You are on page 1of 17

B.

Block Ciphers
B.1. Data Encryption Standard
1. Being given the chosen 56-bit cipher key ´POVESTE´, compute the 64-bit key (i.e., as normally
given for DES). Chosen parity type is odd.
We shall recall the fact that the DES cipher key is normally given as a 64-bit key in which 8 extra bits, i.e.,
bits 8, 16, 24, 32, 40, 48, 56 and 64) are the parity bits, which are dropped before the actual key-generation
process.
Thus, with the aid of ASCII Table1, one can writhe the hexadecimal representation of the chosen 56-bit
cipher key as follows: 0x50 4F 56 45 53 54 45.
In what follows, parity bits are inserted:
56-bit K Retained bits Parity bit Remaining bits 64-bit K
50 0 1 0 1 0 0 0 1 0 51
4F 0 0 1 0 0 1 1 0 1 1 26
56 1 1 0 1 0 1 0 1 1 1 0 D5
45 1 1 0 0 1 0 0 0 0 1 0 1 C8
53 0 1 0 1 0 1 0 0 1 0 0 1 1 54
54 1 0 0 1 1 0 1 1 0 1 0 1 0 0 9B
45 0 1 0 1 0 0 0 1 1 0 0 0 1 0 1 51
- 1 0 0 0 1 0 1 0 - - - - - - - 9A
R: 0x51 26 D5 C8 54 9B 51 9A
2. Being given the 8th round 56-bit encryption key (i.e., before compression) 0xC0 14 03 F0 83 5F 2C,
compute the 9th round encryption key.
The round key is divided into two 28-bit halves. Each halve is circularly shifted to the left one or two bits,
according to the following table (i.e., in round 1, 2, 9 and 16, shifting is one bit; in the other rounds, it is
two bits):
Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Bit shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Thus, in the given case, the two halves are circularly shifted to the left one bit:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

1 1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1
1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1

29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 1 1 1 0 0 1 0 1 1 0 0
0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 1 1 1 0 0 1 0 1 1 0 0 0
Then, the resulted 56-bit key is compressed (i.e., using the key-compression box) to produce the 48-bit
round key:
= 0011.1001.0000.1000.1000.1010.1100.1000.0100.1010.0110.1001
R: 0x39 08 8A C8 4A 69

1
www.asciitable.com, APPENDIX F

. So.. The following table represents S-box 4: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9 2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14 . We have to follow the pre-determined rule based on a 4-row by 16-column table. Show the result of passing 000000 through S-box 4. following table). Key-compression box 14 17 11 24 01 05 03 28 15 06 21 10 23 19 12 04 26 08 16 07 27 20 13 02 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 3.e. the combination of bits 1 and 6 of the input defines one of the four rows whilst the combination of bits 2 through 5 defines one of the sixteen columns. i. bit 15 and bit 64).. the output must also have only two 1s. we can find the output related to these two bits. Using the Initial Permutation box (i. Bit 15 in the input becomes bit 63 in the output whilst bit 64 in the input becomes bit 25 in the output.e. the output has only two 1s.. bit 25 and bit 63. The input has only two 1s (i.e. R: 0x00 00 00 80 00 00 00 02 Initial Permutation 58 50 42 34 26 18 10 02 60 52 44 36 28 20 12 04 62 54 46 38 30 22 14 06 64 56 48 40 32 24 16 08 57 49 41 33 25 17 09 01 59 51 43 35 27 19 11 03 61 53 45 37 29 21 13 05 63 55 47 39 31 23 15 07 4.e. Find the output of the initial permutation box (i. IP) when the input is given in hexadecimal as 0x00 02 00 00 00 00 00 01.

− ) = 7). we have = 0x8A EB FE 95 03 FE.. 0. So. 5. the 48-bit data is divided into 8 6-bit sections.. Associated Expansion box is the following: 32 01 02 03 04 05 04 05 06 07 08 09 08 09 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 01 Thus. resp. we first need to expand round’s right halve. if we write the first and the sixth bits together (i.e. with = 0x17 7F 28 7F. The remaining bits (i.. the round permutation (i. Round permutation box 16 07 20 21 29 12 28 17 01 15 23 26 05 18 31 10 02 08 24 14 32 27 03 09 19 13 30 06 22 11 04 25 .. i. shown in table below) is applied to the 32-bit _ . 3. 3 and 4 are copied to output bits 2. _ = 0xFC D4 EE 4B. ) to compute round’s output = . The substitution in each box follows a pre-determined rule: the combination of bits 1 and 6 of the input defines one of the four rows whilst the combination of bits 2 through 5 defines one of the sixteen columns.. Thus. according to the rule.. 0. Finally. 0}) are 0 in decimal (i. Next. and each section is fed into an S-box (i. we get 0 in decimal (i. − = 0).. − ( − .. using the following predetermined rule: (i) the 32-bit right halve is divided into 8 4-bit sections.e. input bits 1.e. one S-box for each 6-bit section. as shown in APPENDIX B). We look for the value in row 0. for each section. 0}). The result is 7 in decimal (i. we have ⊕ _ = 0x2B 79 5C AE 20 3F.e. trace the data through round’s Fiestel structure (i. These 32 bits are then XORed with 0x46 B9 43 7A (i.e. output bit 1 comes from bit 4 of the previous section whilst output bit 6 comes from bit 1 of the next sections... column 0. (ii) each 4-bit section is then expanded to 6 bits. the input 000000 yields the output 0111. 2.e. thus resulting the output of DES’s f function: 0x1D BF 9B 9A.e. Being given the 48-bit round key 0xA1 92 A2 3B 23 C1. the combination {0. Since the input of the f function is 32-bit long and the key size is 48-bit. after XORing with round’s key. function f). 4 and 5.e.e. − = 0). 16th round’s 64-bit input ciphertext 0x46 B9 43 7A 17 7F 28 7F.e. Then. resp. the combination {0... in S-box 4. which is 0111 in binary.Thus.

e.. resp. R: 0x2C 7D 19 C3 R11 – L: 0xE9 1F 37 08. Being given the 64-bit encryption key 0x50 41 53 53 57 4F 52 44. R: 0xE9 1F 37 08 R03 – L: 0xC0 5C 1B 5D.. R: 0x82 B3 8C B6 R06 – L: 0x43 7F B8 0F..e. R: 0x04 49 23 90 R09 – L: 0x67 D7 E8 5F. R: 0x43 7F B8 0F R13 – L: 0xF8 FC 47 00. R: 0x25 E0 A1 00 R12 – L: 0xA0 09 DB 11. the 64-bit plaintext 0x4D 45 52 45 20 4D 4F 56. R: 0x67 D7 E8 5F R16 – L: 0x5B 06 D8 E0. 6. R: 0x17 7F 28 7F Ciphertext after final permutation (i. resp. R: 0xAB 6A B0 83 R14 – L: 0x82 B3 8C B6. each encryption round’s output.e. R: 0xF8 FC 47 00 R05 – L: 0x25 E0 A1 00. Using the MATLAB R2014b script presented in APPENDIX A the requested values are computed as follows: Encryption keys (i.. trace the data for DES (i. R: 0xA0 09 DB 11 R04 – L: 0x2C 7D 19 C3. compute the round keys. IP-1): 0xE2 F2 B2 6E E6 2B 67 05 . R: 0xC0 5C 1B 5D R10 – L: 0x31 D7 BA 5A. R: 0x1D E5 D3 4C R15 – L: 0x46 B9 43 7A.. R: 0x46 B9 43 7A R07 – L: 0xAB 6A B0 83. for each round): Round 1 Key: 0xA0 92 4A 66 22 67 Round 9 Key: 0x39 08 8A C8 4A 69 Round 2 Key: 0xB0 12 D2 72 C1 03 Round 10 Key: 0x30 28 8C 92 DA 1C Round 3 Key: 0x34 52 50 46 25 0E Round 11 Key: 0x10 2C 14 91 17 B0 Round 4 Key: 0x06 51 54 EC 31 C8 Round 12 Key: 0x44 2C 34 99 2A 21 Round 5 Key: 0x0E 41 55 60 D2 6B Round 13 Key: 0xC6 A4 24 72 6A 14 Round 6 Key: 0x0F 41 29 56 9C 2A Round 14 Key: 0xCA 86 22 31 21 9E Round 7 Key: 0x8B 01 A9 8C 1D 78 Round 15 Key: 0xE8 92 2A A5 30 83 Round 8 Key: 0x99 0A 89 09 FA 70 Round 16 Key: 0xA1 92 A2 3B 23 C1 Output of IP: 0xEF 84 EB 6B 00 10 61 C4 Round output: R01 – L: 0x00 10 61 C4. R: 0x17 7F 28 7F R08 – L: 0x1D E5 D3 4C. R: 0x31 D7 BA 5A R02 – L: 0x04 49 23 90. output of the IP. ciphertext after the final permutation).

i.. For instance: byte 00 is substituted by entry of S-Box in row 0 and column 0. linear mixing step which causes diffusion of the bits over multiple round) must be performed. Advanced Data Encryption Standard 1. i.e.e. byte 1F is substituted by entry of S-box in row 1 and column F. Trace the data through a complete AES round. the new state matrix is: 63 EB 9F A0 SM = 2F 93 92 C0 AF C7 AB 30 A2 20 CB 2B . the four rows are shifted circularly to the left by offsets of 0. non-linear layer designed with the purpose of increasing resistance to differential and linear cryptanalysis attacks) must be performed.. Thus. knowing the current state and the round key below: 00 3C 6E 47 E2 91 B1 D6 SM = 1F 4E 22 74 RK = 32 21 59 79 0E 08 1B 31 FC 91 E4 A2 54 59 0B 1A F1 88 E6 93 Firstly.e.e. the Shift_Row operation (i. substitute each entry (byte) of the current state matrix by the corresponding entry in AES S-box (shown below). by 63 (highlighted with red)... by C0 (highlighted with green) and so on. the Byte_Sub operation (i. i.. i. 2 and 3. This leads to the new SM: 63 EB 9F A0 SM = C0 2F 93 92 AB 30 AF C7 20 CB 2B A2 AES S-box 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76 1 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0 2 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15 3 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75 4 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84 5 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF 6 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8 7 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2 8 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73 9 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB A E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79 B E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08 C BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A D 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E E E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF F 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16 Secondly. 1..e.B.e.2.

shown on the next page). the new state matrix is: BA 84 E8 1B SM = 75 A4 8D 40 F4 8D 06 7D 7A 32 0E 5D Finally.. (iii) followed by a look-up to the E Table (i.e.. (ii) followed by the addition of the results (keeping the resulted sum within one byte integer value). For example. 1) value (i. XORed) to the state matrix: BA 84 E8 1B E2 91 B1 D6 58 15 59 CD 75 A4 8D 40 ⊕ 32 21 59 79 = 47 B6 D4 39 F4 8D 06 7D FC 91 E4 A2 08 1C E2 DF 7A 32 0E 5D F1 88 E6 93 8B BA E8 CE R: 0x58 47 08 8B 15 B6 1C BA 59 D4 E2 E8 CD 39 DF CE .e. shown on the next page). for the first column of the current state matrix.e. the Mix_Column operation follows. product of the so called Multiplication Matrix (shown below) with the current state matrix.e. they can be replaced: (i) with the result of a look-up of the L table (i.. the Round Key is added (i.e.Then.. the new SM (1. following operations will be performed: b1 = (b1 ∙ 2) XOR (b2 ∙ 3) XOR (b3 ∙ 1) XOR (b4 ∙ 1) b2 = (b1 ∙ 1) XOR (b2 ∙ 2) XOR (b3 ∙ 3) XOR (b4 ∙ 1) b3 = (b1 ∙ 1) XOR (b2 ∙ 1) XOR (b3 ∙ 2) XOR (b4 ∙ 3) b4 = (b1 ∙ 3) XOR (b2 ∙ 1) XOR (b3 ∙ 1) XOR (b4 ∙ 1) Whilst the products above are performed over a Galois Field.. the mathematics behind this being beyond the scope of this seminar. i. 2 3 1 1 MM = 1 2 3 1 1 1 2 3 3 1 1 2 Therefore. b1) will be computes as follows: b1 = (63 ∙ 2) XOR (2F ∙ 3) XOR (AF ∙ 1) XOR (A2 ∙ 1) = E L(63) + L(02) XOR E L(2F) + L(03) XOR AF XOR A2 = E(C3 + 19) XOR E(78 + 01) XOR AF XOR A2 = E(DC) XOR E(79) XOR AF XOR A2 = C6 XOR 71 XOR AF XOR A2 = BA Thus.

E Table 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 01 03 05 0F 11 33 55 FF 1A 2E 72 96 A1 F8 13 35 1 5F E1 38 48 D8 73 95 A4 F7 02 06 0A 1E 22 66 AA 2 E5 34 5C E4 37 59 EB 26 6A BE D9 70 90 AB E6 31 3 53 F5 04 0C 14 3C 44 CC 4F D1 68 B8 D3 6E B2 CD 4 4C D4 67 A9 E0 3B 4D D7 62 A6 F1 08 18 28 78 88 5 83 9E B9 D0 6B BD DC 7F 81 98 B3 CE 49 DB 76 9A 6 B5 C4 57 F9 10 30 50 F0 0B 1D 27 69 BB D6 61 A3 7 FE 19 2B 7D 87 92 AD EC 2F 71 93 AE E9 20 60 A0 8 FB 16 3A 4E D2 6D B7 C2 5D E7 32 56 FA 15 3F 41 9 C3 5E E2 3D 47 C9 40 C0 5B ED 2C 74 9C BF DA 75 A 9F BA D5 64 AC EF 2A 7E 82 9D BC DF 7A 8E 89 80 B 9B B6 C1 58 E8 23 65 AF EA 25 6F B1 C8 43 C5 54 C FC 1F 21 63 A5 F4 07 09 1B 2D 77 99 B0 CB 46 CA D 45 CF 4A DE 79 8B 86 91 A8 E3 3E 42 C6 51 F3 0E E 12 36 5A EE 29 7B 8D 8C 8F 8A 85 94 A7 F2 0D 17 F 39 4B DD 7C 84 97 A2 FD 1C 24 6C B4 C7 52 F6 01 L Table 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 00 19 01 32 02 1A C6 4B C7 1B 68 33 EE DF 03 1 64 04 E0 0E 34 8D 81 EF 4C 71 08 C8 F8 69 1C C1 2 7D C2 1D B5 F9 B9 27 6A 4D E4 A6 72 9A C9 09 78 3 65 2F 8A 05 21 0F E1 24 12 F0 82 45 35 93 DA 8E 4 96 8F DB BD 36 D0 CE 94 13 5C D2 F1 40 46 83 38 5 66 DD FD 30 BF 06 8B 62 B3 25 E2 98 22 88 91 10 6 7E 6E 48 C3 A3 B6 1E 42 3A 6B 28 54 FA 85 3D BA 7 2B 79 0a 15 9B 9F 5E CA 4E D4 AC E5 F3 73 A7 57 8 AF 58 A8 50 F4 EA D6 74 4F AE E9 D5 E7 E6 AD E8 9 2C D7 75 7A EB 16 0b F5 59 CB 5F B0 9C A9 51 A0 A 7F 0C F6 6F 17 C4 49 EC D8 43 1F 2D A4 76 7B B7 B CC BB 3E 5A FB 60 B1 86 3B 52 A1 6C AA 55 29 9D C 97 B2 87 90 61 BE DC FC BC 95 CF CD 37 3F 5B D1 D 53 39 84 3C 41 A2 6D 47 14 2A 9E 5D 56 F2 D3 AB E 44 11 92 D9 23 20 2E 89 B4 7C B8 26 77 99 E3 A5 F 67 4A ED DE C5 31 FE 18 0D 63 8C 80 C0 F7 70 07 .

Compute all round keys. RC(5) = [20 00 00 00]. Depending on AES’s round. R: 0xE2 32 FC F1 91 12 91 88 B1 59 E4 E6 D6 79 A2 93 3. i. Using the MATLAB R2014b script presented in APPENDIX C the requested values are computed as follows: R02: 0x56 08 20 07 C7 1A B1 8F 76 43 55 69 A0 3A F7 FA R03: 0xD2 60 0D E7 15 7A BC 68 63 39 E9 01 C3 03 1E FB R04: 0xA1 12 02 C9 B4 68 BE A1 D7 51 57 A0 14 52 49 5B R05: 0xB1 29 3B 33 05 41 85 92 D2 10 D2 32 C6 42 9B 69 R06: 0xBD 3D C2 87 B8 7C 47 15 6A 6C 95 27 AC 2E 0E 4E R07: 0xCC 96 ED 16 74 EA AA 03 1E 86 3F 24 B2 A8 31 6A R08: 0x8E 51 EF 21 FA BB 45 22 E4 3D 7A 06 56 95 4B 6C R09: 0xBF E2 BF 90 45 59 FA B2 A1 64 80 B4 F7 F1 CB D8 R10: 0x28 FD DE F8 6D A4 24 4A CC C0 A4 FE 3B 31 6F 26 2 AES’s 1st round key computation was considered.. a function g( ) is applied to the 3rd word within AES’s i-th round key: (i) extract w3.2 (v) compute next round’s 64-bit constant: .e. the round constant takes the following value: RC(0) = [01 00 00 00]. (iv) XOR w3 with the round constant. . i. = [B7 5A 9D 85] ⊕ [01 00 00 00] = [B6 5A 9D 85].e. compute AES’s next round key. RC(8) = [1B 00 00 00]. RC(10) = [6c 00 00 00]. (iii) making use of AES S-box.e. Addition of the round constant destroys any symmetries that may have been introduced by the other steps in the key expansion algorithm. = ⊕ = [73 20 6D 79] ⊕ [E2 32 FC F1] = [91 12 91 88]. 2. i. = ⊕ = [20 4B 75 6E] ⊕ [91 12 91 88] = [B1 59 E4 E6].e. Firstly. = [B7 5A 9D 85]. = ⊕ ( ) = [54 68 61 74] ⊕ [B6 5A 9D 85] = [E2 32 FC F1]. = [20 46 75 67].. RC(9) = [36 00 00 00]. following one from previous exercise.e. (ii) perform a one-byte left circular rotation to w3. Being given the following 64-bit key 0x54 68 61 74 73 20 6D 79 20 4B 75 6E 67 20 46 75 (i. RC(3) = [08 00 00 00]. = [67 20 46 75]. i.. RC(2) = [04 00 00 00]. = ⊕ = [67 20 46 75] ⊕ [B1 59 E4 E6] = [D6 79 A2 93]. perform a byte substitution for each byte of w3. RC(6) = [40 00 00 00]. . . RC(1) = [02 00 00 00]. for AES’s i-th round).. .. RC(4) = [10 00 00 00]. RC(7) = [80 00 00 00].

24. 32. i. Keys = []. 56. Key_bin_R = Key_bin (29:56). Key_bin = Key_bin(Parity_drop). end end . Keys (i. Key_bin = [Key_bin Temp]. End %Drop parity bits. 16. for i = 1:16 for j = 1:4:48 Keys_hex (i) = strcat(Keys_hex(i). 48. i. 8. for i = 1:16 Key_bin_L = circshift(Key_bin_L. Key_Compr_Box = [14 17 11 24 01 05 03 28 15 06 21 10 23 19 12 04 26 08 16 07 27 20 13 02 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32]. :) = Round_Key_ext(Key_Compr_Box).dec2hex(bi2de(Keys(i.e. Round_Key_ext = [Key_bin_L Key_bin_R]. 4. %Divide the 56-bit key. %Key Generation %Set-up the encryption key Key = '50415353574F5244'.e. 64 %Permute remaining 56 bits according to parity-bit drop table Parity_drop = [57 49 41 33 25 17 09 01 58 50 42 34 26 18 10 02 59 51 43 35 27 19 11 03 60 52 44 36 63 55 47 39 31 23 15 07 62 54 46 38 30 22 14 06 61 53 45 37 29 21 13 05 28 20 12 04]. Key_bin_L = Key_bin ( 1:28). for i = 1:16 Temp=de2bi(hex2dec(Key(i)). Key_bin_R = circshift(Key_bin_R. 'left-msb').. in two 28-bit halves %Left shift each halve accoring to round's number of bit shifts %Compress the 56-bit key to compute the 48-bit round key Left_shifts = [1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1]. 40. Keys_hex (:) = {''}. end %Convert each round key from binary representation to hexa Keys_hex = cell(16.'left-msb'))). APPENDIX A clear.. [0 -Left_shifts(i)]). clc. 1). %Convert the encryption key from hexa to binary Key_bin = []. [0 -Left_shifts(i)]). j:(j+3)).

Message_bin_L = Message_bin (1:32).'left-msb')+j. Message_bin_R = Message_bin_R. FP = [40 08 48 16 56 24 64 32 39 07 47 15 55 23 63 31 38 06 46 14 54 22 62 30 37 05 45 13 53 21 61 29 36 04 44 12 52 20 60 28 35 03 43 11 51 19 59 27 34 02 42 10 50 18 58 26 33 01 41 09 49 17 57 25]. Message_enc = Message_enc(FP). Message_bin_R = Message_bin_R_Sbox. Message_bin_R_exp = xor(Message_bin_R_exp.:)).%Set-up the message Message = '4D455245204D4F56'.txt file IP = [58 50 42 34 26 18 10 02 60 52 44 36 28 20 12 04 62 54 46 38 30 22 14 06 64 56 48 40 32 24 16 08 57 49 41 33 25 17 09 01 59 51 43 35 27 19 11 03 61 53 45 37 29 21 13 05 63 55 47 39 31 23 15 07]. 'left-msb'). %Swap halves. Keys(k. Message_bin_R = Message_bin (33:64). j = j+4. %Convert the message from hexa to binary Message_bin = []. Message_bin_R_Sbox = [Message_bin_R_Sbox de2bi(S_box_val. except last round if k<16 Message_bin_L = Message_bin_R.msb')+1). Message_bin_L). S_box_col = Message_bin_R_exp((i+1):(i+4)). Message_bin_R_Sbox = xor(Message_bin_R_Sbox.'left.bi2de(S_box_col. End %Apply IP %Write the result in . Message_bin = [Message_bin Temp]. . end %Apply Final Permutation Message_enc = [Message_bin_L Message_bin_R]. Message_bin = Message_bin(IP). %Apply S-boxes j = 1. %For right halve for k = 1:16 Message_bin_R_Sbox = []. end Message_bin_R_Sbox = Message_bin_R_Sbox(Round_Perm). 4. for i= 1:6:48 S_box_row = [Message_bin_R_exp(i) Message_bin_R_exp(i+5)]. else Message_bin_L = Message_bin_R_Sbox.mat Expansion = [32 01 02 03 04 05 04 05 06 07 08 09 08 09 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 01]. Round_Perm= [16 07 20 21 29 12 28 17 01 15 23 26 05 18 31 10 02 08 24 14 32 27 03 09 19 13 30 06 22 11 04 25]. 4. for i = 1:16 Temp=de2bi(hex2dec(Message(i)). 'left-msb')]. S_box_val = S_box(bi2de(S_box_row. %For 16 rounds load S_box. %Expand right halve %Then XOR with Round Key Message_bin_R_exp = Message_bin_R(Expansion).

APPENDIX B The following table represents S-box 1: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 The following table represents S-box 2: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10 1 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 2 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 3 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9 The following table represents S-box 3: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 1 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 2 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 3 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12 The following table represents S-box 4: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9 2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14 The following table represents S-box 5: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9 1 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6 2 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14 3 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3 The following table represents S-box 6: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11 1 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8 2 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6 3 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13 The following table represents S-box 7: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6 2 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2 3 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12 The following table represents S-box 8: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7 1 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2 2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8 3 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11 .

:) = Key_dec. 1:4) = bitxor(Temp. char(Keys_hex(i))). 8. Keys_decimal(j. Keys_decimal = [].mat %Key Generation %Set-up the encryption key Key = '5468617473206D79204B756E67204675'. bi2de(Bin(5:8). 9:12)).1). Keys_decimal(j. %Apply g() function to w3 %Circular byte left shift of w3 Temp = circshift(Temp. %Byte substitution (AES_S_box) for i = 1:4 Bin = de2bi(Temp(1. load AES_S_box. Keys_decimal(j+1. '%s\n'. w7 and update Round Keys' matrix Keys_decimal(j+1.1) = bitxor(Temp(1. Keys_decimal(j+1.mat load AES_RC_box. Keys_hex (:) = {''}. 5:8)). w5.AES_RC_box(j)).i). APPENDIX C clear. 'wt').j).'left-msb')+1. fprintf(File_ID. 1:4)). File_ID = fopen('AES. 1:4). 'Round Keys:'). 5:8). w6. 'left-msb').dec2hex(Keys_decimal(i.mat load E_Table. Keys_decimal(j. for i = 1:11 for j = 1:16 Keys_hex (i) = strcat(Keys_hex(i). Temp(1.i) = AES_S_box(bi2de(Bin(1:4). %Compute w4. for i = 1:2:32 Temp = hex2dec(Key(i))*16 + hex2dec(Key(i+1)). 13:16)).mat load L_Table.2)).txt'. Keys_decimal(j. 9:12) = bitxor(Keys_decimal(j+1. %Convert the encryption key from hexa to decimal Key_dec = []. end Keys_decimal(1. 5:8) = bitxor(Keys_decimal(j+1. 1). end fprintf(File_ID. end %Adding round constant Temp(1. 13:16) = bitxor(Keys_decimal(j+1. end Keys_hex = cell(11. Key_dec = [Key_dec Temp]. 13:16).'left-msb')+1). end . 9:12). '%s\n'. Keys_decimal(j+1. for j = 1:10 %Extract w3 Temp = Keys_decimal(j. clc. [0 -1]).

i+1). Dec_2 = L_Table(bi2de(Bin_2(1:4). else Dec_2 = Ciphertexts(j+1. %Mix Column if j < 10 %Ensures a skip in MixColumn. Dec_2 = Dec_2 + 1. Dec_2 = L_Table(bi2de(Bin_2(1:4). 'left-msb')+1).'left-msb')+1. end %Shift Row Ciphertexts(j+1. 'left-msb'). bi2de(Bin_2(5:8). 8. 8. end Bin_1 = de2bi(Dec_1. %Convert the message from hexa to decimal Message_dec = []. 'left-msb'). 'left-msb')+1). 'left-msb')+1).i). 8.i+1) ~= 0 Bin_2 = de2bi(Ciphertexts(j+1.:) = Ciphertexts(j+1. else Dec_2 = Ciphertexts(j+1. end Temp(i) = bitxor(bitxor(bitxor(Dec_1. 8. Dec_2 = E_Table(bi2de(Bin_2(1:4). end if Ciphertexts(j+1. end Bin_1 = de2bi(Dec_1.i) = AES_S_box(bi2de(Bin(1:4).%Set-up the encryption key Message = '54776F204F6E65204E696E652054776F'. Message_dec = [Message_dec Temp]. Dec_1 = L_Table(bi2de(Bin_1(1:4). [1 6 11 16 5 10 15 4 9 14 3 8 13 2 7 12]).4) == 1 if Ciphertexts(j+1.i). 'left-msb')+1. for i = 1:2:32 Temp = hex2dec(Message(i))*16 + hex2dec(Message(i+1)).'left-msb')+1). bi2de(Bin_1(5:8). 'left-msb')+1. bi2de(Bin_1(5:8).255. 'left-msb')+1). 'left-msb')+1). for the last round Temp = []. Dec_2 = Dec_2 + 1. 'left-msb').i) ~= 0 Bin_1 = de2bi(Ciphertexts(j+1.255. 'left-msb')+1. if Dec_1 > 255 Dec_1 = Dec_1 . 'left-msb')+1. 8. i-1)).255.i+1).255. Dec_1 = Dec_1 + 25. bi2de(Bin_2(5:8). :). Ciphertexts(j+1. end Bin_2 = de2bi(Dec_2. 'left-msb').i+1). for j = 1:10 %Byte Sub for i = 1:16 Bin = de2bi(Ciphertexts(j.i+1) ~= 0 Bin_2 = de2bi(Ciphertexts(j+1. i+2)). 'left-msb')+1).:) = bitxor(Message_dec(1. end Bin_2 = de2bi(Dec_2. end if Ciphertexts(j+1. bi2de(Bin_2(5:8). Keys_decimal(1.i+1). if Dec_2 > 255 Dec_2 = Dec_2 . 'left-msb')+1). Dec_1 = E_Table(bi2de(Bin_1(1:4).i). 'left-msb')+1.i). 'left-msb').i) ~= 0 Bin_1 = de2bi(Ciphertexts(j+1. bi2de(Bin_1(5:8). Dec_2). 'left-msb'). Ciphertexts(j+1. end Temp(i) = bitxor(bitxor(bitxor(Dec_1. 'left-msb'). Dec_1 = Dec_1 + 25. 'left-msb'). Dec_1 = L_Table(bi2de(Bin_1(1:4). else Dec_1 = Ciphertexts(j+1. elseif mod(i. bi2de(Bin_1(5:8). Ciphertexts(j+1. 'left-msb')+1. Dec_1 = E_Table(bi2de(Bin_1(1:4). if Dec_2 > 255 Dec_2 = Dec_2 . else Dec_1 = Ciphertexts(j+1. 8. i+3)).4) == 2 if Ciphertexts(j+1. Ciphertexts(j+1. Dec_2 = E_Table(bi2de(Bin_2(1:4). 8. . 'left-msb')+1). end Ciphertexts(1. i+2)). Dec_2). 8. bi2de(Bin_2(5:8). 'left-msb'). 'left-msb')+1. Ciphertexts(j+1. 'left-msb')+1. for i = 1:16 if mod(i.i). 8. if Dec_1 > 255 Dec_1 = Dec_1 . bi2de(Bin(5:8).:)).

255. bi2de(Bin_1(5:8).i-3). 4) == 3 if Ciphertexts(j+1. Dec_2 = L_Table(bi2de(Bin_2(1:4).i). Dec_1 = L_Table(bi2de(Bin_1(1:4). Dec_2 = E_Table(bi2de(Bin_2(1:4). 'left-msb')+1).255. Dec_2 = L_Table(bi2de(Bin_2(1:4). i-1)). Dec_2). 8. elseif mod(i.i-3) ~= 0 Bin_2 = de2bi(Ciphertexts(j+1.i). end Bin_2 = de2bi(Dec_2. 'left-msb')+1). 'left-msb')+1.i) ~= 0 Bin_1 = de2bi(Ciphertexts(j+1. Dec_2 = Dec_2 + 1. Dec_1 = Dec_1 + 25. 'left-msb'). for i = 1:11 for j = 1:16 Ciphertexts_hex (i) = strcat(Ciphertexts_hex(i). 'left-msb'). fprintf(File_ID. Ciphertexts_hex (:) = {''}. 'left-msb')+1. else Dec_2 = Ciphertexts(j+1.i+1) ~= 0 Bin_2 = de2bi(Ciphertexts(j+1. end if Ciphertexts(j+1.:) = bitxor(Temp(1. 'left-msb')+1. i-2)). Keys_decimal(j+1. 'left-msb')+1. bi2de(Bin_2(5:8). 'left-msb')+1). else if Ciphertexts(j+1. end fprintf(File_ID. 1). 8. 8. 'left-msb'). in hexadecimal Ciphertexts_hex = cell(11. 'left-msb')+1). end %Add RoundKey Ciphertexts(j+1. 'left-msb')+1. Ciphertexts(j+1. Dec_2 = E_Table(bi2de(Bin_2(1:4). end if Ciphertexts(j+1.i+1). Ciphertexts(j+1.j). bi2de(Bin_1(5:8). end end else Temp = Ciphertexts(j+1. :). 'left-msb')+1). Dec_1 = E_Table(bi2de(Bin_1(1:4). .255.i). 'left-msb')+1). Dec_2).i). Dec_1 = E_Table(bi2de(Bin_1(1:4). 8. 'Round Ciphertexts:').:)). i-2)). end Temp(i) = bitxor(bitxor(bitxor(Dec_1. end Temp(i) = bitxor(bitxor(bitxor(Dec_1. 'left-msb'). if Dec_1 > 255 Dec_1 = Dec_1 . 'left-msb')+1. if Dec_2 > 255 Dec_2 = Dec_2 . 'left-msb'). '%s\n'. 8. 8.255. 'left-msb')+1).:). bi2de(Bin_1(5:8).i+1). 8. end Bin_2 = de2bi(Dec_2. if Dec_2 > 255 Dec_2 = Dec_2 . 8. bi2de(Bin_2(5:8). 'left-msb'). else Dec_1 = Ciphertexts(j+1. 'left-msb').2)). Ciphertexts(j+1. 'left-msb'). bi2de(Bin_2(5:8). i-1)). end Bin_1 = de2bi(Dec_1. char(Ciphertexts_hex(i))). bi2de(Bin_1(5:8).dec2hex(Ciphertexts(i.i-3). bi2de(Bin_2(5:8).i) ~= 0 Bin_1 = de2bi(Ciphertexts(j+1. Dec_1 = L_Table(bi2de(Bin_1(1:4). else Dec_1 = Ciphertexts(j+1. else Dec_2 = Ciphertexts(j+1. '%s\n'. Ciphertexts(j+1. 'left-msb')+1). end fclose(File_ID). Dec_1 = Dec_1 + 25. 'left-msb')+1. Dec_2 = Dec_2 + 1. end %Print the results. end Bin_1 = de2bi(Dec_1. if Dec_1 > 255 Dec_1 = Dec_1 . 'left-msb')+1.

APPENDIX D .

APPENDIX E .

APPENDIX F .