aes background and mathematics csci 5857: encoding and encryption
TRANSCRIPT
AES Background and Mathematics
CSCI 5857: Encoding and Encryption
Outline
• AES goals and history• Modular multiplicative inverses• Galois Field mathematics • Galois Field inverses• Uses in AES
AES History
• 1997: NIST calls for proposals for DES replacement– 56-bit DES key not computationally secure– Triple DES very slow– DES S-Boxes poorly understood
• 1999: Several algorithms chosen as finalists– Rijndael (selected)– Twofish, Serpent, etc. (still used by some systems)
• 2001: Rijndael published by NIST as Advanced Encryption Standard
Goals of AES
• Security– Minimum key size: 128 bits
(computationally secure now)– Expandable to 192 or 256 bits
(will still be computationally secure in future)– Block size: 128 bits (more possible mappings)– Designed for resistance to differential and linear
cryptanalysis• Cost
– Structure optimized for efficiency
Mathematical Goals
• S-Boxes and other transformations should have mathematical basis– Can insure useful properties (nonlinearity, etc.)– Can re-derive as needed for larger keys– Mapping should appear “random”
(no simple patterns between inputs and outputs)
Modular Multiplication
• a b mod m = remainder left after (a b)/m• Example: multiplication table mod 7
• b is inverse of a mod m if ab mod m = 1(b = a -1 mod m)
• Example: 5 = 3-1 mod 7since 3 x 5 = 15 = 1 mod 7
• Creates nonlinear “pseudorandom” mappings
Modular Multiplicative Inverses
a a -1
0 none
1 1
2 4
3 5
4 2
5 3
6 6
Modular Multiplicative Inverses• Problem: Only works if m is a prime number
Otherwise, some numbers have no inverse• Example: modular inverses mod 8
a a -1
0 none
1 1
2 none
3 3
4 none
5 5
6 none
7 7
Modular Multiplicative Inverses
• Goal: use this idea in cases where m = 2n
(that is, m is the size of a typical block)
• Galois Fields– Represent byte to transform as a polynomial– Compute inverse of that polynomial mod some
other “prime” polynomial– Galois Field with m = 28 used to create S-Boxes for
AES , mapping 256 possible byte inputs to 256 possible byte outputs
Galois Field Mathematics
• Step 1: Represent binary numbers with n bits as polynomial of degree n
• Example: n = 3GF(23)
000 0x2 + 0x + 0 0
001 0x2 + 0x + 1 1
010 0x2 + 1x + 0 x
011 0x2 + 1x + 1 x + 1
100 1x2 + 0x + 0 x2
101 1x2 + 0x + 1 x2 + 1
110 1x2 + 1x + 0 x2 + x
111 1x2 + 1x + 1 x2 + x + 1
Galois Field Mathematics
x2 + x + 1+ x + 1 x2 + 2x + 2 = x2 + 0x + 0 = x2
since 2 mod 2 = 0
x2
- (x + 1)x2 - x – 1
= x2 + x + 1since -1 mod 2 = 1
• All coefficients are binary (1 or 0)• Addition/subtraction in mod 2 = XOR function• Examples:
Galois Field Mathematics
• Step 2:Find a “prime” polynomial Pn of degree n– Not a multiple of any two other polynomials
(other than 1 and itself)
• Example for GF(23): P3 = x3 + x + 1• Used in AES for GF(28):
P8 = x8 + x4 + x3 + x + 1
Galois Field Mathematics• Step 3:
Compute multiplication table for all pairs of polynomials Pi x Pj mod Pn
– Will need to compute mod if order of Pi x Pj is k n– Simple (inefficient) way: compute Pi x Pj – xk-nPn
• Example for GF(23):
Galois Field Example
• Example: Multiplying 110 and 101• 110 x2 + x
011 x + 1• (x2 + x)(x + 1) = x3 + 2x2 + x
= x3 + x 2 mod 2 = 0• (x3 + x) mod (x3 + x + 1) = x3 + x
- x3 + x + 1 - 1 = 1 -1 mod 2 = 1
Galois Field Inverses
• Inverse b-1 of a binary number b in GF(2n) b-1 x b = 1 in GF(2n)
• Example: GF(23)
b 000 001 010 011 100 101 110 111
b-1 none 001 101 110 111 010 011 100
Galois Fields in AES
• AES mathematics based on GF(28)• Prime polynomial = x8 + x4 + x3 + x + 1• SubBytes stage
– Basis of S-Boxes• MixColumns Stage
– Uses matrix multiplication in GF(28)• Round Key Generation
– Adds extra “random” bits to each round key