Advanced Encryption Standard (AES) (CS-452)

Advanced Encryption Standard
(AES)
(CS-452)
CS-452: Data Security and Encryption Techniques 1/59

Background
DES is slow in software and 1-DES algorithm is vulnerable
to bruteforce attacks (hence we needed 3-DES).
In 1995 NIST started looking for an algorithm to replace
DES, which was:
Unclassified
Publicly Disclosed
Available royalty-free for use worldwide
Symmetric block cipher algorithm operating on 128-bit
blocks
Usable with key sizes of 128, 192, and 256 bits.
From 15 contenders, the Rijndael algorithm of Dutch
researchers Vincent Rijmen and Joan Daemen was chosen
as the Advanced Encryption Standard (AES; FIPS 197).
AES vs DES
Characteristic Data Encryption Standard Advanced Encryption Standard
(DES) (AES)
Security DES is vulnerable to To date, AES has not been
bruteforce attacks (hence broken
need 3DES, which to date
remains unbroken)
Key Size 64-bit key Supports key sizes of 128, 192,
and 256 bit keys
Block Size 64-bit blocks 128-bit blocks
Structure Fiestal Cipher Network Substitution-Permutation
Network
Number of 16 Rounds 10 rounds if 128-bit key is used
Rounds 12 rounds if 192-bit key is used
14 rounds if 256-bit key is used

AES Overview
AES accepts as 128-bit (i.e. 16 byte) plaintext block, a
128, 192, or 256-bit key, and produces a 128-bit
ciphertext block.
128-bit plaintext block AES 128-bit ciphertext block
128, 192, or 256-bit key

AES Structure Plaintext
AddRoundKey
128-bit plaintext block is
SubBytes
arranged as a 4 × 4 matrix of
bytes called the “state”. ShiftRows
MixColumns
Round 1
The “state” is initially XORed with
…
AddRoundKey
the key (i.e. the first
AddRoundKey operation)
The “state” then undergoes N SubBytes
Round N-1
rounds of transformation where N ShiftRows
is: MixColumns
10 when 128-bit key is used. AddRoundKey
12 when 192-bit key is used.

SubBytes
14 when the 256-bit key is used. Round N
ShiftRows
AddRoundKey
Ciphertext
AES Structure (2) Plaintext
AddRoundKey
The first N - 1 rounds comprise 5
SubBytes
transformations on the plaintext:
ShiftRows
SubBytes: substitute
MixColumns
Round 1
…
ShiftRows AddRoundKey
MixColumns
AddRoundKey
SubBytes
The last round is similar to ShiftRows
Round N-1
previous rounds, but omits the MixColumns
MixColumns transformation.
AddRoundKey
SubBytes
Round N
ShiftRows
AddRoundKey
Ciphertext
AES Structure: Structure of the Single Round

AES Encryption: Preparing the Plaintext
Consider a 128-bit (i.e. 16 byte) plaintext block.
Each byte of the plaintext block is labeled as follows:
(a0,0, a1,0, a2,0, a3,0, a0,1, a1,1, a2,1, a3,1, a0,2, a1,2, a2,2, a3,2, a0,3, a1,3,
a2,3, a3,3)
The bytes are then arranged in a 4 x 4 matrix i.e., the

“state”, as follows:
a0,0 a0,1 a0,2 a0,3

a1,0 a1,1 a1,2 a1,3
a2,0 a2,1 a2,2 a2,3
a3,0 a3,1 a3,2 a3,3
Such arrangement is called a column major form

AES Encryption: Preparing the Plaintext
Example: A 128-bit plaintext block:

EA 83 5C F0 04 45 33 2D 65 5D 98 AD 85 96 B0 C5 is
converted into the following matrix.

AES Encryption: The Initial AddRoundKey
Transformation
Plaintext
Next, the initial AddRoundKey AddRoundKey
operation is performed.
SubBytes
A simple bitwise XOR between the ShiftRows
bytes of the key and bytes of the MixColumns
state. Round 1
…
AddRoundKey
SubBytes
ShiftRows
MixColumns Round 2
…
AddRoundKey

AES Encryption: The Initial AddRoundKey
Transformation
Example:
Key: 47 37 94 ED 40 D4 E4 A5 A3 70 3A A6 4C 9F 42 BC
Plaintext: AC 77 66 F3 19 FA DC 21 28 D1 29 41 57 5C 00 6A
Both written in a 4x4 column-major matrices:
Key:
Plaintext:

AES Encryption (6): The Initial AddRoundKey
Transformation
Example:
The matrices are then XORed together:
⊕ =
E.g. 47 ⊕ AC = EB
...
40 ⊕ 19 = 59
BC ⊕ 6A = D6

AES Encryption (7): The Initial AddRoundKey
Transformation
Example:
The matrices are then XORed together:
⊕ =
E.g. 47 ⊕ AC = EB
...
40 ⊕ 19 = 59
BC ⊕ 6A = D6

AES Encryption: The SubBytes Transformation (1)

Every byte of the state is replaced Plaintext
by a byte from a 16x16 S-Box, the AddRoundKey
Rijnadel S-Box. SubBytes
The S-Box contains a permutation of ShiftRows
all possible 8-bit values. MixColumns
Round 1
…
AddRoundKey
SubBytes
ShiftRows
MixColumns Round 2
…
AddRoundKey
Process explained on the next slide.

Rationale: reduce correlation between the input bits
and the output bits at the byte level.
Take a byte a from the state.
The first four bits of a represent the value of x in the
row of the S-Box.
The second four bits of a represent the value of y in
the column of the S-Box.
Replace a with byte b which lies at the intersection of
the row and the column.
Example on the next slide

𝐸𝐴 04 65 85
Example: Consider state: 83 45 5𝐷 96
5𝐶 33 98 𝐵0
𝐹0 2𝐷 𝐴𝐷 𝐶5

𝐸𝐴 04 65 85
Take the first byte, EA 5𝐶 33 98 𝐵0

AES Encryption : The SubBytes Transformation (6)
𝐸𝐴 04 65 85
5𝐶 33 98 𝐵0
Take the first byte, EA 𝐹0 2𝐷 𝐴𝐷 𝐶5
The first four bits of EA are E.
The second four bits of EA are A.

𝐸𝐴 04 65 85
5𝐶 33 98 𝐵0
Take the first byte, EA 𝐹0 2𝐷 𝐴𝐷 𝐶5
The first four bits of EA are E ֜ the value of x

Example: Consider state: 𝐸𝐴 04 65 85
83 45 5𝐷 96
Take the first byte, EA 5𝐶 33 98 𝐵0
The first four bits of EA are E ֜ the value of x
The second four bits of EA are A ֜ the value of y
Replace EA
with 87
87

𝐸𝐴 04 65 85
5𝐶 33 98 𝐵0
Repeat the same process
On all bytes of the state:
𝐸𝐴 04 65 85 87 𝐹2 4𝐷 97
83
5𝐶
𝐹0
45
33
2𝐷
5𝐷
98
𝐴𝐷
96
𝐵0
𝐶5
֜ 𝐸𝐶
4𝐴
8𝐶
6𝐸
𝐶3
𝐷8
4𝐶
46
95
90
𝐸7
𝐴6

AES Encryption: The ShiftRows Transformation (1)

Left circular shift the rows of the Plaintext
state: AddRoundKey
Row Number LCS Shift Amount SubBytes

1 0 ShiftRows
2 1 MixColumns
Round 1
…
3 2 AddRoundKey
4 3
SubBytes
Example on the next slide
ShiftRows
MixColumns Round 2
AddRoundKey

87 𝐹2 4𝐷 97
Example: consider state: 𝐸𝐶 6𝐸 4𝐶 90
4𝐴 𝐶3 46 𝐸7
8𝐶 𝐷8 95 𝐴6
Row LCS
Row 1: Left Number Shift
circular shift by 0 Amount
87 𝐹2 4𝐷 97 1 0
bytes (i.e. do not
𝐸𝐶 6𝐸 4𝐶 90
shift) 2 1
4𝐴 𝐶3 46 𝐸7
8𝐶 𝐷8 95 𝐴6 3 2
4 3
Result:
87 𝐹2 4𝐷 97

87 𝐹2 4𝐷 97
4𝐴 𝐶3 46 𝐸7
8𝐶 𝐷8 95 𝐴6
Row LCS
Number Shift
Amount
Row 2: Left
87 𝐹2 4𝐷 97 1 0
circular shift by 1
𝐸𝐶 6𝐸 4𝐶 90
4𝐴 𝐶3 46 𝐸7 byte. 2 1
8𝐶 𝐷8 95 𝐴6 3 2
4 3
Result:
87 𝐹2 4𝐷 97
6𝐸 4𝐶 90 𝐸𝐶

87 𝐹2 4𝐷 97
4𝐴 𝐶3 46 𝐸7
8𝐶 𝐷8 95 𝐴6
Row LCS
Number Shift
Amount
Row 3: Left
87 𝐹2 4𝐷 97 1 0
circular shift by 2
𝐸𝐶 6𝐸 4𝐶 90
4𝐴 𝐶3 46 𝐸7 bytes). 2 1
8𝐶 𝐷8 95 𝐴6 3 2
4 3
Result:
87 𝐹2 4𝐷 97
6𝐸 4𝐶 90 𝐸𝐶
46 𝐸7 4𝐴 𝐶3

87 𝐹2 4𝐷 97
4𝐴 𝐶3 46 𝐸7
8𝐶 𝐷8 95 𝐴6
Row LCS
Number Shift
Amount
Row 4: Left
87 𝐹2 4𝐷 97 1 0
circular shift by 3
𝐸𝐶 6𝐸 4𝐶 90
4𝐴 𝐶3 46 𝐸7 bytes. 2 1
8𝐶 𝐷8 95 𝐴6 3 2
4 3
Result:
87 𝐹2 4𝐷 97
6𝐸 4𝐶 90 𝐸𝐶
46 𝐸7 4𝐴 𝐶3
𝐴6 8𝐶 𝐷8 95

87 𝐹2 4𝐷 97
4𝐴 𝐶3 46 𝐸7
8𝐶 𝐷8 95 𝐴6
Row LCS
Number Shift
Amount
Row 4: Left
87 𝐹2 4𝐷 97 1 0
circular shift by 3
𝐸𝐶 6𝐸 4𝐶 90
4𝐴 𝐶3 46 𝐸7 bytes. 2 1
8𝐶 𝐷8 95 𝐴6 3 2
4 3
Result:
87 𝐹2 4𝐷 97
6𝐸 4𝐶 90 𝐸𝐶
46 𝐸7 4𝐴 𝐶3
𝐴6 8𝐶 𝐷8 95

AES Encryption: The MixColumns Transformation (1)

Plaintext
Mixes the state columns.
AddRoundKey
Based on Arithmetic in the finite
SubBytes
field GF(28).
ShiftRows
Rationale: when performed after the MixColumns
Round 1
ShiftRows operation ensures that
…
AddRoundKey
each bit of the output depends on
each bit of the input.
2 3 1 1 SubBytes
The matrix 1 2 3 1
is multiplied by ShiftRows
1 1 2 3
the state 3 1 1 2
MixColumns Round 2
…
AddRoundKey
All intermediate additions and
multiplications of numbers is done
using GF(28) arithmetic.
Review of matrix multiplication:

Example: multiply the following matrices
7 8
1. 1 2 3
× 9 10 = 1 × 7 + 2 × 9 + 3 × 11
4 5 6
11 12
7 8
2. 1 2 3
× 9 10 = 1 × 7 + 2 × 9 + 3 × 11 1 × 8 + 2 × 10 + 3 × 12
4 5 6
11 12
7 8
3. 1 2 3
× 9 10 = 1 × 7 + 2 × 9 + 3 × 11 1 × 8 + 2 × 10 + 3 × 12
4 5 6
11 12 4 × 7 + 5 × 9 + 6 × 11
7 8
1 2 3
4. 4 5 6
× 9 10 = 1 × 7 + 2 × 9 + 3 × 11 1 × 8 + 2 × 10 + 3 × 12
11 12 4 × 7 + 5 × 9 + 6 × 11 4 × 8 + 5 × 10 + 6 × 12

How to multiply two matrices using finite field GF(28)

arithmetic?
Same algorithm conventional matrix multiplication, BUT all
intermediate additions and multiplications are done as
follows:
Addition is replaced with XOR operation.
Multiplication is done by cross-referencing two tables:
E table and
L table
Cross-referencing is done to avoid directly dealing with
complexities of field theory mathematics and to speed up
implementation.
“
Example on the next slide.

2 3 1 1
Example: 1 2 3 1
1 1 2 3
MixColumns multiples matrix 3 1 1 2
by the state using GF(28) arithmetic:
87 𝐹2 4𝐷 97
Consider state: 6𝐸 4𝐶 90 𝐸𝐶
46 𝐸7 4𝐴 𝐶3
𝐴6 8𝐶 𝐷8 95
2 3 1 1 87 𝐹2 4𝐷 97
What is 1 2 3 1 6𝐸 4𝐶 90 𝐸𝐶 ?
×
1 1 2 3 46 𝐸7 4𝐴 𝐶3
3 1 1 2 𝐴6 8𝐶 𝐷8 95

Example:
Following the rules of conventional matrix multiplication,
but replacing additions with XOR operations:
2 3 1 1 87 𝐹2 4𝐷 97
1 2 3 1 6𝐸 4𝐶 90 𝐸𝐶
× 46 𝐸7 4𝐴 𝐶3 =
1 1 2 3
3 1 1 2 𝐴6 8𝐶 𝐷8 95
2 × 87 ⊕ 3 × 6𝐸⊕ 1 × 46 ⊕ 1 × 𝐴6 … …
. How do we multiply in
. GF(28) finite field
. arithmetic?
E.g. 2 × 87?
Next slide…

GF(28) multiplication algorithm (using AES lookup

tables):
Assume: we want compute b1 * b2 where b1 and b2 are
bytes.
Split b1 into two 4-bit halves.
The first half specifies the row index in the L-table (next
slides).
The second half specifies the column index into the L-table.
Take the value b1’ which lies at the intersection of the row
and column.
Repeat the same process on byte b2 to obtain byte b2’
Compute b1’ + b2’. If the result is > FF, subtract FF from
the result. Let c represent final result.

GF(28) multiplication algorithm (using AES lookup

tables):
Split c into two 4-bit halves:
The first half specifies the row index in the E-table (next
slides).
The second half specifies the column index into the E-table.
The value at the intersection of the row and column is our

final answer.

Example: what is 02 × 87 in GF(28)?
Step 1: Split 02 into two 4-bit halves:

The first 4-bit half is 0 ֜ the row number in the L-table.
The second 4-bit half is 2 ֜ the column number in the L-

table.
Find the value at the intersection of row 0 and column 2 in
the L-table (next slide).

Step 1: Split 02 into two 4-bit halves:

table. L-Table
19 is the
result

Step 2: Split 87into two 4-bit halves:

table. L-Table
74 is the
result

Step 3: Add the values from steps 1 and 2:

19 + 74 = 8D; because 8D < FF, no need to subtract FF
from the result.
Step 4: Split the result from the previous step, 8D,

into two 4-bit halves.
The first 4-bit half is 8 ֜ the row index in the E-table
(next slide)
The second 4-bit half is D ֜ the column index in the E-

table.
The value at the intersection of row and column is the
result of multiplication.

Step 4: Split the result from the previous step, 8D, into
two 4-bit halves.
The first 4-bit half is 8 ֜ the row index in the E-table (next
slide)
The second 4-bit half is D ֜ the column index in the E-table.

15 is the
answer to
02 × 87 in
GF(28)

Example:
Following the rules of conventional matrix multiplication,
but replacing additions with XOR operations:
2 3 1 1 87 𝐹2 4𝐷 97
1 2 3 1 6𝐸 4𝐶 90 𝐸𝐶
× 46 𝐸7 4𝐴 𝐶3 =
1 1 2 3
3 1 1 2 𝐴6 8𝐶 𝐷8 95
15 B2 46 A6 Use the same process to

2 × 87 ⊕ 3 × 6𝐸⊕ 1 × 46 ⊕ 1 × 𝐴6 … … compute the products of:
. 3 × 6𝐸, 1 × 46, and 1 × 𝐴6
.
. 3 × 6𝐸 = 15
1 × 46 = 𝐵2
1 × 𝐴6 = 𝐴6
Answer: 15 ⊕ B2 ⊕ 46
⊕ A6 = 47
Example:
Repeat the same process for the rest of the
rows/columns.
2 3 1 1 87 𝐹2 4𝐷 97 47 40 𝐴3 4𝐶
1 2 3 1 6𝐸 4𝐶 90 𝐸𝐶 37 𝐷4 70 9𝐹
× 46 𝐸7 4𝐴 𝐶3 =
1 1 2 3 94 𝐸4 3𝐴 42
3 1 1 2 𝐴6 8𝐶 𝐷8 95 𝐸𝐷 𝐴5 𝐴6 𝐵𝐶

AES Encryption: The AddRoundKey Transformation (1)

Rationale: a change in one bit of the Plaintext
encryption key should affect the AddRoundKey
round keys for several rounds. SubBytes
Uses the initial key to derive a round ShiftRows
key and XORs the resulting key with MixColumns
Round 1
…
the state. AddRoundKey
The 16-byte (i.e. 128-bit) key is

converted into a vector of 4 sixteen
SubBytes
byte elements.
ShiftRows
𝐾0 𝐾4 𝐾8 𝐾12 MixColumns Round 2
…
𝐾1 𝐾5 𝐾9 𝐾13
𝐾2
𝐾3
𝐾6
𝐾7
𝐾10
𝐾11
𝐾14
𝐾15
֜ 𝑊0 𝑊1 𝑊2 𝑊3 AddRoundKey
Where W0 = K0K1K2K3, W1 = K4K5K6K7,

etc..
Vector 𝑊0 𝑊1 𝑊2 𝑊3 is then Plaintext
expanded into a 44-byte vector AddRoundKey
𝑊0 𝑊1 𝑊2 𝑊3 …
𝑊43 SubBytes
ShiftRows
W0…W3 represent the key for the
MixColumns
first round. Round 1
…
AddRoundKey
W4…W7 represent the key for the
second round.
SubBytes
ShiftRows
MixColumns Round 2
…
AddRoundKey

Expanding vector 𝑊0 𝑊1 𝑊2 𝑊3 to Plaintext
then expanded into a 44-byte vector AddRoundKey
𝑊0 𝑊1 𝑊2 𝑊3 …
𝑊43 : SubBytes
ShiftRows
MixColumns
Round 1
…
AddRoundKey
SubBytes
ShiftRows
MixColumns Round 2
…
AddRoundKey
Function g is defined in the next
slide.

𝑊0 𝑊1 𝑊2 𝑊3 …
𝑊43 : SubBytes
ShiftRows
MixColumns
slide g(W) where W is a 4-byte Round 1
…
AddRoundKey
word, works as follows:
Step 1: Perform a one-byte left
circular rotation on W.
SubBytes
Step 2:
ShiftRows
Perform the SubBytes step on the MixColumns Round 2
…
matrix.
AddRoundKey

𝑊0 𝑊1 𝑊2 𝑊3 …
𝑊43 : SubBytes
ShiftRows
MixColumns
…
AddRoundKey
Step 3: XOR the vector from step 2
with the round constant – a vector of SubBytes
four 4-byte words; different for
ShiftRows
each round.
MixColumns Round 2
Next slide gives the table for each
…
AddRoundKey
round.

Round Round Constant

1 [01, 00, 00, 00]
2 [02, 00, 00, 00]
3 [04, 00, 00, 00]
4 [08, 00, 00, 00]
5 [10, 00, 00, 00]
6 [20, 00, 00, 00]
7 [40, 00, 00, 00]
8 [80, 00, 00, 00]
9 [1B, 00, 00, 00]
10 [36, 00, 00, 00]

𝑊0 𝑊1 𝑊2 𝑊3 …
𝑊43 : SubBytes
ShiftRows
MixColumns
…
AddRoundKey
Step 4: XOR the result from step 2
with the round key. SubBytes
ShiftRows
MixColumns Round 2
…
AddRoundKey

Example: Expansion of AES key 0f 15 71 c9 47 d9 e8 59 0c
b7 ad d6 af 7f 67 98 for the first 4 rounds
RotWord(w): Left circular shift w by one byte
SubWord(x): apply SubBytes transformation to x
Rcon(i): the round constant for round i

AES Decryption (1) Ciphertext
Unlike DES decryption, AES AddRoundKey
decryption differs significantly InvShiftRows

from encryption. InvSubBytes
The order of steps is different: AddRoundKey Round 1
…
Encryption: InvMixColumns
SubBytes
ShiftRows
InvShiftRows
MixColumns
InvSubBytes
AddRoundKey Round N-1
AddRoundKey
Decryption (each operation except
AddRoundKey is an inverse of its InvMixColumns
encryption counterpart):
InvShiftRows InvShiftRows
Round N
InvSubBytes InvSubBytes
AddRoundKey AddRoundKey
InvMixColumns Plaintext
AddRoundKey
Unlike DES decryption, AES InvShiftRows
decryption differs significantly from InvSubBytes

encryption AddRoundKey Round 1
This is because unlike DES, AES is
…
InvMixColumns
not based on the Feistal Cipher

architecture, but on the Substitution
InvShiftRows
Permutation Network (SPN)
InvSubBytes
Round N-1
AddRoundKey
InvMixColumns
InvShiftRows
Round N
InvSubBytes
AddRoundKey
Plaintext
AddRoundKey
SPNs require that all substitutions InvShiftRows

and permutations are invertible InvSubBytes
I.e., for each AddRoundKey Round 1
…
substitution/permutation operation InvMixColumns
there is an operation that can reverse
the effects of that substitution or
permutation InvShiftRows
Feistal cipher does not have this InvSubBytes

Round N-1
requirement, and instead reverses AddRoundKey
the order of keys InvMixColumns
InvShiftRows
Round N
InvSubBytes
AddRoundKey
Plaintext
Attacks on AES
No successful, practical attacks to date.
Approaches were developed for executing timing attacks
against vulnerable AES implementations on some
systems.
Documents revealed by Edward Snowden showed that
NSA is investigating whether tau statistic can be used
to successfully break AES.

AES in Real World Applications
AES is currently used in:

WPA-2 wireless security protocol.
HTTPS and SSL security protocols.
BitLocker full disk encryption utility.
BitCoin system (used for encrypting the wallet.dat file)
MANY others…

References
Advanced Encryption Standard by Example.
www.adamberent.com/documents/aesbyexample.pdf
AES: The Advanced Encryption Standard Lecture Notes

on “Computer and Network Security”.
https://engineering.purdue.edu/kak/compsec/NewLectu
res/Lecture8.pdf
William Stallings. Cryptography and Network Security,

6th Edition.
Michael Goodrich and Roberto Tamssia. Introduction to

Computer Security, 1st Edition.

Advanced Encryption Standard (AES) (CS-452)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advanced Encryption Standard (AES) (CS-452)

Uploaded by

Copyright:

Available Formats

Advanced Encryption Standard

CS-452: Data Security and Encryption Techniques 1/59

CS-452: Data Security and Encryption Techniques 3/59

128-bit plaintext block AES 128-bit ciphertext block

128, 192, or 256-bit key

CS-452: Data Security and Encryption Techniques 4/59

10 when 128-bit key is used. AddRoundKey

12 when 192-bit key is used.

CS-452: Data Security and Encryption Techniques 7/59

The bytes are then arranged in a 4 x 4 matrix i.e., the

a0,0 a0,1 a0,2 a0,3

Such arrangement is called a column major form

Example: A 128-bit plaintext block:

CS-452: Data Security and Encryption Techniques 9/59

CS-452: Data Security and Encryption Techniques 10/59

CS-452: Data Security and Encryption Techniques 11/59

CS-452: Data Security and Encryption Techniques 12/59

CS-452: Data Security and Encryption Techniques 13/59

CS-452: Data Security and Encryption Techniques 14/59

Process explained on the next slide.

Example on the next slide

CS-452: Data Security and Encryption Techniques 16/59

CS-452: Data Security and Encryption Techniques 17/59

CS-452: Data Security and Encryption Techniques 18/59

CS-452: Data Security and Encryption Techniques 19/59

CS-452: Data Security and Encryption Techniques 20/59

The second four bits of EA are A ֜ the value of y

CS-452: Data Security and Encryption Techniques 21/59

CS-452: Data Security and Encryption Techniques 22/59

CS-452: Data Security and Encryption Techniques 23/59

Row Number LCS Shift Amount SubBytes

CS-452: Data Security and Encryption Techniques 24/59

CS-452: Data Security and Encryption Techniques 25/59

CS-452: Data Security and Encryption Techniques 26/59

CS-452: Data Security and Encryption Techniques 27/59

CS-452: Data Security and Encryption Techniques 28/59

CS-452: Data Security and Encryption Techniques 29/59

CS-452: Data Security and Encryption Techniques 30/59

Review of matrix multiplication:

CS-452: Data Security and Encryption Techniques 32/59

How to multiply two matrices using finite field GF(28)

Example on the next slide.

CS-452: Data Security and Encryption Techniques 34/59

CS-452: Data Security and Encryption Techniques 35/59

GF(28) multiplication algorithm (using AES lookup

CS-452: Data Security and Encryption Techniques 36/59

GF(28) multiplication algorithm (using AES lookup

The value at the intersection of the row and column is our

CS-452: Data Security and Encryption Techniques 37/59

Example: what is 02 × 87 in GF(28)?

Step 1: Split 02 into two 4-bit halves:

The second 4-bit half is 2 ֜ the column number in the L-

CS-452: Data Security and Encryption Techniques 38/59

The second 4-bit half is 2 ֜ the column number in the L-

CS-452: Data Security and Encryption Techniques 39/59

The second 4-bit half is 7 ֜ the column number in the L-

CS-452: Data Security and Encryption Techniques 40/59

Step 3: Add the values from steps 1 and 2:

Step 4: Split the result from the previous step, 8D,

The second 4-bit half is D ֜ the column index in the E-

CS-452: Data Security and Encryption Techniques 41/59

The second 4-bit half is D ֜ the column index in the E-table.