Foundations of Computer SecurityLecture 46: Advanced Encryption StandardDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 46: 1 Advanced Encryption StandardModern Symmetric EncryptionMost modern symmetric encryption algorithms are:block ciphers: take input in fixed size blocks;implemented in rounds: perform similar operations repeatedly to a“state”;.Such an algorithm is called an iterated block cipher.Designed to process large volumes of text quickly, they usemachine operations (arithmetic, bitwise, table lookup) that arecheap and easy to implement.Lecture 46: 2 Advanced Encryption StandardAdvanced Encryption StandardIn 1995, NIST began a search for a new, fast, secure symmetricencryption algoithm that was:unclassified;publicly disclosed;available royalty-free for use worldwide;symmetric block cipher algorithm for blocks of 128 bits;usable with key sizes of 128, 192, and 256 bits.From 15 contenders, the Rijndael algorithm of Dutch researchersVincent Rijmen and Joan Daemen was chosen as the AdvancedEncryption Standard (AES).Lecture 46: 3 Advanced Encryption StandardOverview of AESA 128-bit block is arranged as a 4 × 4 array of bytes called the“state,” which is modified in place in each round.b0b4b8b12b1b5b9b13b2b6b10b14b3b7b11b15The key is also arranged as a 4 × n array of bytes, and is initiallyexpanded in a recursive process into r + 1 128-bit keys, where r isthe number of rounds.AES uses 10, 12, or 14 rounds for keys of 128, 192, and 256 bits,respectively.Lecture 46: 4 Advanced Encryption StandardRounds in AESEach round consists of four steps.subBytes: for each byte in the array, use its value as an indexinto a 256-element lookup table, and replace byte bythe value stored at that location in the table.shiftRows: Let Ridenote the ithrow in state. Shift R0in thestate left 0 bytes (i.e., no change); shift R1left 1byte; shift R2left 2 bytes; shift R3left 3 bytes.Lecture 46: 5 Advanced Encryption StandardRounds in AESmixColumns: for each column of the state, replace the column byits value multiplied by a fixed 4 × 4 matrix of integers(as illustrated below).a0′a1′a2′a3′=02 03 01 0101 02 03 0101 01 02 0303 01 01 02×a0a1a2a3addRoundKey: XOR the state with a 128-bit round key derivedfrom the original key K by a recursive process.Lecture 46: 6 Advanced Encryption StandardDecryption in AESThe decryption algorithm is the inverse of encryption, with thefollowing differences:The subkeys are used in reverse order.Each of the steps is inverted.The first and last rounds are slightly different.Inverting the MixColumns step requires multiplying each column bythe following fixed array:0e 0b 0d 0909 0e 0b 0d0d 09 0e 0b0b 0d 09 0eFor that reason, decryption typically takes longer than encryption.Lecture 46: 7 Advanced Encryption StandardSecurity of the AESAES is incorporated in a large number of commercial encryptionproducts. The algorithm is fairly new, but has been subjected toextensive analysis,No flaws have been discovered, but that doesn’t mean that noneexist.AES is modular and the key length can be extended if necessary.Similarly, the number of rounds can be increased.Lecture 46: 8 Advanced Encryption StandardLessonsAES is a widely-used modern symmetric encryption algorithm.AES uses a block of 128-bits.AES allows keys of size 128-bits, 192-bits, and 256-bits, with10, 12, 14 rounds, respectively.Next lecture: Modes of UsageLecture 46: 9 Advanced Encryption
View Full Document
Unlocking...