Upload
rama-venkatesh
View
47
Download
0
Embed Size (px)
DESCRIPTION
advance encryption standard
Citation preview
ADVANCED ENCRYPTION STANDARD
CHAPTER - 1
INTRODUCTION
1.1ADVANCED ENCRYPTION STANDARD-RIJNDAEL CIPHER
AES stands for advanced encryption standard. AES is symmetric key
encryption algorithm which replaces the commonly used data encryption standard
(DES).AES provides strong encryption and was selected by NIST as a federal
information processing standard in November 2001 (FIPS-197). The AES
algorithm uses three key sizes:128-, 192-, or 256- bit encryption key. Each
encryption key size causes the algorithm to behave slightly different, so the
increasing key sizes not only offer a large number of bits with which you can
scramble the data, but also increases the complexity of cipher algorithm. AES was
developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen.
AES is an algorithm for performing encryption (and reverse,
decryption).the series of well-defined steps that can be followed as a procedure.
The original information is known as plain text,and the encrypted form as cipher
text.
The AES algorithm is a symmetric block cipher that can encrypt (encipher)
and decrypt(decipher) information. Encryption converts data to an unintelligible
form called cipher text; decrypting the cipher text converts the data back to its
original form, called plain text. AES can be used to protect electronic data.
BLOCK DIAGRAM:
Plaintext /ciphertext output128 bit 128-bit(plain text)
Round 128 bit key input
Clk2
Secret key 128,192,256
Figure 1.1 block diagram of AES algorithm[1]
Department of Electronics and Communication Engineering,SKEC Page 1
Encrypt/Decrypt
Key Schedule Generation
ADVANCED ENCRYPTION STANDARD
The cipher text message contains all the information of the plaintext
message, but is not in a format readable by a human or computer without the
proper mechanism to decrypt it.
The encrypting procedure is varied depending on the key which
changes the detailed operation of the algorithm. Without the key, the cipher
cannot be used to encrypt or decrypt.
1.2 ENCRYPTION:
Encryption is the transformation of plain text into cipher text through a
mathematical process
plain text cipher key
cipher text
Figure 1.2 Block Diagram Of Encryption Process
1.3 DECRYPTION:
Decryption is a process to convert cipher text back into plain text
Cipher text plain text
Cipher key
Figure 1.3 block diagram of decryption process
1.4 APPLICATION OF CRYPOTGRAPHY:
Cryptography helped ensure secrecy in important communications,
such as those of government convert operations.
This is helpful in wireless security like military communication and
mobile telephony where there is a greater emphasis on the speed of
communication (military leaders and diplomats).
Cryptography has come to be in widespread use by many civilians
who do not have extraordinary needs for secrecy
Department of Electronics and Communication Engineering,SKEC Page 2
ENCRYPTION
DECRYPTION
ADVANCED ENCRYPTION STANDARD
CHAPTER - 2
THEORY
2.1 BACKGROUND OF THE ALGORITHM:
Many algorithms were originally presented by researchers from twelve
different Nations. Fifteen (15) algorithms were selected from the first set of
submittals. After a study and selection process five, (5) were chosen as
finalists. The five algorithms selected were MARS, RC6, RIJNDAEL,
SERPENT and TWOFISH. The conclusion was that the five Competitors
showed similar characteristics. On October 2nd 2000, NIST announced that
the Rijndael Algorithm was the winner of the contest. The Rijndael Algorithm
was chosen since it had the best overall scores in security, performance,
efficiency, implementation ability and flexibility, [NIS00b]. The Rijndael
algorithm was developed by Joan Daemen of Proton World International and
Vincent Fijmen of Katholieke University at Leuven.
The Rijndael algorithm is a symmetric block cipher that can process
data blocks of 128 bits through the use of cipher keys with lengths of 128,
192, and 256 bits. The Rijndael algorithm was also designed to handle
additional block sizes and key lengths. However, the additional features were
not adopted in the AES. The hardware implementation of the Rijndael
algorithm can provide either high performance or low cost for specific
applications. At backbone communication channels or heavily loaded servers
it is not possible to lose processing speed, which drops the efficiency of the
overall system while running cryptography algorithms in software. On the
other side, a low cost and small design can be used in smart card applications,
which allows a wide range of equipment to operate securely.
2.1.1 AES OVERVIEW:
1976-2000: The Data Encryption Standard (DES) is considered the
standard for block ciphers by NIST.
1997-2001: With des becoming outdated NIST announces competition to
design a successor.
Department of Electronics and Communication Engineering,SKEC Page 3
ADVANCED ENCRYPTION STANDARD
2001:Rijndeal, designed by Joan Daemen and Vincent Rijmen , is selected
by NIST as a AES
2.1.2 PROPERTIES OF AES:
Based in finite mathematic, widely analysed and considered secure,
Used for US government top secret data,
Supports 128, 196, 256 bit keys,
Unpatented, Expected to be the standard for 20+years
2.2 TYPES OF CYPHERS:
There are two classes of algorithm in encryption, an asymmetric key and
symmetric key.The following sub sections describe the both classes and a brief
discussion of algorithm is added as well.
2.2.1 ALGORITHM:
Algorithm is a process for completing a task. An encryption algorithm
is a mathematical process (mathematical formula) to encrypt and decrypt messages it
typically has two elements:data (for example , plain text or email message that you
want to encrypt or decrypt) and a key.
2.2.2 SYMMETRIC ENCRYPTION:
Symmetric encryption uses a secret key value to encrypt and decrypt
data. Both the sender and receiver need the same key to encrypt or decrypt. There are
two types of symmetric algorithms: stream algorithms and block algorithms. The
stream algorithm works on one bit or byte at a time, whereas the block algorithm
works on larger blocks of data (typically 64 bits ).the drawback of to this type of
system is that if the key is discovered, all the messages can be decrypted. Symmetric
key is the key that is used to for encrypting and decrypting a file or a message.
Examples of symmetric encryption are DES\3DES, AES, IDEA, RC6 and Blowfish.
Department of Electronics and Communication Engineering,SKEC Page 4
ADVANCED ENCRYPTION STANDARD
2.2.3 SYMMETRIC KEY OR PRIVATE KEY:
In a symmetric or private key algorithm, in the ordinary case, the
communication only uses only one key. A user A sends the secret private key Kc to a
B user before the start of the communication between them. Both sides use the same
private key to encrypt and decrypt the exchanged information. Data encryption
standard (DES) and CAST128 are example of symmetric algorithm.
The symmetric algorithm is much faster than a asymmetric key
algorithm, which needs a bigger key and complex computation. To encrypt a large
amount of data, symmetric key algorithm is used with one secrete key. the public key
algorithm then used to encrypt and transmit the symmetric key. At the recipient, the
symmetric key is decrypted. After that all communication is made using a
symmetrical algorithm. There are two classes of private key cryptography scheme
which are commonly distinguished as block ciphers and stream ciphers.
Cipher text
Unsecured channel
Figure 2.1
2.1private key cryptography
Private key is a secret key of public-private key cryptography system (it is
used in asymmetric cryptography). The private key is normally known only to the key
owner. Messages are encrypted using a public key and can be decrypted by the owner
of the corresponding private key. For the digital signatures, however, a document is
signed with a private key and authenticated with the corresponding public key. Private
key should not be distributed.
2.2.4 ASYMMETRIC ENCRYPTION:
Asymmetric encryption (asymmetric cipher) uses a separate key for encryption
and decryption. The decryption key is very hard or even impossible to derive from the
encryption key . the encryption key is public so that anyone can encrypt a message .
however , the decryption key is private , so that only the receiver is able to decrypt
the message. it is common to set up a pair of keys within a network so that each user
has public key and a private key .The public key is made available to everyone so
Department of Electronics and Communication Engineering,SKEC Page 5
Private key kc
Plain text
User A
ENCRYPTION
Private key kc
plaintext
User B
DECRYPTION
ADVANCED ENCRYPTION STANDARD
that they can send messages, but the private key is only made available to the person
it belongs to.
Asymmetric cipher that uses different (not trivially related) keys for encryption and
decryption. Asymmetric cipher that uses different (not trivially related) keys for
encryption and decryption.
Examples of asymmetric encryption are RSA, ELGAMAL.
2.2.5 ASYMMETRIC KEY FOR PUBLIC KEY:
as an alternative to RSA which In asymmetric key algorithm, there are two
keys. One must be public and it is used to encrypt the data. The other key is a private
one and it is used to decrypt the information. In communication between A and B,A
uses the public key ke of B to encrypt the message ,in a way that only B(neither
A).can decrypt this message using his private key Kd. The system is also used to sign
a message digitally. Rivest – Shamir - Adleman (RSA) is widely used asymmetric key
algorithm for decrease elliptic curve cryptography (ECCoffers highest security its
small bit length of key.
Cipher text
Unsecure channel
Figure:2.2 public key cryptography.
A public key is the public key of a public-private key cryptography system. Public
key is used in asymmetric cryptography. Public keys are used to enable someone to
encrypt messages intended for the owner of the public key. Public keys are meant for
distribution, so anyone who wants to send an encrypted message to the owner of the
public key can do so, but the owner of the public key can do so, but only the owner of
the corresponding private key can decrypt the message. Cryptography based on
methods involving a public key and a private key.
Department of Electronics and Communication Engineering,SKEC Page 6
Private key ke
Plain text
User A
ENCRYPTION
Private key kd
plaintext
User B
DECRYPTION
ADVANCED ENCRYPTION STANDARD
2.2.6 CIPHER TEXT:
This is the encrypted message produced by applying the algorithm to the plaintext message using the secret key.
2.7 BLOCK CIPHER:
Block chipper is a type of the symmetric-key encryption algorithm that transforms a
fixed-length block of plaintext data into block of cipher text data of the same length.
This transformation takes places under the action of a user-provided secret
key. Decryption is performed by applying the reverse transformation to the cipher
text block using the same secret key. The fixed length is called the block size, and for
many block ciphers, the block size is 64 and the block size increase to 128, 192 or 256
bits as processors become more sophisticated. Below figure illustrates the block
cipher transformation. The cipher like DES, triple-DES and blowfish are example of
block cipher.
Plaintext ciphertext
key key
Ciphertext plaintext
Figure 2.3 block cipher
Since different plaintext blocks are mapped to different cipher text blocks (to
allow unique decryption), a block cipher effectively provides a permutation of the set
of all possible messages. The permutation effected during any particular encryption is
a secret, since it is a function of the secret key
Department of Electronics and Communication Engineering,SKEC Page 7
Block cipher encryption
Block cipher decryption
ADVANCED ENCRYPTION STANDARD
2.3 THE AES CIPHER:
Block length is limited to 128 bit
The key size can be independently specified to 128,19 or 256 bits
Table 2.1: represented of key size, number of rounds, exapanded key size
2.4 NOTATION AND CONVENTIONS: 2.4.1. INPUTS AND OUTPUTS: The input and output for the AES algorithm consists of sequences of 128 bits.
These sequences are referred to as blocks and the numbers of bits they contain are
referred to as their length. The Cipher Key for the AES algorithm is a sequence of
128,192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by
this standard. The bits within such sequences are numbered starting at zero and ending
at one less than the sequence length, which is also termed the block length or key
length. The number “i” attached to a bit is known as its index and will be in one of the
ranges 0 ≤ i<128, 0 ≤ i< 192 or 0 ≤ i< 256 depending on the block length or key
length specified.
2.4.2. BYTES:
The basic unit of processing in the AES algorithm is a byte, which is a
sequence of eight bits treated as a single entity. The input, output and Cipher Key bit
sequences described in Section 1.1 are processed as arrays of bytes that are formed by
dividing these sequences into groups of eight contiguous bits to form arrays of bytes.
For an input, output or Cipher Key denoted by a, the bytes in the resulting array are
referenced using one of the two forms, an or a[n], where n will be in a range that
depends on the key length. For a key length of 128 bits, n lies in the range 0 ≤ n < 16.
For a key length of 192 bits, n lies in the range 0 ≤ n < 24. For a key length of 256
bits, n lies in the range 0≤ n < 32.
Department of Electronics and Communication Engineering,SKEC Page 8
Key size(word/byte/bits)
4/16/192 6/24/192 8/32/256
Number of rounds 10 12 14
Expanded key size(words/byte)
44/176 52/208 60/240
ADVANCED ENCRYPTION STANDARD
All byte values in the AES algorithm are presented as the concatenation of the
individual bit values, (0 or 1), between braces in the order{b7, b6, b5, b4, b3, b2, b1,
b0}.These bytes are interpreted as finite field elements using a polynomial
representation
b7 x7+ b6 x6+ b5 x5+ b4 x4+ b3 x3+ b2 x2+ b1 x1+ b0x0=Σbi xi ---------->(1)
For example, {01100011} identifies the specific finite field element x6 + x5 + x
+1. It is also convenient to denote byte values using hexadecimal notation with each
of two groups of four bits being denoted by a single hexadecimal character. The
hexadecimal notation scheme is depicted in Figure.1.
Table 2.2 Hexadecimal Representation of Bit Patterns[1]
Hence the element {01100011} can be represented as {63}, where the
character denoting the four-bit group containing the higher numbered bits is again to
the left. Some finite field operations involve one additional bit {b8} to the left of an 8-
bit byte. When the b8 bit is present, it appears as {01} immediately preceding the 8-
bit byte. For example, a 9-bit sequence is presented as {01} {1b}.
2.4.3. ARRAYS OF BYTES:
Arrays of bytes are represented in the form a0a1a2···a15. The bytes and the bit
ordering within bytes are derived from the 128-bit input sequence, input0input1input2
···input126input127 as a0 = {input0, input1, ···, input7} , a1 = {input8, input9, ···,
input15} with the pattern continuing up to a15 = {input120, input121, ···, input127}.
The pattern can be extended to longer sequences associated with 192 and 256 bit
keys. In general,
an = {input8n, input8n+1, ···, input8n+7}.
Department of Electronics and Communication Engineering,SKEC Page 9
ADVANCED ENCRYPTION STANDARD
An example of byte designation and numbering within bytes for a given input
sequence is presented in Figure 2.
Figure 2.4: Indices for Bytes and Bits [1]
2.4.4. THE STATE:
Internally, the AES algorithm’s operations are performed on a two
dimensional array of bytes called the State. The State consists of four rows of bytes.
Each row of a state contains Nb numbers of bytes, where Nb is the block length
divided by 32. In the State array, which is denoted by the symbol S, each individual
byte has two indices. The first byte index is the row number r, which lies in the range
0 ≤r ≤ 3 and the second byte index is the column number c, which lies in the range 0 ≤
c ≤ Nb−1. Such indexing allows an individual byte of the State to be referred to as Sr,c
or S[r,c]. For the AES Nb = 4, which means that 0 ≤c ≤ 3. At the beginning of the
Encryption and Decryption the input, which is the array of bytes symbolized by
in0in1···in15 is copied into the State array. This activity is illustrated in Figure 3. The
Encryption or Decryption operations are conducted on the State array. After
manipulation of the state array has completed its final value is copied to the output,
which is an array of bytes symbolized by out0out1···out15.
Input state array output byte
Figure 2.5: State Array Input and Output [1]
At the start of the Encryption or Decryption the input array is copied to the
State array with
S[r, c] = in[r + 4c]
Department of Electronics and Communication Engineering,SKEC Page 10
ADVANCED ENCRYPTION STANDARD
where 0 ≤r ≤3 and 0 ≤c ≤ Nb−1 At the end of the Encryption and Decryption the State
is copied to the output array with
out[r + 4c] = S[r,c]
where 0 ≤ r ≤ 3 and 0 ≤ c ≤ Nb−1.Input Bytes State Array Output Bytes
2.4.5. THE STATE AS AN ARRAY OF COLUMNS:
The four bytes in each column of the State form 32-bit words, where the row
number “r” provides an index for the four bytes within each word. Therefore, the state
can be interpreted as a one-dimensional array of 32 bit words, which is symbolized by
w0...w3. The column number c provides an index into this linear State array.
Considering the State depicted in Figure3, the State can be considered as an array of
four words where
w0 = S0,0 S1,0 S2,0 S3,0,
w1 = S0,1 S1,1 S2,1 S3,1,
w2 = S0,2 S1,2 S2,2 S3,2
w3 =S 0,3 S1,3 S2,3 S3,3.
2.4.6 MATHEMATICAL BACKGROUND:
Every byte in the AES algorithm is interpreted as a finite field element using
the notation introduced in Section.1.1.2. All Finite field elements can be added and
multiplied. However, these operations differ from those used for numbers and their
use requires investigation.
2.4.6(A) ADDITION:
The addition of two elements in a finite field is achieved by “adding” the
coefficients for the corresponding powers in the polynomials for the two elements.
The addition is performed through use of the XOR operation, which is denoted by
the operator symbol ⊕. Such addition is performed modulo-2. In modulo-2 addition
Department of Electronics and Communication Engineering,SKEC Page 11
ADVANCED ENCRYPTION STANDARD
1 ⊕ 1 = 0,
1 ⊕ 0 = 1,
0 ⊕ 1 = 1
and
0 ⊕ 0 =0.
Consequently, subtraction of polynomials is identical to addition of
polynomials. Alternatively, addition of finite field elements can be described as the
modulo-2 addition of corresponding bits in the byte. For two bytes {a7a6a5a4a3a2a1a0}
and{b7b6b5b4b3b2b1b0}, the sum is {c7c6c5c4c3c2c1c0}, where each ci = ai ⊕ bi where i
represents corresponding bits. For example, the following expressions are equivalent
to one another.
(x6 + x4 + x2 + x +1) + (x7 + x +1) = x7 + x6 + x4 + x2 (Polynomial notation)
{01010111}⊕ {10000011} = {11010100} (Binary notation)
{57}⊕{83} = {d4} (Hexadecimal notation)
2.4.6(B) MULTIPLICATION:
In the polynomial representation, multiplication in Galois Field GF (28)
(denoted by•) corresponds with the multiplication of polynomials modulo an
irreducible polynomial of degree 8. A polynomial is irreducible if its only divisors are
one and itself. For the AES algorithm, this irreducible polynomial is given by the
equation (2).
m(x) = x8 + x4 + x3 + x +1 (2)
For example, {57}•{83} = {c1} because
Department of Electronics and Communication Engineering,SKEC Page 12
ADVANCED ENCRYPTION STANDARD
(x6 + x4 + x2 + x +1)(x7 + x +1) = x13 + x11 + x9 + x8 + x7 +
x7 + x5 + x3 +x2 + x +
x6 + x4 + x2 + x + 1
= x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1
x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 Modulo (x8 + x4 + x3 + x +1)
= x7 + x6 +1.
The modular reduction by m(x) ensures that the result will be a binary
polynomial of degree less than 8, which can be represented by a byte. Unlike
addition, there is no simple operation at the byte level that corresponds to this
multiplication. The multiplication defined above is associative and the element {01}
is the multiplicative identity. For any non-zero binary polynomial b(x) of degree less
than 8, the multiplicative inverse of b(x), denoted b-1(x), can be found. The inverse is
found through use of the extended Euclidean algorithm to compute polynomials a(x)
and c(x) such that
b(x)a(x) + m(x)c(x) = 1. (3)
Hence, a(x) • b(x) mod m(x) = 1, which means
b−1 (x) = a(x)modm(x) (4)
Moreover, for any a(x), b(x) and c(x) in the field, it holds that
a(x) • (b(x) + c(x)) = a(x) • b(x) + a(x) • c(x) (5)
It follows that the set of 256 possible byte values, with XOR used as addition and
multiplication defined as above, has the structure of the finite field GF (28).
2.4.6(C) MULTIPLICATION BY X:
Department of Electronics and Communication Engineering,SKEC Page 13
ADVANCED ENCRYPTION STANDARD
Multiplying the binary polynomial defined in equation (1) with the polynomial
x results in
b7 x8+ b6 x7+ b5 x6+ b4 x5+ b3 x4+ b2 x3+ b1 x2+ b0x1 (6)
The result x • b(x) is obtained by reducing the above result modulo m(x). If b7
equals zero the result is already in reduced form. If b7 equals one the reduction is
accomplished by subtracting the polynomial m(x). It follows that multiplication by x,
which is represented by {00000010} or {02}, can be implemented at the byte level as
a left shift and a subsequent conditional bitwise XOR with {1b}. This operation on
bytes is denoted by xtime(). Multiplication by higher powers of x can be implemented
by repeated application of xtime(). Through the addition of intermediate results,
multiplication by any constant can be implemented.
For example, {57} • {13} = {fe} because
{57} • {02} = xtime ({57}) = {ae}
{57} • {04} = xtime ({ae}) = {47}
{57} • {08} = xtime ({47}) = {8e}
{57} • {10} = xtime ({8e}) = {07},
Thus,{57} • {13} = {57} • ({01} • {02} • {10})
= {57} • {ae} • {07} = {fe}.
2.5 Polynomials with Coefficients in GF (28):
Four-term polynomials can be defined with coefficients that are finite field
elements as the following equation (7)
a(x) = a3 x3 + a2 x2+ a1 x1 + a (7)
which will be denoted as a word in the form [a0 , a1 , a2 , a3 ]. Note that the
polynomials in this section behave somewhat differently than the polynomials used in
the definition of finite field elements, even though both types of polynomials use the
same indeterminate, x. The coefficients in this section are themselves finite field
elements, i.e., bytes, instead of bits; also, the multiplication of four-term polynomials
Department of Electronics and Communication Engineering,SKEC Page 14
ADVANCED ENCRYPTION STANDARD
uses a different reduction polynomial, defined below. To illustrate the addition and
multiplication operations, let
b(x) = b3 x3+ b2 x2 + b1 x1 + b (8)
define a second four-term polynomial. Addition is performed by adding the finite
field
coefficients of like powers of x. This addition corresponds to an XOR operation
between the corresponding bytes in each of the words – in other words, the XOR of
the complete word values Thus, using the equations of (7) and (8),
a( x) + b( x) = (a3⊕b3) x3 + (a2⊕b2)x2 + (a1 ⊕b1) x1 + (a0 ⊕b0)x0 (9)
Multiplication is achieved in two steps. In the first step, the polynomial product
c(x) = a(x) • b(x) is algebraically expanded, and like powers are collected to give
c(x) = c6 x6 + c 5x5 + c4 x4 + c3 x3 + c2 x2 + c1 x1 + c0x0 (10)
where
c0= a0. b0
c1= a1.b0 ⊕ a0. b1
c2=a2 .b0 ⊕ a1. b1 ⊕ a0. b2
c3= a3. b0 ⊕a2. b1 ⊕ a1. b2 ⊕ a0. b3
c4=a3 .b1⊕ a2. b2 ⊕ a0. b3
c5= a3. b2 ⊕ a2.b3
c6= a3. b3
The result, c(x), does not represent a four-byte word. Therefore, the second
step of the multiplication is to reduce c(x) modulo a polynomial of degree 4; the result
can be reduced to a polynomial of degree less than 4. For the AES algorithm, this is
accomplished with the polynomial x4 + 1, so that
xi mod(x4 +1) = ximod 4 . (11)
Department of Electronics and Communication Engineering,SKEC Page 15
ADVANCED ENCRYPTION STANDARD
The modular product of a(x) and b(x), denoted by a(x) • b(x), is given by the four-
term polynomial d(x), defined as follows
d(x) = d3 x3 + d2 x2 + d1 x1 + d0 (12)
with
d0= (a0 .b0) ⊕ (a3. b1) ⊕ (a2 .b2) ⊕ (a1. b3)
d1 =(a1. b0) ⊕ (a0. b1) ⊕ (a3. b2) ⊕(a2. b3)
d2= (a2 .b0) ⊕ (a1. b1) ⊕ (a0 .b2)⊕ (a3. b3)
d3= (a3. b0) ⊕ (a2 .b1) ⊕ (a1. b2)⊕( a0. b3)
When a(x) is a fixed polynomial, the operation defined in equation (12) can be written
in matrix form as the following equation (13)
d0 a0 a3 a2 a1 b0
d1 = a1 a0 a3 a2 b1 (13)
d2 a2 a1 a0 a2 b2
d3 a3 a2 a1 a0 b3
Because x4 + 1 is not an irreducible polynomial over GF(28), multiplication by
a fixed four-term polynomial is not necessarily invertible. However, the AES
algorithm specifies a fixed four-term polynomial that does have an inverse is given by
a(x) = {03}x3 +{01}x2 +{01}x +{02 (14)
a−1 (x) = {0b}x3 +{0d}x2 +{09}x +{0e} (15)
Another polynomial used in the AES algorithm has a0 = a1 = a2 = {00} and a3 ={01},
which is the polynomial x3. Inspection of equation (13) above will show that its effect
is to form the output word by rotating bytes in the input word. This means that
[b0,b1,b2, b3] is transformed into [b1, b2, b3, b0].
2.6. ENCRYPTION PROCESS:
Department of Electronics and Communication Engineering,SKEC Page 16
ADVANCED ENCRYPTION STANDARD
This block diagram is generic for aes specifications.it consists of a number of
different transformations applied consecutively over the data block bits, in a fixed
number of iterations, called rounds. The number of rounds depends on the length of
the key used for the encryption process.
A 128 bit input and output block of AES is mapped to an AES state by putting
thefirst byte of the block in the upper left corner of the matrix and by filling in the
remaining bytes column by column. A round consists of a fixed sequence of
transformations. Except for the first round and the last round,
Block diagram:
Plain text
Roundkey 1st Round
RoundkeyRepeatNr-1 Round
LastRoundkey Round
Figure 2.6:Block Diagram Of Encryption
.The other rounds are identical and consist of four transformations. The four
transformations are invertible, hence the round itself is invertibleData block
Department of Electronics and Communication Engineering,SKEC Page 17
SubBytes
Shift Rows
MixColumns
AddRoundKey
SubBytes
ShiftRows
AddRoundKey
SubBytes ShiftRows Mix Columns Add Round Key
AddRoundKey
ADVANCED ENCRYPTION STANDARD
Key
Data block Figure 2.7:Structure Of The One Round
2.6.1. BYTES SUBSTITUTION TRANSFORMATION:
The bytes substitution transformation subbytes (state) is a non-linear
substitution of bytes that operates independently on each byte of the State using a
substitution table (Sbox) presented in figure7. This S-box which is invertible, is
constructed by composing two transformations
1. Take the multiplicative inverse in the finite field GF (28), described in Section
1.3.2. The element {00} is mapped to itself.
2. Apply the following affine transformation (over GF (2))
b′=bi ⊕ b (i+4)mod8⊕ b(i+5)mod8 ⊕ b(i+6)mod8 ⊕ b(i+7)mod8 ⊕ ci (16)
for 0≤ i ≤ 8 , where bi is the ith bit of the byte, and ci is the ith bit of a byte c with the
value {63} or {01100011}. Here and elsewhere, a prime on a variable (e.g., b′ )
indicates that the variable is to be updated with the value on the right. In matrix form,
the affine transformation element of the S-box can be expressed as
b0′ 1 0 0 0 1 1 1 1 b0 1 b1′ 1 1 0 0 0 1 1 1 b1 1 b2′ 1 1 1 0 0 0 1 1 b2 0 b3′ = 1 1 1 1 0 0 0 1 b3 0 b4′ 1 1 1 1 1 0 0 0 b4 0 b5′ 0 1 1 1 1 1 0 0 b5 0 b6′ 0 0 1 1 1 1 1 0 b6 1 b7′ 0 0 0 1 1 1 1 1 b7 0
Figure 2.8 Matrix Notation Of S-Box
Department of Electronics and Communication Engineering,SKEC Page 18
SUBBYTES
SHIFTROWS
MIXCOLUMNS
ADDROUNDKEY
ADVANCED ENCRYPTION STANDARD
Figure 2.9. Application of S-box to the Each Byte of the State [1]
The S-box used in the Sub Bytes transformation is presented in hexadecimal
form in figure 7. For example, if =S1,1= {53}, then the substitution value would be
determined by the intersection of the row with index ‘5’ and the column with index
‘3’ in figure 7. This would result in S'1,1having a value of {ed}.
Figure 2.10. S-box Values for All 256 Combinations in Hexadecimal Format [1]
2.6.2. Shift Rows Transformation:
In the Shift Rows transformation ShiftRows( ), the bytes in the last three rows of the
State are cyclically shifted over different numbers of bytes (offsets). The first row, r
=0, is not shifted. Specifically, the ShiftRows( ) transformation proceeds as follows
S`r ,c = Sr,(c shift(r,Nb))modNb for 0< r < 4 and 0≤ c≤Nb,
Department of Electronics and Communication Engineering,SKEC Page 19
ADVANCED ENCRYPTION STANDARD
Where the shift value shift(r, Nb) depends on the row number, r, as follows (Nb = 4)
Shift(1,4) = 1: Shift(2,4) = 2; Shift(3,4) = 3.
This has the effect of moving bytes to “lower” positions in the row (i.e.,lower
values of c in a given row), while the “lowest” bytes wrap around into the “top” of the
row (i.e., higher values of c in a given row). Figure 7 illustrates the ShiftRows()
transformation.
Figure 2.11. Cyclic Shift of the Last Three Rows of the State [1]
2.6.3. Mixing of Columns Transformation:
This transformation is based on Galois Field multiplication. Each byte of a
column is replaced with another value that is a function of all four bytes in the given
column. The MixColumns( ) transformation operates on the State column-by-column,
treating each column as a four-term polynomial as described in Section.1.3.4. The
columns are considered as polynomials over GF (28) and multiplied modulo x4 + 1 with
a fixed polynomial a(x), given by the following equation.
a(x) = {03}x3 +{01}x2 +{01}x1 +{02}x0.
As described in Section. 1.3.4, this can be written as a matrix multiplication. Let
S ' (x) = a(x) ⊗S(x)
Department of Electronics and Communication Engineering,SKEC Page 20
ADVANCED ENCRYPTION STANDARD
S '0,c 02 03 01 01 S0,c
S '1,c 01 02 03 01 S1,c
=
S '2,c 01 01 02 03 S2,c
S '3,c 03 01 01 02 S3,c for 0 ≤ c < Nb.
As a result of this multiplication, the four bytes in a column are replaced by the
following
S '0,c =({02}. S0,c ) ⊕ ({03}.S1,c) ⊕ ({01}.S2,c) ⊕ ({01}.S3,c )
S '1,c =({01}. S0,c ) ⊕ ({02}.S1,c) ⊕ ({01}.S2,c) ⊕ ({01}.S3,c )
S '2,c =({01}. S0,c ) ⊕ ({01}.S1,c) ⊕ ({02}.S2,c) ⊕ ({03}.S3,c )
S '3,c =({03}. S0,c ) ⊕ ({01}.S1,c) ⊕ ({01}.S2,c) ⊕({02}.S3,c )
Figure 2.12. Mixing of Columns of the State [1]
Understanding Of Calculations For Mix-Columns
For detailed understanding of calculations for mix-columns is as follows
The mix columns theory is calculated using this formula[1]:
r0 2 3 1 1 a0
r1 = 1 2 3 1 a1
r2 1 1 2 3 a2
r3 3 1 1 2 a3
Department of Electronics and Communication Engineering,SKEC Page 21
ADVANCED ENCRYPTION STANDARD
where r0, r1, r2 and r3 are the results after the transformation. a0 – a3 can be obtain
from the matrix after the data undergoes substitution process in the S-Boxes.
Let's take this example:
a0-a3 r0-r3
02 03 01 01 01 02 03 01 =
01 01 02 03 03 01 01 02
In this example, a0 – a3 is equals to d4 – 30 and r0 – r3 is equals to 04 – e5.
note that in this it still follows the matrix multiplication rules: row x column.
Currently the matrix size looks like this:
[4 x 1] . [4 x 4] ≠ [4 x 1]
Remember matrix idea of multiplication, to obtain [4 x 1], then the formula to be
[4 x 4] . [4 x 1] = [4 x 1]
Therefore to switch matrices over.
02 03 01 01 01 02 03 01 x = 01 01 02 03 03 01 01 02
To calculate the results, multiply the rows with the column. Firstly, take the
first row of the first matrix and multiply the values with a's values.
Department of Electronics and Communication Engineering,SKEC Page 22
d4
Bf
5d
30
04
66
81
e5
04
66
81
e5
d4
bf
5d
30
ADVANCED ENCRYPTION STANDARD
To get the r0 value, the formula goes like this:
r0 = {02.d4} + {03.bf} + {01.5d} + {01.30}
But when calculating directly go into the steps one at a time.
1. {02.d4}
Now converting d4 to binary. d4 is a byte so when using the Calculator
change it to byte under Hex mode.
d4 = 1101 0100
Now d4 is exactly 8 bits. In the case where never get a 8 bits long characters
such as 25 in Hex (converted: 100101), pad on with 0 in the front of the result until 8
characters of 1's and 0's. (25 ends up with 0010 0101)
Now another thing to remember, there is a rule established in the
multiplication of the values as written in the book, Cryptography and Network
Security[2], that multiplication of a value by x (ie. by 02) can be implemented as a 1-
bit left shift followed by a conditional bitwise XOR with (00011011) if the leftmost
bit of the original value (before the shift) is 1. now implement the rule in the
calculation.
{d4}.{02} = 1101 0100 << 1 (<< is left shift, 1 is the number of shift done, pad on
with 0's)
= 1010 1000 XOR 0001 1011 (because the leftmost is a 1 before shift)
= 1011 0011 (ans)
Calculation:
1010 1000
0001 1011 (XOR)
1011 0011
Now do the same for next set of values, {03.bf}
2. {03.bf}
Department of Electronics and Communication Engineering,SKEC Page 23
ADVANCED ENCRYPTION STANDARD
Similarly, convert bf into binary:
bf = 1011 1111
In this case, multiply 03 to bf. split 03 up in its binary form.
03 = 11
= 10 XOR 01
It is now able to calculate the result.
{03} . {bf} = {10 XOR 01} . {1011 1111}
= {1011 1111 . 10} XOR {1011 1111 . 01}
= {1011 1111 . 10} XOR {1011 1111}
(Because {1011 1111} x 1[in decimal] = 1011 1111)
= 0111 1110 XOR 0001 1011 XOR 1011 1111
= 1101 1010 (ans)
{01.5d} and {01.30} is basically multiplying 5d and 30 with 1(in decimal) which end
up with the original values. There isn't a need to calculate them using the above
method. But its is not needed to convert values to binary form.
5d = 0101 1101
30 = 0011 0000
Now, add those values together. As the values are in binary form, addition will be
using XOR.
r0 = {02.d4} + {03.bf} + {01.5d} + {01.30}
= 1011 0011 XOR 1101 1010 XOR 0101 1101 XOR 0011 0000
= 0000 0100
= 04 (in Hex)
Now for the next row.
Department of Electronics and Communication Engineering,SKEC Page 24
ADVANCED ENCRYPTION STANDARD
r1 = {01.d4} + {02.bf} + {03.5d} + {01.30}
1. {02.bf}
{bf} . {02} = 1011 1111 << 1
= 0111 1110 XOR 0001 1011
= 0110 0101
2. {03.5d}
{5d} . {03} = {0101 1101. 02} XOR { 0101 1101}
= 1011 1010 XOR 0101 1101
= 1110 0111
Therefore,
r1 = {01.d4} + {02.bf} + {03.5d} + {01.30}
= 1101 0100 XOR 0110 0101 XOR 1110 0111 XOR 0011 0000
= 0110 0110
= 66 (in Hex)
second values are obtained, 66. Do the same for the rest and will get all the results.
2.6.4 Addition of Round Key Transformation
In the Addition of Round Key transformation AddRoundKey( ), a Round Key is
added to the State by a simple bitwise XOR operation. Each Round Key consists of
Nb words from the key schedule generation (described in following section 2.6).
Those Nb words are each added into the columns of the State, such that
[S'0,c , S'1,c , S'2,c , S'3,c ] = [S0,c ,S1,c,S2,c ,S3,c ] ⊕ [Wround ⊕ Nb] for 0 ≤ c<Nb
Department of Electronics and Communication Engineering,SKEC Page 25
ADVANCED ENCRYPTION STANDARD
Figure 2.13. Exclusive-OR Operation of State and Cipher Key Words [1]
where [wi] are the key generation words described in chapter 3, and round is a value
in the range in the Encryption, the initial Round Key addition occurs when round = 0,
prior to the first application of the round function. The application of the
AddRoundKey ( ) transformation to the Nr rounds of the encryption occurs when 1 ≤
round ≤ Nr. The action of this transformation is illustrated in figure10, where l =
round * Nb. The byte address with in words of the key schedule was described in
Section1.2.1.
2.6.5 Key Schedule Generation
Each round key is a 4-word (128-bit) array generated as a product of the previous
round key, a constant that changes each round, and a series of S-Box (figure6)
lookups for each 32-bit word of the key. The first round key is the same as the
original user input. Each byte (w0 - w3) of initial key is XOR’d with a constant that
depends on the current round, and the result of the S-Box lookup for wi, to form the
next round key.
Key length(nk words)
Block size(nb word)
Number of Rounds(nr)
AES-128 4 4 10
AES-192 6 4 12
AES-256 8 4 14
Table 2.3. Key-Block- Round Combinations [1]
Department of Electronics and Communication Engineering,SKEC Page 26
ADVANCED ENCRYPTION STANDARD
The Key schedule Expansion generates a total of Nb(Nr + 1) words: the algorithm
requires an initial set of Nb words, and each of the Nr rounds requires Nb words of
key data. The resulting key schedule consists of a linear array of 4-byte words,
denoted [wi], with i in the range 0 ≤ i < Nb(Nr + 1).
Prior to encryption or decryption the key must be explanded.the expanded key
is used in the add round key function. Each time the add round key function is called a
different part of the expanded key is XORed against the state. In order for this to work
the expanded key must be large enough so that it can provide key material for every
time the add round key function is executed. The add round key function gets called
for each round as well as one extra time at the beginning of the algorithm.
Therefore the size of the expanded key will always be equal to:
The 16 in the above function is actually the size of the block in bytes.tis provides key
material for every byte in the block during every round +1.
Since the key size is much smaller than the size of the sub keys,the key is actually
“streached out” to provide enough key space for the algorithm.
The key expansion routine executes a maximum of 4 consecutive
functions.these functions are:
ROT WORDSUB WORD RCON
An iteration of the above steps is caller a round.the amount of rounds of the
key expansion depends on the key size.
Key
size
(bytes)
Block
size
(bytes)
Expansion
algorithm
rounds
Expanded
bytes /
round
Rounds
key copy
Rounds
key
expansion
Expanded
key
(bytes)
16 16 44 4 4 40 176
24 16 52 4 6 46 208
32 16 60 4 8 52 240
Table 2.4 Representation Of AES-128, AES-192,AES-256 Bit Block Size, Expansion Algorithm, Round Key Copy, Round Key
Department of Electronics and Communication Engineering,SKEC Page 27
ADVANCED ENCRYPTION STANDARD
The first bytes of the expanded keys are always equal to the key.if the key is
16 bytes long the first 16 bytes of the expanded key will be the same as the original
key. If the key size is 32 bytes then the first 32 bytes of the expanded key will be the
same as the original key.
Each round adds 4 bytes to the expanded key. With the exception of the first
rounds each round also takes the previous rounds 4 bytes as input operates and returns
4 bytes.
One more important note is that not all of the 4 functions are always called
in each round. The algorithm only calls all 4 of the functions every
4 rounds for 16 bytes key
6 rounds for 24 bytes key
8 rounds for 32 bytes key
The rest of the rounds only a k function result is XORed with the result of the
EK function. There is an exception of this rule where if the key is 32 bytes long an
additional call to the sub word function is called every 8 rounds starting on the 13 th
round.
Rijndael’s key schedule utilizes a number of operations, which will be
described before describing the key schedule.
ROTATE
The rotate operation takes a32 bit word like this (in hexa decimal):
1d2c3a4f
And rotates it eight bits to left:
2c3a4f1d
Department of Electronics and Communication Engineering,SKEC Page 28
ADVANCED ENCRYPTION STANDARD
RCON
Rcon is what the rijndael documentation calls the exponentiation of 2 to a
user-specified values. Note that this operation is not performed with regular integers,
but in rijndael’s finite field. In polynomial form , 2 is 2 =00000010 =0x7 + 0x6 + 0x5 +
0x4 + 0x3 + 0x2 + 1x1 + 0x0 = x, and compute
rcon(i) =x(254+i)
in F28 or equivalently,
rcon(i) =x(254+i) mod x8 + x4 +x3 +x1 +1
in F2.
For example, the rcon(1)=1,the rcon(2)=2, the rcon(3)=4,and the rcon (9) is
the hexadecimal number 0x1b(27 decimal).
The below is rcon table for encryption process
Table 2.5 rcon table in encryption process
Department of Electronics and Communication Engineering,SKEC Page 29
01 02 04 08 10 20 40 80 1B 36
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
ADVANCED ENCRYPTION STANDARD
CHAPTER – 3
IMPLEMETATION
3.AES ENCRYPTION PROCESS:
3.1.1 ENCRYPTION IMPLEMENTATION: VHDL is used as the hardware description language because of the
flexibility to exchange among environments. The code is pure VHDL that could
easily be implemented on other devices, without changing the design. The software
used for this work is Xilinx ISE 8.1i. This is used for writing, debugging and
optimizing efforts, and also for fitting, simulating and checking the performance
results using the simulation tools available on Xilinx ISE design software.
3.1.2 STEPS FOLLOWED IN ENCRYPTION PROCESS:
Department of Electronics and Communication Engineering,SKEC Page 30
i >1
Invsubbytes(state)
Invshiftrows(state)
Addroundkey(state,roundkey)
i=i-1
Addroundkey (state, roundkey)
i=Nr
Key
Sch
edu
le
Invsubbytes (state)
Invshiftrows (state)
Invmixcolumns (state)
Addroundkey(State,Roundkey)
ADVANCED ENCRYPTION STANDARD
Figure 3.1:Flow Chart Representation For AES Decryption Process
3.1.3. ADD ROUND KEY:
Add round key is an XOR between the state and the round key. this
transformation is its own inverse. AES operation-add round key.
Each byte of the round key is XORed with the corresponding byte in the state
table inverse operation is identical since XOR a second time returns the
original values XOR each byte of the round key with the state table def
addroundkey(state,roundkey):for i in range(len(state)):state[i]^roundkey[i]
3.1.4.SUB BYTES:
sub byte is a substitute of each byte in the block independent of the
position in the state. This is an s-box. This is the non-linear transformation. The
s-box used is proved to be optimal with regards to non-linearity. The s-box is
based on arithmetic in GF(28).
AES operation –sub bytes
Each byte of the state table is substituted with the values in the
s-box whose index is the value of the state table byte. Provide non-
linearity(algorithm not equal to the sum of its parts)
3.1.5. SHIFT ROWS:
Shift rows is a cyclic shift of the bytes in the rows in the state and is clearly
invertible (by a shift in the opposite direction by the same amount).
AES operation –shift rows
Each row in the state table is shifted left by the number of bytes
represented by the row number.
3.1.6. MIX COLUMNS:
Linear mixing layer (shift row and mix column) which guarantees high
diffusion. Non linear s boxes protects against linear and differential cryptanalysis.
AES operation –mix columns
Mix columns is performed by multiplying each column (within
the galois finite filed).
Department of Electronics and Communication Engineering,SKEC Page 31
ADVANCED ENCRYPTION STANDARD
3.1.7. KEY EXPANSION:
AES-expansion operations
AES key expansion consists of several primitive operations:
Rotate – takes a 4-byte word and rotates everything one byte to
the left, e.g.rotate([1,2,3,4])[2,3,4,1]
Sub bytes-each byte of the word is substituted with the value in
the s-box whose index is the value of the original byte
Rcon-the first byte of a word is XORed with the round
constant. Each value of the rcon table is a member of the rijndael
finite field.
3.1.8.KEY SCHEDULE CORE:
This operation is used as an inner loop in the key schedule, and is done thus:
The input is a 32-bit word and an iteration number i. The output
is a 32-bit word.
Copy the input over to the output.
Use the above described rotate operation to rotate the output
eight bits to the left.
Apply rijndael’s s-box on all four individual bytes in the output
word
On just the first(leftmost) byte of the output word,exclusive or
the byte with 2 to the power of(i-1). In other words,perform the
rcon operation with i as the input,and exclusive or the rcon
output with the first byte of the output word.
3.1.9.CONSTANTS:
Since the key schedule for 128-bit, 192-bit, and 256-bit encryption are very
similar, with only some constants changed, the following key size constants are
defined here
Department of Electronics and Communication Engineering,SKEC Page 32
ADVANCED ENCRYPTION STANDARD
N has a value of 16 for 128-bit keys,24 for 192-bit keys, and 32 for 256-bit
keys has a value of 176 for 128-bit keys,208 for 192-bit keys, and 240 for 256-bit
keys.
CHAPTER - 4
RESULTS AND DISCUSIONS
VHDL CODE FOR AES ENCRYPTION
PACKAGE
-Package File Template
--Purpose: This package defines supplemental types, subtypes,
constants, and functions
library IEEE;
use IEEE.STD_LOGIC_1164.all;
use IEEE.STD_LOGIC_ARITH.ALL;
use IEEE.STD_LOGIC_UNSIGNED.ALL;
package aesencrypt is
type ROM_Array is array (0 to 255) of std_logic_vector(7 downto 0);
constant Content_EN: ROM_Array := (
b"01100011", b"01111100", b"01110111", b"01111011", b"11110010",
b"01101011", b"01101111", b"11000101", b"00110000", b"00000001",
b"01100111", b"00101011", b"11111110", b"11010111", b"10101011",
b"01110110",
b"11001010", b"10000010", b"11001001", b"01111101", b"11111010",
b"01011001", b"01000111", b"11110000", b"10101101", b"11010100",
b"10100010", b"10101111", b"10011100",
b"10100100",b"01110010",b"11000000",
b"10110111", b"11111101", b"10010011", b"00100110", b"00110110",
b"00111111", b"11110111", b"11001100", b"00110100", b"10100101",
Department of Electronics and Communication Engineering,SKEC Page 33
ADVANCED ENCRYPTION STANDARD
b"11100101", b"11110001", b"01110001", b"11011000", b"00110001",
b"00010101",
b"00000100", b"11000111", b"00100011", b"11000011", b"00011000",
b"10010110", b"00000101", b"10011010", b"00000111", b"00010010",
b"10000000", b"11100010", b"11101011", b"00100111", b"10110010",
b"01110101",
b"00001001", b"10000011", b"00101100", b"00011010", b"00011011",
b"01101110", b"01011010", b"10100000", b"01010010", b"00111011",
b"11010110", b"10110011", b"00101001", b"11100011", b"00101111",
b"10000100",
b"01010011", b"11010001", b"00000000", b"11101101", b"00100000",
b"11111100", b"10110001", b"01011011", b"01101010", b"11001011",
b"10111110", b"00111001", b"01001010", b"01001100", b"01011000",
b"11001111",
b"11010000", b"11101111", b"10101010", b"11111011", b"01000011",
b"01001101", b"00110011", b"10000101", b"01000101", b"11111001",
b"00000010", b"01111111", b"01010000", b"00111100", b"10011111",
b"10101000",
b"01010001", b"10100011", b"01000000", b"10001111", b"10010010",
b"10011101", b"00111000", b"11110101", b"10111100", b"10110110",
b"11011010", b"00100001", b"00010000", b"11111111", b"11110011",
b"11010010",
b"11001101", b"00001100", b"00010011", b"11101100", b"01011111",
b"10010111", b"01000100",b"00010111", b"11000100", b"10100111",
b"01111110", b"00111101", b"01100100", b"01011101", b"00011001",
b"01110011",
--60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
--e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
--e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
--ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
--70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
--e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
--8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16
Department of Electronics and Communication Engineering,SKEC Page 34
ADVANCED ENCRYPTION STANDARD
b"01100000", b"10000001", b"01001111", b"11011100",b"00100010",
b"00101001", b"10010000",b"10001000",b"01000110",b"11101110",
b"10111000", b"00010100", b"11011110", b"01011110", b"00001011",
b"11011011",
b"11100000",b"00110010",b"00111010",b"00001010",b"01001001",b"0000
0110",b"00100100",b"01011100",b"11000010",b"11010011",b"10101100",b"
01100010",b"10010001",b"10010101",b"11100100",b"01111001",
b"11100111",b"11001000",b"00110111",b"01101101",b"10001101",b"1101
0101",b"01001110",b"10101001",b"01101100",b"01010110",b"11110100",b"
11101010",b"01100101",b"01111010",b"10101110",b"00001000",
b"10111010",b"01111000",b"00100101",b"00101110",b"00011100",b"1010
0110",b"10110100",b"11000110",b"11101000",b"11011101",b"01110100",b"
00011111",b"01001011",b"10111101",b"10001011",b"10001010",
b"01110000",b"00111110",b"10110101",b"01100110",b"01001000",b"0000
0011",b"11110110",b"00001110",b"01100001",b"00110101",b"01010111",b"
10111001",b"10000110",b"11000001", b"00011101",b"10011110",
b"11100001",b"11111000",b"10011000",b"00010001",b"01101001",b"1101
1001",b"10001110",b"10010100",b"10011011",b"00011110",b"10000111",b"
11101001",b"11001110" ,b"01010101",b"00101000",b"11011111",
b"10001100",b"10100001",b"10001001",b"00001101",b"10111111",b"1110
0110" ,b"01000010",b"01101000",b"01000001",b"10011001",b"00101101",b
"00001111",b"10110000",b"01010100",b"10111011",b"00010110",
others => B"00000000");
function subword(op1: in std_logic_vector(31 downto 0)) return
std_logic_vector;
function subword_128(op1: in std_logic_vector(127 downto 0))
return std_logic_vector ;
function rotword(op1 : in std_logic_vector(31 downto 0)) return
std_logic_vector;
function keygen(op1 : in std_logic_vector(127 downto 0)) return
std_logic_vector;
function matrixmul(op1,op2 : in std_logic_vector(127 downto 0))
return std_logic_vector;
Department of Electronics and Communication Engineering,SKEC Page 35
ADVANCED ENCRYPTION STANDARD
function To_init(op2 : in std_logic_vector(7 downto 0))return integer;
function gfmul(op1,op2 : in std_logic_vector(7 downto 0)) return
std_logic_vector;
function shiftrow(op1: in std_logic_vector(127 downto 0))return
std_logic_vector;
function encryption(en_input1:in std_logic_vector(1535 downto 0))
return std_logic_vector;
end aesencrypt;
package body aesencrypt is
-- Example 2
function matrixmul(op1,op2 : in std_logic_vector(127 downto 0))
return std_logic_vector is
variable output : std_logic_vector(127 downto 0);
variable temp1,temp2,temp3,temp4,element : std_logic_vector(7 downto 0);
begin
--(1,1) 1
temp1:=gfmul(op1(127 downto 120),op2(127 downto 120));
temp2:=gfmul(op1(119 downto 112) , op2(95 downto 88));
temp3:=gfmul(op1(111 downto 104) , op2(63 downto 56));
temp4:=gfmul(op1(103 downto 96) , op2(31 downto 24));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(127 downto 120):=element;
--(1,2) 2
temp1:=gfmul(op1(127 downto 120) , op2(119 downto 112));
temp2:=gfmul(op1(119 downto 112) , op2(87 downto 80));
temp3:=gfmul(op1(111 downto 104) , op2(55 downto 48));
temp4:=gfmul(op1(103 downto 96) , op2(23 downto 16));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(119 downto 112):=element;
--(1,3) 3
Department of Electronics and Communication Engineering,SKEC Page 36
ADVANCED ENCRYPTION STANDARD
temp1:=gfmul(op1(127 downto 120) , op2(111 downto 104));
temp2:=gfmul(op1(119 downto 112) , op2(79 downto 72));
temp3:=gfmul(op1(111 downto 104) , op2(47 downto 40));
temp4:=gfmul(op1(103 downto 96) , op2(15 downto 8));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(111 downto 104):=element;
--(1,4) 4
temp1:=gfmul(op1(127 downto 120) , op2(103 downto 96));
temp2:=gfmul(op1(119 downto 112) , op2(71 downto 64));
temp3:=gfmul(op1(111 downto 104) , op2(39 downto 32));
temp4:=gfmul(op1(103 downto 96) , op2(7 downto 0));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(103 downto 96):=element;
--(2,1) 5
temp1:=gfmul(op1(95 downto 88) , op2(127 downto 120));
temp2:=gfmul(op1(87 downto 80) , op2(95 downto 88));
temp3:=gfmul(op1(79 downto 72) , op2(63 downto 56));
temp4:=gfmul(op1(71 downto 64) , op2(31 downto 24));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(95 downto 88):=element;
--(2,2) 6
temp1:=gfmul(op1(95 downto 88) , op2(119 downto 112));
temp2:=gfmul(op1(87 downto 80) , op2(87 downto 80));
temp3:=gfmul(op1(79 downto 72) , op2(55 downto 48));
temp4:=gfmul(op1(71 downto 64) , op2(23 downto 16));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
Department of Electronics and Communication Engineering,SKEC Page 37
ADVANCED ENCRYPTION STANDARD
output(87 downto 80):=element;
--(2,3) 7
temp1:=gfmul(op1(95 downto 88) , op2(111 downto 104));
temp2:=gfmul(op1(87 downto 80) , op2(79 downto 72));
temp3:=gfmul(op1(79 downto 72) , op2(47 downto 40));
temp4:=gfmul(op1(71 downto 64) , op2(15 downto 8));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(79 downto 72):=element;
--(2,4)
temp1:=gfmul(op1(95 downto 88) , op2(103 downto 96));
temp2:=gfmul(op1(87 downto 80) , op2(71 downto 64));
temp3:=gfmul(op1(79 downto 72) , op2(39 downto 32));
temp4:=gfmul(op1(71 downto 64) , op2(7 downto 0));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(71 downto 64):=element;
--(3,1) 9
temp1:=gfmul(op1(63 downto 56) , op2(127 downto 120));
temp2:=gfmul(op1(55 downto 48) , op2(95 downto 88));
temp3:=gfmul(op1(47 downto 40) , op2(63 downto 56));
temp4:=gfmul(op1(39 downto 32) , op2(31 downto 24));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(63 downto 56):=element;
--(3,2) 10
temp1:=gfmul(op1(63 downto 56) , op2(119 downto 112));
temp2:=gfmul(op1(55 downto 48) , op2(87 downto 80));
temp3:=gfmul(op1(47 downto 40) , op2(55 downto 48));
temp4:=gfmul(op1(39 downto 32) , op2(23 downto 16));
element:=temp1 xor temp2;
Department of Electronics and Communication Engineering,SKEC Page 38
ADVANCED ENCRYPTION STANDARD
element:=element xor temp3;
element:=element xor temp4;
output(55 downto 48):=element;
--(3,3) 11
temp1:=gfmul(op1(63 downto 56) , op2(111 downto 104));
temp2:=gfmul(op1(55 downto 48) , op2(79 downto 72));
temp3:=gfmul(op1(47 downto 40) , op2(47 downto 40));
temp4:=gfmul(op1(39 downto 32) , op2(15 downto 8));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(47 downto 40):=element;
--(3,4) 12
temp1:=gfmul(op1(63 downto 56) , op2(103 downto 96));
temp2:=gfmul(op1(55 downto 48) , op2(71 downto 64));
temp3:=gfmul(op1(47 downto 40) , op2(39 downto 32));
temp4:=gfmul(op1(39 downto 32) , op2(7 downto 0));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(39 downto 32):=element;
--(4,1) 13
temp1:=gfmul(op1(31 downto 24) , op2(127 downto 120));
temp2:=gfmul(op1(23 downto 16) , op2(95 downto 88));
temp3:=gfmul(op1(15 downto 8) , op2(63 downto 56));
temp4:=gfmul(op1(7 downto 0) , op2(31 downto 24));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(31 downto 24):=element;
--(4,2) 14
temp1:=gfmul(op1(31 downto 24) , op2(119 downto 112));
temp2:=gfmul(op1(23 downto 16) , op2(87 downto 80));
temp3:=gfmul(op1(15 downto 8) , op2(55 downto 48));
Department of Electronics and Communication Engineering,SKEC Page 39
ADVANCED ENCRYPTION STANDARD
temp4:=gfmul(op1(7 downto 0) , op2(23 downto 16));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(23 downto 16):=element;
--(4,3) 15
temp1:=gfmul(op1(31 downto 24) , op2(111 downto 104));
temp2:=gfmul(op1(23 downto 16) , op2(79 downto 72));
temp3:=gfmul(op1(15 downto 8) , op2(47 downto 40));
temp4:=gfmul(op1(7 downto 0) , op2(15 downto 8));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(15 downto 8):=element;
--(4,4) 16
temp1:=gfmul(op1(31 downto 24) , op2(103 downto 96));
temp2:=gfmul(op1(23 downto 16) , op2(71 downto 64));
temp3:=gfmul(op1(15 downto 8) , op2(39 downto 32));
temp4:=gfmul(op1(7 downto 0) , op2(7 downto 0));
element:=temp1 xor temp2;
element:=element xor temp3;
element:=element xor temp4;
output(7 downto 0):=element;
return output;
end matrixmul
function To_init(op2 : in std_logic_vector(7 downto 0))return integer is
variable output:integer RANGE 0 to 255;
--variable output : std_logic_vector(7 downto 0);
begin
output:=0;
if(op2(0)='1')then
output:=output+1;
end if;
Department of Electronics and Communication Engineering,SKEC Page 40
ADVANCED ENCRYPTION STANDARD
if(op2(1)='1')then
output:=output+2;
end if;
if(op2(2)='1')then
output:=output+4;
end if;
if(op2(3)='1')then
output:=output+8;
end if;
if(op2(4)='1')then
output:=output+16;
end if;
if(op2(5)='1')then
output:=output+32;
end if;
if(op2(6)='1')then
output:=output+64;
end if;
if(op2(7)='1')then
output:=output+128;
end if;
return output;
end To_init;
function gfmul(op1,op2 : in std_logic_vector(7 downto 0))return
std_logic_vector is
variable temp : std_logic_vector(15 downto 0):="0000000000000000";
variable output : std_logic_vector(7 downto 0):="00000000";
variable poly : std_logic_vector(8 downto 0):="100011011";
begin
for i in 0 to 7 loop
if(op1(7-i)='1')then
temp((14-i)downto(7-i)):=temp((14-i)downto(7-i)) xor op2;
end if;
end loop;
Department of Electronics and Communication Engineering,SKEC Page 41
ADVANCED ENCRYPTION STANDARD
for i in 0 to 7 loop
if(temp(15-i)='1')then
temp((15-i)downto (7-i)):=temp((15-i)downto (7-i)) xor poly;
end if;
end loop;
output:=temp(7 downto 0);
return output;
end gfmul;
function keygen(op1 : in std_logic_vector(127 downto 0)) return
std_logic_vector is
variable temp_output : std_logic_vector(1407 downto 0);
variable afterrotword,aftersubword,afterrcon,keyout: std_logic_vector(31
downto 0);
begin
temp_output(1407 downto 1280):=op1;
keyout:=op1(31 downto 0);
----------------------------stage 1----------------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00000001000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(1407 downto 1376); --0
temp_output(1279 downto 1248):=keyout; --4
keyout:=keyout xor temp_output(1375 downto 1344); --1
temp_output(1247 downto 1216):=keyout; --5
keyout:=keyout xor temp_output(1343 downto 1312); --2
Department of Electronics and Communication Engineering,SKEC Page 42
ADVANCED ENCRYPTION STANDARD
temp_output(1215 downto 1184):=keyout; --6
keyout:=keyout xor temp_output(1311 downto 1280);--3
temp_output(1183 downto 1152):=keyout; --7
--------------------------------stage 2----------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00000010000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(1279 downto 1248); --4
temp_output(1151 downto 1120):=keyout; --8
keyout:=keyout xor temp_output(1247 downto 1216); --5
temp_output(1119 downto 1088):=keyout; --9
keyout:=keyout xor temp_output(1215 downto 1184); --6
temp_output(1087 downto 1056):=keyout; --10
keyout:=keyout xor temp_output(1183 downto 1152);--7
temp_output(1055 downto 1024):=keyout; --11
-----------------------------stage 3-------------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00000100000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(1151 downto 1120); --8
Department of Electronics and Communication Engineering,SKEC Page 43
ADVANCED ENCRYPTION STANDARD
temp_output(1023 downto 992):=keyout; --12
keyout:=keyout xor temp_output(1119 downto 1088); --9
temp_output(991 downto 960):=keyout; --13
keyout:=keyout xor temp_output(1087 downto 1056); --10
temp_output(959 downto 928):=keyout; --14
keyout:=keyout xor temp_output(1055 downto 1024);--11
temp_output(927 downto 896):=keyout; --15
-----------------------------stage 4------------------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00001000000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(1023 downto 992); --12
temp_output(895 downto 864):=keyout; --16
keyout:=keyout xor temp_output(991 downto 960); --13
temp_output(863 downto 832):=keyout; --17
keyout:=keyout xor temp_output(959 downto 928); --14
temp_output(831 downto 800):=keyout; --18
keyout:=keyout xor temp_output(927 downto 896);--15
temp_output(799 downto 768):=keyout; --19
Department of Electronics and Communication Engineering,SKEC Page 44
ADVANCED ENCRYPTION STANDARD
-------------------------------stage 5---------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00010000000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(895 downto 864); --16
temp_output(767 downto 736):=keyout; --20
keyout:=keyout xor temp_output(863 downto 832); --17
temp_output(735 downto 704):=keyout; --21
keyout:=keyout xor temp_output(831 downto 800); --18
temp_output(703 downto 672):=keyout; --22
keyout:=keyout xor temp_output(799 downto 768);--19
temp_output(671 downto 640):=keyout; --23
----------------------------------stage 6-----------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00100000000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(767 downto 736); --20
temp_output(639 downto 608):=keyout; --24
keyout:=keyout xor temp_output(735 downto 704); --21
temp_output(607 downto 576):=keyout; --25
Department of Electronics and Communication Engineering,SKEC Page 45
ADVANCED ENCRYPTION STANDARD
keyout:=keyout xor temp_output(703 downto 672); --22
temp_output(575 downto 544):=keyout; --26
keyout:=keyout xor temp_output(671 downto 640);--23
temp_output(543 downto 512):=keyout; --27
-------------------------stage 7--------------------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="01000000000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(639 downto 608); --24
temp_output(511 downto 480):=keyout; --28
keyout:=keyout xor temp_output(607 downto 576); --25
temp_output(479 downto 448):=keyout; --29
keyout:=keyout xor temp_output(575 downto 544); --26
temp_output(447 downto 416):=keyout; --30
keyout:=keyout xor temp_output(543 downto 512);--27
temp_output(415 downto 384):=keyout; --31
---------------------------------------stage 8
-----------------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
Department of Electronics and Communication Engineering,SKEC Page 46
ADVANCED ENCRYPTION STANDARD
afterrcon:="10000000000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(511 downto 480); --28
temp_output(383 downto 352):=keyout; --32
keyout:=keyout xor temp_output(479 downto 448); --29
temp_output(351 downto 320):=keyout; --33
keyout:=keyout xor temp_output(447 downto 416); --30
temp_output(319 downto 288):=keyout; --34
keyout:=keyout xor temp_output(415 downto 384);--31
temp_output(287 downto 256):=keyout; --35
----------------------------------------stage 9
---------------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00011011000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(383 downto 352); --32
temp_output(255 downto 224):=keyout; --36
keyout:=keyout xor temp_output(351 downto 320); --33
temp_output(223 downto 192):=keyout; --37
keyout:=keyout xor temp_output(319 downto 288); --34
temp_output(191 downto 160):=keyout; --38
Department of Electronics and Communication Engineering,SKEC Page 47
ADVANCED ENCRYPTION STANDARD
keyout:=keyout xor temp_output(287 downto 256);--35
temp_output(159 downto 128):=keyout; --39
----------------------------stage 10----------------------------------------
afterrotword:=rotword(keyout);
aftersubword:=subword(afterrotword);
afterrcon:="00110110000000000000000000000000";
afterrcon:=afterrcon xor aftersubword;
keyout:=afterrcon xor temp_output(255 downto 224); --36
temp_output(127 downto 96):=keyout; --40
keyout:=keyout xor temp_output(223 downto 192); --37
temp_output(95 downto 64):=keyout; --41
keyout:=keyout xor temp_output(191 downto 160); --38
temp_output(63 downto 32):=keyout;
keyout:=keyout xor temp_output(159 downto 128);--39
temp_output(31 downto 0):=keyout; --43
return temp_output;
end keygen;
function rotword(op1: in std_logic_vector(31 downto 0)) return
std_logic_vector is
variable temp_output : std_logic_vector(31 downto 0);
begin
temp_output(31 downto 24):=op1(23 downto 16);
temp_output(23 downto 16):=op1(15 downto 8);
temp_output(15 downto 8):=op1(7 downto 0);
temp_output(7 downto 0):=op1(31 downto 24);
Department of Electronics and Communication Engineering,SKEC Page 48
ADVANCED ENCRYPTION STANDARD
return temp_output;
end rotword;
function subword(op1: in std_logic_vector(31 downto 0)) return
std_logic_vector is
variable temp_output : std_logic_vector(31 downto 0);
begin
temp_output(31 downto 24):=Content_EN(conv_integer(op1(31 downto
24)));
temp_output(23 downto 16):=Content_EN(conv_integer(op1(23 downto
16)));
temp_output(15 downto 8):=Content_EN(conv_integer(op1(15 downto
8)));
temp_output(7 downto 0):=Content_EN(conv_integer(op1(7 downto 0)));
return temp_output;
end subword;
function subword_128(op1: in std_logic_vector(127 downto 0)) return
std_logic_vector is
variable temp_output : std_logic_vector(127 downto 0);
begin
temp_output(127 downto 96):=subword(op1(127 downto 96));
temp_output(95 downto 64):=subword(op1(95 downto 64));
temp_output(63 downto 32):=subword(op1(63 downto 32));
temp_output(31 downto 0):=subword(op1(31 downto 0));
return temp_output;
end subword_128;
function shiftrow(op1: in std_logic_vector(127 downto 0))return
std_logic_vector is
variable temp_output: std_logic_vector(127 downto 0);
begin
---1 st row----
temp_output(127 downto 96):= op1(127 downto 96);--1
Department of Electronics and Communication Engineering,SKEC Page 49
ADVANCED ENCRYPTION STANDARD
temp_output(95 downto 88):= op1(95 downto 88);--5
temp_output(63 downto 56):= op1(63 downto 56); --9
temp_output(31 downto 24):= op1(31 downto 24);--13
----2nd row-----
temp_output(119 downto 112):= op1(87 downto 80);--2
temp_output(87 downto 80):= op1(55 downto 48);--6
temp_output(55 downto 48):= op1(23 downto 16);--10
temp_output(23 downto 16):= op1(119 downto 112);--14
----3 rd row-----
temp_output(111 downto 104):= op1(47 downto 40);
temp_output(79 downto 72):= op1(15 downto 8);
temp_output(47 downto 40):= op1(111 downto 104);
temp_output(15 downto 8):= op1(79 downto 72);
-------4th row-------
temp_output(103 downto 96):= op1(7 downto 0);
temp_output(71 downto 64):= op1(103 downto 96);
temp_output(39 downto 32):= op1(71 downto 64);
temp_output(7 downto 0):= op1(39 downto 32);
return temp_output;
end shiftrow
function encrpytion(en_input1:in std_logic_vector(1535 downto 0)) return
std_logic_vector is
variable temp_output,temp1,temp2,temp3,temp4 : std_logic_vector(127
downto 0);
variable mixmat: std_logic_vector(127 downto
0):="0000001000000001000000010000001100000011000000100000000100
00000100000001000000110000001000000001000000010000000100000011
00000010";
begin
Department of Electronics and Communication Engineering,SKEC Page 50
ADVANCED ENCRYPTION STANDARD
--------------------step 1---------------------------------------
temp1:=en_input1(1535 downto 1408) xor en_input1(1407 downto 1280);
-------------------step2 ---------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(1279 downto 1152);
--------------------step3 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(1151 downto 1024);
--------------------step4 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(1023 downto 896);
--------------------step5 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(895 downto 768);
--------------------step6 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
Department of Electronics and Communication Engineering,SKEC Page 51
ADVANCED ENCRYPTION STANDARD
temp1:=temp4 xor en_input1(767 downto 640);
--------------------step7 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(639 downto 512);
--------------------step8 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(511 downto 384)
--------------------step9 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(383 downto 256);
--------------------step10 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
temp4:=matrixmul(temp3,mixmat);
temp1:=temp4 xor en_input1(255 downto 128);
--------------------step11 ------------------------------------------------
temp2:=subword_128(temp1);
temp3:=shiftrow(temp2);
--temp4:=matrixmul(temp3,mixmat,);
temp1:=temp3 xor en_input1(127 downto 0);
return temp1;
end encryption;
MAIN CODE ----------------------------------------------------------------------------------
-- Company:
-- Engineer:
-- Create Date: 11:49:45 10/16/2012
----------------------------------------------------------------------------------
Department of Electronics and Communication Engineering,SKEC Page 52
ADVANCED ENCRYPTION STANDARD
library IEEE;
use IEEE.STD_LOGIC_1164.ALL;
use IEEE.STD_LOGIC_ARITH.ALL;
use IEEE.STD_LOGIC_UNSIGNED.ALL;
use work.aesencrypt.all;
-- Uncomment the following lines to use the declarations that are
-- provided for instantiating Xilinx primitive components.
--library UNISIM;
--use UNISIM.VComponents.all;
entity encryption11 is
Port ( input_ENCRYPTION :in std_logic_vector(127 downto 0);
input_KEY:in std_logic_vector(127 downto 0);
out_KEYS: out std_logic_vector(1407 downto 0);
output_ENCRYPTION: out std_logic_vector(127 downto 0);
clk : in std_logic);
end encryption11;
architecture Behavioral of encryption11 is
begin
process(clk,input_ENCRYPTION)
variable x1 : std_logic_vector(1535 downto 0);
variable x2 : std_logic_vector(1407 downto 0);
variable x3 : std_logic_vector(127 downto 0);
begin
if(clk='1')and(clk'EVENT) then
x2:=keygen(input_KEY);
x1(1535 downto 1408):=input_ENCRYPTION;
x1(1407 downto 0):= x2;
x3:=encription(x1);
end if;
output_ENCRYPTION<=x3;
out_KEYS<=x2;
end process;
end aesencrypt;
Department of Electronics and Communication Engineering,SKEC Page 53
ADVANCED ENCRYPTION STANDARD
1.2: RTL SCHEMATIC FOR ENCRYPTION:
4.2 TECHNOLOGY SCHEMATIC FOR ENCRYPTION:
Department of Electronics and Communication Engineering,SKEC Page 54
ADVANCED ENCRYPTION STANDARD
4.3 SIMULATION WAVE FORM FOR AES ENCRYPTION:
Department of Electronics and Communication Engineering,SKEC Page 55
ADVANCED ENCRYPTION STANDARD
plain text:where are you ra (57484552452041524520594f55205241)this is ascii value key:howareyounow.(484f572041524520594f55204e4f572e)cipher text : 17029EEB2EEAC4EA0E7C265902375C2F
4.4 SYNTHESIS REPORT SCMATIC FOR AES ENCRYPTION
=============================================================
============
Department of Electronics and Communication Engineering,SKEC Page 56
ADVANCED ENCRYPTION STANDARD
* Final Report *
=============================================================
============
Final Results
RTL Top Level Output File Name : encryption.ngr
Top Level Output File Name : encryption
Output Format : NGC
Optimization Goal : Speed
Keep Hierarchy : NO
Design Statistics
# IOs : 258
Cell Usage :
# BELS : 47282
# GND : 1
# INV : 182
# LUT1 : 164
# LUT2 : 1776
# LUT2_L : 111
# LUT3 : 231
# LUT3_D : 8
# LUT3_L : 609
# LUT4 : 22881
# LUT4_D : 14
# LUT4_L : 273
# MUXF5 : 11338
# MUXF6 : 5698
# MUXF7 : 2839
# MUXF8 : 1156
# VCC : 1
# FlipFlops/Latches : 2784
# FD : 2626
# FDE : 129
Department of Electronics and Communication Engineering,SKEC Page 57
ADVANCED ENCRYPTION STANDARD
# FDR : 26
# FDS : 3
# Shift Registers : 11
# SRL16 : 11
# Clock Buffers : 1
# BUFGP : 1
# IO Buffers : 256
# OBUF : 256
=============================================================
============
Device utilization summary:
---------------------------
Selected Device : 3s500efg320-5
Number of Slices: 14517 out of 4656 311% (*)
Number of Slice Flip Flops: 2784 out of 9312 29%
Number of 4 input LUTs: 26260 out of 9312 282% (*)
Number used as logic: 26249
Number used as Shift registers: 11
Number of IOs: 258
Number of bonded IOBs: 257 out of 232 110% (*)
Number of GCLKs: 1 out of 24 4%
WARNING:Xst:1336 - (*) More than 100% of Device resources are used
---------------------------
Partition Resource Summary:
---------------------------
No Partitions were found in this design.
---------------------------
Department of Electronics and Communication Engineering,SKEC Page 58
ADVANCED ENCRYPTION STANDARD
=============================================================
============
TIMING REPORT
NOTE: THESE TIMING NUMBERS ARE ONLY A SYNTHESIS ESTIMATE.
FOR ACCURATE TIMING INFORMATION PLEASE REFER TO THE
TRACE REPORT
GENERATED AFTER PLACE-and-ROUTE.
Clock Information:
------------------
-----------------------------------+------------------------+-------+
Clock Signal | Clock buffer(FF name) | Load |
-----------------------------------+------------------------+-------+
clk | BUFGP | 2795 |
-----------------------------------+------------------------+-------+
Asynchronous Control Signals Information:
----------------------------------------
No asynchronous control signals found in this design
Timing Summary:
---------------
Speed Grade: -5
Minimum period: 6.654ns (Maximum Frequency: 150.280MHz)
Minimum input arrival time before clock: No path found
Maximum output required time after clock: 4.040ns
Maximum combinational path delay: No path found
Timing Detail:
--------------
Department of Electronics and Communication Engineering,SKEC Page 59
ADVANCED ENCRYPTION STANDARD
All values displayed in nanoseconds (ns)
=============================================================
============
Timing constraint: Default period analysis for Clock 'clk'
Clock period: 6.654ns (frequency: 150.280MHz)
Total number of paths / destination ports: 591072 / 2926
-------------------------------------------------------------------------
Delay: 6.654ns (Levels of Logic = 7)
Source: a35/x05_15 (FF)
Destination: a39/x05_109 (FF)
Source Clock: clk rising
Destination Clock: clk rising
Data Path: a35/x05_15 to a39/x05_109
Gate Net
Cell:in->out fanout Delay Delay Logical Name (Net Name)
---------------------------------------- ------------
FD:C->Q 11 0.514 0.796 a35/x05_15 (a35/x05_15)
LUT4:I3->O 3 0.612 0.481 a36/h1<12>_SW0 (N1659)
LUT4:I2->O 125 0.612 1.128 Mxor_data9_Result<12>1 (data9<12>)
LUT4:I2->O 1 0.612 0.000 a38/s2/Mrom_sbout1 (a38/s2/Mrom_sbout)
MUXF5:I1->O 1 0.278 0.000 a38/s2/Mrom_sbout_f5
(a38/s2/Mrom_sbout_f5)
MUXF6:I1->O 1 0.451 0.000 a38/s2/Mrom_sbout_f6
(a38/s2/Mrom_sbout_f6)
MUXF7:I1->O 1 0.451 0.000 a38/s2/Mrom_sbout_f7
(a38/s2/Mrom_sbout_f7)
MUXF8:I1->O 1 0.451 0.000 a38/s2/Mrom_sbout_f8 (sb9<8>)
FD:D 0.268 a39/x05_104
----------------------------------------
Total 6.654ns (4.249ns logic, 2.405ns route)
(63.9% logic, 36.1% route)
Department of Electronics and Communication Engineering,SKEC Page 60
ADVANCED ENCRYPTION STANDARD
=============================================================
============
Timing constraint: Default OFFSET OUT AFTER for Clock 'clk'
Total number of paths / destination ports: 128 / 128
-------------------------------------------------------------------------
Offset: 4.040ns (Levels of Logic = 1)
Source: eout_127 (FF)
Destination: eout<127> (PAD)
Source Clock: clk rising
Data Path: eout_127 to eout<127>
Gate Net
Cell:in->out fanout Delay Delay Logical Name (Net Name)
---------------------------------------- ------------
FDE:C->Q 1 0.514 0.357 eout_127 (eout_127)
OBUF:I->O 3.169 eout_127_OBUF (eout<127>)
----------------------------------------
Total 4.040ns (3.683ns logic, 0.357ns route)
(91.2% logic, 8.8% route)
Total REAL time to Xst completion: 359.00 secs
Total CPU time to Xst completion: 359.06 secs
Total memory usage is 302972 kilobyte
Number of errors : 0 ( 0 filtered)
Number of warnings : 376 ( 0 filtered)
Number of infos : 34 ( 0 filtered)
CHAPTER - 5
SUMMARY
Department of Electronics and Communication Engineering,SKEC Page 61
ADVANCED ENCRYPTION STANDARD
5.1. PROJECT SUMMARY:
The Advanced Encryption Standard (AES) is a security standard that
became effective on May 26,2002 by NIST to replace DES. the cryptography
scheme is asymmetric block cipher that encrypts and decrypts 128-bit blocks of
data lengths of 128,192 and 256 bits are standard key lengths used by AES.
Plain text refers to the data to be encrypted. Cipher text refers to the
data after going through the cipher as well as the data that will be going into the
decipher. The state is an intermediate form of the cipher or deciphers result
usually displayed as a rectangular table of bytes with 4 rows and 4 columns
The first stage “subbytes” transformation a non-linear byes substitution
for each byte of the block. The second stage”shiftrows” transformation cyclically
shifts(permutes) the bytes within the block. The third stage”mixcolumns”
transformation groups 4-bytes together forming 4-term polynomials and
multiplies the polynomials with a fixed polynomial mod(X4+1).The fourth
stage”add roundkey”transformation adds the round key with the block of data.
The decipher is simply the inverse of cipher
The algorithm consists of four stages that make up a round which is
iterated 10 times for a 128-bit length key, 12 times for 192-bit key and 14 times
for a 256-bit key
5.2. CONCLUSION:
The main advantage with the Advanced Encryption Standard is to
maintain the secret communication between the Encryption and Decryption. It
is the symmetric key encryption algorithm. This reduces the complexity of the
Department of Electronics and Communication Engineering,SKEC Page 62
ADVANCED ENCRYPTION STANDARD
Encrypt and Decrypt the data. Cipher key is same for both the Encryption and
Decryption process VHDL code is used to develop the implementation of
Encryption and Decryption process. Each program is tested with the some of
the sample vectors provided by NIST and output results are perfect with
minimal delay. In the case of 192,256-bit key algorithm, it requires 192,256-bit
plain text and 128-bit cipher key.
AES is important to understand the using the algorithm, it will greatly
increase the reliability and safety of software systems. Therefore, AES can
indeed be implemented with reasonable efficiency on an FPGA, with the
encryption and decryption taking an average of 320 and 340 ns respectively
(for every 128 bits).
The time varies from chip to chip and the calculate delay time can only
be regarded as approximate. Adding data pipelines and some parallel
combinational logic in the key scheduler and round calculator can further
optimize this design.There is currently no evidence that AES has any weakness
making any attack other than exhaustive search.
Even AES-128 bit offers a sufficiently large number of possible keys,
making an exhaustive search impractical for many decades, provided no
technological breakthrough causes the computational power available to
increase dramtically and that theoretical research does not find a short cut to
bypass the need for exhaustive search. There are many pitfalls to avoid when
encryption is implemented and keys are generated.
It is necessary to ensure each and every implementations security, an
important correctly implemented AES-128 is likely to protect against a million
dollar budget for at least 50-60 years and against individual budgets for at least
another ten years.
5.3. SCOPE OF EXPANSION :
This algorithm is also implemented with the 192,256-bit keys.
Department of Electronics and Communication Engineering,SKEC Page 63
ADVANCED ENCRYPTION STANDARD
By using with this design we are also implemented as a crypto-
processor for secret communication.
This algorithm is also used to implement as crypto processor
for smartcard
performance, efficiency, implementability, and flexibility are
extended by using efficient techniques.
Large amount of data can be transmitted by extending block
sizes.
REFERENCES
[1] FIPS 197, “Advanced Encryption Standard (AES)”, November 26, 2001
Department of Electronics and Communication Engineering,SKEC Page 64
ADVANCED ENCRYPTION STANDARD
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[2] J. Daemen and V. Rijmen, “AES Proposal: Rijndael”, AES Algorithm
Submission,
September 3, 1999
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip
[3] “FPGA Simulations of Round 2 Advanced Encryption Standards”
http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/presentations/elbirt.pdf.
[4] http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm
[5] Tilborg, Henk C. A. van. “Fundamentals of Cryptology: A Professional Reference
and Interactive Tutorial”, New York Kluwer Academic Publishers, 2002
[6] Peter J. Ashenden, “The student’s Guide to VHDL”, 2nd Edition, San Francisco,
CA, Morgan Kaufmann, 2002
References:understanding mix columns
[7 Wikipedia – Rijndael mix columns, [Online]
Available: http://en.wikipedia.org/wiki/Rijndael_mix_columns
[8] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) –
Multiplication,
in Cryptography and Network Security: Principles and Practices, Page 125 – 126.
References:understanding inverse mix columns
[9] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) –
Multiplication,
in Cryptography and Network Security: Principles and Practices, Page 125 – 126.
[10] Kit Choy Xintong (2009), Understanding AES Mix-Columns Transformation
Calculation
[Available]Online:
http://sites.google.com/site/kitworldoftheory/Home/mixcolumns.pdf?
Department of Electronics and Communication Engineering,SKEC Page 65
ADVANCED ENCRYPTION STANDARD
attredirects=0
[11] AES page available via http://www.nist.gov/CryptoToolkit.4
[12] Computer Security Objects Register (CSOR): http://csrc.nist.gov/csor/.
[13] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES AlgorithmSubmission, September 3, 1999, available at [1].[14] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research andApplications, LNCS 1820, Springer-Verlag, pp. 288-296.
[15] B. Gladman’s AES related home pagehttp://fp.gladman.plus.com/cryptography_technology/.
[16] A. Lee, NIST Special Publication 800-21, Guideline for ImplementingCryptography in the Federal Government, National Institute of Standards andTechnology, November 1999.
[17] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of AppliedCryptography, CRC Press, New York, 1997, p. 81-83.
[18] J. Nechvatal, ET. al., Report on the Development of the Advanced EncryptionStandard (AES), National Institute of Standards and Technology, October 2, 2000,available at [1].
[19]^ Vincent Rijmen (2010). "Practical-Titled Attack on AES-128 Using Chosen-
Text Relations".
[20]^ Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
(2011). "Biclique Cryptanalysis of the Full AES".
[21]^ a b "Index of formal scientific papers". Cr.yp.to. Retrieved 2008-11-02.
[22]^ Bruce Schneier. "AES Timing Attack". Archived from the original on 12
February 2007. Retrieved 2007-03-17.
[23]^ Dag Arne Osvik1; Adi Shamir2 and Eran Tromer2 (2005-11-20) (PDF). Cache
Attacks and Countermeasures: the Case of AES. Retrieved 2008-11-02.
Department of Electronics and Communication Engineering,SKEC Page 66
ADVANCED ENCRYPTION STANDARD
[24] ^ Dhiman Saha, Debdeep Mukhopadhyay, Dipanwita RoyChowdhury (PDF). A
Diagonal Fault Attack on the Advanced Encryption Standard. Archived from the
original on 22 December 2009. Retrieved 2009-12-08.
[25]^ Endre Bangerter, David Gullasch and Stephan Krenn (2010). "Cache Games –
Bringing Access-Based Cache Attacks on AES to Practice".
[26] ^ "Breaking AES-128 in realtime, no ciphertext required | Hacker News".
News.ycombinator.com. Retrieved 2012-12-23.
[27] ^ a b http://www.cnss.gov/Assets/pdf/nstissp_11_fs.pdf
[28] ^ "NIST.gov - Computer Security Division - Computer Security Resource
Center". Csrc.nist.gov. Retrieved 2012-12-23.
[29] ^ a b OpenSSL, [email protected]. "OpenSSL's Notes about FIPS
certification". Openssl.org. Retrieved 2012-12-23.
[30]^ "Performance Comparisons of the AES submissions" (PDF). 1999-02-01.
Retrieved 2010-12-28.
Department of Electronics and Communication Engineering,SKEC Page 67