2. • In AES the data is the raw material loaded into a
state array. The state array is processed through
ten rounds of manipulation, after which it is
unloaded to form the resulting encrypted block
of data.
• At each stage of the process, the state is
combined with a different round key, each of
which is created and derived from the cipher
key.
3. • One of the key advantages of the Rijndael
algorithm is that it uses only simple operations
such as shift, exclusive OR, and table
substitution. Many encryption approaches
require multiplication operations that are very
expensive to implement.
• Rijndael uses finite field byte multiplication, a
special operation that can be simplified down to
a few logical operations or lookups in a 256-byte
table.
4. • Finite field arithmetic is important in
cryptography
• For purposes of finite field arithmetic, we can
represent a binary number by polynomials of the
form:
5. • Each of the coefficients corresponds to one bit of
a binary number. So, for example, the 8-bit value
10010111 would be written as:
7. • Addition
In our binary representation, the coefficients can be only 0 or 1. The
value 2 is not possible.
Using our binary rules, the addition of the two polynomials in equation
8. • This corresponds to the binary computation:
• Notice how the addition has now been entirely
replaced by the exclusive OR operation.
9. • The same logic that made addition become XOR
also applies to subtraction.
• This byte arithmetic universe addition and
subtraction become the same operation and are
replaced by the exclusive OR operation.
10. • Multiplication
The multiplications using only shift and XOR
operations:
• Division
Division works by the shift and subtract method .
Of course, in our case the subtraction is done
using an XOR operation.
11. Galois Field GF()
• When we did addition and subtraction, it was not
possible for the result to overflow.
• The result always fitted into a byte.
• However, based on our long multiplication
approach, it is clearly possible that the result of
multiplying two 8-bit numbers could be more
than 8 bits long.
• Such an overflow is not allowed to exist in our
finite field of 256 values.
12. • If we return to our polynomial representation, a
similar rule applies. The finite field should be
bounded by a polynomial that is irreducible.
• A polynomial is reducible if it can be factored.
For example (x2 + 1) is reducible because:
13. • 01101001 * 00101001 Using the accumulate
row approach:
• is 12 bits long? we need to reduce it by
wrapping around the irreducible polynomial. To
do this, we need to divide by our irreducible
polynomial and take the remainder:
14. • So the remainder after removing the overflow is
10000011. In other words, in our finite field:
01101001 * 00101001 = 10000011
• Final result is guaranteed to be within the
GF(256) field; in other words, the result of the
multiplication is always a single byte.
• The long multiplication has been achieved by a
short sequence of XOR operations and shifts
that are easily implemented in digital systems.
15. Steps in the AES Encryption Process
• The following steps to encrypt a 128-bit block:
• Derive the set of round keys from the cipher key.
• Initialize the state array with the block data (plaintext).
• Add the initial round key to the starting state array.
• Perform nine rounds of state manipulation.
• Perform the tenth and final round of state manipulation.
• Copy the final state array out as the encrypted data
(cipher text).
• The reason that the rounds have been listed as "nine
followed by a final tenth round" is because the tenth
round involves a slightly different manipulation from the
others.
16. • The block to be encrypted is just a sequence of
128 bits.
• AES works with byte quantities so we first
convert the 128 bits into 16 bytes.
• At the start of the encryption, the 16 bytes of
data, numbered D0 to D15, are loaded into the
array
17. Table A.5. Initial Value of the State Array
D0 D4 D8 D12
D1 D5 D9 D13
D2 D6 D10 D14
D3 D7 D11 D15
18. • Each round of the encryption process
requires a series of steps to alter the state
array.
• These steps involve four types of
operations called:
19. • SubBytes
• ShiftRows
• MixColumns
• XorRoundKey
• The details of these operations are described
shortly, but first we need to look in more detail at
the generation of the Round Keys, so called
because there is a different one for each round
in the process.
20.
21.
22. • Computing the Rounds
• Earlier we mentioned that four operations are required called:
• SubBytes
• ShiftRows
• MixColumns
• XorRoundKey
• Each one of these operations is applied to the current state array
and produces a new version of the state array.
• This operation is a simple substitution that converts every byte into a
different value
• The entries are computed using a mathematical formula but most
implementations will simply have the substitution table stored in
memory as part of the design.
23. • ShiftRows
• As the name suggests, ShiftRows operates on
each row of the state array. Each row is rotated
to the right by a certain number of bytes as
follows:
1st Row: rotated by 0 bytes (i.e., is not changed)
2nd Row: rotated by 1 byte
3rd Row: rotated by 2 bytes
4th Row: rotated by 3 bytes
24. • MixColumns
• This operation is the most difficult, both to
explain and perform. Each column of the
state array is processed separately to
produce a new column. The new column
replaces the old one.
25. • The Mix Columns operation takes each
column of the state array C0 to C3 and
replaces it with a new column computed
by the matrix multiplication shown in
Figure .
26. • The new column is computed as follows:
C'0 = 02 * C0 + 01 * C1 + 01 * C2 + 03 * C3
C'1 = 03 * C0 + 02 * C1 + 01 * C2 + 01 * C3
C'2 = 01 * C0 + 03 * C1 + 02 * C2 + 01 * C3
C'3 = 01 * C0 + 01 * C1 + 03 * C2 + 02 * C3
Remember that we are not using normal arithmetic. we are
using finite field arithmetic, which has special rules and both
the multiplications and additions can be implemented using
XOR.