AES Cipher Algorithm Part 2

Advanced Encryption Standard
 Dr. Amjad Hussain Zahid
Origins
 A replacement for DES was needed
 Key size is too small in DES
 Can use Triple-DES
 But Triple-DES is slow and uses small plaintext block
 US NIST issued call for ciphers in 1997  AES is the result of a three
year competition.
 15 candidate ciphers accepted in Jun 1998  This competition was

announced in September 1997
and had entries from 12
different countries
 5 ciphers were shortlisted in Aug 1999
AES : Introduction
 Private key symmetric block cipher
 128-bit data
 Three options for key : 128/192/256-bit keys
 128 bits ( = 3.4 x 1038 keys)
 192 bits ( = 6.2 x 1057 keys)
 256 bits ( = 1.1 x 1077 keys)
 DES uses only 56-bit keys, giving a key space of 7.2 x 1016 keys
AES Conceptual Scheme
Plaintext (128 bits) = 16 Bytes = 4 x 4 Matrix
128 bits subkeys = 16 Bytes = 4 x 4 Matrix

AES Key (128-192-256 bits)
128 Bits = 16 Bytes
192 Bits = 24 Bytes
256 Bits = 32 Bytes
Ciphertext (128 bits)
3
Multiple rounds
 Rounds are (almost) identical
 First and last round are a little different
Nr = Number of Rounds
4
High Level Description
• Round keys are derived from the cipher key

Key Expansion using Rijndael's key schedule
• AddRoundKey : Each byte of the state is combined

Initial Round with the round key using bitwise xor
• SubBytes : non-linear substitution step

• ShiftRows : transposition step
Rounds • MixColumns : mixing operation of each column.
• AddRoundKey
• SubBytes
Final Round • ShiftRows MixColumns step is not
included in this round
• AddRoundKey
Overall Structure
128-bit values
 Data block viewed as 4-by-4 table of bytes
 Represented as 4 by 4 matrix of 8-bit bytes.
 Key is expanded to array of 32 bits words
1 Byte
Changing Plaintext to State
17
7
Details of Each Round
 Each round is a repetition of functions that
perform a transformation over State array
 Consists of 4 main functions: one permutation
and three substitutions
Substitute bytes, Shift rows, Mix columns, Add round key
Finite Field Arithmetic
 Addition (XOR)
 (x6 + x4 + x2 + x + 1) + (x7 + x + 1) = x7 + x6 + x4 + x2
 {01010111}  {10000011} = {11010100}
 {57}  {83} = {d4}
 Multiplication is tricky
Finite Field Multiplication (•)
(x6 + x4 + x2 + x +1) (x7 + x +1) =
x13 + x11 + x9 + x8 + x7 + x7 + x5 + x3 + x2 + x + x6 + x4 + x2 + x +1
These cancel = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1

and
x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 modulo ( x8 + x4 + x3 + x +1)
= x7 + x6 +1.
Irreducible Polynomial
SubBytes: Byte Substitution
Substitution Box
• S-box is generated by determining the

multiplicative inverse for a given number in the
Galois field, zero would be set to zero
Substitution Box
How to calculate the Multiplicative inverse?

Calculate Multiplicative Inverse of x6+x4+x+1 w.r.t. x8+x4+x3+x+1.
Addition in a Finite Field is XOR.

Thus the inverse is x7+x6+x3+x = CA in hexadecimal.
Substitution Box
Multiplicative inverse of 1 is 1
Multiplicative inverse of 2
2 In Binary = 0 0 0 0 0 0 1 0
= X1
= X
Calculate Multiplicative Inverse of x w.r.t. x8+x4+x3+x+1.
Remainder Quotient Auxiliary

x8+x4+x3+x+1 0
x 1
1 x7+x3+x2+1 x7+x3+x2+1
Thus the inverse of 2 is x7+x3+x2+1 = 10001101 = 8D in hexadecimal.

Substitution Box
Multiplicative inverse of 3
3 In Binary = 0 0 0 0 0 0 1 1
= X1 1
= X + 1
Calculate Multiplicative Inverse of x + 1 w.r.t. x8+x4+x3+x+1.
Remainder Quotient Auxiliary

x8+x4+x3+x+1 0
x+1 1
1 x7+x6+x5+x4+x2+x x7+x6+x5+x4+x2+x
Thus the inverse of 3 is x7+x6+x5+x4+x2+x = 11110110 = F6 in hexadecimal.

Substitution Box
Multiplicative inverse of 3 = x + 1 w.r.t. x8+x4+x3+x+1.
X7 + X6 + X5 + X4 + X2 + X
X+1 X8 + X4 + X3 + X+1
X8 + X7
X7
X7 + X6
X6
X6 + X5
X5 + X4
X5 + X4
X3
X3 + X2
X2 + X
X2 + X
1
Substitution Box
Table of Multiplicative inverses
SubBytes and InvSubBytes
 Modulo 2 arithmetic + = XOR
8 F
b0  1 0 0 0 1 1 1 1 b0  1

 b   1 1 0 0 0 1 1 1  b1  1
 1 
b2  1 1 1 0 0 0 1 1 b2  0
      
b3  = 1 1 1 1 0 0 0 1 b3  0
+ 99 in Decimal
b4  1 1 1 1 1 0 0 0 b4  0 = 63 in Hexadecimal
       = 01100011 in Binary
b5  0 1 1 1 1 1 0 0 b5  1
b  0 0 1 1 1 1 1 0 b6  1
 6     
b7  0 0 0 1 1 1 1 1 b7  0
Output bits(what goes in the sbox) Input bits (the multiplicative inverse)
 For 0
0 1 1
0 1 1
0 0 0
0 0
= 0
+ 0
= 0
0
= 63 in Hexa
0 1 1
0 1 1
0 0 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
0+0+0+0+0+0+0+0=0=0 MOD 2 = 0
 For 1
1 1 0
1 1 0
1 0 1
= 1
1 + 0 = 1
1
= 7C
0
0 1 1
0 1 1
0 0 0
 For 2
Inverse of 02 = 10001101 =
Written in reverse
0 1 1
1
0 0 1 1
1 1 0 1
0 + 0
1
0
= 1 0
= 0
1
= 77 in Hexa
0 0 1 1
0 0 1 1
1 0 0 0
1+0+0+0+0+0+0+1=2=2 MOD 2 = 0
1+0+0+0+0+0+0+1=2=2 MOD 2 = 0
1+0+1+0+0+0+0+1=3=3 MOD 2 = 1
1+0+1+1+0+0+0+1=4=4 MOD 2 = 0
1+0+1+1+0+0+0+0=3=3 MOD 2 = 1
0+0+1+1+0+0+0+0=2=2 MOD 2 = 0
0+0+1+1+0+0+0+0=2=2 MOD 2 = 0
0+0+0+1+0+0+0+1=2=2 MOD 2 = 0
 For 3
Inverse of 03 = 11110110
0 1 1
0 1 1
0 0 0
1 + 0 1 = 7B in Hexa
= 1 0 = 1
0 1 1
0 1 1
0 0 0
0+0+0+0+1+1+1+1=4=4 MOD 2 = 0
0+1+0+0+0+1+1+1=4=4 MOD 2 = 0
0+1+1+0+0+0+1+1=4=4 MOD 2 = 0
0+1+1+0+0+0+0+1=3=3 MOD 2 = 1
0+1+1+0+1+0+0+0=3=3 MOD 2 = 1
0+1+1+0+1+1+0+0=4=4 MOD 2 = 0
0+0+1+0+1+1+1+0=4=4 MOD 2 = 0
0+0+0+0+1+1+1+1=4=4 MOD 2 = 0
SubBytes Operation
 Replace each byte in the state array with its

corresponding value from the S-Box
55
00 44 88 CC
11 55 99 DD
22 66 AA EE
33 77 BB FF
SubBytes Table
 Implement by Table Lookup
Sample SubByte Transformation
 The SubBytes and InvSubBytes transformations are

inverses of each other.
ShiftRows
 Shifting, which permutes the bytes.
 A circular byte shift in each each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
Example :
MixClumns Scheme
The MixColumns transformation operates at the column level; it

transforms each column of the state to a new column.
MixClumns Example
MixClumns Example
➢ uses arithmetic in the finite field GF(28)

➢ with irreducible polynomial
m(x) = x8 + x4 + x3 + x + 1
which is (100011011) or {11b}
➢ e.g.
{02} • {87} mod {11b} = (1 0000 1110) mod {11b}
= (1 0000 1110) xor (1 0001 1011) = (0001 0101)

AES Cipher Algorithm Part 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AES Cipher Algorithm Part 2

Uploaded by

Copyright:

Available Formats

Advanced Encryption Standard

 Dr. Amjad Hussain Zahid

 15 candidate ciphers accepted in Jun 1998  This competition was

Plaintext (128 bits) = 16 Bytes = 4 x 4 Matrix

128 bits subkeys = 16 Bytes = 4 x 4 Matrix

Ciphertext (128 bits)

• Round keys are derived from the cipher key

• AddRoundKey : Each byte of the state is combined

• SubBytes : non-linear substitution step

Changing Plaintext to State

These cancel = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1

• S-box is generated by determining the

How to calculate the Multiplicative inverse?

Addition in a Finite Field is XOR.

Calculate Multiplicative Inverse of x w.r.t. x8+x4+x3+x+1.

Remainder Quotient Auxiliary

Thus the inverse of 2 is x7+x3+x2+1 = 10001101 = 8D in hexadecimal.

Calculate Multiplicative Inverse of x + 1 w.r.t. x8+x4+x3+x+1.

Remainder Quotient Auxiliary

Thus the inverse of 3 is x7+x6+x5+x4+x2+x = 11110110 = F6 in hexadecimal.

b0  1 0 0 0 1 1 1 1 b0  1

 Replace each byte in the state array with its

 The SubBytes and InvSubBytes transformations are

The MixColumns transformation operates at the column level; it

➢ uses arithmetic in the finite field GF(28)

You might also like