第六讲 高级加密标准 (AES)
(AES)
199712(NIST)DES(AES)DESAES1997912
AES (1) (2) 128128192256DESDES (3) (4)
1998820NIST15AES15()1999415NIST155
5AESMARS(IBM)RC6(RSA Laboratories) Rijndael(Joan DaemenVincent Rijmen)Serpent(Ross Anderson Eli BihamLars Knudsen)Twofish(Bruce SchneierJohn KelseyDoug WhitingDavid WagnerChris HallNiels Ferguson)()
AES2000515NIST2000102NIST RijndaelAES
GF(pn) AES (MAC)
1 GF(pn)
1.1 GF(pn)
1.2
1.3 GF(28)
2 128128100128128128
(layers) (1) (The ByteSub Transformation) (2) (The ShiftRow Transformation) (3) (The MixColumn Transformation) (4) (AddRoundKey)
# (MC)
3
3.1
3.1 ()
3.2
3.3
3.4
3.5
3.6 S-
3.6 S-()
4 (1)(IBS) (2) (ISR)
(3) (IMC)
(4)
# MC
5 (1) DES(1)AES (2) FeistelAES128128 (3) AESS-DESS- AESS-
(4) (5) 14 (6) S-(10)(i-4)/4
(7) 106200474
6 RijndaelRijndaelSB/ISBMC/IMC
(1) SB/ISBS-28=256()01
(2) MCGF(28)z = xy()x{011011}yGF(28)0101y=y2256=512
(3) IMCMCIMC44MCIMCMC30%
7 AES (1) DESAES128192256
(2) AESHashHashHashUNIXUNIXDESHash2128192256AES256384512Hash
(3) DESAES
8 ()()
8.1 (ECB)
8.1(ECB) ()
8.2 (CBC)
8.2 (CBC) ()
8.3 (CFB)
8.3 (CFB) ()
8.3 (CFB) ()
9 (MAC) 1 (MAC)k hk (1) hkkxhk(x)MAC-MAC
(2) hkxnhk() (3) 0-MAC(xihk(xi))-MAC(xhk(x))xxi(ihk(x)=hk(xi))
9.1 MAC k-MAC(xihk(xi))-MAC(xhk(x))xxi (1) (2) xi-MAC (xihk(xi)) (3)
9.2 xMAC (1) -MAC() (2) -MAC
9.3 CBCMAC
9.3 CBCMAC ()
9.3 CBCMAC () . (1) CBC-MAC(CBCMAC)(CBC-MAC) CBC-MAC (2) (MACMAC)
(3) CBC-MACkkMACMAC
!