1 the aes block cipher niels ferguson. 2 what is it? block cipher: encrypts fixed-size blocks....
Post on 19-Dec-2015
223 views
TRANSCRIPT
![Page 1: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/1.jpg)
1
The AES block cipher
Niels Ferguson
![Page 2: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/2.jpg)
2
What is it?
• Block cipher: encrypts fixed-size blocks.
• Design by two Belgians.
• Chosen from 15 entries in a competition.
• US government standard.
• Also known as Rijndael.
![Page 3: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/3.jpg)
3
Bias warning
• I’m one of the designers of the Twofish block cipher.
• Twofish was one of the other AES submissions.
• AES (then called Rijndael) won.
• I’ve spent several month trying to break AES.
![Page 4: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/4.jpg)
4
Block cipher
AES
Plaintext (128 bits)
Ciphertext (128 bits)
Key (128-256 bits)
![Page 5: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/5.jpg)
5
Multiple rounds
Plaintext
Ciphertext
Key Key
schedule
![Page 6: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/6.jpg)
6
AES multiple rounds
• 10-14 simple rounds.
• Each round is a weak block cipher.
• Rounds are (almost) identical.
• Simple key schedule.
![Page 7: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/7.jpg)
7
AES single round
• Add key
• S-box
• Shift row
• Mix column
![Page 8: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/8.jpg)
8
128-bit values
• Represented as 4 by 4 matrix of 8-bit bytes.
![Page 9: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/9.jpg)
9
Add key operation
Xor of corresponding byteskey
![Page 10: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/10.jpg)
10
S-box
S
• 8-bit lookup table
• 16 lookups in parallel
S
![Page 11: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/11.jpg)
11
Shift row
• Reordering of the bytes within each row.
• Rotate rows by 0-3 byte positions.
![Page 12: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/12.jpg)
12
Mix column
• Interpret each column as a vector of length 4.
• Multiply by 44 matrix over GF(28).
• Matrix is an MDS matrix.
![Page 13: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/13.jpg)
13
Single round
S
Round key
![Page 14: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/14.jpg)
14
Last round
S
Round key
Round key
![Page 15: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/15.jpg)
15
S-box
• Inversion in GF(28)
• Bitwise linear transformation
• Xor with a constant
![Page 16: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/16.jpg)
16
MDS matrix
• Maximum Distance Separable.
• Byte-Hamming weight of input + output is at least 5.
Input weight Output weight
1 4
2 >= 3
3 >= 2
4 >= 1
![Page 17: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/17.jpg)
17
Decryption
• Every operation is invertible.
• Order of operations can be the same as for encryption.
![Page 18: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/18.jpg)
18
Changing the order
S
Round key
S
Round key
![Page 19: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/19.jpg)
19
Decryption differences
• Inverse S-box.
• Inverse of MDS matrix.
• Modified round keys, or modified operation order.
• Requires extra hardware.
![Page 20: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/20.jpg)
20
Key schedule (128 bits)
S
r
![Page 21: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/21.jpg)
21
Key schedule (256 bits)
S
r
S
![Page 22: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/22.jpg)
22
Key schedule
• Cannot directly generate round keys in reverse order.
• Decryption must either store all round keys, or pre-compute the ‘final’ state and work backwards from that.
• Requires extra time from getting key to start of first decryption.
![Page 23: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/23.jpg)
23
Speed
• About 16 clock cycles/byte on modern 32-bit CPUs.
• That’s 200 MByte/s on a 3.2 GHz P4!
![Page 24: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/24.jpg)
24
Uses
• Almost never used as-is: most messages are not exactly 128 bits long.
• Used with a block cipher mode to encrypt and/or authenticate messages.
![Page 25: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/25.jpg)
25
Security properties
• For any given key, a block cipher is a permutation (must be able to decrypt).
• Should behave like a random permutation: no detectable structure.
• Different keys result in “independent random permutations.”
![Page 26: 1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition](https://reader036.vdocument.in/reader036/viewer/2022062421/56649d3a5503460f94a145aa/html5/thumbnails/26.jpg)
26
Best known attacks
• No known attacks on full AES.
• Best attack on 79 rounds (out of 1014 rounds).
• Clean design leaves algebraic structures: no attacks, but some worries.