Professional Documents
Culture Documents
5 0 Lect5 AES-2
5 0 Lect5 AES-2
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 1/25
Polynomial Arithmetic – Motivation
• AES encryption uses multiplication and addition operations
on 8-bit data, i.e. numbers ∈ {0, · · · , 255}
• The set {0, · · · , 255} mod 256 is an additive group, but not
a multiplicative group.
• Fields are multiplicative and additive, so need to find a field
that uses 8-bits elements.
• A finite field is GF (p) ∈ {0, 1, · · · , p − 1} where p is prime.
• It has an extension field GF (p m ) where the elements are
represented as polynomials, ai ∈ {0, · · · , p − 1}
A(x) = am−1 x m−1 + am−2 x m−2 + · · · + a2 x 2 + a1 x 1 + a0
There are p m polynomials.
• Using p = 2, m = 8, GF (28 ) has 28 = 256 elements in this
field.
• Given a byte, represent each bit by the coefficient
a ∈ {0, 1}, e.g. 1011 0111 becomes
A(x) = x 7 + x 5 + x 4 + x 2 + 1x + 1
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 2/25
Arithmetic in AES
• Need to multiply, divide (inverse), add, subtract (inverse)
on 8-bit data (byte).
• Data must be elements in a field.
• Not all integers in GF (2561) = {0, 1, 2, · · · , 255} have
multiplicative inverses
• Instead, use GF (28 ), except zero for AES data
• Elements of GF (28 ) are:
A(x) = a7 x 7 + a6 x 6 + a5 x 5 + a4 x 4 + a3 x 3 + a2 x 2 + a1 x 1 + a0
where ai ∈ GF (2) = {0, 1}
• Hence can represent and store elements as
A(x) = (a7 a6 a5 a4 a3 a2 a1 a0 )
e.g. if A(x) = x 7 + x 5 + x 2 + x 1 + 1, represent it as
A = 10100111 for operations and storage.
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 3/25
Finite Fields
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 4/25
Examples of Extension fields
• if p = 2, m = 1, the elements of GF (21 ) are
A(x) = a1 x 0 = a0 , and a ∈ GF (2), i.e. a ∈ {0, 1}
i.e. elements are {0, 1}
• if p = 2, m = 2, the elements of GF (22 ) are
A(x) = a1 x 1 + a0 x 0 , and a ∈ GF (2), i.e. a ∈ {0, 1}
i.e. elements are
{0x + 0, 0x + 1, 1x + 0, 1x + 1} = {0, 1, x, x + 1}
• if p = 2, m = 3, the elements of GF (23 ) are
A(x) = a2 x 2 + a1 x 1 + a0 x 0 , and a ∈ GF (2), i.e. a ∈ {0, 1}
i.e. possilbe elements are
{0x 2 + 0x + 0, 0x 2 + 0x + 1, 0x 2 + 1x + 0, 0x 2 + 1x + 1, ...} =
{0, 1, x, x + 1, ...}
• in binary representation:
000 001 010 011 100 101 110 111
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 5/25
Extension Field GF (28 )
• If p = 2, m = 8, then elements in GF (28 ) are
A(x) = a7 x m−1 + · · · + a1 x 1 + a0 , ai ∈ GF (2) = {0, 1}
• Elements include:
{0, 1, x, x + 1, x 2 , x 2 + 1, x 2 + x, x 2 + x + 1, ....}
Can be represented as an 8-bit vector
(a7 a6 a5 a4 a3 a2 a1 a0 ),
stored as a byte, e.g.
{(0000 0000), (0000 0001), (0000 0010), (0000 0010), ...}
i.e there are 28 = 256 elements
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 6/25
Polynomial arithmetic
A(x) = x 7 + x 5 + x 2 + x 1 + 1, i.e A = 1 0 1 0 0 1 1 1
B(x) = x 7 + x 6 + x 3 + x 1 , i.e. B = 1 1 0 0 1 0 1 0
C(x) = x 6 + x 5 + x 3 + x 2 + 1, i.e. C = 0 1 1 0 1 1 0 1
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 7/25
Polynomial multiplication in GF (2m )
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 8/25
AES operation
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 11/25
AES Byte substitution: S-box
computation
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 13/25
Byte substition: S-box computation
• Affine mapping
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 15/25
AES – Diffusion layer
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 16/25
AES – Diffusion layer
• Has 2 sublayers
1. ShiftRows – to increase the diffusion properties:
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 17/25
AES – Diffusion layer MixColumn
02 · 25 = x · (x 5 + x 2 + 1) = x 6 + x 3 + x
03 · 25 = (x + 1) · (x 5 + x 2 + 1) = x 6 + x 5 + x 3 + x 2 + x + 1
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 18/25
AES decryption
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 19/25
Inverse Diffusion
• Inverse ShiftRows
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 20/25
Inverse Byte substitution using S-box
• Compute Ai = S −1 (Bi )
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 21/25
Inverse Byte substitution by calculation
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 22/25
Summary - AES
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 23/25
Rules about making and using
cryptography
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 24/25
Conclusion
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 25/25