Upload
nur-rachmat
View
222
Download
0
Embed Size (px)
Citation preview
7/31/2019 Rijndael Final
1/23
RIJNDAEL
Arta Doci
University Of Colorado.
Email: [email protected]
7/31/2019 Rijndael Final
2/23
Topics Covered
Introduction
Characteristics of Rijndael
Algorithm and its building blocks
Mathematics behind Rijndael
Conclusion
7/31/2019 Rijndael Final
3/23
Rijndael, the Advanced Encryption Standard, is asymmetric block cipher.
It uses the same key between sender and receiverto encrypt and decrypt the message.
Speed and cost make symmetric algorithms as thealgorithm of choice for encrypting large amounts ofdata.
Rijndael = Rijmen &Daemen
7/31/2019 Rijndael Final
4/23
Characteristics of Rijndael:
Iterated block cipher
Parallel structure (based on the S-P Network model structure)
Byte Oriented
Predecessor: SQUARE.
7/31/2019 Rijndael Final
5/23
Block Cipher:
Two Principles of a good blockcipher, as defined by Claude
Shannon, are:
1.Confusion which stands forsubstitution operations.
2. Diffusion which stands fortransposition or permutation
operations.
7/31/2019 Rijndael Final
6/23
S-P Network Model (Shannon)
Divide each Block of Data intosmaller manageable pieces of the
same length.
In parallel each piece goesthrough:
Confusion (substitution): S-Box
Diffusion (Permutation): P-Box
7/31/2019 Rijndael Final
7/23
INPUT(Block of Plaintext, Key):Divide plaintext into blocks of length 1(byte) * 16, thus creating
a 4 X 4 matrix, i.e. the STATE matrix.
State[Row,Column]=Byte[Row+4Column]
Byte0 Byte4 Byte8 Byte12
Byte1 Byte5 Byte9 Byte13
Byte2 Byte6 Byte10 Byte14
Byte3 Byte7 Byte11 Byte15
State[0,0] State[0,1] State[0,2] State[0,3]
State[1,0] State[1,1] State[1,2] State[1,3]
State[2,0] State[2,1] State[2,2] State[2,3]
State[3,0] State[3,1] State[3,2] State[3,3]
EXAMPLE: Create State Matrix from a given
block
7/31/2019 Rijndael Final
8/23
7/31/2019 Rijndael Final
9/23
Pseudo Code (continued):
Round(State, Expanded_KEY[i])
{
Substitute_Bytes(State);
Shift_Rows(State);
Mix_Columns(State);
Add_Key(State[],Expanded_KEY[i]);
}
Last_Round (State,Expanded_KEY[Nr])
{
Substitute_Bytes(State);
Shift_Rows(State);
Add_Key(State[],Expanded_KEY[i]);
}
7/31/2019 Rijndael Final
10/23
ROUND 1ROUND 1
Last_ROUNDLast_ROUND
NrNr
Last_ROUNDLast_ROUND
NrNr
ROUND Nr - 1Nr - 1ROUND Nr - 1Nr - 1
EXTENDED_KEYEXTENDED_KEYEXTENDED_KEYEXTENDED_KEY
KEY ROUND 0
KEY ROUND 1SUB_SUB_BYTESSUB_SUB_BYTES
ADD_ROUNDKADD_ROUNDK
EYEY
ADD_ROUNDKADD_ROUNDK
EYEY
MIX_MIX_COLUMN
S
MIX_MIX_COLUMN
S
SHIFT_ROWSSHIFT_ROWSSHIFT_ROWSSHIFT_ROWS
INPUT
PLAINTEXT
ENCRYPTED DATA
EncryptionEncryption
KEY ROUND
Nr-1 ROUNDKEY
OUTPUT
SECRET KEY
RoundRound
ROUND 00ROUND 00
KEY ROUND
Nr
7/31/2019 Rijndael Final
11/23
Number of Rounds
Block size is fixed at 128 bits; key can be 128,192, or 256.
Nr is the number of rounds which is a function of
Nk(Block length divided by 32 ), and
Nb(Key length divided by 32 )
NrNr Nk4 6 8
Nb 10 12 14
7/31/2019 Rijndael Final
12/23
Expand_Key
This procedure will1.Expand the key From a cipher Key ofbytes [4][Nk] to another array of (4) *(Nb*(Nr + 1)) = 4* (10 + 1) = 44 bytes .
2.Select a round key for each round.
This procedure avoids:
1. Weak Keys by introducing asymmetry.
2. Key-related attacks(Biham)
3. Cipher keys that are partially known or thatcan be chosen by an imposter.
7/31/2019 Rijndael Final
13/23
Add_Key
Add_Key will be called
1. Once in the beginning of rounds
2. Nr-1 times in the Round
3. Once in the final round.
It just XOR-s the 16 bytes of the statewith the 16 bytes of key (for the 128 bitkey).
EXAMPLE: Add_Key illustrated.
7/31/2019 Rijndael Final
14/23
Substitute_Bytes (Non-Linear step)
Substitutes each byte of the State with a
byte from the S-Box as follows:
State [row, column] = S-BoxS-Box [state [row,column]].
S-BoxS-Box ---- MORE LATER
7/31/2019 Rijndael Final
15/23
Shift_Rows(..)
Shift_Rows
It will not change the values, but will just changetheir order.
It does a left circular shift to each row as below:
Row 0 Shift 0; Row 1 Shift 1; Row 2 Shift 2;Row 3 Shift 3;State[0,0]
State[0,1]
State[0,2]
State[0,3]
State[1,0]
State[1,1]
State[1,2]
State[1,3]
State[2,0]
State[2,1]
State[2,2]
State[2,3]
State[3,0]
State[3,1]
State[3,2]
State[3,3]
State[0,0]
State[0,1]
State[0,2]
State[0,3]
State[1,
1]
State[1,
2]
State[1,
3]
State[1,
0]
State[2,2]
State[2,3]
State[2,0]
State[2,1]
State[3,3]
State[3,0]
State[3,1]
State[3,2]
7/31/2019 Rijndael Final
16/23
Mathematics Behind Rijndael
Field Finite Field
Inverses
7/31/2019 Rijndael Final
17/23
Rijndael operates on the:
Binary Finite Field, GF(28).
FIELD. Definition and Example .
FINITE FIELD. The field with a finite number of elements.
Rijndael uses polynomial basis. Rijndael is byteoriented. Each byte, which will be stored in Hex and itwill represent a polynomial of at most degree 7:
b7X7 + b6X
6 + b5X5 + b4X
4 + b3X3 + b2X
2 + b1X1 + bo.
Example: { 1 1 0 1 01 0 0} = 0Xd4 = X7 + X6 + X4 + X2
G ( ^ )
7/31/2019 Rijndael Final
18/23
The set of all polynomials of degree at most 7 with
coefficients GF(2) and with the two defined operations:Addition: Just XOR-in
Multiplication: Shift to the left.
and modulo an irreducible polynomial.
Galois Theorem: For any prime p and integer n, there existsa field of order pn and it is unique.
Cyclic Group Theorem: GF (pn)*, i.e. multiplicative Group, iscyclic; The nonzero elements are powers of someprimitiveroot.
Example: HOW do we construct such a field? Irreducible?Primitive Root?
FINITE FIELD GF(2 ^ 8)
7/31/2019 Rijndael Final
19/23
Finding the multiplicative inverse
Multiplicative inverses in GF(256) using Look Up
Tables:
1. Example: Building Log Table.
2. Building Anti Log Table. Reverse the Logprocess {03}(06) ={55}; {06} = {03}(55) .
3. Building Inverse Table(using Log/Antilog).g (x)has as inverse g (ff ) ( x) . Example:{12}= {03} (e0), so the inverse will be g (ff ) ( e0)
= g
1f
= {aa}
7/31/2019 Rijndael Final
20/23
S-BOX
The only non-linear step
S-Box is based on the mapping: X -> X 1 ; where
X 1 represents multiplicative inverse in the fieldfield.
1. Replaces each byte with its inverse GF (28), g
(a); beside 00 mapped to itself.
2. Applies an affine transformation (a bitwisemodulo-two matrix, XOR-ed with the hexadecimal
number 63.
EXAMPLE: Lets find SRD [12]. ??
7/31/2019 Rijndael Final
21/23
Mix_Columns
Mix_Columns multiplies two numbers:
(A column that is considered as a polynomial) *(A mixing polynomial (modulo x4 + 1)) .
Mixing polynomial is{03}*x3 + {01} * x2 + {01} * x + {02}.
It should be relatively prime with the polynomial
x4
+ 1={11}=(x+1)4
,Thus, the fixed polynomial will have an inverse
(mod x4 + 1) and we can decrypt..
7/31/2019 Rijndael Final
22/23
Conclusion
Secure
Excellent resistance to knownattacks.
Elegant mathematical structure Efficient
7/31/2019 Rijndael Final
23/23
Q & A