Presentation for UG REsearch on Security.
Presented to Faculty in Charge of Siddaganga Institute of Technology, Tumkur, Karnataka, India
This is the first Presentation
1. Click to edit Master title style
1
Advanced
Encryption
Standard
B y,
A k a s h R a n j a n D a s
5 t h S e m e s t e r
B - Te c h , C o m p u t e r S c i e n c e A n d Te c h n o l o g y
S i d d a g a n g a I n s t i t u t e O f Te c h n o l o g y, Tu m k u r
2. Click to edit Master title style
2
Agenda
What is Advanced Encryption Standard (AES)?
Why AES?
Structure Of AES
o Basic Structure Of AES
o Detailed Structure Of AES
o Data Structure of AES
Working of AES encryption and Encryption
o AES Transformation Functions
o AES Key Expansion
Real World Software Application.
2
3. Click to edit Master title style
3
What is Advanced
Encryption Standard
(AES)?
3
4. Click to edit Master title style
4
Advanced Encryption Standard (AES)
4
• The Advanced Encryption Standard (AES) is a
symmetric block cipher chosen by the US government to
protect classified information.
• AES is implemented in software and hardware
throughout the world to encrypt sensitive data.
• The National Institute of Standards and Technology
(NIST) started development of AES in 1997 when it
announced the need for an alternative to the Data
Encryption Standard (DES) , which was starting to
become vulnerable to brute force attacks.
6. Click to edit Master title style
6
Why AES?
6
Data Encryption Standard (DES) Advanced Encryption Standard (AES)
• DES can be broken easily as
it has known vulnerabilities.
• DES can encrypt 64 bits of
plaintext.
• Known attacks against DES
include : Brute-force, Linear
crypt-analysis and Differential
crypt-analysis.
• AES is more secure than the DES
cipher and is the de facto world
standard.
• AES can encrypt 128 bits of
plaintext.
• No known crypt-analytical attacks against
AES but side channel attacks against AES
implementations possible. Biclique attack
have better complexity than brute-force
but still ineffective.
7. Click to edit Master title style
7
Structures Of AES
7
8. Click to edit Master title style
8
Simple Structure Of AES
8
AES
x
y
128
128
128/192/256
k
x: plain text (128 bits = 16 bytes)
k: secret key
y: encrypted text (128 bits = 16 bytes)
Key lengths #rounds = nr
128 bits 10
192 bits 12
256 bits 14
9. Click to edit Master title style
9
Block Diagram of AES Encryption
9
Plain Text x
Key Addition Layer
Byte Substitution Layer
Shift Rows
Mix Column Layer
Key Addition Layer
Round 1 Diffusion Layer
Transform 0
Key k
Transform 1
k0
k1
Last Round nr Transform nrknr
Cipher Text
y= AES(x)
10. Click to edit Master title style
10
Block Diagram of AES Decryption
10
Plain Text x = AES-1(y)
Key Addition Layer
Inverse Substitution Layer
Inverse Shift Rows
Inverse Mix Column Layer
Key Addition Layer
Round nr
Diffusion Layer
Transform 0
Key k
Transform 1
k0
k1
Round 1
Transform nr
knr
Cipher Text
Key Addition Layer
12. Click to edit Master title style
12
Working Of AES
12
13. Click to edit Master title style
13
AES Round Function for rounds 1, 2, …. nr-1
A0 A2 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15
B0 B2 B2 B3 B4 B5 B6 B7 B8 B9 B10 B11 B12 B13 B14 B15
C0 C2 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 C15
s s s s s s s s s s s s s s s s
k1
Byte Substitution
Shift Rows
Mix Columns
Key Addition
14. Click to edit Master title style
14
Byte Substitution Layer
14
• The first layer in each round.
• S(Ai) = Bi
• Ai : each byte in the state matrix.
• Bi : substituted byte.
• S : substitution function.
• S- Box is the only non-linear element of AES i.e. it holds that ByteSub(A) +
ByteSub(B) ≠ ByteSub(A+B) for two states A and B.
• S-Box substitution is bijective mapping.
• Each of 28 = 256 possible inputs elements is one-to-one mapped to one output element.
• Allows us to uniquely reverse the S-Box for decryption.
• S-Box is usually realized as a 256-by-8 bit look up table with fixed entries.
A0 A4 A8 A12
A1 A5 A9 A13
A2 A6 A10 A14
A3 A7 A11 A15
B0 B4 B8 B12
B1 B5 B9 B13
B2 B6 B10 B14
B3 B7 B11 B15
15. Click to edit Master title style
15
AES S – Box for Encryption
15
16. Click to edit Master title style
16
Inverse AES S – Box for Decryption
16
17. Click to edit Master title style
17
Computation of sub byte transformation
17
• Ex 1 : Let’s assume the input byte to the S-BOX is Ai = (C2)hex , then the substituted value is
S((C2)hex) = (25)hex
On a bit level:
S(11000010) = (00100101)
• Even though the S-Box is bijective, it does not have any fixed points i.e. there aren’t inputs values Ai
such that S(Ai) = Ai.
• Even the zero input is not a fixed point: S(00000000) = S(01100011)
• Ex 2 : Let’s assume that the input to the byte substitution layer is:
(C2,C2,C2,C2,….,C2)hex
The output state is then
(25,25,25,25,…..,25)hex
18. Click to edit Master title style
18
18
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
x
y
s'0,0 s'0,1 s'0,2 s'0,3
s'1,0 s'1,1 s'1,2 s'1,3
s'2,0 s'2,1 s'2,2 s'2,3
s'3,0 s'3,1 s'3,2 s'3,3
Input State matrix
S-Box
Output State matrix
19. Click to edit Master title style
19
Mathematical description of the S-BOX
19
GF(28)
inverse
Affine
mapping
Ai B’i Bi
• GF(28): Galois Field
• The function used here is Galois Field Inversion.
• B’i = Ai
-1, where Ai and B’i are considered elements in the galois field GF(28) with fixed
polynomial P(x) = x8+x4+x3+x+1.
• The inverse is obtained from a look up table of the multiplicative inverse in GF(28).
• In Affine mapping each byte B’i is multiplied by a constant bit-matrix followed by the
addition of a constant 8-bit vector.
20. Click to edit Master title style
20
Multiplicative inverse table in GF(28)
20
21. Click to edit Master title style
21
Affine Mapping
21
22. Click to edit Master title style
22
Example: S-BOX computation
22
• Ex: We assume the S-BOX input Ai = (11000010)2 = (C2)hex .
Solution:
Step 1: From look-up table (Multiplicative inverse table in GF(28)) we can see
that the inverse
Ai
-1 = B’i = (2F)hex = (00101111)2
Step 2 : We now apply the B’i bit vector as input to the affine transformation.
Bi = (00100101)2 = (25)hex
Thus, S((C2)hex) = (25)hex
• If one computes both steps for all 256 possible input elements of the S-BOX
and stores the results, one obtains the Multiplicative inverse table in GF(28).
23. Click to edit Master title style
23
Shift-Rows Sub Layer
23
• From Byte substitution layer we get the substituted byte matrix.
• Shift Rows transformation shifts:
• The second row of the state matrix by three bytes to the right.
• The third row by two bytes to the right.
• The fourth row by one byte to the right.
• The first row remains as it is.
• The purpose of the shift rows transformation is to increase diffusion properties of AES.
B0 B4 B8 B12
B1 B5 B9 B13
B2 B6 B10 B14
B3 B7 B11 B15
B0 B4 B8 B12
B5 B9 B13 B1
B10 B14 B2 B6
B15 B7 B3 B11
No shift
One position left shift
Two positions left shift
Three positions left shift
24. Click to edit Master title style
24
Mix-Column Sub Layer
24
• Linear Transformation which mixes each column of the state matrix.
• Let B be the 16 byte input state matrix and C be the 16 byte output state matrix,
Mix-Column(B) = C
• Each four byte column is considered as a vector and multiplied by a fixed 4x4 matrix.
25. Click to edit Master title style
25
Key Addition Layer
25
• The key schedule takes the original input key (of length 128,
192, or 256 bit) and derives the sub-keys used in AES.
• XOR addition of a sub-key is used both at the input and output of
AES. This process is referred to as key whitening.
• The number of sub-keys is equal to the number of rounds plus
one, due to the key needed for key whitening in the first key
addition layer.
• AES sub-keys are computed recursively, i.e. , in order to derive
sub-key ki , sub-key ki-1 must be known.
26. Click to edit Master title style
26
AES Key Schedule for 128-bit key size
26
27. Click to edit Master title style
27
Key Expansion Algorithm
27
keyExpansion(byte key[16], word[44]) {
word temp;
for(i = 0 ; i < 4 ; i++) {
w[i] = (key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]);
}
for(i = 4 ; i < 44 ; i++) {
temp = w[i - 1];
if (i mod 4 == 0)
temp = subWord(rotWord(temp)) Rcon[i/4];
w[i] = w[i - 4] temp;
}
}
28. Click to edit Master title style
28
Real World Software
Application
28
29. Click to edit Master title style
29
End To End Encryption in Chat Systems
29
• WhatsApp has now became world’s leading chat portal for end to
end users and also for groups.
• The security system which it follows is End to End
Encryption(E2EE).
• E2EE uses AES (Cipher Block Chaining(CBC) Mode) and public
key cryptography to secure the chat between two users or
among the group members.
• In this AES plays an important role to encrypt the data.
• (User1->text)->encrypted text->decrypted text->(text->User2)