Advance Encryption Standard
Advance Encryption Standard
Topics
Origin of AES
Basic AES
Inside Algorithm
Final Notes
Origins
A replacement for DES was needed
Key size is too small
final criteria
general security
ease of software & hardware implementation
implementation attacks
flexibility (in en/decrypt, keying, other factors)
AES Shortlist
After testing and evaluation, shortlist in Aug-99
MARS (IBM) - complex, fast, high security margin
RC6 (USA) - v. simple, v. fast, low security margin
Rijndael (Belgium) - clean, fast, good security margin
Serpent (Euro) - slow, clean, v. high security margin
Twofish (USA) - complex, v. fast, high security margin
Rijndael design:
simplicity
has 128/192/256 bit keys, 128 bits data
resistant against known attacks J. Daemen
speed and code compactness on many CPUs
Topics
Origin of AES
Basic AES
Inside Algorithm
Final Notes
AES Conceptual Scheme
9
Multiple rounds
Rounds are (almost) identical
First and last round are a little different
10
High Level Description
No MixColumns
Overall Structure
128-bit values
1 byte
13
Data Unit
Unit Transformation
Changing Plaintext to State
Topics
Origin of AES
Basic AES
Inside Algorithm
Final Notes
Details of Each Round
SubBytes: Byte Substitution
A simple substitution of each byte
provide a confusion
RotWord[b0,b1,b2,b3] = [b1,b2,b3,b0]
Basic AES
Inside Algorithm
Final Notes
AES Security
AES was designed after DES.
Most of the known attacks on DES were already
tested on AES.
Brute-Force Attack
AES is definitely more secure than DES due to the
larger-size key.
Statistical Attacks
Numerous tests have failed to do statistical analysis of
the ciphertext
Differential and Linear Attacks
There are no differential and linear attacks on AES as
yet.
Implementation Aspects
The algorithms used in AES are so simple
that they can be easily implemented using
cheap processors and a minimum amount
of memory.
Very efficient
AES animation:
http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/
rijndael_ingles2004.swf