.c
om
cu
u
du
o
ng
th
an
co
ng
SYMMETRIC CIPHERS
ADVANCED ENCRYPTION STANDARD
CuuDuongThanCong.com
/>
.c
om
Contents
AES Origins
2)
AES Structure
3)
AES Key Expansion
4)
An AES Example
5)
AES Decryption
cu
u
du
o
ng
th
an
co
ng
1)
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
1. AES Origins
CuuDuongThanCong.com
/>
.c
om
AES Origins
Clear a replacement for DES was needed have theoretical attacks that can
co
ng
break it have demonstrated exhaustive key search attacks
cu
u
du
o
ng
th
an
Can use Triple-DES – but slow, has small blocks
CuuDuongThanCong.com
/>
.c
om
The AES Cipher - Rijndael
ng
Designed by Rijmen-Daemen in Belgium
co
has 128/192/256 bit keys, 128 bit data
th
an
Designed to have:
du
o
ng
resistance against known attacks
cu
design simplicity
u
speed and code compactness on many CPUs
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
AES Encryption Process
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
2. AES Structure
CuuDuongThanCong.com
/>
.c
om
AES Structure
ng
Plaintext block size: 128 bits.
co
Key length:16, 24, or 32 bytes (128, 192, or 256 bits).
cu
u
du
o
ng
depending on the key length
th
an
The algorithm is referred to as AES-128, AES-192, or AES-256,
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
Detailed Structure
du
o
ng
th
an
co
ng
128-bit block as consisting of a 4 × 4 matrix of bytes, arranged as follows:
cu
AES
u
The 4 × 4 matrix of bytes shown above is referred to as the state array in
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Detailed Structure
CuuDuongThanCong.com
/>
.c
om
Detailed Structure
ng
The key is depicted as a square matrix of bytes
co
This key is then expanded into an array of key schedule words
th
an
Each word is four bytes, and the total key schedule is 44 words for the
cu
u
du
o
ng
128-bit key
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Detailed Structure
CuuDuongThanCong.com
/>
.c
om
Detailed Structure
Four different stages are used, one of permutation and three of substitution:
co
ng
Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the
an
block
ng
th
Shift Rows: A simple permutation
du
o
Mix Columns: A substitution that makes use of arithmetic over
cu
u
Add Round Key: A simple bitwise XOR of the current block with a portion
of the expanded key
CuuDuongThanCong.com
/>
.c
om
Detailed Structure
For both encryption and decryption, the cipher begins with an Add Round
co
ng
Key stage, followed by nine rounds that each includes all four stages,
th
an
followed by a tenth round of three stages.
cu
u
du
o
ng
Only the Add Round Key stage makes use of the key
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
a. Substitute Bytes Transformation
ng
Each individual byte of Stateis mapped into a new byte in S-Box
th
an
bits are used as a column value.
co
The leftmost 4 bits of the byte are used as a row value and the rightmost 4
du
o
ng
These row and column values serve as indexes into the S-box to select a
cu
u
unique 8-bit output value
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Substitute Bytes Transformation (cont.)
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
S-box
CuuDuongThanCong.com
/>
.c
om
Substitute Bytes Transformation
For example, the hexadecimal value {95} references row 9, column 5 of
co
ng
the S-box, which contains the value .Accordingly, the value is mapped
th
an
into the value.
cu
u
du
o
ng
Here is an example of the SubBytes transformation:
CuuDuongThanCong.com
/>
.c
om
b. ShiftRows Transformation
ng
The forward shift row transformation, called ShiftRows.
co
The first row of Stateis not altered. For the second row, a 1-byte circular
th
an
left shift is performed. For the third row, a 2-byte circular left shift is
cu
u
du
o
ng
performed. For the fourth row, a 3-byte circular left shift is performed
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
ShiftRows Transformation
CuuDuongThanCong.com
/>
.c
om
c. MixColumns Transformation
Each byte of a column is mapped into a new value that is a function of all
co
ng
four bytes in that column. The transformation can be defined by the
cu
u
du
o
ng
th
an
following matrix multiplication on State
CuuDuongThanCong.com
/>
.c
om
MixColumns Transformation
cu
u
du
o
ng
th
an
co
ng
the individual additions and multiplications are performed in GF(28).
CuuDuongThanCong.com
/>
.c
om
d. Add Round Key Transformation
cu
u
du
o
ng
th
an
co
ng
XOR state with 128-bits of the round key
CuuDuongThanCong.com
/>