Cryptography and Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Cryptography and Network Security

Description:

Cryptography and Network Security Advanced Encryption Standard By William Stallings Modified by M. Sakalli Origins clear a replacement for DES was needed have ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 26
Provided by: Eman63
Category:

less

Transcript and Presenter's Notes

Title: Cryptography and Network Security


1
Cryptography and Network Security
  • Advanced Encryption Standard
  • By William Stallings
  • Modified by M. Sakalli

2
Origins
  • clear a replacement for DES was needed
  • have theoretical attacks that can break it
  • have demonstrated exhaustive key search attacks
  • can use Triple-DES but slow with small blocks
  • US NIST issued call for ciphers in 1997
  • 5 were short-listed in Aug-99
  • MARS (IBM) - complex, fast, high security margin
  • RC6 (USA) - v. simple, v. fast, low security
    margin
  • Rijndael (Belgium) - clean, fast, good security
    margin
  • Serpent (Euro) - slow, clean, v. high security
    margin
  • Twofish (USA) - complex, v. fast, high security
    margin
  • Rijndael was selected as the AES in Oct-2000
  • issued as FIPS PUB 197 standard in Nov-2001

3
AES Requirements
  • private key symmetric block cipher
  • 128-bit data, 128/192/256-bit keys
  • stronger faster than Triple-DES
  • active life of 20-30 years ( archival use)
  • provide full specification design details
  • both C Java implementations
  • NIST have released all submissions unclassified
    analyses
  • Evaluation criteria of submitted ones
  • General security effort to practically
    cryptanalyse
  • algorithm implementation characteristics
  • cost computational, software hardware
    implementation ease, minimize implementation
    attacks
  • flexibility (in en/decrypt, keying, other factors)

4
  • Rijndael
  • processes data as 4 groups of 4 bytes (state)
  • has 9/11/13 rounds in which state undergoes
  • byte substitution (1 S-box byte to byte
    substitution)
  • shift rows (permutation of bytes)
  • mix columns (subs using gf28)
  • Add Round Key (XOR state with a portion of
    expended K)
  • initial XOR key material incomplete last round
  • all operations can be combined into XOR and table
    lookups - hence very fast efficient
  • The AES Cipher
  • designed by Rijmen-Daemen in Belgium
  • has 128/192/256 bit keys, 128 bit data
  • an iterative rather than feistel cipher
  • treats data in 4 groups of 4 bytes
  • operates an entire block in every round
  • designed to be
  • resistant against known attacks
  • speed and code compactness on many CPUs

5
(No Transcript)
6
  • AddRoundKey
  • Each round uses four different words from the
    expanded key array.
  • Each column in the state matrix is XORed with a
    different word.
  • The heart of the encryption. All other functions
    properties are permanent and known to all.
  • InvAddRoundKey
  • (A ? B) ? B A
  • Key is used in reverse order

7
Substitution Byte (Subbyte)
  • It is a bytewise lookup process that returns a
    4-byte word in which each byte is the result of
    applying the Rijndael S-box. Designed to be
    resistant to all known attacks
  • Simple substitution of each byte using one table
    of 16x16 bytes containing a permutation of all
    256 8-bit values
  • each byte of state is replaced by byte in row
    (left 4-bits) column (right 4-bits)
  • eg. byte 95 is replaced by row 9 col 5 byte
  • which is the value 2A
  • S-box is constructed using a transformation of
    the values in GF(28)

8
Shift Rows
  • a circular byte shift in each row
  • 1st row is unchanged
  • 2nd row does 1 byte circular shift to left
  • 3rd row does 2 byte circular shift to left
  • 4th row does 3 byte circular shift to left
  • decrypt does shifts to right
  • since state is processed by columns, this step
    permutes bytes between the columns

9
  • Mix Columns
  • each column is processed separately
  • each byte is replaced by a value dependent on all
    4 bytes in the column
  • effectively a matrix multiplication in GF(28)
    using prime poly m(x) x8x4x3x1
  • Add Round Key
  • XOR state with 128-bits of the round key
  • again processed by column (though effectively a
    series of byte operations)
  • inverse for decryption is identical since XOR is
    own inverse, just with correct round key
  • designed to be simple

10
AES Round
11
  • Mathematical Review
  • Performing arithmetic operations on bytes
    requires to work in a finite field and treat each
    byte as an element.
  • GF(28) - Finite field containing 256 elements.
  • Each element is a polynomial of degree 7 over Z2,
    hence an element is defined by 8 binary values
    a byte.
  • Addition polynomial addition, over Z2,
    implemented using XOR.
  • Multiplication polynomial multiplication , over
    Z2, modulo irreducible polynomial X8 X4 X3
    X 1
  • Implemented using repetitive left shifts and
    XOR.
  • SubBytes - 16 X 16 table
  • Each byte is considered as an element in GF(28)
  • Called S-BoxA. 16 X 16 table contains all
    possible 256 elements.
  • Row Column Indices Left and Right halves of the
    byte.
  • Each byte B in the state matrix is substituted
    with f(B).

12
SubBytes, S-Box computation Computing S-Box cells
in three stages -The cells are numbered in
ascending order. -Each cells number is
substituted with its multiplicative inverse over
GF(28). - The cells bits go through the
following transformation
bi bi ? b(i4)mod(8) ? b(i5)mod(8) ?
b(i6)mod(8) ? b(i7)mod(8) ? ci bi new bit
value, ci the ith bit of 6311000110
irreducible polynomial
13
S-Box eg. byte 95 is replaced by row 9 col 5
byte which is the value 2A
14
  • InvSubBytes
  • Same routine as SubBytes, but uses the inverse
    S-Box.
  • Inverse S-box is computed by applying the inverse
    affine transformation and then substituting with
    the multiplicative inverse, of the cells value
    in the S-Box.
  • The Inverse transformation
  • bi b(i2)mod8 ? b(i5)mod8 ? b(i7)mod8 ?
    di
  • bi new bit value, di the ith bit of
    0500000101.

15
(No Transcript)
16
SubBytes, crypto properties
  • S-Box design makes it resistant to cryptanalitic
    attacks.
  • Conditions
  • No fixed points S(a) ? a, no opposite fixed
    points IS(a) ? a complement.
  • Invertible s box, ISS(a) a
  • but not self invertible, which means
  • S(a) ? IS(a), ie. S(95) 2A, but IS(95)
    AD think S(2A)?95
  • To see that InvSubBytes is the inverse of
    SubBytes,
  • label the matrices in SubBytes and InvSubBytes as
    X and Y, respectively, and the vector versions of
    constants c and d as C and D, respectively.
  • For some 8-bit vector B ? B' XB ? C.
  • To show that Y(XB ? C) ? D B.
  • Must show YXB ? YC ? D B.
  • BXB?C (Y(XB?C)?D) YXB?YC?D B
  • Which means

17
ShiftRows
  • Rows 2-4 in the state matrix are left shifted by
    different offsets of 1-3 bytes respectively.
  • Strong diffusion effect. Separation of each four,
    originally consecutive, bytes.

18
  • A transformation which operates on individual
    columns 32 bits/4 bytes.
  • Each column is treated as a 3 degree polynomial
    over GF(23)
  • Multiplied by the fixed polynomial
  • a(x)(03X3 01X2 01X 02)mod(x41)
  • a(x) was chosen so the multiplication/transformati
    on is invertible.
  • Generally, multiplication in the above group
    mod(x41) doesnt provide inverse for each
    element.
  • coefficients multiplication is the GF(28)
    multiplication mentioned earlier.

19
MixColumn, props- The transformation is a linear
code with a maximal distance between code
words.- Combined with ShiftRows, after several
rounds all output bits depend on all input bits.
20
  • In GF(28), irreducible polynomial mod(x4x3x1)
  • (02 87) ? (03 6E) ? 46 ? A6
    47
  • 87 ? (02 6E) ? (03 46) ? A6
    37
  • 87 ? 6E ? (02 46 ? (03 A6) 94
  • (03 87) ? 6E ? 46 ? (02 A6
    ED
  • For the first equation,
  • 02 87 x(x7 x2x1) (1 0000 1110) l
    because of the most left 1,
  • (0000 1110) ? (0001 1011) (0001 0101)
  • and
  • 03 6E (x1)(x6 x5 x3 x2x)
  • (x6 x5 x3 x2x) ? (x)(x6 x5 x3
    x2x), the same statement for the second side.
  • 6E ? (02 6E) (0110 1110) ? (1101
    1100)
  • (1011 0010).
  • 02 87 0001 0101  
  • 03 6E 1011 0010  
  • 46 0100 0110  
  • A6 1010 0110   
  • Total 0100 0111 47

21
InvMixColumn
  • Same routine as MixColumn, only instead of a(x)
    the inverse of a(x) is used
  • a-1(x)0Bx3?0Dx2?09x?0E

22
AES Key Expansion
  • takes 128-bit (16-byte) key and expands into
    array of 44/52/60 32-bit words
  • start by copying key into first 4 words
  • then loop creating words that depend on values in
    previous 4 places back
  • in 3 of 4 cases just XOR these together
  • every 4th has S-box rotate XOR constant of
    previous before XOR together
  • designed to resist known attacks

23
AES Decryption
  • AES decryption is not identical to encryption
    since steps done in reverse
  • but can define an equivalent inverse cipher with
    steps as for encryption
  • but using inverses of each step
  • with a different key schedule
  • works since result is unchanged when
  • swap byte substitution shift rows
  • swap mix columns add (tweaked) round key

24
Implementation Aspects
  • can efficiently implement on 8-bit CPU
  • byte substitution works on bytes using a table of
    256 entries
  • shift rows is simple byte shifting
  • add round key works on byte XORs
  • mix columns requires matrix multiply in GF(28)
    which works on byte values, can be simplified to
    use a table lookup
  • can efficiently implement on 32-bit CPU
  • redefine steps to use 32-bit words
  • can pre-compute 4 tables of 256-words
  • then each column in each round can be computed
    using 4 table lookups 4 XORs
  • at a cost of 16Kb to store tables
  • designers believe this very efficient
    implementation was a key factor in its selection
    as the AES cipher

25
Summary
  • have considered
  • the AES selection process
  • the details of Rijndael the AES cipher
  • looked at the steps in each round
  • the key expansion
  • implementation aspects
Write a Comment
User Comments (0)
About PowerShow.com