You are on page 1of 18

AES

Introduction:
AES also called as Advanced Encryption Standard was based on Rijndael algorithm developed by Joan Daeman & Vincent Rijmen in November 2001. The need for coming up with a new algorithm was actually because of the perceived weakness in DES. The 56-bit keys of DES were no longer considered safe against attacks based on exhaustive key searches and the 64-bit blocks were also considered as weak. AES was to based on 128-bit plain text blocks, with key size of 128 or 192 or 256-bits. No. of rounds is 10 or 12 or 14. In general, two versions of AES are used: 128-bit plain text block combined with 128-bit key block and 128-bit plain text block with 256-bit key block.

Description of Rijndael:
i. Do the following one-time initialization processes: a) Expand the 16-byte key to get the actual Key block to be used. b) Do one time initialization of the 16-byte plain text block (called as State). c) XOR the state with the key block. ii. For each round, do the following: a) Apply S-box to each of the plain text bytes. b) Rotate row k of the plain text block by k bytes. c) Perform a mix columns operation. d) XOR the state with the key block.

One-time Initialization Process:


Key Expansion: The inputs to the algorithm are the key and the plain text. The key size is 16 bytes, which is expanded into 11 arrays, each array containing 4 rows & 4 columns. In other word, the original 16-byte key array is expanded into a key containing 11*4*4 = 176 bytes. The 1st array is initialized by the original key. The other 10 arrays are used in the 10 rounds, one array per round.
16-byte Key

Expanded into 11 arrays, each of size 4 x 4

One-time Initialization Process:


Key Expansion Algorithm: 16-byte initial key will be expanded into 176-byte key i.e. 176/4 words= 44 words. (each word= 4 bytes). First the 16-byte key is copied into the first 4 words of the expanded key.

The remaining 10 arrays are filled on the basis of the algorithm described below:

Description of Key expansion algorithm:


i. ExpandKey (byte K[16], word W[44]): word tmp; // first copy all the 16 input key blocks into first four words of output key. for ( i=0; i< 4; i++) { W[i]= K[4*i], K[4*i+1], K[4*i+2], K[4*i+3]; } // now populate the remaining output key words (i.e. W4 to W43) for ( i=4; i< 44; i++) { tmp = W[i-1]; if( i mod 4 ==0) tmp = Substitute (Rotate(temp)) XOR Constant [i/4]; W[i] = W[i-4] XOR tmp; }

Description of Key expansion algorithm:


Substitute: function Substitute performs a byte substitution on each byte of the input word. For this purpose, it uses an S-box.

Description of Key expansion algorithm:


Rotate: function Rotate performs a circular shift on the contents of the word by one byte. Thus, if an input word contains four bytes numbered [B1, B2, B3, B4]; then the output word would contain [B2, B3, B4, B1] Constant: in function Constant, the output of the Substitution operation is XORed with a constant. This constant is a word consisting of 4 bytes. The value of the constant depends on the round number. The last three bytes of a constant word always contain 0.
Round number Value of constant (in hex) 1 01 2 02 3 04 4 08 5 10 6 20 7 40 8 80 9 1B 10 36

Values of constant per round, to be used in the Constant function

One-time Initialization Process:


Generation of state: 16-byte PT block is copied into a 2-D 4X4 array called as state. The order is in the column order. That is, the first four bytes of the plain text block get copied into the first column of the state array, the next four bytes of the plain text block get copied into the second column of the state array and so on.

One-time Initialization Process:


XOR the State with the Key block: Every byte of the State is XORed with corresponding byte of the Key.

Process in each Round:

Process in each Round:


Byte Substitution: The contents of the state array are looked up into the S-box. Byte by byte substitution is done to replace the contents of the state array with the respective entries in the S-box. Here only one S-box is used, unlike DES, which has multiple S-boxes.

Process in each Round:


Shift Row: Here, each of the four rows of the state array are rotated to the left. Row 0 by 0 bytes, row 1 by 1 bytes, row 2 by 2 bytes and row 3 by 3 bytes.

Process in each Round:


Mix column: Each column of the state is multiplied with a fixed Polynomial C(x)= 3x3+x2+x+2 2 1 1 3 3 2 1 1 1 1 31 2 3 1 2 b1 b2 b3 b4

b1=(b1 X 2) XOR (b2 X 3) XOR (b3 X 1) XOR (b4 X 1) b2=(b1 X 1) XOR (b2 X 2) XOR (b3 X 3) XOR (b4 X 1) b3=(b1 X 1) XOR (b2 X 1) XOR (b3 X 2) XOR (b4 X 3) b4=(b1 X 3) XOR (b2 X 1) XOR (b3 X 1) XOR (b4 X 2)

Process in each Round:


Galois Field Multiplication:

The result of the multiplication is actually the output of a lookup of L table, followed by the normal addition of the results, followed by a lookup of the E table. Out of the two digits of each number, 1st digit is the vertical index and 2nd digit is the horizontal index

Process in each Round:


L Table:

Process in each Round:


E Table:

Process in each Round:


Ex: AF08 L(AF)=B7 L(08)=4B B7+4B=102=03 (As 102>FF) E(03)=0F Therefore, AF08=0F
Add Sub Key: XOR each byte of the round key with its corresponding byte in the state array