Professional Documents
Culture Documents
Lecture 5
SECURE MESSAGING
Advanced Encryption Standard (AES)
Step 1: Divide the plain text into 16-byte blocks (a0, a1,a2,……..a15)
Step 2: Arrange each block as (4×4) byte matrix called state S.
a0 a4 a8 a12 Row 1
a1 a5 a9 a13 Row 2
S
a2 a6 a10 a14 Row 3
a a a11 a15 Row 4
3 7
Advanced Encryption Standard (AES)
Step 3: S ← S key (0) where key (0) is a 4×4 byte key matrix.
The exclusive OR is bit-wise exclusive OR.
For i = 1 to 9 do the following:
Step 4: S←SUB(S) where SUB is a substitution operation in
which each byte of S is substituted by a byte of a (16×16)
substitution matrix by table lookup
Step 5: S ← left circular shift row (i) by (i-1) bytes
Step 6: S ←Mix bytes in columns of S by different amounts.
Step 7: S←S keyi, where keyi is a 4×4 byte matrix and is a function of i
end for
Step 8: S←SUB(S)
Step 9: S ← left circular shift rowi by i-1 bytes
Step 10: S←S key10
Step 11 CT←S
Step 12: Rearrange matrix CT columnwise to get 128 block of ciphertext
Rijndael
Rijndael, the Advanced Encryption Standard, is a symmetric block
cipher.
It uses the same key between sender and receiver to encrypt and
decrypt the message.
key is expanded to array of words
has 10/12/14 rounds in which state undergoes:
byte substitution (1 S-box used on every byte)
shift rows (permute bytes between groups/columns)
mix columns (subs using matrix multiply of groups)
add round key (XOR state with key material)
AES Key
AES key is either 128 bits, 192 bits or 256 bits
128 bits (4 words):
11223344556677889900AABBCCDDEEFF
11 22 33 44
55 66 77 88
99 00 AA BB
CC DD EE FF
AES Key
or 192 bits (6 words) or 256 bits (8 words)
1122334455667788 1122334455667788
9900AABBCCDDEEFF 9900AABBCCDDEEFF
1122334455667788 1122334455667788
9900AABBCCDDEEFF
11 22 33 44 11 22 33 44
55 66 77 88
55 66 77 88
99 00 AA BB
99 00 AA BB CC DD EE FF
CC DD EE FF 11 22 33 44
11 22 33 44 55 66 77 88
55 66 77 88 99 00 AA BB
CC DD EE FF
Byte Substitution
a simple substitution of each byte
uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)
eg. byte {95} is replaced by byte in row 9 column 5
which has value {2A}
Byte Substitution
Shift Rows
a circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
decrypt inverts using shifts to right
since state is processed by columns, this
step permutes bytes between the columns
ShiftRows
S0,0 S0,1 S0,2 S0,3 S0,0 S0,1 S0,2 S0,3
12
Mix Columns
AddRoundKey
XOR each byte of the round key with its
corresponding byte in the state array
XOR
S0,1
S0,0 S0,1 S0,2 S0,3
S1,0
S
S1,1
1,1 S1,2 S1,3 S’0,1
R0,1
S2,0 S
S2,1 S2,2 S2,3 S’0,0 S’0,1 S’0,2 S’0,3
2,1 R0,0 R0,1 R0,2 R0,3 S’
S3,0 S3,1 S3,2 S3,3 R S’1,0 S’1,1
1,1 S’1,2 S’1,3
S3,1 R1,0 R 1,1 R
1,1 1,2 R1,3
S’2,0 S’
S’2,1 S’2,2 S’2,3
R2,0 RR2,1 R2,2 R2,3 2,1
2,1 S’3,0 S’3,1 S’3,2 S’3,3
R3,0 R3,1 R3,2 R3,3 S’3,1
R3,1
Advanced Encryption Standard (AES)
- Even though the decryption key schedule is the same for both
encryption
and decryption, the sequence of transformations needed to obtain the
plain text from the ciphertext is different.
- This implies that the software used for decryption is different from that
used for encryption.
It is a block cipher in which the plain text and ciphertext and keys
are usually 1024 bits long. It can, however, work with any block size
with integers 0 to (n - 1) for some n. The encryption and decryption
in RSA is performed as shown below.
Given M
C= Me mod n Encryption scheme e is an integer
M= Cd mod n Decryption scheme d is an integer
Example:
1. Pick prime numbers p =3, q = 11, n=p x q = 33. This implies that
the block value should be ≤ 33.
2. Ø = (p – 1) x (q-1) = 2 x 10 = 20
3. Pick a number relatively prime to Ø = 20. We pick 7. The public
key of the recipient is thus (n, e) = (33, 7).
4. To pick the private key, find d from the relation (d x e) mod (Ø)
=
(d x 7) mod 20 = 1 which gives 3 for d.
Therefore, the private key of recipient is (33,3).
RSA Encryption Scheme
Let us now decrypt this ciphertext to plain text using the private key
of the recipient of the ciphertext.
- The advantage of this method compared to RSA is the fact that the
key to exchange messages by sender and receiver is identical and
each can calculate it using the public key exchanged between them.
Diffie-Hellman Key Exchange Algorithm
Step 1: Two numbers are selected. We will call them q and a. q is a prime
number. a ˂q is a primitive root of q. a is a primitive root of q if
the following is true:
a mod q, a2 mod q, a3 mod q, ……., aq-1 mod q are distinct and
are numbers 1 to q – 1 in some permutation.
Step 2: The sender selects a random number XS ˂ q which is private
is to him. The sender calculates his public key YS = aXS mod q.
Step 3: The receiver selects a random number XR ˂ q. XR is private
to him. The receiver calculates his public key YR = aXR mod q.
Step 4: The sender and receiver exchange their public keys.
Step 5: S generates secret key K = (YR)XS mod q
Step 6: R generates secret key K = (YS)XR mod q
It can be seen that K = (YR)XS mod q = (aXR)XS mod q
= (YS)XR mod q = (aXS)XR mod q
Diffie-Hellman Key Exchange Algorithm
-The secret key K of both the receiver and sender are identical and
can be calculated from each other’s public key and private random
number XS and XR.