Rijndael Final

7/31/2019 Rijndael Final

1/23

RIJNDAEL

Arta Doci

University Of Colorado.

Email: [email protected]


2/23

Topics Covered

Introduction

Characteristics of Rijndael

Algorithm and its building blocks

Mathematics behind Rijndael

Conclusion


3/23

Rijndael, the Advanced Encryption Standard, is asymmetric block cipher.

It uses the same key between sender and receiverto encrypt and decrypt the message.

Speed and cost make symmetric algorithms as thealgorithm of choice for encrypting large amounts ofdata.

Rijndael = Rijmen &Daemen


4/23

Characteristics of Rijndael:

Iterated block cipher

Parallel structure (based on the S-P Network model structure)

Byte Oriented

Predecessor: SQUARE.


5/23

Block Cipher:

Two Principles of a good blockcipher, as defined by Claude

Shannon, are:

1.Confusion which stands forsubstitution operations.

2. Diffusion which stands fortransposition or permutation

operations.


6/23

S-P Network Model (Shannon)

Divide each Block of Data intosmaller manageable pieces of the

same length.

In parallel each piece goesthrough:

Confusion (substitution): S-Box

Diffusion (Permutation): P-Box


7/23

INPUT(Block of Plaintext, Key):Divide plaintext into blocks of length 1(byte) * 16, thus creating

a 4 X 4 matrix, i.e. the STATE matrix.

State[Row,Column]=Byte[Row+4Column]

Byte0 Byte4 Byte8 Byte12




State[0,0] State[0,1] State[0,2] State[0,3]




EXAMPLE: Create State Matrix from a given

block


8/23


9/23

Pseudo Code (continued):

Round(State, Expanded_KEY[i])

{

Substitute_Bytes(State);

Shift_Rows(State);

Mix_Columns(State);

Add_Key(State[],Expanded_KEY[i]);

}

Last_Round (State,Expanded_KEY[Nr])

{

Substitute_Bytes(State);

Shift_Rows(State);

Add_Key(State[],Expanded_KEY[i]);

}


10/23

ROUND 1ROUND 1

Last_ROUNDLast_ROUND

NrNr

Last_ROUNDLast_ROUND

NrNr

ROUND Nr - 1Nr - 1ROUND Nr - 1Nr - 1

EXTENDED_KEYEXTENDED_KEYEXTENDED_KEYEXTENDED_KEY

KEY ROUND 0

KEY ROUND 1SUB_SUB_BYTESSUB_SUB_BYTES

ADD_ROUNDKADD_ROUNDK

EYEY

ADD_ROUNDKADD_ROUNDK

EYEY

MIX_MIX_COLUMN

S

MIX_MIX_COLUMN

S

SHIFT_ROWSSHIFT_ROWSSHIFT_ROWSSHIFT_ROWS

INPUT

PLAINTEXT

ENCRYPTED DATA

EncryptionEncryption

KEY ROUND

Nr-1 ROUNDKEY

OUTPUT

SECRET KEY

RoundRound

ROUND 00ROUND 00

KEY ROUND

Nr


11/23

Number of Rounds

Block size is fixed at 128 bits; key can be 128,192, or 256.

Nr is the number of rounds which is a function of

Nk(Block length divided by 32 ), and

Nb(Key length divided by 32 )

NrNr Nk4 6 8

Nb 10 12 14


12/23

Expand_Key

This procedure will1.Expand the key From a cipher Key ofbytes [4][Nk] to another array of (4) *(Nb*(Nr + 1)) = 4* (10 + 1) = 44 bytes .

2.Select a round key for each round.

This procedure avoids:

1. Weak Keys by introducing asymmetry.

2. Key-related attacks(Biham)

3. Cipher keys that are partially known or thatcan be chosen by an imposter.


13/23

Add_Key

Add_Key will be called

1. Once in the beginning of rounds

2. Nr-1 times in the Round

3. Once in the final round.

It just XOR-s the 16 bytes of the statewith the 16 bytes of key (for the 128 bitkey).

EXAMPLE: Add_Key illustrated.


14/23

Substitute_Bytes (Non-Linear step)

Substitutes each byte of the State with a

byte from the S-Box as follows:

State [row, column] = S-BoxS-Box [state [row,column]].

S-BoxS-Box ---- MORE LATER


15/23

Shift_Rows(..)

Shift_Rows

It will not change the values, but will just changetheir order.

It does a left circular shift to each row as below:

Row 0 Shift 0; Row 1 Shift 1; Row 2 Shift 2;Row 3 Shift 3;State[0,0]

State[0,1]

State[0,2]

State[0,3]

State[1,0]

State[1,1]

State[1,2]

State[1,3]

State[2,0]

State[2,1]

State[2,2]

State[2,3]

State[3,0]

State[3,1]

State[3,2]

State[3,3]

State[0,0]

State[0,1]

State[0,2]

State[0,3]

State[1,

1]

State[1,

2]

State[1,

3]

State[1,

0]

State[2,2]

State[2,3]

State[2,0]

State[2,1]

State[3,3]

State[3,0]

State[3,1]

State[3,2]


16/23

Mathematics Behind Rijndael

Field Finite Field

Inverses


17/23

Rijndael operates on the:

Binary Finite Field, GF(28).

FIELD. Definition and Example .

FINITE FIELD. The field with a finite number of elements.

Rijndael uses polynomial basis. Rijndael is byteoriented. Each byte, which will be stored in Hex and itwill represent a polynomial of at most degree 7:

b7X7 + b6X

6 + b5X5 + b4X

4 + b3X3 + b2X

2 + b1X1 + bo.

Example: { 1 1 0 1 01 0 0} = 0Xd4 = X7 + X6 + X4 + X2

G ( ^ )


18/23

The set of all polynomials of degree at most 7 with

coefficients GF(2) and with the two defined operations:Addition: Just XOR-in

Multiplication: Shift to the left.

and modulo an irreducible polynomial.

Galois Theorem: For any prime p and integer n, there existsa field of order pn and it is unique.

Cyclic Group Theorem: GF (pn)*, i.e. multiplicative Group, iscyclic; The nonzero elements are powers of someprimitiveroot.

Example: HOW do we construct such a field? Irreducible?Primitive Root?

FINITE FIELD GF(2 ^ 8)


19/23

Finding the multiplicative inverse

Multiplicative inverses in GF(256) using Look Up

Tables:

1. Example: Building Log Table.

2. Building Anti Log Table. Reverse the Logprocess {03}(06) ={55}; {06} = {03}(55) .

3. Building Inverse Table(using Log/Antilog).g (x)has as inverse g (ff ) ( x) . Example:{12}= {03} (e0), so the inverse will be g (ff ) ( e0)

= g

1f

= {aa}


20/23

S-BOX

The only non-linear step

S-Box is based on the mapping: X -> X 1 ; where

X 1 represents multiplicative inverse in the fieldfield.

1. Replaces each byte with its inverse GF (28), g

(a); beside 00 mapped to itself.

2. Applies an affine transformation (a bitwisemodulo-two matrix, XOR-ed with the hexadecimal

number 63.

EXAMPLE: Lets find SRD [12]. ??


21/23

Mix_Columns

Mix_Columns multiplies two numbers:

(A column that is considered as a polynomial) *(A mixing polynomial (modulo x4 + 1)) .

Mixing polynomial is{03}*x3 + {01} * x2 + {01} * x + {02}.

It should be relatively prime with the polynomial

x4

+ 1={11}=(x+1)4

,Thus, the fixed polynomial will have an inverse

(mod x4 + 1) and we can decrypt..


22/23

Conclusion

Secure

Excellent resistance to knownattacks.

Elegant mathematical structure Efficient


23/23

Q & A

Rijndael Final

Documents