1 / 22

Algorithm Scheme

Algorithm Scheme. AddRoundKey. Each round uses four different words from the expanded key array. Each column in the state matrix is XORed with a different word. The heart of the encryption. All other functions’ properties are permanent and known to all. AddRoundKey, Scheme. InvAddRoundKey.

mili
Download Presentation

Algorithm Scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Algorithm Scheme

  2. AddRoundKey • Each round uses four different words from the expanded key array. • Each column in the state matrix is XORed with a different word. • The heart of the encryption. All other functions’ properties are permanent and known to all.

  3. AddRoundKey, Scheme

  4. InvAddRoundKey • (A XOR B) XOR B = A • InvAddRoundKey is AddRoundKey itself • Key is used in reverse order in decryption

  5. Mathematical Review • Performing arithmetic operations on bytes need to work in a finite field and treat each byte as an element. • GF(2^8) - Finite field containing 256 elements. • Each element is a polynomial of degree 7 over Z2, hence an element is defined by 8 binary values – a byte. • Order is such that MSB is the highest degree’s coefficient. • Addition – polynomial addition, over Z2. May be implemented using XOR. • Multiplication – polynomial multiplication , over Z2, modulo irreducible polynomial X^8 + X^4 + X^3 + X + 1 May be implemented using repeat use of left shift and XOR.

  6. SubBytes • Each byte is considered an element in GF(2^8) • A 16 X 16 table, called S-Box, contains all possible 256 elements. • Byte’s four leftmost bits are used as a row index, and rightmost ones as a column index. • Together, the S-Box and above mapping define a 1 to 1 function f : GF(2^8) GF(2^8) • Each byte B in the state matrix is substituted with f(B)

  7. SubBytes, Scheme

  8. S-Box

  9. SubBytes, S-Box contents • Computing S-Box cells is done in three stages: 1) The cells are numbered in ascending order, row by row. 2) Each cell’s number is substituted with its multiplicative inverse over GF(2^8). 3) The cell’s bits go through the following transformation: bi’ = b[(i+4)mod8] + b[(i+5)mod8] + b[(i+6)mod8] + b[(i+7)mod8] + ci bi’ = new bit value, ci = the I’th bit of {11000110}.

  10. SubBytes, S-Box computation

  11. SubBytes, cryptographic properties • S-Box design makes it resistant to cryptanalitic attacks. • No fixed points S(a)=a , no opposite fixed points S(a) = a complement. • Not self invertible S(a) = InvS(a)

  12. InvSubBytes • Same routine as SubBytes, but uses the inverse S-Box. • Inverse S-box is computed by applying the inverse affine transformation and then substituting with the multiplicative inverse, of the cell’s value in the S-Box. • The Inverse transformation: bi’ = b[(i+2)mod8] + b[(i+5)mod8] + b[(i+7)mod8] + di bi’ = new bit value, di = the I’th bit of {00000101}.

  13. InvS-Box

  14. InvSubBytes, S-Box computation

  15. ShiftRows • Rows 2-4 in the state matrix are left shifted by different offsets of 1-3 bytes respectively. • Strong diffusion effect. Separation of each four, originally consecutive, bytes.

  16. InvShiftRows • Like ShiftRows, only instead of left shift right shift is performed.

  17. MixColumn • A transformation which operates on individual columns – 32 bits/4 bytes. • Each column is treated as a 3 degree polynomial over GF(2^8). • Multiplied by the fixed polynomial: a(x)={03}x^3+{01}x^2+{01}x+{02} modulo x^4+1 • a(x) was chosen so the multiplication/transformation is invertible. Generally, multiplication in the above group modulo X^4+1 doesn’t provide inverse for each element. *coefficients multiplication is the GF(2^8) multiplication mentioned earlier.

  18. MixColumn, Scheme

  19. MixColumn

  20. MixColumn, cryptographic properties • The transformation is a linear code with a maximal distance between code words. • Combined with ShiftRows, after several rounds all output bits depend on all input bits.

  21. InvMixColumn • Same routine as MixColumn, only instead of a(x) the inverse of a(x) is used: a^-1(x)={0b}x^3+{0d}x^2+{09}x+{0e}

  22. InvMixColumn

More Related