B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 ,b ,+ ,+ c, f, fb fb aa ,b ,+ ,+ c, f, fb fb aa ,0 ,L 41 -0 ., .c cf fa f* f1 -L 44 0b 0f ac ,, ee 0. da Lb +L .a )- +) L- ,e 1* b* Le ,) ee *b Lf *e *b ++ f+ 11 4e 0, +d da Lc bb f4 1b ,* ,0 ec .) 1b +- )1 *- L- +c ,, ff 0, 4L .a b1 ,b aL *) L- )L +L 4- -0 .* 0b ac af .b 4c c. )b f0 ,b 0e f, 04 44 4b a, .) 4+ ,L 0. 0a 01 -) )d fa ,f b) d1 d+ e* +a Ld b, da )d Lb b4 de 1c .. 1, 1) b1 ef -b cb 4e ,* e* )) *4 e, -) cf .f +f )+ +e T+# K#" Ex'a si& &/ a 1H%;bit .#" c& sisti ! &/ )** c+aract#rsB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 ,b ,+ ,+ c, f, fb fb aa ,b ,+ ,+ c, f, fb fb aa ,b ,+ ,+ c, f, fb fb aa ,0 ,L 41 -0 ., .c cf fa f* f1 -L 44 0b 0f ac ,, ,0 ,L 41 -0 ., .c cf fa c+ )d ), a, a) L) d. -4 -4 +- +) .0 -+ +a *d f, c+ )d ), a, a) L) d. -4 Lb eb f1 ,b da ,a ** c+ +, )f a4 a+ d) ,- +e -) ), ++ ,L f+ b+ f, 1) ab c* .+ ,. fL )+ f* b1 4f ,) ed )L ,L 10 L+ ,, c. -, f0 0e 4e e) 0, 1f ,- +4 ec bc 0f ,b )e 0+ 40 0a f4 )f aL 1a +b +. .) )4 Lb ++ -f f* L* cL ca 14 *a c+ +. d+ 41 c0 b. d* cL df )) ,+ 1c -, L0 T+# K#" Ex'a si& &/ a %39;bit .#" c& sisti ! &/ )** c+aract#rsB 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 .* .4 .4 .4 aa fb fb fb aa fb fb fb aa fb fb fb aa fb fb fb .f .c .c cf 0d 0f 0f ac .f .c .c cf 0d 0f 0f ac

Ld +d +d .a dL L. L. ,) Ld +d +d .a dL L. L. ,) -4 -1 ed c) -e -b e* .d 4) 4L +e a* 4c 4+ +) 0e ,. +a +) c) 1) fc fL -0 4c L) La 4a eb 0L 0c ab ,e aa +f *+ c0 f) .d 1- f) c. e4 eL cd fe .* e, *b 4) *b df .a cd dc +f -. bc a. b- bd bb aa )e .1 0. fd -* a1 fL ,0 )L -- 4) L4 f0 ,+ cf )) ), .d bb a, 0b 0L L. L- +1 -) ca d4 4) ec L) L, *f eL b0 e+ ,c 14 1L L+ +b ). L. 0b Lb +e b, )a .* L1 ed 0b a) L4 ,b Le *- ** -) ad )1 ce *0 d1 4b )0 f+ 0a )L -4 bf L* ,c 1- c, L, eL cb L0 .4 +,mplementation: AES Encryption #o implement t e AES encryption algorit m, we proceed e%actly t e same way as for t e key e%pansion, t at is, we first implement t e basic elper functions and t en move up to t e main loop. # e functions take as parameter a state, w ic is, as already e%plained, a rectangular 1%1 array of bytes. Ae wonHt consider t e state as a *5dimensional array, but as a )5dimensional array of lengt ).. O I$'*#$# tati& 8 s)b4"t#s "tHs a simple substitution wit t e S5Go% valueB void subGytes(unsigned c ar Vstate) P int i? 7V substitute all t e values from t e state wit t e value in t e SGo% V using t e state value as inde% for t e SGo% V7 for (i N 0? i W ).? iSS) stateTiU N getSGo%(alue(stateTiU)? Q O I$'*#$# tati& 8 s+i/tR&2s # is function was split into two parts. # e s+i/tR&2s function iterates over all t e rows and t en call s+i/tR&2 wit t e correct offset. S+i/tR&2 s ifts a 15byte array by t e given offset. void s iftRows(unsigned c ar Vstate) P int i?

7V iterate over t e 1 rows and call s iftRow() wit t at row V7 for (i N 0? i W 1? iSS) s iftRow(stateSiV1, i)? Q void s iftRow(unsigned c ar Vstate, unsigned c ar nbr) P int i, j? unsigned c ar tmp? 7V eac iteration s ifts t e row to t e left by ) V7 for (i N 0? i W nbr? iSS) P tmp N stateT0U? for (j N 0? j W 4? jSS) stateTjU N stateTjS)U? stateT4U N tmp? Q Q O I$'*#$# tati& 8 a((R&) (K#" # is is t e part t at involves t e roundJey we generate during eac iteration. Ae simply M8R eac byte of t e key to t e respective byte of t e state. void addRoundJey(unsigned c ar Vstate, unsigned c ar VroundJey) P int i? for (i N 0? i W ).? iSS) stateTiU N stateTiU Y roundJeyTiU ? Q O I$'*#$# tati& 8 $ixC&*)$ s MixC&*)$ s involved t e !a*&is addition and multiplication and processes columns instead of rows. ;irst of all, a function was needed t at multiplies two number in t e galois field. unsigned c ar galois[multiplication(unsigned c ar a, unsigned c ar b) P unsigned c ar p N 0? unsigned c ar counter?

unsigned c ar i[bit[set? for(counter N 0? counter W +? counterSS) P if((b \ )) NN )) p YN a? i[bit[set N (a \ 0%+0)? a WWN )? if( i[bit[set NN 0%+0) a YN 0%)b? b ]]N )? Q return p? Q Spliting t e function in * parts, t e first one would generate a column And t en call mi%6olumn, w ic would t en apply t e matri% multiplication. void mi%6olumns(unsigned c ar Vstate) P int i, j? unsigned c ar columnT1U? 7V iterate over t e 1 columns V7 for (i N 0? i W 1? iSS) P 7V construct one column by iterating over t e 1 rows V7 for (j N 0? j W 1? jSS) P columnTjU N stateT(jV1)SiU? Q 7V apply t e mi%6olumn on one column V7 mi%6olumn(column)? 7V put t e values back into t e state V7 for (j N 0? j W 1? jSS) P stateT(jV1)SiU N columnTjU? Q Q

Q # e mi%6olumn is simply a <alois multiplication of t e column wit t e 1%1 @atri% provided in t e t eory. Since an addition corresponds to a M8R operation and we already ave t e multiplication function, t e implementation isB void mi%6olumn(unsigned c ar Vcolumn) P unsigned c ar cpyT1U? int i? for(i N 0? i W 1? iSS) P cpyTiU N columnTiU? Q columnT0U N galois[multiplication(cpyT0U,*) Y galois[multiplication(cpyT4U,)) Y galois[multiplication(cpyT*U,)) Y galois[multiplication(cpyT)U,4)? columnT)U N galois[multiplication(cpyT)U,*) Y galois[multiplication(cpyT0U,)) Y galois[multiplication(cpyT4U,)) Y galois[multiplication(cpyT*U,4)? columnT*U N galois[multiplication(cpyT*U,*) Y galois[multiplication(cpyT)U,)) Y galois[multiplication(cpyT0U,)) Y galois[multiplication(cpyT4U,4)? columnT4U N galois[multiplication(cpyT4U,*) Y galois[multiplication(cpyT*U,)) Y galois[multiplication(cpyT)U,)) Y galois[multiplication(cpyT0U,4)? Q O I$'*#$# tati& 8 AES r&) ( 8ne AES round applies all four operations on t e state consecutively. void aes[round(unsigned c ar Vstate, unsigned c ar VroundJey) P subGytes(state)?

s iftRows(state)? mi%6olumns(state)? addRoundJey(state, roundJey)? Q O I$'*#$# tati& 8 t+# $ai AES b&(" !ow t at we ave all t e small functions, we ave taken t e state, t e e%pandedJey and t e number of rounds as parameters and t en called t e operations one after t e ot er. A little function called cr#at#R&) (K#":< was used to copy t e ne%t ). bytes from t e e%pandedJey into t e r&) (K#", using t e special mapping order. (oid createRoundJey(unsigned c ar Ve%pandedJey, unsigned c ar Vr&) (K#") P int i,j? 7V iterate over t e columns V7 for (i N 0? i W 1? iSS) P 7V iterate over t e rows V7 for (j N 0? j W 1? jSS) roundJeyT(iS(jV1))U N e%pandedJeyT(iV1)SjU? Q Q void aes[main(unsigned c ar Vstate, unsigned c ar Ve%pandedJey, int nbrRounds) P int i N 0? unsigned c ar roundJeyT).U? createRoundJey(e%pandedJey, roundJey)? addRoundJey(state, roundJey)? for (i N )? i W nbrRounds? iSS) P createRoundJey(e%pandedJey S ).Vi, roundJey)? aes[round(state, roundJey)? Q createRoundJey(e%pandedJey S ).VnbrRounds, roundJey)? subGytes(state)? s iftRows(state)?

addRoundJey(state, roundJey)? Q O I$'*#$# tati& 8 AES # cr"'ti& 8ur parameters are t e input plainte%t, t e key of si$e key Si$e and t e output. ;irst, we ave calculated t e number of rounds based on t ey key Si$e and t en t e e%pandedJeySi$e based on t e number of rounds. # en we ave to map t e ). byte input plainte%t in t e correct order to t e 1%1 byte state, e%pand t e key using our key sc edule, encrypt t e state using our main AES body and finally unmap t e state again in t e correct order to get t e ). byte output cip erte%t. c ar aes[encrypt(unsigned c ar Vinput, unsigned c ar Voutput, unsigned c ar Vkey, enum keySi$e si$e) P 7V t e e%panded keySi$e V7 int e%pandedJeySi$e? 7V t e number of rounds V7 int nbrRounds? 7V t e e%panded key V7 unsigned c ar Ve%pandedJey? 7V t e )*+ bit block to encode V7 unsigned c ar blockT).U? int i,j? 7V set t e number of rounds V7 switc (si$e) P case S"ZE[).B nbrRounds N )0? break? case S"ZE[*1B nbrRounds N )*? break? case S"ZE[4*B nbrRounds N )1?

break? defaultB return I!J!8A![JE:S"ZE? break? Q

%.9 DECRYPTION
# e cip er te%t of )*+ bits and t e same key of )*+ bits will be given as t e input to t e decryption block. # e encrypted data will be decrypted and t e original plain message will be ac ieved as t e output of t e decryption block. # e 6ip er transformations can be inverted and t en implemented in reverse order to produce a straig tforward "nverse 6ip er for t e AES algorit m. # e individual transformations used in t e "nverse 6ip er were listed as follows. "nvS iftRows "nvSubGytes "nv@i%6olumns AddRoundJey 2ere also )0 rounds will be carried out and t e only difference in t e decryption block wit respect to t e algorit m flow is t at t e result of t e JeyE%pansion of eac round will also be given to t e @i%6oulmns operation after w ic t e AddRoundJey transformation s ould be carried out. ,nv"i#$olumns 'state ./ ,nv"i#$olumns ' ound Key) # e above e/uation represents t e basic difference in t e process of t e AES Encryption and &ecryption algorit m. Gasically, we ave inversed t e w ole encryption and applied all t e operations backwards. As t e key sc edule stays t e same, t e only operations we need to implement are t e inversed s)b4"t#s, s+i/tR&2s a ( $ixC&*)$ s, w ile a((R&) (K#" stays t e same. void invSubGytes(unsigned c ar Vstate) P int i? 7V substitute all t e values from t e state wit t e value in t e SGo% V using t e state value as inde% for t e SGo% ound Key) 0 ,nv"i#$olumns 'state) ./

V7 for (i N 0? i W ).? iSS) stateTiU N getSGo%"nvert(stateTiU)? Q void invS iftRows(unsigned c ar Vstate) P int i? 7V iterate over t e 1 rows and call invS iftRow() wit t at row V7 for (i N 0? i W 1? iSS) invS iftRow(stateSiV1, i)? Q void invS iftRow(unsigned c ar Vstate, unsigned c ar nbr) P int i, j? unsigned c ar tmp? 7V eac iteration s ifts t e row to t e rig t by ) V7 for (i N 0? i W nbr? iSS) P tmp N stateT4U? for (j N 4? j ] 0? j55) stateTjU N stateTj5)U? stateT0U N tmp? Q Q Rotation t is time was done to t e rig t and t at we used t e inversed S5Go% for t e substitution. As for t e inversed mi%6olumns operation, t e only difference was t e multiplication matri%, w ic is t e followingB )1 )) )4 , , )1 )) )4 )4 , )1 )) )) )4 , )1 void inv@i%6olumns(unsigned c ar Vstate) P int i, j?

unsigned c ar columnT1U? 7V iterate over t e 1 columns V7 for (i N 0? i W 1? iSS) P 7V construct one column by iterating over t e 1 rows V7 for (j N 0? j W 1? jSS) P columnTjU N stateT(jV1)SiU? Q 7V apply t e inv@i%6olumn on one column V7 inv@i%6olumn(column)? 7V put t e values back into t e state V7 for (j N 0? j W 1? jSS) P stateT(jV1)SiU N columnTjU? Q Q Q void inv@i%6olumn(unsigned c ar Vcolumn) P unsigned c ar cpyT1U? int i? for(i N 0? i W 1? iSS) P cpyTiU N columnTiU? Q columnT0U N galois[multiplication(cpyT0U,)1) Y galois[multiplication(cpyT4U,,) Y galois[multiplication(cpyT*U,)4) Y galois[multiplication(cpyT)U,)))? columnT)U N galois[multiplication(cpyT)U,)1) Y galois[multiplication(cpyT0U,,) Y galois[multiplication(cpyT4U,)4) Y galois[multiplication(cpyT*U,)))?

columnT*U N galois[multiplication(cpyT*U,)1) Y galois[multiplication(cpyT)U,,) Y galois[multiplication(cpyT0U,)4) Y galois[multiplication(cpyT4U,)))? columnT4U N galois[multiplication(cpyT4U,)1) Y galois[multiplication(cpyT*U,,) Y galois[multiplication(cpyT)U,)4) Y galois[multiplication(cpyT0U,)))? Q O # i -#rs#( AES r&) ( b#c&$#s8 void aes[invRound(unsigned c ar Vstate, unsigned c ar VroundJey) P invS iftRows(state)? invSubGytes(state)? addRoundJey(state, roundJey)? inv@i%6olumns(state)? Q W# +a-# )s#( &)r #x'a (#( .#" bac.2ar(s, starti ! 2it+ t+# *ast 19 b"t#s a ( t+# $&-i ! t&2ar(s t+# start8 void aes[inv@ain(unsigned c ar Vstate, unsigned c ar Ve%pandedJey, int nbrRounds) P int i N 0? unsigned c ar roundJeyT).U? createRoundJey(e%pandedJey S ).VnbrRounds, roundJey)? addRoundJey(state, roundJey)? for (i N nbrRounds5)? i ] 0? i55) P createRoundJey(e%pandedJey S ).Vi, roundJey)? aes[invRound(state, roundJey)? Q createRoundJey(e%pandedJey, roundJey)? invS iftRows(state)? invSubGytes(state)? addRoundJey(state, roundJey)?

Q T+is 2as t+# # ( &/ t+# A(-a c#( E cr"'ti& Sta (ar( I$'*#$# tati& , r#a(" t& # cr"'tG(#cr"'t $#ssa!#s &/ a " siK#. @odifications "n order to en ance t e security and reliability of AES, we bring in t ree c anges. "n eac iterative round, apart from t e usual four above mentioned operations, we also include two new operationsB # e Arit metic 8perator and # e Route 6ip er. Ae also modify t e key sc edule so as to increase t e number of t e AES encryption rounds. ;or e%ample, for ). byte key, we generate 44. bit key instead of t e usual )L. bit key. Gy t is process, we are able to successfully process *0S) rounds instead of t e previous )0S) rounds for t e ). byte key. 3ets ave a look at t e modifications and t ere implications. Arit metic 8peration "n t is operation, eac element of t e state is arit metically added by a number depending on t eir row number. # e )st row is added to ). # e *nd row is added to *. # e 4rd row is added to 4. # e 1t row is added to 1. #o retain t e symmetric nature of AES, during decryption we ave inversed t e process by subtracting t e corresponding same numbers. # e )st row is added to ). # e *nd row is added to *. # e 4rd row is added to 4. # e 1t row is added to 1. 6ode void adds(unsigned c ar Vstate) P int i? for (i N 0? i W 1? iSS) add(stateSiV1, i)? Q void add(unsigned c ar Vstate, unsigned c ar nbr) P

int i, j? for (i N 0? i W nbr? iSS) P for (j N 0? j W1? jSS) stateTjU N stateTjUS)? Q Route cip er "n a route cip er, t e plainte%t was first written out in a grid of given dimensions, and t en read off in a pattern given in t e key. ;or e%ample, using t e same plainte%tB AR"8R;E8E EES(E3A!' A&6E&E#6M # at would give a cip er te%t ofB E'M6#E&E6&AEAR"8R;E8!A3E(SE 6ode void illcip er(unsigned c ar Vstate) P int a? unsigned c ar temp*T).U? for(aN0?aW).?aSS) temp*TaU NstateTaU? stateT,UNtemp*T0U? stateT)0UNtemp*T)U? stateT))UNtemp*T*U? stateT0UNtemp*T4U? stateT+UNtemp*T1U? stateT)-UNtemp*T-U? stateT)*UNtemp*T.U? stateT)UNtemp*TLU? stateTLUNtemp*T+U? stateT)1UNtemp*T,U? stateT)4UNtemp*T)0U? stateT*UNtemp*T))U?

stateT.UNtemp*T)*U? stateT-UNtemp*T)4U? stateT1UNtemp*T)1U? stateT4UNtemp*T)-U? Q &uring &ecryption we ave to just reverse t e process, replacing t e elements in t eir original positions. !ow, we include bot t ese new functions in eac of our iterative rounds. E%tending t e Jey Sc edule Ae ave also e%tended t e key sc edule. Ae ave followed t e key sc edule process but we avenDt stopped at t e earlier specifications, rat er we continued doing so in order to enable more computing iterative rounds, giving t e attacker an even toug er code to break. ;or e%ample, for ). byte null key, we generate t e following 44. bit e%tended key w ic facilitates t e proper operation of *0S) rounds, i.e. double t e number of rounds earlier.

%.9.1 AES IN5ERSE CIPHER FUNCTIONS # e AES "nverse 6ip er ;unction as t e same set of transformations as in t e encryption but in t e inverse form, t at is, t e predefined values w ic used for t e eac transformation will be different. "n t is section we can discuss about eac transformations in detail. %.9.1.1 I -S)b4"t#s Tra s/&r$ati& "nvSubGytes is t e inverse of t e byte substitution transformation, in w ic t e inverse S5Go% is applied to eac byte of t e State. # e inverse S5Go% is present in t e Appendi%5) for t e reference. # e transformation of t is process will be carried out in t e similar way as in t e SubGytes in t e encryption suc as t e substitution value would be determined by t e intersection of t e row and t e column. ;or e%ample, if S),) N P-4Q, t en t e substitution value would be determined by t e intersection of t e row wit inde% R-D and t e column wit inde% R4D. # is would result in S),) aving a value of P-0Q. # ese values can be referred in t e S5Go% present in t e Appendi%5). %.9.1.% I -S+i/tR&2s Tra s/&r$ati&

# e "nvS iftRows is t e inverse of t e S iftRows transformation. # e bytes in t e last t ree rows of t e State are cyclically s ifted over different numbers of bytes (offsets). # e first row, r N 0, is not s ifted. # e bottom t ree rows are cyclically s ifted by Nb 5 shift(r,N ) bytes, w ere t e s ift value shift$r!N ) depends on t e row number. Specifically, t e "nvS iftRows transformation proceeds as follows.

Fi!)r# %.F I -S+i/tR&2s O'#rati& &/ t+# Stat# # e illustration figure will gives t e clear view on t is "nvS iftRows transformation. %.9.1.0 I -MixC&*)$ s Tra s/&r$ati& # e "nv@i%6olumns is t e inverse of t e @i%6olumns transformation. "nv@i%6olumns operates on t e State considering column5by5column. # e pre5 defined 1M1 matri% value and t e first column of t e "nvS iftRows state are represented as follows, for t e multiplication.

As a result of t is multiplication, t e four bytes in a column are replaced by t e following.

# us t e 1M1 matri% will be obtained w ic will be given as t e input to t e ne%t transformation. %.9.1.1 I -#rs# &/ t+# A((R&) (K#" Tra s/&r$ati& # e "nverse of t e AddRoundJey is similar to t e AddRoundJey in t e encryption process. Eac element in t e resultant matri% of @i%6olumns and resultant matri% of JeyE%pansion will be M8Red and t e resultant matri% of AddRoundJey will be given as t e input to t e ne%t round. 2ence all t e inverse cip er transformations were discussed above and finally, t e only t ing left to do is putting it all toget er in one inversed main algorit m. Similarly t e forward cip er transformations were combined toget er to form a Round and combining all t e )0 Rounds will constitute a complete AES Encryption and &ecryption algorit m.

%.F SUMMARY
Gasic #erminologies and t e 9arameters used in t is Algorit m ave been discussed at t e earlier section. Gasic introduction and description on t e AES Algorit m and its #op 3evel Glock &iagram was discussed. &iscussed on AES Encryption 9rocess w ic includes AES 6ip er ;unctions and its transformation procedure. Steps involved in t e Jey E%pansion process were given. AES &ecryption 9rocess w ic includes AES "nverse 6ip er ;unctions was e%plained.

CHAPTER 0 AES ALGORITHM IMPLEMENTATION 0.1 INTRODUCTION

# e AES is a block cip er. # is means t at t e number of bytes t at it encrypts is fi%ed. AES can currently encrypt blocks of ). bytes at a time? no ot er block si$es are presently a part of t e AES standard. "f t e bytes being encrypted are larger t an t e specified block t en AES is e%ecuted concurrently. # is also means t at AES as to encrypt a minimum of ). bytes. "f t e plain te%t is smaller t an ). bytes t en it must be padded. Simply said t e block is a reference to t e bytes t at are processed by t e algorit m. # e current condition of t e lock will be defined by t e State. # at is t e block of bytes t at are currently being worked on. # e state starts off being e/ual to t e block, owever it c anges as eac round of t e algorit ms e%ecutes. 9lainly we can say t at t is is t e block in progress. # e Advanced Encryption Standard Algorit m w ic includes bot Encryption and &ecryption are implemented using (2&3 and t eir functionality will be verified in t e @odelSim #ool wit proper test cases.

0.% IMPLEMENTATION REMUIREMENTS

&uring t e implementation, t ere are different parameters are re/uired w ic are discussed as follows. ,nput 1ata 2ength e3uirements An implementation of t e AES algorit m s ould ave t e input data (9lain #e%t) lengt of )*+ bits w ic acts as t e primary input to t e bot Encryption and &ecryption block. Key 2ength e3uirements "n t is AES implementation t e input key c osen to be as )*+ bits from t e various key lengt s available. # is also acts as t e primary input to t e bot Encryption and &ecryption block. Keying estrictions !o weak or semi5weak keys ave been identified for t e AES algorit m and t ere is no restriction on key selection.

4arameteri5ation of Block Si5e and ound Number 2ere since t e input data and t e input key lengt s are )*+ bits, t e block si$e will be of !b N 1 and t e Round !umber will be of !r N )0. # e Round !umber will be taken wit respect to t e AES Algorit m Standard.

0.0 NOTATION AND CON5ENTIONS

# e different notations and conventions were used in t is implementation of AES Algorit m. 6E. 2e%adecimal defines a notation of numbers in base ).. # is simply means t at t e ig est number t at can be represented in a single digit is )-, rat er t an t e usual , in t e decimal (base )0) system. 2ence all t e values were represented in t e 2e%adecimal number system. ,nputs and /utputs # e input and output for t e AES algorit m eac consist of se/uences of )*+ bits (digits wit values of 0 or )). # ese se/uences will sometimes be referred to as blocks and t e number of bits t ey contain will be referred to as t eir lengt . # e 6ip er Jey for t e AES algorit m is a se/uence of )*+ bits. 8t er input and output lengt s are not permitted by t is standard. # e bits wit in suc se/uences will be numbered starting at $ero and ending at one less t an t e se/uence lengt (block lengt or key lengt ). # e number i attac ed to a bit is known as its inde% and will be in one of t e ranges 0 i < 128 depending on t e block lengt and key lengt (specified above). Bytes # e basic unit for processing in t e AES algorit m is a byte, a se/uence of eig t bits treated as a single entity. # e input, output and 6ip er Jey bit se/uences are processed as arrays of bytes t at are formed by dividing t ese se/uences into groups of eig t contiguous bits to form arrays of bytes. ;or an input, output or 6ip er Jey denoted by a, t e bytes in t e resulting array will be referenced using one of t e two forms, =an2 or aTnU, w ere n will be in one of t e following ranges.
Jey lengt N )*+ bits, 0 n W ). Glock lengt N )*+ bits, 0 n W ).

State "nternally, t e AES algorit mDs operations are performed on a two5 dimensional array of bytes called t e State. # e State consists of four rows of bytes, eac containing N bytes, w ere N is t e block lengt divided by 4*. "n t e State array denoted by t e symbol s, eac individual byte as two indices, wit its row number r in t e range 0 ^ r W 1 and its column number c in t e range 0 ^ c W N . # is allows an individual byte of t e State to be referred to as eit er sr,c or sTr,cU. ;or t is standard, N N1, i.e., 0 ^ c W 1. At t e start of t e 6ip er and "nverse 6ip er, t e input (t e array of bytes in0, in), _ in)-) will be copied into t e State array. # e 6ip er or "nverse 6ip er operations are t en conducted on t is State array, after w ic its final value is copied to t e output will be t e array of bytes out0, out), _ out)-.

Fi!)r# 0.1 Stat# Arra" I ')t a ( O)t')t 2ence, at t e beginning of t e 6ip er or "nverse 6ip er, t e input array, in, is copied to t e State array according to t e sc emeB sAr, cC D i Ar N 1cC array out as followsB &)tAr N 1cC D sAr, cC State as an Array of $olumns # e four bytes in eac column of t e State array form 4*5bit words, w ere t e row number r provides an inde% for t e four bytes wit in eac word. # e state can ence be interpreted as a one5dimensional array of 4* bit words (columns), #0...#4, w ere t e column number c provides an inde% into t is array. 2ence t e State can be considered as an array of four words, as followsB !B D sB,B s1,B s%,B s0,B !1 D sB,1 s1,1 s%,1 s0,1 !% D sB,% s1,% s%,% s0,% !0 D sB,0 s1,0 s%,0 s0,0 /&r B O r P 1 a ( B O c P Nb. /&r B O r P 1 a ( B O c P Nb, And at t e end of t e 6ip er and "nverse 6ip er, t e State is copied to t e output

0.1 MATHEMATICAL PRELIMINARIES

All bytes in t e AES algorit m are interpreted as finite field elements t at can be added and multiplied, but t ese operations are different from t ose used for numbers. Addition # e addition of two elements in a finite field is ac ieved by =adding> t e coefficients for t e corresponding powers in t e polynomials for t e two elements. # e addition is performed wit t e M8R operation (denoted by ). ;or e%ample, two e%adecimal numbers ave been taken and t e addition, t at is, M8R operation as performed. P57Q P83Q N Pd4Q "ultiplication # e modular product of a(x) and (x), denoted by a(x) (x), is given by d(x) w ic are given as follow.

# e matri% of 1M1 is taken and is multiplied wit t e single column, t at is, matri% multiplication as to be performed.

# e multiplication of t e above matri% can be performed in t e following manner.

0.3 GENERAL IMPLEMENTATION FLOW

# e generali$ed implementation flow diagram of t e project is represented as follows.

Fi!)r# 0.% G# #ra* I$'*#$# tati& F*&2 Dia!ra$ "nitially t e market researc s ould be carried out w ic covers t e previous version of t e design and t e current re/uirements on t e design. Gased on t is survey, t e specification and t e arc itecture must be identified. # en t e R#3 modeling s ould be carried out in (2&3 wit respect to t e identified arc itecture. 8nce t e R#3 modeling is done, it s ould be simulated and verified for all t e cases. # e functional verification s ould meet t e intended arc itecture and s ould pass all t e test cases. 8nce t e functional verification is clear, t e R#3 model will be taken to t e synt esis process. # ree operations will be carried out in t e synt esis process suc as

 #ranslate @ap 9lace and Route # e developed R#3 model will be translated to t e mat ematical e/uation format w ic will be in t e understandable format of t e tool. # ese translated e/uations will be t en mapped to t e library t at is, mapped to t e ardware. 8nce t e mapping is done, t e gates were placed and routed. Gefore t ese processes, t e constraints can be given in order to optimi$e t e design. ;inally t e G"# @A9 file will be generated t at as t e design information in t e binary format w ic will be dumped in t e ;9<A board.

0.9 IMPLEMENTATION
# e project deals wit bot t e Encryption and &ecryption algorit m and its operation. *2 "odeling # e implementation of t e encryption and decryption s ould be differentiated and t e system must know w ic one it s ould perform. So a signal =Enc[&ec> is declared w ic will represents t e operation of t e system, t at is, system is eit er in encryption or decryption. # e given input data and key will be converted to a State and Aord for t e furt er transformation. ;or accessing t e State, t at is, 1M1 array, two loops ave been used wit t e naming convention of RiD and RjD. KeyE#pansion # e implementation of AES wit t e 6ip er Jey e%pansion, t at is to enlarge our input cip er key, w ose si$e is )*+ bits into a larger key, from w ic different RoundJeys can be derived. # e S5Go% values can eit er be calculated on5t e5fly to save memory or t e pre5calculated values can be stored in an array. # ere are * S5Go%es, one for t e encryption and one for t e decryption w ose values will store t e values in an array. Additionally, instead of accessing t e values immediately from t e program, it got wrap a little function around w ic makes for a more readable code and would allow us to add additional code later on. "n t e

implementation of t e * S5Go%es, itHs only a table5lookup t at returns t e value in t e array w ose inde% is specified as a parameter of t e function. ;rom t e t eoretical part, it is known already t at Rotate takes a word (a 15 byte array) and rotates it + bit to t e left. Since + bit correspond to one byte and t e array type is c aracter (w ose si$e is one byte), rotating + bit to t e left corresponds to s ifting cyclically t e array values one to t e left. # e implementation of Rcon is done wit respect to t e counter. # e counter is set wit respect to round number and t e Rcon value will be calculated by performing t e multiplication operation between t e input value and constant value. # e Jey E%pansion is w ere it all comes toget er. As you can see in t e pretty big list in t e t eory about t e Rijndael Jey E%pansion, we need to apply several operations a number of times, depending on t ey key si$e. JeyE%pansion function basically needs only two t ingsB o "nput cip er key o 8utput e%panded key All t e operations s ould be applied one after t e ot er on t e 15byte word w ic does t e complete operation. # e parameters are t e 15byte word and t e iteration counter, on w ic Rcon depends. 2ence t is JeyE%pansion will be calculated and eac ). bytes will be given to eac Round. AES Encryption #o implement t e AES encryption algorit m, we proceed e%actly t e same way as for t e key e%pansion, t at is, we first implement t e basic elper functions and t en move up to t e main loop. # e functions take as parameter a state, w ic is, as already e%plained, a rectangular 1%1 array of bytes. # e s iftRows function iterates over all t e rows and t en call s iftRow wit t e correct offset. s iftRow does not ing but to s ift a 15byte array by t e given offset. # is is t e part t at involves t e roundJey was generated during eac iteration. 2ere simply M8R eac byte of t e key to t e respective byte of t e state

# e @i%6olumns implementation was carried out by first one would generate a column and t en call mi%6olumn, w ic multiplication. would t en apply t e matri% as to apply all

As you can see in t e t eory, one AES round is t e one w ic

four operations on t e state consecutively. All we ave to do is take t e state, t e E%pandedJey and t e number of rounds as parameters and t en call t e operations one after t e ot er. ;inally, all we ave to do is put it all toget er. 8ur parameters are t e input plainte%t, t e key of si$e keySi$e and t e output. ;irst, we calculate t e number of rounds based on t ey keySi$e and t en t e e%pandedJeySi$e based on t e number of rounds. # en we ave to map t e ). byte input plainte%t in t e correct order to t e 1%1 byte state (as e%plained above), e%pand t e key using our key sc edule, encrypt t e state using our main AES body and finally un5map t e state again in t e correct order in order to get t e ). byte output cip erte%t. AES 1ecryption ;or t e AES &ecryption, t e key sc edule stays t e same, t e only operations we need to implement are t e inversed subGytes, s iftRows and mi%6olumns, w ile addRoundJey stays t e same. As you can see, t ey are nearly identical to t eir encryption e%cept t at t e rotation t is time is to t e rig t and t at we use t e inversed S5Go% for t e substitution. As for t e inversed mi%6olumns operation, t e only difference is t e multiplication matri% is different. ;inally, t e only t ing left to do is putting it all toget er in one inversed main algorit m. 9lease note t at we use our e%panded key backwards, starting wit t e last ). bytes and t en moving towards t e start. # e separate modules were written for t e 3ast Round and ot er Rounds. ;rom first round to nint round t e same module can be instantiated and for t e last round, a separate module was used since it doesnDt @i%6olumns operation. # e functional verification was carried out for all t e test cases and ence t e R#3 modeling is taken to t e synt esis process using t e Milin% tool. ave t e

Synthesis 4rocess # e synt esis process will be carried out by giving t e R#3 model as t e input to t e tool. # is R#3 modeling re/uires (irte%5* board for t e implementation. 2ence t e (irte%5* board is selected and t e w ole process flow will be carried out in t e Milin% tool and finally t e G"# ;"3E is generated w ic is used for dumping on t e board.

0.F SUMMARY
# e implementation re/uirement w ic discussed. <eneral implementation flow of t e design were represented and e%plained in order to understand t e proper flow. "mplementation details ave been discussed w ic includes implementation style of eac process. ;inally t e synt esis process was discussed w ic gives t at in w ic ;9<A family, t e design as been implemented. includes t e primary input and primary output of t e design and t e proper notation and conventions were

CHAPTER 1 RESULTS AND DISCUSSION 1.1 INTRODUCTION

# e AES Encryption and &ecryption algorit m and t e implementation were discussed in t e previous c apters. !ow t is c apter deals wit t e simulation and synt esis results of t e implemented AES algorit m. 2ere @odelsim tool is used in order to simulate t e design and c ecks t e functionality of t e design. 8nce t e functional verification is done, t e design will be taken to t e Milin% tool for Synt esis process and t e netlist generation. # e Appropriate test cases ave been identified in order to test t is modeled AES Encryption and &ecryption algorit m. Gased on t e identified values as t e reference t e plain te%t and t e key of )*+ bits will be given as t e input to t e design and t e obtained cip er te%t s ould matc t e reference result. # is proves t at t e modeled design works properly as per t e algorit m.

1.% SIMULATION RESULTS

# e test benc is developed in order to test t e modeled design. # is developed test benc will automatically force t e inputs, w ic were taken from t e reference, and will make t e operations of algorit m to perform. # e simulated waveforms for t e various cases ave been discussed in t is section. $ASE-7:

Fi!)r# 1.1 Si$)*ati& R#s)*t &/ AES E cr"'ti& a ( D#cr"'ti& /&r S#t;1 I ')ts

# is case deals wit t e bot encryption and decryption for first set of plain te%t and a key of )*+ bits. # e basic and common inputs for bot encryption and decryption stage were clock (clk), c ip enable (ce) and reset (rst). # e reset signal is active ig , t at is, w en t e reset signal is set to ig , t e system will be in reset state and ence all t e values will be R0D. 8nce t e reset signal is set to low, t e system will start its process. # ere is signal =enc[dec> w ic represents t at t e system is in w ic operation eit er in encryption or decryption. A en t is =enc[dec> is set to ig , t e encryption process will be carried out wit t e given inputs and w en t is signal is set to low, t e decryption process will be carried out. # e two inputs named as =data[in> and =key[in> w ic takes t e given plain te%t and t e key. Encryption 2ere t e first sets of inputs are taken from t e reference as follows. "nput N 4* 14 f. a+ ++ -a 40 +d 4) 4) ,+ a* e0 4L 0L 41 6ip er Jey N *b Le )- ). *+ ae d* a. ab fL )- ++ 0, cf 1f 4c # e above inputs were represented in t e e%adecimal format w ic contains ). bytes, t at is, )*+ bits. So w en t e proper inputs were given as t e input to t e system, =din[valid> and =k[en> signals will go ig . # ese signals represents t at t e valid data and t e proper key is given to t e system. 2ence t e output of t e encryption process, t at is, t e cip er te%t for t e given set of inputs is obtained as follows. 6ip er #e%t N 4, *- +1 )d 0* dc 0, fb dc )) +- ,L ), .a 0b 4* 1ecryption # e above cip er te%t, t at is, encrypted data will be given as t e input to t e decryption stage and t e same key s ould be provided. "nput N 4, *- +1 )d 0* dc 0, fb dc )) +- ,L ), .a 0b 4* 6ip er Jey N *b Le )- ). *+ ae d* a. ab fL )- ++ 0, cf 1f 4c 2ere t e =din[valid> signal will goes ig only after t e encryption process. 2ence t e decryption process will be carried out and t e final output, t at is, t e same plain te%t w ic is given as t e input to t e encryption stage will be ac ieved. ;inal 8utput N 4* 14 f. a+ ++ -a 40 +d 4) 4) ,+ a* e0 4L 0L 41 # us t e simulation result w ic is s own in t e figure 1.) gives t e clear view on t e AES operation w ic was e%plained above.

$ASE-8: "n t is case, t e same operation as t e case5) will be carried out wit ot er different sets of inputs. 2ere also bot encryption and decryption process were clearly represented in t e simulation waveform s own in t e figure 1.*.

Fi!)r# 1.% Si$)*ati& R#s)*t &/ AES E cr"'ti& a ( D#cr"'ti& /&r S#t;% I ')ts 2ere t e inputs suc as plain te%t and t e key for t e encryption process were given as follows. 9lain #e%t N 00 )) ** 44 11 -- .. LL ++ ,, aa bb cc dd ee ff Jey N 00 0) 0* 04 01 0- 0. 0L 0+ 0, 0a 0b 0c 0d 0e 0f # e signals s own in t e waveform were represents t e same operation as e%plained in t e case5). 2ence t e plain te%t and key were given as inputs to t e encryption stage and t e cip er te%t will be obtained as output w ic is represented as follows. 6ip er #e%t N ., c1 e0 d+ .a Lb 01 40 d+ cd bL +0 L0 b1 c- -a # e above encrypted data in turn will be given as t e input to t e decryption stage wit t e same key w ic produces t e as plain te%t as t e final output. ;inal 8utput N 00 )) ** 44 11 -- .. LL ++ ,, aa bb cc dd ee ff 2ence t is represents t at t e developed AES Encryption and &ecryption Algorit m works wit different set of inputs. $ASE-9: # is case deals wit t e internal operation of t e AES Encryption process and its results at eac stage w ic as been clearly represented in t e simulation waveform s own in t e figure 1.4.

Fi!)r# 1.0 Si$)*ati& R#s)*t &/ E cr"'ti& 2it+ I t#r a* O'#rati& /&r S#t;1 I ')ts # e AES Encryption algorit m internally performs t e operation suc as substitution, s ifting and mi%ing of columns. As discussed in t e previous c apter, t e operation of eac process will be carried out and ence t e output calculated values will be seen clearly in t e above waveform. So eac round, all t e internal operations will be carried out and finally t e @i%6olumn value and t e key input of eac round will be M8Red. 2ence t e output of t e round will be taken as t e input for t e ne%t round. "n above waveform, all t e internal operation of round5) and round5* were s own. Similarly for all t e rounds, t e same operations will be carried out wit t e evaluated values. 2ence at t e last round, t at is, round5)0 t e final values will be evaluated and t e cip er te%t will be given out. $ASE-(: # e internal operations involved during t e decryption side were clearly s own in t e figure 1.1. # e cip er te%t generated from encryption will be given as input to t e decryption block and t e same kind of operation as in t e encryption process will be carried out wit t e different pre5defined values. "n t e waveform round5) and round5* were s own in w ic its internal operation and t eir results are

s own clearly. # e key will be given as t e inverse of t e generated one from t e encryption process.

Fi!)r# 1.1 Si$)*ati& R#s)*t &/ D#cr"'ti& 2it+ I t#r a* O'#rati& /&r S#t;1 I ')ts ;inally t e last round wit out @i%6olumn operation will be carried out in order to produce t e final output, t at is, plain te%t. $ASE-:: # is case deals wit t e internal operations involved in t e bot encryption and decryption wit ot er set of inputs. # e operation as e%plained in t e case54 and

case51 were same as ere, t e only difference is t at t e input set is modified. 2ere we are c ecking t e operations are carried out properly wit different inputs and t e obtained outputs were matc es wit t e reference values. 2ence t e figure 1.- s ows t e internal operation of t e AES Encryption process and t e figure 1.. s ows t at t e internal operations carried out in t e AES &ecryption process. # e waveform clearly represents t e output values of t e eac stage w ic were fed as input to t e ne%t process.

Fi!)r# 1.3 Si$)*ati& R#s)*t &/ E cr"'ti& 2it+ I t#r a* O'#rati& /&r S#t;% I ')ts

Fi!)r# 1.9 Si$)*ati& R#s)*t &/ D#cr"'ti& 2it+ I t#r a* O'#rati& /&r S#t;% I ')ts $ASE-;: "n t is case, t e first set of inputs is taken and t e w ole )0 rounds ave been carried out.

Fi!)r# 1.F Si$)*ati& R#s)*t &/ E cr"'ti& /&r S#t;1 I ')ts ;igure 1.L clearly represents all t e rounds and inputs and outputs of eac round. # us t e data at t e every round output will be acting as t e input to t e ne%t round. # ese values can be cross verified wit t e reference values.

Fi!)r# 1.7 Si$)*ati& R#s)*t &/ D#cr"'ti& /&r S#t;1 I ')ts $ase-<: "n t is case, t e inputs and outputs of eac round for t e ot er set of inputs were clearly represented in t e figure 1., and figure 1.)0 for t e bot encryption and decryption process.

Fi!)r# 1.H Si$)*ati& R#s)*t &/ E cr"'ti& /&r S#t;% I ')ts

Fi!)r# 1.1B Si$)*ati& R#s)*t &/ D#cr"'ti& /&r S#t;% I ')ts # us t e simulation result of t e AES algorit m for bot encryption and decryption were discussed above in different cases.

1.0 INTRODUCTION TO FPGA

;9<A stands for ;ield 9rogrammable <ate Array w ic as t e array of logic module, " 78 module and routing tracks (programmable interconnect). ;9<A can be configured by end user to implement specific circuitry. Speed is up to )00 @2$ but at present speed is in <2$. @ain applications are &S9, ;9<A based computers, logic emulation, AS"6 and ASS9. ;9<A can be programmed mainly on SRA@ (Static Random Access @emory). "t is (olatile and main advantage of using SRA@ programming tec nology is re5configurability. "ssues in ;9<A tec nology are comple%ity of logic element, clock support, "8 support and interconnections (Routing). "n t is work, design of an AES Encryption and &ecryption Algorit m is made using (2&3 is synt esi$ed on ;9<A family t roug M"3"!M "SE #ool. # is process includes followingB #ranslate @ap 9lace and Route 1.0.1 FPGA FLOW # e basic implementation of design on ;9<A as t e following steps. &esign Entry 3ogic 8ptimi$ation #ec nology @apping 9lacement Routing 9rogramming Init 6onfigured ;9<A Above s ows t e basic steps involved in implementation. # e initial design entry of may be (2&3, sc ematic or Goolean e%pression. # e optimi$ation of t e Goolean e%pression will be carried out by considering area or speed.

Fi!)r# 1.11 L&!ic 4*&c. "n tec nology mapping, t e transformation of optimi$ed Goolean e%pression to ;9<A logic blocks, t at is said to be as Slices. 2ere area and delay optimi$ation will be taken place. &uring placement t e algorit ms are used to place eac block in ;9<A array. Assigning t e ;9<A wire segments, w ic c ip is made in programming unit. are programmable, to establis connections among ;9<A blocks t roug routing. # e configuration of final

1.1 SYNTHESIS RESULT

# e developed AES Encryption and &ecryption Algorit m are simulated and verified t eir functionality. 8nce t e functional verification is done, t e R#3 model is taken to t e synt esis process using t e Milin% "SE tool. "n synt esis process, t e R#3 model will be converted to t e gate level netlist mapped to a specific tec nology library. # is AES algorit m design can be implemented on ;9<A (;ield 9rogrammable <ate Array) family of (irte%5*. 2ere in t is (irte%5* family, many different devices were available in t e Milin% "SE tool. "n order to implement t is AES design t e device named as =M6*(+000> as been c osen and t e package as =;;)-)L> wit t e device speed as =5->. # e design of AES Encryption and &ecryption Algorit m is synt esi$ed and its results are analy$ed as follows. *2 Schematic # e R#3 (Register #ransfer 3ogic) can be viewed as black bo% after synt esi$e of design is made. "t s ows t e inputs and outputs of t e system. Gy double5clicking on t e diagram we can see gates, flip5flops and @IM.

IN % U T S

O U T % U T S
Fi!)r# 1.1% RTL Sc+#$atic

# e above figure 1.)* s ows t e top level block diagram t at contains t e primary inputs and outputs of t e design. 1evice utili5ation summary: # is device utili$ation includes t e following. 3ogic Itili$ation 3ogic &istribution #otal <ate count for t e &esign

# e device utili$ation summery is s own above in w ic its gives t e details of number of devices used from t e available devices and also represented in X. 2ence as t e result of t e synt esis process, t e device utili$ation in t e used device and package is s own above. *iming Summary: Speed 3rade: -4 5inimum period: 4..601ns $5aximum 7re8uency: 09.:6(5;%) 5inimum input arrival time efore clock: .(.0(-ns 5aximum output re8uired time after clock: <.9<(ns 5aximum com inational path delay: No path found "n timing summery, details regarding time period and fre/uency is s own are appro%imate w ile synt esi$e. After place and routing is over, we get t e e%act timing summery. 2ence t e ma%imum operating fre/uency of t is synt esi$ed design is given as )+.,L0 @2$ and t e minimum period as -*.L), ns. 8;;SE# "! is t e minimum input arrival time before clock and 8;;SE# 8I# is ma%imum output re/uired time after clock.

1.3 SUMMARY
# e developed AES algorit m is modeled and is simulated using t e @odelsim tool. # e simulation results are discussed by considering different cases. # e R#3 model is synt esi$ed using t e Milin% tool in (irte%5* and t eir synt esis results are discussed wit t e elp of generated reports.

CHAPTER 3 CONCLUSION AND FUTURE SCOPE 3.1 CONCLUSION

;irstly, understanding t e concept of cryptology and flow of AES algorit m is done. Successful implementation of AES algorit m, make to know one of t e encryption and decryption standard available in market and it elps to e%plore t e pat to implement suc an algorit m using (2&3. @ainly, t e concept of as control over t e )*+5bit input data or plainte%t. # e instantiation and arrays plays a major part in implementation. # is is a )*+5bit Jey dependent algorit m w ic original message is taken to )0 round operations w ic produces t e cip erte%t. # is resultant encrypted data is fed as t e input to t e decryption and )0 rounds operations were carried out and ence t e same plain te%t is ac ieved. <iven t e same input key and data (plainte%t or cip erte%t) any implementation t at produces t e same output (cip erte%t or plainte%t) as t e algorit m specified in t is standard is an acceptable implementation of t e AES. # e simulation results ave been verified for t e different appropriate test cases. ;inally t e developed model is taken to t e Milin% tool and done t e implementation using t e ;9<A family of (irte%5* board.

3.% FUTURE SCOPE

"n recent days, AES (Advanced Encryption Standard) is used w ic Algorit m of )*+ bits can be e%tended in t e future in t e following ways. As t is algorit m supports t e key lengt of ),* bits and *-. bits, t e work can be e%tended by increasing t e key lengt w ic increases bot t e security level to ig and also t e difficulties in acking level. Also t is work can be e%tended by developing a switc . # is switc will be used to switc t e system of key lengt s to eit er of )*+ bits, ),* bits and *-. bits. # is will be andling all t e t ree key lengt s and t e re/uired process can be carried out by wit respect to t e switc . as increased level of security. # is work on t e AES Encryption and &ecryption

APPENDI=;1 STANDARD TA4LES FOR AES ALGORITHM

K#";4*&c.;R&) ( C&$bi ati& s

S;4&x8 S)bstit)ti& 5a*)#s )s#( i E cr"'ti& Pr&c#ss

Matrix 5a*)# )s#( i MixC&*)$ O'#rati& i E cr"'ti& Pr&c#ss

S;4&x8 S)bstit)ti& 5a*)#s )s#( i D#cr"'ti& Pr&c#ss

Matrix 5a*)# )s#( i MixC&*)$ O'#rati& i D#cr"'ti& Pr&c#ss

REFERENCES8 T)U AES page available via ttpB77www.nist.gov76rypto#oolkit.1 T*U 6omputer Security 8bjects Register (6S8R)B ttpB77csrc.nist.gov7csor7. T4U '. &aemen and (. Rijmen, A+S Proposal: =i"ndael, AES Algorit m Submission, September 4, ),,,, available at T)U. T1U '. &aemen and (. Rijmen, >he lock cipher =i"ndael, Smart 6ard researc and Applications, 3!6S )+*0, Springer5(erlag, pp. *++5*,.. T-U G. <ladmanDs AES related ome page ttpB77fp.gladman.plus.com7cryptograp y[tec nology7. T.U A. 3ee, !"S# Special 9ublication +005*), 3uideline for Implementing ?ryptography in the 7ederal 3overnment, !ational "nstitute of Standards and #ec nology, !ovember ),,,. TLU A. @ene$es, 9. van 8orsc ot, and S. (anstone, ;and ook of Applied ?ryptography, 6R6 9ress, !ew :ork, ),,L, p. +)5+4. T+U '. !ec vatal, E#. al., =eport on the @evelopment of the Advanced +ncryption Standard $A+S), !ational "nstitute of Standards and #ec nology, 8ctober *, *000, available at T)U.