AES

ADVANCED ENCRYPTION STANDARD

CHAPTER - 1

INTRODUCTION

1.1ADVANCED ENCRYPTION STANDARD-RIJNDAEL CIPHER

AES stands for advanced encryption standard. AES is symmetric key

encryption algorithm which replaces the commonly used data encryption standard

(DES).AES provides strong encryption and was selected by NIST as a federal

information processing standard in November 2001 (FIPS-197). The AES

algorithm uses three key sizes:128-, 192-, or 256- bit encryption key. Each

encryption key size causes the algorithm to behave slightly different, so the

increasing key sizes not only offer a large number of bits with which you can

scramble the data, but also increases the complexity of cipher algorithm. AES was

developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen.

AES is an algorithm for performing encryption (and reverse,

decryption).the series of well-defined steps that can be followed as a procedure.

The original information is known as plain text,and the encrypted form as cipher

text.

The AES algorithm is a symmetric block cipher that can encrypt (encipher)

and decrypt(decipher) information. Encryption converts data to an unintelligible

form called cipher text; decrypting the cipher text converts the data back to its

original form, called plain text. AES can be used to protect electronic data.

BLOCK DIAGRAM:

Plaintext /ciphertext output128 bit 128-bit(plain text)

Round 128 bit key input

Clk2

Secret key 128,192,256

Figure 1.1 block diagram of AES algorithm[1]

Department of Electronics and Communication Engineering,SKEC Page 1

Encrypt/Decrypt

Key Schedule Generation


The cipher text message contains all the information of the plaintext

message, but is not in a format readable by a human or computer without the

proper mechanism to decrypt it.

The encrypting procedure is varied depending on the key which

changes the detailed operation of the algorithm. Without the key, the cipher

cannot be used to encrypt or decrypt.

1.2 ENCRYPTION:

Encryption is the transformation of plain text into cipher text through a

mathematical process

plain text cipher key

cipher text

Figure 1.2 Block Diagram Of Encryption Process

1.3 DECRYPTION:

Decryption is a process to convert cipher text back into plain text

Cipher text plain text

Cipher key

Figure 1.3 block diagram of decryption process

1.4 APPLICATION OF CRYPOTGRAPHY:

Cryptography helped ensure secrecy in important communications,

such as those of government convert operations.

This is helpful in wireless security like military communication and

mobile telephony where there is a greater emphasis on the speed of

communication (military leaders and diplomats).

Cryptography has come to be in widespread use by many civilians

who do not have extraordinary needs for secrecy


ENCRYPTION

DECRYPTION


CHAPTER - 2

THEORY

2.1 BACKGROUND OF THE ALGORITHM:

Many algorithms were originally presented by researchers from twelve

different Nations. Fifteen (15) algorithms were selected from the first set of

submittals. After a study and selection process five, (5) were chosen as

finalists. The five algorithms selected were MARS, RC6, RIJNDAEL,

SERPENT and TWOFISH. The conclusion was that the five Competitors

showed similar characteristics. On October 2nd 2000, NIST announced that

the Rijndael Algorithm was the winner of the contest. The Rijndael Algorithm

was chosen since it had the best overall scores in security, performance,

efficiency, implementation ability and flexibility, [NIS00b]. The Rijndael

algorithm was developed by Joan Daemen of Proton World International and

Vincent Fijmen of Katholieke University at Leuven.

The Rijndael algorithm is a symmetric block cipher that can process

data blocks of 128 bits through the use of cipher keys with lengths of 128,

192, and 256 bits. The Rijndael algorithm was also designed to handle

additional block sizes and key lengths. However, the additional features were

not adopted in the AES. The hardware implementation of the Rijndael

algorithm can provide either high performance or low cost for specific

applications. At backbone communication channels or heavily loaded servers

it is not possible to lose processing speed, which drops the efficiency of the

overall system while running cryptography algorithms in software. On the

other side, a low cost and small design can be used in smart card applications,

which allows a wide range of equipment to operate securely.

2.1.1 AES OVERVIEW:

1976-2000: The Data Encryption Standard (DES) is considered the

standard for block ciphers by NIST.

1997-2001: With des becoming outdated NIST announces competition to

design a successor.



2001:Rijndeal, designed by Joan Daemen and Vincent Rijmen , is selected

by NIST as a AES

2.1.2 PROPERTIES OF AES:

Based in finite mathematic, widely analysed and considered secure,

Used for US government top secret data,

Supports 128, 196, 256 bit keys,

Unpatented, Expected to be the standard for 20+years

2.2 TYPES OF CYPHERS:

There are two classes of algorithm in encryption, an asymmetric key and

symmetric key.The following sub sections describe the both classes and a brief

discussion of algorithm is added as well.

2.2.1 ALGORITHM:

Algorithm is a process for completing a task. An encryption algorithm

is a mathematical process (mathematical formula) to encrypt and decrypt messages it

typically has two elements:data (for example , plain text or email message that you

want to encrypt or decrypt) and a key.

2.2.2 SYMMETRIC ENCRYPTION:

Symmetric encryption uses a secret key value to encrypt and decrypt

data. Both the sender and receiver need the same key to encrypt or decrypt. There are

two types of symmetric algorithms: stream algorithms and block algorithms. The

stream algorithm works on one bit or byte at a time, whereas the block algorithm

works on larger blocks of data (typically 64 bits ).the drawback of to this type of

system is that if the key is discovered, all the messages can be decrypted. Symmetric

key is the key that is used to for encrypting and decrypting a file or a message.

Examples of symmetric encryption are DES\3DES, AES, IDEA, RC6 and Blowfish.



2.2.3 SYMMETRIC KEY OR PRIVATE KEY:

In a symmetric or private key algorithm, in the ordinary case, the

communication only uses only one key. A user A sends the secret private key Kc to a

B user before the start of the communication between them. Both sides use the same

private key to encrypt and decrypt the exchanged information. Data encryption

standard (DES) and CAST128 are example of symmetric algorithm.

The symmetric algorithm is much faster than a asymmetric key

algorithm, which needs a bigger key and complex computation. To encrypt a large

amount of data, symmetric key algorithm is used with one secrete key. the public key

algorithm then used to encrypt and transmit the symmetric key. At the recipient, the

symmetric key is decrypted. After that all communication is made using a

symmetrical algorithm. There are two classes of private key cryptography scheme

which are commonly distinguished as block ciphers and stream ciphers.

Cipher text

Unsecured channel

Figure 2.1

2.1private key cryptography

Private key is a secret key of public-private key cryptography system (it is

used in asymmetric cryptography). The private key is normally known only to the key

owner. Messages are encrypted using a public key and can be decrypted by the owner

of the corresponding private key. For the digital signatures, however, a document is

signed with a private key and authenticated with the corresponding public key. Private

key should not be distributed.

2.2.4 ASYMMETRIC ENCRYPTION:

Asymmetric encryption (asymmetric cipher) uses a separate key for encryption

and decryption. The decryption key is very hard or even impossible to derive from the

encryption key . the encryption key is public so that anyone can encrypt a message .

however , the decryption key is private , so that only the receiver is able to decrypt

the message. it is common to set up a pair of keys within a network so that each user

has public key and a private key .The public key is made available to everyone so


Private key kc

Plain text

User A

ENCRYPTION

Private key kc

plaintext

User B

DECRYPTION


that they can send messages, but the private key is only made available to the person

it belongs to.

Asymmetric cipher that uses different (not trivially related) keys for encryption and

decryption. Asymmetric cipher that uses different (not trivially related) keys for

encryption and decryption.

Examples of asymmetric encryption are RSA, ELGAMAL.

2.2.5 ASYMMETRIC KEY FOR PUBLIC KEY:

as an alternative to RSA which In asymmetric key algorithm, there are two

keys. One must be public and it is used to encrypt the data. The other key is a private

one and it is used to decrypt the information. In communication between A and B,A

uses the public key ke of B to encrypt the message ,in a way that only B(neither

A).can decrypt this message using his private key Kd. The system is also used to sign

a message digitally. Rivest – Shamir - Adleman (RSA) is widely used asymmetric key

algorithm for decrease elliptic curve cryptography (ECCoffers highest security its

small bit length of key.

Cipher text

Unsecure channel

Figure:2.2 public key cryptography.

A public key is the public key of a public-private key cryptography system. Public

key is used in asymmetric cryptography. Public keys are used to enable someone to

encrypt messages intended for the owner of the public key. Public keys are meant for

distribution, so anyone who wants to send an encrypted message to the owner of the

public key can do so, but the owner of the public key can do so, but only the owner of

the corresponding private key can decrypt the message. Cryptography based on

methods involving a public key and a private key.


Private key ke

Plain text

User A

ENCRYPTION

Private key kd

plaintext

User B

DECRYPTION


2.2.6 CIPHER TEXT:

This is the encrypted message produced by applying the algorithm to the plaintext message using the secret key.

2.7 BLOCK CIPHER:

Block chipper is a type of the symmetric-key encryption algorithm that transforms a

fixed-length block of plaintext data into block of cipher text data of the same length.

This transformation takes places under the action of a user-provided secret

key. Decryption is performed by applying the reverse transformation to the cipher

text block using the same secret key. The fixed length is called the block size, and for

many block ciphers, the block size is 64 and the block size increase to 128, 192 or 256

bits as processors become more sophisticated. Below figure illustrates the block

cipher transformation. The cipher like DES, triple-DES and blowfish are example of

block cipher.

Plaintext ciphertext

key key

Ciphertext plaintext

Figure 2.3 block cipher

Since different plaintext blocks are mapped to different cipher text blocks (to

allow unique decryption), a block cipher effectively provides a permutation of the set

of all possible messages. The permutation effected during any particular encryption is

a secret, since it is a function of the secret key


Block cipher encryption

Block cipher decryption


2.3 THE AES CIPHER:

Block length is limited to 128 bit

The key size can be independently specified to 128,19 or 256 bits

Table 2.1: represented of key size, number of rounds, exapanded key size

2.4 NOTATION AND CONVENTIONS: 2.4.1. INPUTS AND OUTPUTS: The input and output for the AES algorithm consists of sequences of 128 bits.

These sequences are referred to as blocks and the numbers of bits they contain are

referred to as their length. The Cipher Key for the AES algorithm is a sequence of

128,192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by

this standard. The bits within such sequences are numbered starting at zero and ending

at one less than the sequence length, which is also termed the block length or key

length. The number “i” attached to a bit is known as its index and will be in one of the

ranges 0 ≤ i<128, 0 ≤ i< 192 or 0 ≤ i< 256 depending on the block length or key

length specified.

2.4.2. BYTES:

The basic unit of processing in the AES algorithm is a byte, which is a

sequence of eight bits treated as a single entity. The input, output and Cipher Key bit

sequences described in Section 1.1 are processed as arrays of bytes that are formed by

dividing these sequences into groups of eight contiguous bits to form arrays of bytes.

For an input, output or Cipher Key denoted by a, the bytes in the resulting array are

referenced using one of the two forms, an or a[n], where n will be in a range that

depends on the key length. For a key length of 128 bits, n lies in the range 0 ≤ n < 16.

For a key length of 192 bits, n lies in the range 0 ≤ n < 24. For a key length of 256

bits, n lies in the range 0≤ n < 32.


Key size(word/byte/bits)

4/16/192 6/24/192 8/32/256

Number of rounds 10 12 14

Expanded key size(words/byte)

44/176 52/208 60/240


All byte values in the AES algorithm are presented as the concatenation of the

individual bit values, (0 or 1), between braces in the order{b7, b6, b5, b4, b3, b2, b1,

b0}.These bytes are interpreted as finite field elements using a polynomial

representation

b7 x7+ b6 x6+ b5 x5+ b4 x4+ b3 x3+ b2 x2+ b1 x1+ b0x0=Σbi xi ---------->(1)

For example, {01100011} identifies the specific finite field element x6 + x5 + x

+1. It is also convenient to denote byte values using hexadecimal notation with each

of two groups of four bits being denoted by a single hexadecimal character. The

hexadecimal notation scheme is depicted in Figure.1.

Table 2.2 Hexadecimal Representation of Bit Patterns[1]

Hence the element {01100011} can be represented as {63}, where the

character denoting the four-bit group containing the higher numbered bits is again to

the left. Some finite field operations involve one additional bit {b8} to the left of an 8-

bit byte. When the b8 bit is present, it appears as {01} immediately preceding the 8-

bit byte. For example, a 9-bit sequence is presented as {01} {1b}.

2.4.3. ARRAYS OF BYTES:

Arrays of bytes are represented in the form a0a1a2···a15. The bytes and the bit

ordering within bytes are derived from the 128-bit input sequence, input0input1input2

···input126input127 as a0 = {input0, input1, ···, input7} , a1 = {input8, input9, ···,

input15} with the pattern continuing up to a15 = {input120, input121, ···, input127}.

The pattern can be extended to longer sequences associated with 192 and 256 bit

keys. In general,

an = {input8n, input8n+1, ···, input8n+7}.



An example of byte designation and numbering within bytes for a given input

sequence is presented in Figure 2.

Figure 2.4: Indices for Bytes and Bits [1]

2.4.4. THE STATE:

Internally, the AES algorithm’s operations are performed on a two

dimensional array of bytes called the State. The State consists of four rows of bytes.

Each row of a state contains Nb numbers of bytes, where Nb is the block length

divided by 32. In the State array, which is denoted by the symbol S, each individual

byte has two indices. The first byte index is the row number r, which lies in the range

0 ≤r ≤ 3 and the second byte index is the column number c, which lies in the range 0 ≤

c ≤ Nb−1. Such indexing allows an individual byte of the State to be referred to as Sr,c

or S[r,c]. For the AES Nb = 4, which means that 0 ≤c ≤ 3. At the beginning of the

Encryption and Decryption the input, which is the array of bytes symbolized by

in0in1···in15 is copied into the State array. This activity is illustrated in Figure 3. The

Encryption or Decryption operations are conducted on the State array. After

manipulation of the state array has completed its final value is copied to the output,

which is an array of bytes symbolized by out0out1···out15.

Input state array output byte

Figure 2.5: State Array Input and Output [1]

At the start of the Encryption or Decryption the input array is copied to the

State array with

S[r, c] = in[r + 4c]



where 0 ≤r ≤3 and 0 ≤c ≤ Nb−1 At the end of the Encryption and Decryption the State

is copied to the output array with

out[r + 4c] = S[r,c]

where 0 ≤ r ≤ 3 and 0 ≤ c ≤ Nb−1.Input Bytes State Array Output Bytes

2.4.5. THE STATE AS AN ARRAY OF COLUMNS:

The four bytes in each column of the State form 32-bit words, where the row

number “r” provides an index for the four bytes within each word. Therefore, the state

can be interpreted as a one-dimensional array of 32 bit words, which is symbolized by

w0...w3. The column number c provides an index into this linear State array.

Considering the State depicted in Figure3, the State can be considered as an array of

four words where

w0 = S0,0 S1,0 S2,0 S3,0,

w1 = S0,1 S1,1 S2,1 S3,1,

w2 = S0,2 S1,2 S2,2 S3,2

w3 =S 0,3 S1,3 S2,3 S3,3.

2.4.6 MATHEMATICAL BACKGROUND:

Every byte in the AES algorithm is interpreted as a finite field element using

the notation introduced in Section.1.1.2. All Finite field elements can be added and

multiplied. However, these operations differ from those used for numbers and their

use requires investigation.

2.4.6(A) ADDITION:

The addition of two elements in a finite field is achieved by “adding” the

coefficients for the corresponding powers in the polynomials for the two elements.

The addition is performed through use of the XOR operation, which is denoted by

the operator symbol ⊕. Such addition is performed modulo-2. In modulo-2 addition



1 ⊕ 1 = 0,

1 ⊕ 0 = 1,

0 ⊕ 1 = 1

and

0 ⊕ 0 =0.

Consequently, subtraction of polynomials is identical to addition of

polynomials. Alternatively, addition of finite field elements can be described as the

modulo-2 addition of corresponding bits in the byte. For two bytes {a7a6a5a4a3a2a1a0}

and{b7b6b5b4b3b2b1b0}, the sum is {c7c6c5c4c3c2c1c0}, where each ci = ai ⊕ bi where i

represents corresponding bits. For example, the following expressions are equivalent

to one another.

(x6 + x4 + x2 + x +1) + (x7 + x +1) = x7 + x6 + x4 + x2 (Polynomial notation)

{01010111}⊕ {10000011} = {11010100} (Binary notation)

{57}⊕{83} = {d4} (Hexadecimal notation)

2.4.6(B) MULTIPLICATION:

In the polynomial representation, multiplication in Galois Field GF (28)

(denoted by•) corresponds with the multiplication of polynomials modulo an

irreducible polynomial of degree 8. A polynomial is irreducible if its only divisors are

one and itself. For the AES algorithm, this irreducible polynomial is given by the

equation (2).

m(x) = x8 + x4 + x3 + x +1 (2)

For example, {57}•{83} = {c1} because



(x6 + x4 + x2 + x +1)(x7 + x +1) = x13 + x11 + x9 + x8 + x7 +

x7 + x5 + x3 +x2 + x +

x6 + x4 + x2 + x + 1

= x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1

x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 +1 Modulo (x8 + x4 + x3 + x +1)

= x7 + x6 +1.

The modular reduction by m(x) ensures that the result will be a binary

polynomial of degree less than 8, which can be represented by a byte. Unlike

addition, there is no simple operation at the byte level that corresponds to this

multiplication. The multiplication defined above is associative and the element {01}

is the multiplicative identity. For any non-zero binary polynomial b(x) of degree less

than 8, the multiplicative inverse of b(x), denoted b-1(x), can be found. The inverse is

found through use of the extended Euclidean algorithm to compute polynomials a(x)

and c(x) such that

b(x)a(x) + m(x)c(x) = 1. (3)

Hence, a(x) • b(x) mod m(x) = 1, which means

b−1 (x) = a(x)modm(x) (4)

Moreover, for any a(x), b(x) and c(x) in the field, it holds that

a(x) • (b(x) + c(x)) = a(x) • b(x) + a(x) • c(x) (5)

It follows that the set of 256 possible byte values, with XOR used as addition and

multiplication defined as above, has the structure of the finite field GF (28).

2.4.6(C) MULTIPLICATION BY X:



Multiplying the binary polynomial defined in equation (1) with the polynomial

x results in

b7 x8+ b6 x7+ b5 x6+ b4 x5+ b3 x4+ b2 x3+ b1 x2+ b0x1 (6)

The result x • b(x) is obtained by reducing the above result modulo m(x). If b7

equals zero the result is already in reduced form. If b7 equals one the reduction is

accomplished by subtracting the polynomial m(x). It follows that multiplication by x,

which is represented by {00000010} or {02}, can be implemented at the byte level as

a left shift and a subsequent conditional bitwise XOR with {1b}. This operation on

bytes is denoted by xtime(). Multiplication by higher powers of x can be implemented

by repeated application of xtime(). Through the addition of intermediate results,

multiplication by any constant can be implemented.

For example, {57} • {13} = {fe} because

{57} • {02} = xtime ({57}) = {ae}

{57} • {04} = xtime ({ae}) = {47}

{57} • {08} = xtime ({47}) = {8e}

{57} • {10} = xtime ({8e}) = {07},

Thus,{57} • {13} = {57} • ({01} • {02} • {10})

= {57} • {ae} • {07} = {fe}.

2.5 Polynomials with Coefficients in GF (28):

Four-term polynomials can be defined with coefficients that are finite field

elements as the following equation (7)

a(x) = a3 x3 + a2 x2+ a1 x1 + a (7)

which will be denoted as a word in the form [a0 , a1 , a2 , a3 ]. Note that the

polynomials in this section behave somewhat differently than the polynomials used in

the definition of finite field elements, even though both types of polynomials use the

same indeterminate, x. The coefficients in this section are themselves finite field

elements, i.e., bytes, instead of bits; also, the multiplication of four-term polynomials



uses a different reduction polynomial, defined below. To illustrate the addition and

multiplication operations, let

b(x) = b3 x3+ b2 x2 + b1 x1 + b (8)

define a second four-term polynomial. Addition is performed by adding the finite

field

coefficients of like powers of x. This addition corresponds to an XOR operation

between the corresponding bytes in each of the words – in other words, the XOR of

the complete word values Thus, using the equations of (7) and (8),

a( x) + b( x) = (a3⊕b3) x3 + (a2⊕b2)x2 + (a1 ⊕b1) x1 + (a0 ⊕b0)x0 (9)

Multiplication is achieved in two steps. In the first step, the polynomial product

c(x) = a(x) • b(x) is algebraically expanded, and like powers are collected to give

c(x) = c6 x6 + c 5x5 + c4 x4 + c3 x3 + c2 x2 + c1 x1 + c0x0 (10)

where

c0= a0. b0

c1= a1.b0 ⊕ a0. b1

c2=a2 .b0 ⊕ a1. b1 ⊕ a0. b2

c3= a3. b0 ⊕a2. b1 ⊕ a1. b2 ⊕ a0. b3

c4=a3 .b1⊕ a2. b2 ⊕ a0. b3

c5= a3. b2 ⊕ a2.b3

c6= a3. b3

The result, c(x), does not represent a four-byte word. Therefore, the second

step of the multiplication is to reduce c(x) modulo a polynomial of degree 4; the result

can be reduced to a polynomial of degree less than 4. For the AES algorithm, this is

accomplished with the polynomial x4 + 1, so that

xi mod(x4 +1) = ximod 4 . (11)



The modular product of a(x) and b(x), denoted by a(x) • b(x), is given by the four-

term polynomial d(x), defined as follows

d(x) = d3 x3 + d2 x2 + d1 x1 + d0 (12)

with

d0= (a0 .b0) ⊕ (a3. b1) ⊕ (a2 .b2) ⊕ (a1. b3)

d1 =(a1. b0) ⊕ (a0. b1) ⊕ (a3. b2) ⊕(a2. b3)

d2= (a2 .b0) ⊕ (a1. b1) ⊕ (a0 .b2)⊕ (a3. b3)

d3= (a3. b0) ⊕ (a2 .b1) ⊕ (a1. b2)⊕( a0. b3)

When a(x) is a fixed polynomial, the operation defined in equation (12) can be written

in matrix form as the following equation (13)

d0 a0 a3 a2 a1 b0

d1 = a1 a0 a3 a2 b1 (13)

d2 a2 a1 a0 a2 b2

d3 a3 a2 a1 a0 b3

Because x4 + 1 is not an irreducible polynomial over GF(28), multiplication by

a fixed four-term polynomial is not necessarily invertible. However, the AES

algorithm specifies a fixed four-term polynomial that does have an inverse is given by

a(x) = {03}x3 +{01}x2 +{01}x +{02 (14)

a−1 (x) = {0b}x3 +{0d}x2 +{09}x +{0e} (15)

Another polynomial used in the AES algorithm has a0 = a1 = a2 = {00} and a3 ={01},

which is the polynomial x3. Inspection of equation (13) above will show that its effect

is to form the output word by rotating bytes in the input word. This means that

[b0,b1,b2, b3] is transformed into [b1, b2, b3, b0].

2.6. ENCRYPTION PROCESS:



This block diagram is generic for aes specifications.it consists of a number of

different transformations applied consecutively over the data block bits, in a fixed

number of iterations, called rounds. The number of rounds depends on the length of

the key used for the encryption process.

A 128 bit input and output block of AES is mapped to an AES state by putting

thefirst byte of the block in the upper left corner of the matrix and by filling in the

remaining bytes column by column. A round consists of a fixed sequence of

transformations. Except for the first round and the last round,

Block diagram:

Plain text

Roundkey 1st Round

RoundkeyRepeatNr-1 Round

LastRoundkey Round

Figure 2.6:Block Diagram Of Encryption

.The other rounds are identical and consist of four transformations. The four

transformations are invertible, hence the round itself is invertibleData block


SubBytes

Shift Rows

MixColumns

AddRoundKey

SubBytes

ShiftRows

AddRoundKey

SubBytes ShiftRows Mix Columns Add Round Key

AddRoundKey


Key

Data block Figure 2.7:Structure Of The One Round

2.6.1. BYTES SUBSTITUTION TRANSFORMATION:

The bytes substitution transformation subbytes (state) is a non-linear

substitution of bytes that operates independently on each byte of the State using a

substitution table (Sbox) presented in figure7. This S-box which is invertible, is

constructed by composing two transformations

1. Take the multiplicative inverse in the finite field GF (28), described in Section

1.3.2. The element {00} is mapped to itself.

2. Apply the following affine transformation (over GF (2))

b′=bi ⊕ b (i+4)mod8⊕ b(i+5)mod8 ⊕ b(i+6)mod8 ⊕ b(i+7)mod8 ⊕ ci (16)

for 0≤ i ≤ 8 , where bi is the ith bit of the byte, and ci is the ith bit of a byte c with the

value {63} or {01100011}. Here and elsewhere, a prime on a variable (e.g., b′ )

indicates that the variable is to be updated with the value on the right. In matrix form,

the affine transformation element of the S-box can be expressed as

b0′ 1 0 0 0 1 1 1 1 b0 1 b1′ 1 1 0 0 0 1 1 1 b1 1 b2′ 1 1 1 0 0 0 1 1 b2 0 b3′ = 1 1 1 1 0 0 0 1 b3 0 b4′ 1 1 1 1 1 0 0 0 b4 0 b5′ 0 1 1 1 1 1 0 0 b5 0 b6′ 0 0 1 1 1 1 1 0 b6 1 b7′ 0 0 0 1 1 1 1 1 b7 0

Figure 2.8 Matrix Notation Of S-Box


SUBBYTES

SHIFTROWS

MIXCOLUMNS

ADDROUNDKEY


Figure 2.9. Application of S-box to the Each Byte of the State [1]

The S-box used in the Sub Bytes transformation is presented in hexadecimal

form in figure 7. For example, if =S1,1= {53}, then the substitution value would be

determined by the intersection of the row with index ‘5’ and the column with index

‘3’ in figure 7. This would result in S'1,1having a value of {ed}.

Figure 2.10. S-box Values for All 256 Combinations in Hexadecimal Format [1]

2.6.2. Shift Rows Transformation:

In the Shift Rows transformation ShiftRows( ), the bytes in the last three rows of the

State are cyclically shifted over different numbers of bytes (offsets). The first row, r

=0, is not shifted. Specifically, the ShiftRows( ) transformation proceeds as follows

S`r ,c = Sr,(c shift(r,Nb))modNb for 0< r < 4 and 0≤ c≤Nb,



Where the shift value shift(r, Nb) depends on the row number, r, as follows (Nb = 4)

Shift(1,4) = 1: Shift(2,4) = 2; Shift(3,4) = 3.

This has the effect of moving bytes to “lower” positions in the row (i.e.,lower

values of c in a given row), while the “lowest” bytes wrap around into the “top” of the

row (i.e., higher values of c in a given row). Figure 7 illustrates the ShiftRows()

transformation.

Figure 2.11. Cyclic Shift of the Last Three Rows of the State [1]

2.6.3. Mixing of Columns Transformation:

This transformation is based on Galois Field multiplication. Each byte of a

column is replaced with another value that is a function of all four bytes in the given

column. The MixColumns( ) transformation operates on the State column-by-column,

treating each column as a four-term polynomial as described in Section.1.3.4. The

columns are considered as polynomials over GF (28) and multiplied modulo x4 + 1 with

a fixed polynomial a(x), given by the following equation.

a(x) = {03}x3 +{01}x2 +{01}x1 +{02}x0.

As described in Section. 1.3.4, this can be written as a matrix multiplication. Let

S ' (x) = a(x) ⊗S(x)



S '0,c 02 03 01 01 S0,c

S '1,c 01 02 03 01 S1,c

=

S '2,c 01 01 02 03 S2,c

S '3,c 03 01 01 02 S3,c for 0 ≤ c < Nb.

As a result of this multiplication, the four bytes in a column are replaced by the

following

S '0,c =({02}. S0,c ) ⊕ ({03}.S1,c) ⊕ ({01}.S2,c) ⊕ ({01}.S3,c )

S '1,c =({01}. S0,c ) ⊕ ({02}.S1,c) ⊕ ({01}.S2,c) ⊕ ({01}.S3,c )

S '2,c =({01}. S0,c ) ⊕ ({01}.S1,c) ⊕ ({02}.S2,c) ⊕ ({03}.S3,c )

S '3,c =({03}. S0,c ) ⊕ ({01}.S1,c) ⊕ ({01}.S2,c) ⊕({02}.S3,c )

Figure 2.12. Mixing of Columns of the State [1]

Understanding Of Calculations For Mix-Columns

For detailed understanding of calculations for mix-columns is as follows

The mix columns theory is calculated using this formula[1]:

r0 2 3 1 1 a0

r1 = 1 2 3 1 a1

r2 1 1 2 3 a2

r3 3 1 1 2 a3



where r0, r1, r2 and r3 are the results after the transformation. a0 – a3 can be obtain

from the matrix after the data undergoes substitution process in the S-Boxes.

Let's take this example:

a0-a3 r0-r3

02 03 01 01 01 02 03 01 =

01 01 02 03 03 01 01 02

In this example, a0 – a3 is equals to d4 – 30 and r0 – r3 is equals to 04 – e5.

note that in this it still follows the matrix multiplication rules: row x column.

Currently the matrix size looks like this:

[4 x 1] . [4 x 4] ≠ [4 x 1]

Remember matrix idea of multiplication, to obtain [4 x 1], then the formula to be

[4 x 4] . [4 x 1] = [4 x 1]

Therefore to switch matrices over.

02 03 01 01 01 02 03 01 x = 01 01 02 03 03 01 01 02

To calculate the results, multiply the rows with the column. Firstly, take the

first row of the first matrix and multiply the values with a's values.


d4

Bf

5d

30

04

66

81

e5

04

66

81

e5

d4

bf

5d

30


To get the r0 value, the formula goes like this:

r0 = {02.d4} + {03.bf} + {01.5d} + {01.30}

But when calculating directly go into the steps one at a time.

1. {02.d4}

Now converting d4 to binary. d4 is a byte so when using the Calculator

change it to byte under Hex mode.

d4 = 1101 0100

Now d4 is exactly 8 bits. In the case where never get a 8 bits long characters

such as 25 in Hex (converted: 100101), pad on with 0 in the front of the result until 8

characters of 1's and 0's. (25 ends up with 0010 0101)

Now another thing to remember, there is a rule established in the

multiplication of the values as written in the book, Cryptography and Network

Security[2], that multiplication of a value by x (ie. by 02) can be implemented as a 1-

bit left shift followed by a conditional bitwise XOR with (00011011) if the leftmost

bit of the original value (before the shift) is 1. now implement the rule in the

calculation.

{d4}.{02} = 1101 0100 << 1 (<< is left shift, 1 is the number of shift done, pad on

with 0's)

= 1010 1000 XOR 0001 1011 (because the leftmost is a 1 before shift)

= 1011 0011 (ans)

Calculation:

1010 1000

0001 1011 (XOR)

1011 0011

Now do the same for next set of values, {03.bf}

2. {03.bf}



Similarly, convert bf into binary:

bf = 1011 1111

In this case, multiply 03 to bf. split 03 up in its binary form.

03 = 11

= 10 XOR 01

It is now able to calculate the result.

{03} . {bf} = {10 XOR 01} . {1011 1111}

= {1011 1111 . 10} XOR {1011 1111 . 01}

= {1011 1111 . 10} XOR {1011 1111}

(Because {1011 1111} x 1[in decimal] = 1011 1111)

= 0111 1110 XOR 0001 1011 XOR 1011 1111

= 1101 1010 (ans)

{01.5d} and {01.30} is basically multiplying 5d and 30 with 1(in decimal) which end

up with the original values. There isn't a need to calculate them using the above

method. But its is not needed to convert values to binary form.

5d = 0101 1101

30 = 0011 0000

Now, add those values together. As the values are in binary form, addition will be

using XOR.

r0 = {02.d4} + {03.bf} + {01.5d} + {01.30}

= 1011 0011 XOR 1101 1010 XOR 0101 1101 XOR 0011 0000

= 0000 0100

= 04 (in Hex)

Now for the next row.



r1 = {01.d4} + {02.bf} + {03.5d} + {01.30}

1. {02.bf}

{bf} . {02} = 1011 1111 << 1

= 0111 1110 XOR 0001 1011

= 0110 0101

2. {03.5d}

{5d} . {03} = {0101 1101. 02} XOR { 0101 1101}

= 1011 1010 XOR 0101 1101

= 1110 0111

Therefore,

r1 = {01.d4} + {02.bf} + {03.5d} + {01.30}

= 1101 0100 XOR 0110 0101 XOR 1110 0111 XOR 0011 0000

= 0110 0110

= 66 (in Hex)

second values are obtained, 66. Do the same for the rest and will get all the results.

2.6.4 Addition of Round Key Transformation

In the Addition of Round Key transformation AddRoundKey( ), a Round Key is

added to the State by a simple bitwise XOR operation. Each Round Key consists of

Nb words from the key schedule generation (described in following section 2.6).

Those Nb words are each added into the columns of the State, such that

[S'0,c , S'1,c , S'2,c , S'3,c ] = [S0,c ,S1,c,S2,c ,S3,c ] ⊕ [Wround ⊕ Nb] for 0 ≤ c<Nb



Figure 2.13. Exclusive-OR Operation of State and Cipher Key Words [1]

where [wi] are the key generation words described in chapter 3, and round is a value

in the range in the Encryption, the initial Round Key addition occurs when round = 0,

prior to the first application of the round function. The application of the

AddRoundKey ( ) transformation to the Nr rounds of the encryption occurs when 1 ≤

round ≤ Nr. The action of this transformation is illustrated in figure10, where l =

round * Nb. The byte address with in words of the key schedule was described in

Section1.2.1.

2.6.5 Key Schedule Generation

Each round key is a 4-word (128-bit) array generated as a product of the previous

round key, a constant that changes each round, and a series of S-Box (figure6)

lookups for each 32-bit word of the key. The first round key is the same as the

original user input. Each byte (w0 - w3) of initial key is XOR’d with a constant that

depends on the current round, and the result of the S-Box lookup for wi, to form the

next round key.

Key length(nk words)

Block size(nb word)

Number of Rounds(nr)

AES-128 4 4 10

AES-192 6 4 12

AES-256 8 4 14

Table 2.3. Key-Block- Round Combinations [1]



The Key schedule Expansion generates a total of Nb(Nr + 1) words: the algorithm

requires an initial set of Nb words, and each of the Nr rounds requires Nb words of

key data. The resulting key schedule consists of a linear array of 4-byte words,

denoted [wi], with i in the range 0 ≤ i < Nb(Nr + 1).

Prior to encryption or decryption the key must be explanded.the expanded key

is used in the add round key function. Each time the add round key function is called a

different part of the expanded key is XORed against the state. In order for this to work

the expanded key must be large enough so that it can provide key material for every

time the add round key function is executed. The add round key function gets called

for each round as well as one extra time at the beginning of the algorithm.

Therefore the size of the expanded key will always be equal to:

The 16 in the above function is actually the size of the block in bytes.tis provides key

material for every byte in the block during every round +1.

Since the key size is much smaller than the size of the sub keys,the key is actually

“streached out” to provide enough key space for the algorithm.

The key expansion routine executes a maximum of 4 consecutive

functions.these functions are:

ROT WORDSUB WORD RCON

An iteration of the above steps is caller a round.the amount of rounds of the

key expansion depends on the key size.

Key

size

(bytes)

Block

size

(bytes)

Expansion

algorithm

rounds

Expanded

bytes /

round

Rounds

key copy

Rounds

key

expansion

Expanded

key

(bytes)

16 16 44 4 4 40 176

24 16 52 4 6 46 208

32 16 60 4 8 52 240

Table 2.4 Representation Of AES-128, AES-192,AES-256 Bit Block Size, Expansion Algorithm, Round Key Copy, Round Key



The first bytes of the expanded keys are always equal to the key.if the key is

16 bytes long the first 16 bytes of the expanded key will be the same as the original

key. If the key size is 32 bytes then the first 32 bytes of the expanded key will be the

same as the original key.

Each round adds 4 bytes to the expanded key. With the exception of the first

rounds each round also takes the previous rounds 4 bytes as input operates and returns

4 bytes.

One more important note is that not all of the 4 functions are always called

in each round. The algorithm only calls all 4 of the functions every

4 rounds for 16 bytes key



The rest of the rounds only a k function result is XORed with the result of the

EK function. There is an exception of this rule where if the key is 32 bytes long an

additional call to the sub word function is called every 8 rounds starting on the 13 th

round.

Rijndael’s key schedule utilizes a number of operations, which will be

described before describing the key schedule.

ROTATE

The rotate operation takes a32 bit word like this (in hexa decimal):

1d2c3a4f

And rotates it eight bits to left:

2c3a4f1d



RCON

Rcon is what the rijndael documentation calls the exponentiation of 2 to a

user-specified values. Note that this operation is not performed with regular integers,

but in rijndael’s finite field. In polynomial form , 2 is 2 =00000010 =0x7 + 0x6 + 0x5 +

0x4 + 0x3 + 0x2 + 1x1 + 0x0 = x, and compute

rcon(i) =x(254+i)

in F28 or equivalently,

rcon(i) =x(254+i) mod x8 + x4 +x3 +x1 +1

in F2.

For example, the rcon(1)=1,the rcon(2)=2, the rcon(3)=4,and the rcon (9) is

the hexadecimal number 0x1b(27 decimal).

The below is rcon table for encryption process

Table 2.5 rcon table in encryption process


01 02 04 08 10 20 40 80 1B 36

00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00


CHAPTER – 3

IMPLEMETATION

3.AES ENCRYPTION PROCESS:

3.1.1 ENCRYPTION IMPLEMENTATION: VHDL is used as the hardware description language because of the

flexibility to exchange among environments. The code is pure VHDL that could

easily be implemented on other devices, without changing the design. The software

used for this work is Xilinx ISE 8.1i. This is used for writing, debugging and

optimizing efforts, and also for fitting, simulating and checking the performance

results using the simulation tools available on Xilinx ISE design software.

3.1.2 STEPS FOLLOWED IN ENCRYPTION PROCESS:


i >1

Invsubbytes(state)

Invshiftrows(state)

Addroundkey(state,roundkey)

i=i-1

Addroundkey (state, roundkey)

i=Nr

Key

Sch

edu

le

Invsubbytes (state)

Invshiftrows (state)

Invmixcolumns (state)

Addroundkey(State,Roundkey)


Figure 3.1:Flow Chart Representation For AES Decryption Process

3.1.3. ADD ROUND KEY:

Add round key is an XOR between the state and the round key. this

transformation is its own inverse. AES operation-add round key.

Each byte of the round key is XORed with the corresponding byte in the state

table inverse operation is identical since XOR a second time returns the

original values XOR each byte of the round key with the state table def

addroundkey(state,roundkey):for i in range(len(state)):state[i]^roundkey[i]

3.1.4.SUB BYTES:

sub byte is a substitute of each byte in the block independent of the

position in the state. This is an s-box. This is the non-linear transformation. The

s-box used is proved to be optimal with regards to non-linearity. The s-box is

based on arithmetic in GF(28).

AES operation –sub bytes

Each byte of the state table is substituted with the values in the

s-box whose index is the value of the state table byte. Provide non-

linearity(algorithm not equal to the sum of its parts)

3.1.5. SHIFT ROWS:

Shift rows is a cyclic shift of the bytes in the rows in the state and is clearly

invertible (by a shift in the opposite direction by the same amount).

AES operation –shift rows

Each row in the state table is shifted left by the number of bytes

represented by the row number.

3.1.6. MIX COLUMNS:

Linear mixing layer (shift row and mix column) which guarantees high

diffusion. Non linear s boxes protects against linear and differential cryptanalysis.

AES operation –mix columns

Mix columns is performed by multiplying each column (within

the galois finite filed).



3.1.7. KEY EXPANSION:

AES-expansion operations

AES key expansion consists of several primitive operations:

Rotate – takes a 4-byte word and rotates everything one byte to

the left, e.g.rotate([1,2,3,4])[2,3,4,1]

Sub bytes-each byte of the word is substituted with the value in

the s-box whose index is the value of the original byte

Rcon-the first byte of a word is XORed with the round

constant. Each value of the rcon table is a member of the rijndael

finite field.

3.1.8.KEY SCHEDULE CORE:

This operation is used as an inner loop in the key schedule, and is done thus:

The input is a 32-bit word and an iteration number i. The output

is a 32-bit word.

Copy the input over to the output.

Use the above described rotate operation to rotate the output

eight bits to the left.

Apply rijndael’s s-box on all four individual bytes in the output

word

On just the first(leftmost) byte of the output word,exclusive or

the byte with 2 to the power of(i-1). In other words,perform the

rcon operation with i as the input,and exclusive or the rcon

output with the first byte of the output word.

3.1.9.CONSTANTS:

Since the key schedule for 128-bit, 192-bit, and 256-bit encryption are very

similar, with only some constants changed, the following key size constants are

defined here



N has a value of 16 for 128-bit keys,24 for 192-bit keys, and 32 for 256-bit

keys has a value of 176 for 128-bit keys,208 for 192-bit keys, and 240 for 256-bit

keys.

CHAPTER - 4

RESULTS AND DISCUSIONS

VHDL CODE FOR AES ENCRYPTION

PACKAGE

-Package File Template

--Purpose: This package defines supplemental types, subtypes,

constants, and functions

library IEEE;

use IEEE.STD_LOGIC_1164.all;

use IEEE.STD_LOGIC_ARITH.ALL;

use IEEE.STD_LOGIC_UNSIGNED.ALL;

package aesencrypt is

type ROM_Array is array (0 to 255) of std_logic_vector(7 downto 0);

constant Content_EN: ROM_Array := (

b"01100011", b"01111100", b"01110111", b"01111011", b"11110010",

b"01101011", b"01101111", b"11000101", b"00110000", b"00000001",

b"01100111", b"00101011", b"11111110", b"11010111", b"10101011",

b"01110110",

b"11001010", b"10000010", b"11001001", b"01111101", b"11111010",

b"01011001", b"01000111", b"11110000", b"10101101", b"11010100",

b"10100010", b"10101111", b"10011100",

b"10100100",b"01110010",b"11000000",

b"10110111", b"11111101", b"10010011", b"00100110", b"00110110",

b"00111111", b"11110111", b"11001100", b"00110100", b"10100101",



b"11100101", b"11110001", b"01110001", b"11011000", b"00110001",

b"00010101",

b"00000100", b"11000111", b"00100011", b"11000011", b"00011000",

b"10010110", b"00000101", b"10011010", b"00000111", b"00010010",

b"10000000", b"11100010", b"11101011", b"00100111", b"10110010",

b"01110101",

b"00001001", b"10000011", b"00101100", b"00011010", b"00011011",

b"01101110", b"01011010", b"10100000", b"01010010", b"00111011",

b"11010110", b"10110011", b"00101001", b"11100011", b"00101111",

b"10000100",

b"01010011", b"11010001", b"00000000", b"11101101", b"00100000",

b"11111100", b"10110001", b"01011011", b"01101010", b"11001011",

b"10111110", b"00111001", b"01001010", b"01001100", b"01011000",

b"11001111",

b"11010000", b"11101111", b"10101010", b"11111011", b"01000011",

b"01001101", b"00110011", b"10000101", b"01000101", b"11111001",

b"00000010", b"01111111", b"01010000", b"00111100", b"10011111",

b"10101000",

b"01010001", b"10100011", b"01000000", b"10001111", b"10010010",

b"10011101", b"00111000", b"11110101", b"10111100", b"10110110",

b"11011010", b"00100001", b"00010000", b"11111111", b"11110011",

b"11010010",

b"11001101", b"00001100", b"00010011", b"11101100", b"01011111",

b"10010111", b"01000100",b"00010111", b"11000100", b"10100111",

b"01111110", b"00111101", b"01100100", b"01011101", b"00011001",

b"01110011",

--60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db

--e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79

--e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08

--ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a

--70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e

--e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df

--8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16



b"01100000", b"10000001", b"01001111", b"11011100",b"00100010",

b"00101001", b"10010000",b"10001000",b"01000110",b"11101110",

b"10111000", b"00010100", b"11011110", b"01011110", b"00001011",

b"11011011",

b"11100000",b"00110010",b"00111010",b"00001010",b"01001001",b"0000

0110",b"00100100",b"01011100",b"11000010",b"11010011",b"10101100",b"

01100010",b"10010001",b"10010101",b"11100100",b"01111001",

b"11100111",b"11001000",b"00110111",b"01101101",b"10001101",b"1101

0101",b"01001110",b"10101001",b"01101100",b"01010110",b"11110100",b"

11101010",b"01100101",b"01111010",b"10101110",b"00001000",

b"10111010",b"01111000",b"00100101",b"00101110",b"00011100",b"1010

0110",b"10110100",b"11000110",b"11101000",b"11011101",b"01110100",b"

00011111",b"01001011",b"10111101",b"10001011",b"10001010",

b"01110000",b"00111110",b"10110101",b"01100110",b"01001000",b"0000

0011",b"11110110",b"00001110",b"01100001",b"00110101",b"01010111",b"

10111001",b"10000110",b"11000001", b"00011101",b"10011110",

b"11100001",b"11111000",b"10011000",b"00010001",b"01101001",b"1101

1001",b"10001110",b"10010100",b"10011011",b"00011110",b"10000111",b"

11101001",b"11001110" ,b"01010101",b"00101000",b"11011111",

b"10001100",b"10100001",b"10001001",b"00001101",b"10111111",b"1110

0110" ,b"01000010",b"01101000",b"01000001",b"10011001",b"00101101",b

"00001111",b"10110000",b"01010100",b"10111011",b"00010110",

others => B"00000000");

function subword(op1: in std_logic_vector(31 downto 0)) return

std_logic_vector;

function subword_128(op1: in std_logic_vector(127 downto 0))

return std_logic_vector ;

function rotword(op1 : in std_logic_vector(31 downto 0)) return

std_logic_vector;

function keygen(op1 : in std_logic_vector(127 downto 0)) return

std_logic_vector;

function matrixmul(op1,op2 : in std_logic_vector(127 downto 0))

return std_logic_vector;



function To_init(op2 : in std_logic_vector(7 downto 0))return integer;

function gfmul(op1,op2 : in std_logic_vector(7 downto 0)) return

std_logic_vector;

function shiftrow(op1: in std_logic_vector(127 downto 0))return

std_logic_vector;

function encryption(en_input1:in std_logic_vector(1535 downto 0))

return std_logic_vector;

end aesencrypt;

package body aesencrypt is

-- Example 2

function matrixmul(op1,op2 : in std_logic_vector(127 downto 0))

return std_logic_vector is

variable output : std_logic_vector(127 downto 0);

variable temp1,temp2,temp3,temp4,element : std_logic_vector(7 downto 0);

begin

--(1,1) 1

temp1:=gfmul(op1(127 downto 120),op2(127 downto 120));

temp2:=gfmul(op1(119 downto 112) , op2(95 downto 88));



element:=temp1 xor temp2;

element:=element xor temp3;


output(127 downto 120):=element;

--(1,2) 2









--(1,3) 3











--(1,4) 4









--(2,1) 5









--(2,2) 6











--(2,3) 7









--(2,4)









--(3,1) 9









--(3,2) 10











--(3,3) 11









--(3,4) 12









--(4,1) 13









--(4,2) 14











--(4,3) 15









--(4,4) 16









return output;

end matrixmul

function To_init(op2 : in std_logic_vector(7 downto 0))return integer is

variable output:integer RANGE 0 to 255;

--variable output : std_logic_vector(7 downto 0);

begin

output:=0;

if(op2(0)='1')then

output:=output+1;

end if;



if(op2(1)='1')then

output:=output+2;

end if;

if(op2(2)='1')then

output:=output+4;

end if;

if(op2(3)='1')then

output:=output+8;

end if;

if(op2(4)='1')then

output:=output+16;

end if;

if(op2(5)='1')then

output:=output+32;

end if;

if(op2(6)='1')then

output:=output+64;

end if;

if(op2(7)='1')then

output:=output+128;

end if;

return output;

end To_init;

function gfmul(op1,op2 : in std_logic_vector(7 downto 0))return

std_logic_vector is

variable temp : std_logic_vector(15 downto 0):="0000000000000000";

variable output : std_logic_vector(7 downto 0):="00000000";

variable poly : std_logic_vector(8 downto 0):="100011011";

begin

for i in 0 to 7 loop

if(op1(7-i)='1')then

temp((14-i)downto(7-i)):=temp((14-i)downto(7-i)) xor op2;

end if;

end loop;



for i in 0 to 7 loop

if(temp(15-i)='1')then

temp((15-i)downto (7-i)):=temp((15-i)downto (7-i)) xor poly;

end if;

end loop;

output:=temp(7 downto 0);

return output;

end gfmul;

function keygen(op1 : in std_logic_vector(127 downto 0)) return

std_logic_vector is

variable temp_output : std_logic_vector(1407 downto 0);

variable afterrotword,aftersubword,afterrcon,keyout: std_logic_vector(31

downto 0);

begin

temp_output(1407 downto 1280):=op1;

keyout:=op1(31 downto 0);

----------------------------stage 1----------------------------------------------

afterrotword:=rotword(keyout);

aftersubword:=subword(afterrotword);

afterrcon:="00000001000000000000000000000000";

afterrcon:=afterrcon xor aftersubword;

keyout:=afterrcon xor temp_output(1407 downto 1376); --0

temp_output(1279 downto 1248):=keyout; --4

keyout:=keyout xor temp_output(1375 downto 1344); --1






keyout:=keyout xor temp_output(1311 downto 1280);--3


--------------------------------stage 2----------------------------------------



afterrcon:="00000010000000000000000000000000";










-----------------------------stage 3-------------------------------------------



afterrcon:="00000100000000000000000000000000";












-----------------------------stage 4------------------------------------------------



afterrcon:="00001000000000000000000000000000";












-------------------------------stage 5---------------------------



afterrcon:="00010000000000000000000000000000";










----------------------------------stage 6-----------------------------------------



afterrcon:="00100000000000000000000000000000";












-------------------------stage 7--------------------------------------------------



afterrcon:="01000000000000000000000000000000";










---------------------------------------stage 8

-----------------------------------------------





afterrcon:="10000000000000000000000000000000";










----------------------------------------stage 9

---------------------------------------------



afterrcon:="00011011000000000000000000000000";












----------------------------stage 10----------------------------------------



afterrcon:="00110110000000000000000000000000";







temp_output(63 downto 32):=keyout;



return temp_output;

end keygen;

function rotword(op1: in std_logic_vector(31 downto 0)) return

std_logic_vector is


begin

temp_output(31 downto 24):=op1(23 downto 16);






return temp_output;

end rotword;

function subword(op1: in std_logic_vector(31 downto 0)) return

std_logic_vector is


begin

temp_output(31 downto 24):=Content_EN(conv_integer(op1(31 downto

24)));


16)));


8)));

temp_output(7 downto 0):=Content_EN(conv_integer(op1(7 downto 0)));

return temp_output;

end subword;

function subword_128(op1: in std_logic_vector(127 downto 0)) return

std_logic_vector is


begin

temp_output(127 downto 96):=subword(op1(127 downto 96));




return temp_output;

end subword_128;

function shiftrow(op1: in std_logic_vector(127 downto 0))return

std_logic_vector is

variable temp_output: std_logic_vector(127 downto 0);

begin

---1 st row----

temp_output(127 downto 96):= op1(127 downto 96);--1




temp_output(63 downto 56):= op1(63 downto 56); --9


----2nd row-----





----3 rd row-----

temp_output(111 downto 104):= op1(47 downto 40);




-------4th row-------





return temp_output;

end shiftrow

function encrpytion(en_input1:in std_logic_vector(1535 downto 0)) return

std_logic_vector is

variable temp_output,temp1,temp2,temp3,temp4 : std_logic_vector(127

downto 0);

variable mixmat: std_logic_vector(127 downto

0):="0000001000000001000000010000001100000011000000100000000100

00000100000001000000110000001000000001000000010000000100000011

00000010";

begin



--------------------step 1---------------------------------------

temp1:=en_input1(1535 downto 1408) xor en_input1(1407 downto 1280);

-------------------step2 ---------------------------------------------

temp2:=subword_128(temp1);

temp3:=shiftrow(temp2);

temp4:=matrixmul(temp3,mixmat);

temp1:=temp4 xor en_input1(1279 downto 1152);

--------------------step3 ------------------------------------------------





--------------------step4 ------------------------------------------------





--------------------step5 ------------------------------------------------





--------------------step6 ------------------------------------------------







--------------------step7 ------------------------------------------------





--------------------step8 ------------------------------------------------




temp1:=temp4 xor en_input1(511 downto 384)

--------------------step9 ------------------------------------------------





--------------------step10 ------------------------------------------------





--------------------step11 ------------------------------------------------



--temp4:=matrixmul(temp3,mixmat,);


return temp1;

end encryption;

MAIN CODE ----------------------------------------------------------------------------------

-- Company:

-- Engineer:

-- Create Date: 11:49:45 10/16/2012

----------------------------------------------------------------------------------



library IEEE;

use IEEE.STD_LOGIC_1164.ALL;

use IEEE.STD_LOGIC_ARITH.ALL;

use IEEE.STD_LOGIC_UNSIGNED.ALL;

use work.aesencrypt.all;

-- Uncomment the following lines to use the declarations that are

-- provided for instantiating Xilinx primitive components.

--library UNISIM;

--use UNISIM.VComponents.all;

entity encryption11 is

Port ( input_ENCRYPTION :in std_logic_vector(127 downto 0);

input_KEY:in std_logic_vector(127 downto 0);

out_KEYS: out std_logic_vector(1407 downto 0);

output_ENCRYPTION: out std_logic_vector(127 downto 0);

clk : in std_logic);

end encryption11;

architecture Behavioral of encryption11 is

begin

process(clk,input_ENCRYPTION)

variable x1 : std_logic_vector(1535 downto 0);



begin

if(clk='1')and(clk'EVENT) then

x2:=keygen(input_KEY);

x1(1535 downto 1408):=input_ENCRYPTION;

x1(1407 downto 0):= x2;

x3:=encription(x1);

end if;

output_ENCRYPTION<=x3;

out_KEYS<=x2;

end process;

end aesencrypt;



1.2: RTL SCHEMATIC FOR ENCRYPTION:

4.2 TECHNOLOGY SCHEMATIC FOR ENCRYPTION:



4.3 SIMULATION WAVE FORM FOR AES ENCRYPTION:



plain text:where are you ra (57484552452041524520594f55205241)this is ascii value key:howareyounow.(484f572041524520594f55204e4f572e)cipher text : 17029EEB2EEAC4EA0E7C265902375C2F

4.4 SYNTHESIS REPORT SCMATIC FOR AES ENCRYPTION

=============================================================

============



* Final Report *

=============================================================

============

Final Results

RTL Top Level Output File Name : encryption.ngr

Top Level Output File Name : encryption

Output Format : NGC

Optimization Goal : Speed

Keep Hierarchy : NO

Design Statistics

# IOs : 258

Cell Usage :

# BELS : 47282

# GND : 1

# INV : 182

# LUT1 : 164

# LUT2 : 1776

# LUT2_L : 111

# LUT3 : 231

# LUT3_D : 8

# LUT3_L : 609

# LUT4 : 22881

# LUT4_D : 14

# LUT4_L : 273

# MUXF5 : 11338

# MUXF6 : 5698

# MUXF7 : 2839

# MUXF8 : 1156

# VCC : 1

# FlipFlops/Latches : 2784

# FD : 2626

# FDE : 129



# FDR : 26

# FDS : 3

# Shift Registers : 11

# SRL16 : 11

# Clock Buffers : 1

# BUFGP : 1

# IO Buffers : 256

# OBUF : 256

=============================================================

============

Device utilization summary:

---------------------------

Selected Device : 3s500efg320-5

Number of Slices: 14517 out of 4656 311% (*)

Number of Slice Flip Flops: 2784 out of 9312 29%

Number of 4 input LUTs: 26260 out of 9312 282% (*)

Number used as logic: 26249

Number used as Shift registers: 11

Number of IOs: 258

Number of bonded IOBs: 257 out of 232 110% (*)

Number of GCLKs: 1 out of 24 4%

WARNING:Xst:1336 - (*) More than 100% of Device resources are used

---------------------------

Partition Resource Summary:

---------------------------

No Partitions were found in this design.

---------------------------



=============================================================

============

TIMING REPORT

NOTE: THESE TIMING NUMBERS ARE ONLY A SYNTHESIS ESTIMATE.

FOR ACCURATE TIMING INFORMATION PLEASE REFER TO THE

TRACE REPORT

GENERATED AFTER PLACE-and-ROUTE.

Clock Information:

------------------

-----------------------------------+------------------------+-------+

Clock Signal | Clock buffer(FF name) | Load |

-----------------------------------+------------------------+-------+

clk | BUFGP | 2795 |

-----------------------------------+------------------------+-------+

Asynchronous Control Signals Information:

----------------------------------------

No asynchronous control signals found in this design

Timing Summary:

---------------

Speed Grade: -5

Minimum period: 6.654ns (Maximum Frequency: 150.280MHz)

Minimum input arrival time before clock: No path found

Maximum output required time after clock: 4.040ns

Maximum combinational path delay: No path found

Timing Detail:

--------------



All values displayed in nanoseconds (ns)

=============================================================

============

Timing constraint: Default period analysis for Clock 'clk'

Clock period: 6.654ns (frequency: 150.280MHz)

Total number of paths / destination ports: 591072 / 2926

-------------------------------------------------------------------------

Delay: 6.654ns (Levels of Logic = 7)

Source: a35/x05_15 (FF)

Destination: a39/x05_109 (FF)

Source Clock: clk rising

Destination Clock: clk rising

Data Path: a35/x05_15 to a39/x05_109

Gate Net

Cell:in->out fanout Delay Delay Logical Name (Net Name)

---------------------------------------- ------------

FD:C->Q 11 0.514 0.796 a35/x05_15 (a35/x05_15)

LUT4:I3->O 3 0.612 0.481 a36/h1<12>_SW0 (N1659)

LUT4:I2->O 125 0.612 1.128 Mxor_data9_Result<12>1 (data9<12>)

LUT4:I2->O 1 0.612 0.000 a38/s2/Mrom_sbout1 (a38/s2/Mrom_sbout)

MUXF5:I1->O 1 0.278 0.000 a38/s2/Mrom_sbout_f5

(a38/s2/Mrom_sbout_f5)





MUXF8:I1->O 1 0.451 0.000 a38/s2/Mrom_sbout_f8 (sb9<8>)

FD:D 0.268 a39/x05_104

----------------------------------------

Total 6.654ns (4.249ns logic, 2.405ns route)

(63.9% logic, 36.1% route)



=============================================================

============

Timing constraint: Default OFFSET OUT AFTER for Clock 'clk'

Total number of paths / destination ports: 128 / 128

-------------------------------------------------------------------------

Offset: 4.040ns (Levels of Logic = 1)

Source: eout_127 (FF)

Destination: eout<127> (PAD)

Source Clock: clk rising

Data Path: eout_127 to eout<127>

Gate Net

Cell:in->out fanout Delay Delay Logical Name (Net Name)

---------------------------------------- ------------

FDE:C->Q 1 0.514 0.357 eout_127 (eout_127)

OBUF:I->O 3.169 eout_127_OBUF (eout<127>)

----------------------------------------

Total 4.040ns (3.683ns logic, 0.357ns route)

(91.2% logic, 8.8% route)

Total REAL time to Xst completion: 359.00 secs

Total CPU time to Xst completion: 359.06 secs

Total memory usage is 302972 kilobyte

Number of errors : 0 ( 0 filtered)

Number of warnings : 376 ( 0 filtered)

Number of infos : 34 ( 0 filtered)

CHAPTER - 5

SUMMARY



5.1. PROJECT SUMMARY:

The Advanced Encryption Standard (AES) is a security standard that

became effective on May 26,2002 by NIST to replace DES. the cryptography

scheme is asymmetric block cipher that encrypts and decrypts 128-bit blocks of

data lengths of 128,192 and 256 bits are standard key lengths used by AES.

Plain text refers to the data to be encrypted. Cipher text refers to the

data after going through the cipher as well as the data that will be going into the

decipher. The state is an intermediate form of the cipher or deciphers result

usually displayed as a rectangular table of bytes with 4 rows and 4 columns

The first stage “subbytes” transformation a non-linear byes substitution

for each byte of the block. The second stage”shiftrows” transformation cyclically

shifts(permutes) the bytes within the block. The third stage”mixcolumns”

transformation groups 4-bytes together forming 4-term polynomials and

multiplies the polynomials with a fixed polynomial mod(X4+1).The fourth

stage”add roundkey”transformation adds the round key with the block of data.

The decipher is simply the inverse of cipher

The algorithm consists of four stages that make up a round which is

iterated 10 times for a 128-bit length key, 12 times for 192-bit key and 14 times

for a 256-bit key

5.2. CONCLUSION:

The main advantage with the Advanced Encryption Standard is to

maintain the secret communication between the Encryption and Decryption. It

is the symmetric key encryption algorithm. This reduces the complexity of the



Encrypt and Decrypt the data. Cipher key is same for both the Encryption and

Decryption process VHDL code is used to develop the implementation of

Encryption and Decryption process. Each program is tested with the some of

the sample vectors provided by NIST and output results are perfect with

minimal delay. In the case of 192,256-bit key algorithm, it requires 192,256-bit

plain text and 128-bit cipher key.

AES is important to understand the using the algorithm, it will greatly

increase the reliability and safety of software systems. Therefore, AES can

indeed be implemented with reasonable efficiency on an FPGA, with the

encryption and decryption taking an average of 320 and 340 ns respectively

(for every 128 bits).

The time varies from chip to chip and the calculate delay time can only

be regarded as approximate. Adding data pipelines and some parallel

combinational logic in the key scheduler and round calculator can further

optimize this design.There is currently no evidence that AES has any weakness

making any attack other than exhaustive search.

Even AES-128 bit offers a sufficiently large number of possible keys,

making an exhaustive search impractical for many decades, provided no

technological breakthrough causes the computational power available to

increase dramtically and that theoretical research does not find a short cut to

bypass the need for exhaustive search. There are many pitfalls to avoid when

encryption is implemented and keys are generated.

It is necessary to ensure each and every implementations security, an

important correctly implemented AES-128 is likely to protect against a million

dollar budget for at least 50-60 years and against individual budgets for at least

another ten years.

5.3. SCOPE OF EXPANSION :

This algorithm is also implemented with the 192,256-bit keys.



By using with this design we are also implemented as a crypto-

processor for secret communication.

This algorithm is also used to implement as crypto processor

for smartcard

performance, efficiency, implementability, and flexibility are

extended by using efficient techniques.

Large amount of data can be transmitted by extending block

sizes.

REFERENCES

[1] FIPS 197, “Advanced Encryption Standard (AES)”, November 26, 2001



http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

[2] J. Daemen and V. Rijmen, “AES Proposal: Rijndael”, AES Algorithm

Submission,

September 3, 1999

http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip

[3] “FPGA Simulations of Round 2 Advanced Encryption Standards”

http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/presentations/elbirt.pdf.

[4] http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm

[5] Tilborg, Henk C. A. van. “Fundamentals of Cryptology: A Professional Reference

and Interactive Tutorial”, New York Kluwer Academic Publishers, 2002

[6] Peter J. Ashenden, “The student’s Guide to VHDL”, 2nd Edition, San Francisco,

CA, Morgan Kaufmann, 2002

References:understanding mix columns

[7 Wikipedia – Rijndael mix columns, [Online]

Available: http://en.wikipedia.org/wiki/Rijndael_mix_columns

[8] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) –

Multiplication,

in Cryptography and Network Security: Principles and Practices, Page 125 – 126.

References:understanding inverse mix columns

[9] William Stalling (2006), Chapter 4.6 Finite Fields of the Form GF(2n) –

Multiplication,

in Cryptography and Network Security: Principles and Practices, Page 125 – 126.

[10] Kit Choy Xintong (2009), Understanding AES Mix-Columns Transformation

Calculation

[Available]Online:

http://sites.google.com/site/kitworldoftheory/Home/mixcolumns.pdf?


http://en.wikipedia.org/wiki/Rijndael_mix_columns

http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm

http://csrc.nist.gov/CryptoToolkit/aes/round2/conf3/presentations/elbirt.pdf

http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip

http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf


attredirects=0

[11] AES page available via http://www.nist.gov/CryptoToolkit.4

[12] Computer Security Objects Register (CSOR): http://csrc.nist.gov/csor/.

[13] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES AlgorithmSubmission, September 3, 1999, available at [1].[14] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research andApplications, LNCS 1820, Springer-Verlag, pp. 288-296.

[15] B. Gladman’s AES related home pagehttp://fp.gladman.plus.com/cryptography_technology/.

[16] A. Lee, NIST Special Publication 800-21, Guideline for ImplementingCryptography in the Federal Government, National Institute of Standards andTechnology, November 1999.

[17] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of AppliedCryptography, CRC Press, New York, 1997, p. 81-83.

[18] J. Nechvatal, ET. al., Report on the Development of the Advanced EncryptionStandard (AES), National Institute of Standards and Technology, October 2, 2000,available at [1].

[19]^ Vincent Rijmen (2010). "Practical-Titled Attack on AES-128 Using Chosen-

Text Relations".

[20]^ Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger

(2011). "Biclique Cryptanalysis of the Full AES".

[21]^ a b "Index of formal scientific papers". Cr.yp.to. Retrieved 2008-11-02.

[22]^ Bruce Schneier. "AES Timing Attack". Archived from the original on 12

February 2007. Retrieved 2007-03-17.

[23]^ Dag Arne Osvik1; Adi Shamir2 and Eran Tromer2 (2005-11-20) (PDF). Cache

Attacks and Countermeasures: the Case of AES. Retrieved 2008-11-02.


http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf

http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-26

http://web.archive.org/web/20070212015727/http:/www.schneier.com/blog/archives/2005/05/aes_timing_atta_1.html

http://www.schneier.com/blog/archives/2005/05/aes_timing_atta_1.html


http://cr.yp.to/papers.html#cachetiming

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-bernstein_timing_24-1

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-bernstein_timing_24-0

http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf


http://eprint.iacr.org/2010/337.pdf



http://fp.gladman.plus.com/cryptography_technology/

http://csrc.nist.gov/csor/

http://www.nist.gov/CryptoToolkit.4


[24] ^ Dhiman Saha, Debdeep Mukhopadhyay, Dipanwita RoyChowdhury (PDF). A

Diagonal Fault Attack on the Advanced Encryption Standard. Archived from the

original on 22 December 2009. Retrieved 2009-12-08.

[25]^ Endre Bangerter, David Gullasch and Stephan Krenn (2010). "Cache Games –

Bringing Access-Based Cache Attacks on AES to Practice".

[26] ^ "Breaking AES-128 in realtime, no ciphertext required | Hacker News".

News.ycombinator.com. Retrieved 2012-12-23.

[27] ^ a b http://www.cnss.gov/Assets/pdf/nstissp_11_fs.pdf

[28] ^ "NIST.gov - Computer Security Division - Computer Security Resource

Center". Csrc.nist.gov. Retrieved 2012-12-23.

[29] ^ a b OpenSSL, [email protected]. "OpenSSL's Notes about FIPS

certification". Openssl.org. Retrieved 2012-12-23.

[30]^ "Performance Comparisons of the AES submissions" (PDF). 1999-02-01.

Retrieved 2010-12-28.


http://www.schneier.com/paper-aes-performance.pdf


http://openssl.org/docs/fips/fipsnotes.html

http://openssl.org/docs/fips/fipsnotes.html

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-openssl_32-1

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-openssl_32-0

http://csrc.nist.gov/groups/STM/cavp/index.html

http://csrc.nist.gov/groups/STM/cavp/index.html


http://www.cnss.gov/Assets/pdf/nstissp_11_fs.pdf

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-cnss.gov_30-1

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#cite_ref-cnss.gov_30-0

http://news.ycombinator.com/item?id=1937902





http://web.archive.org/web/20091222070135/http:/eprint.iacr.org/2009/581.pdf




Documents

AES