Advanced Encryption Standard

Similar documents
Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

Introduction to Cryptology. Lecture 17

Goals of Modern Cryptography

Content of this part

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Uses of Cryptography

Block Ciphers. Secure Software Systems

Comp527 status items. Crypto Protocols, part 2 Crypto primitives. Bart Preneel July Install the smart card software. Today

Secret Key Cryptography

Symmetric-Key Cryptography

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

Data Encryption Standard (DES)

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

Encryption Details COMP620

APNIC elearning: Cryptography Basics

AES Advanced Encryption Standard

Scanned by CamScanner

Cryptography and Network Security

Winter 2011 Josh Benaloh Brian LaMacchia

The NSA's Role In Computer Security. Adrien Cheval Joe Willage

Cryptography and Network Security. Sixth Edition by William Stallings

Private-Key Encryption

Presented by: Kevin Hieb May 2, 2005

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

Implementation of Full -Parallelism AES Encryption and Decryption

L3: Basic Cryptography II. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography Functions

Block Ciphers Introduction

Cryptography Trends: A US-Based Perspective. Burt Kaliski, RSA Laboratories IPA/TAO Cryptography Symposium October 20, 2000

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

A Brief Outlook at Block Ciphers

A New hybrid method in watermarking using DCT and AES

A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm

Attacks on Advanced Encryption Standard: Results and Perspectives

Crypto: Symmetric-Key Cryptography

Implementing Cryptography: Good Theory vs. Bad Practice

CPSC 467: Cryptography and Computer Security

Design of block ciphers

Lecture 5. Encryption Continued... Why not 2-DES?

FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri

Analysis of the Use of Whirlpool s S-box, S1 and S2 SEED s S- box in AES Algorithm with SAC Test Novita Angraini, Bety Hayat Susanti, Magfirawaty

128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication

Week 5: Advanced Encryption Standard. Click

Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures

18-642: Cryptography

Lecture 2: Secret Key Cryptography

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Security against Timing Analysis Attack

Information Security CS526

Introduction to information Security

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Cryptographic Algorithms - AES

Symmetric Encryption. Thierry Sans

Computer Security CS 526

18-642: Cryptography 11/15/ Philip Koopman

Lecture 4. Encryption Continued... Data Encryption Standard (DES)

Chapter 7 Advanced Encryption Standard (AES) 7.1

Network Security Essentials Chapter 2

Implementation of the block cipher Rijndael using Altera FPGA

Delineation of Trivial PGP Security

Few Other Cryptanalytic Techniques

Modified Advanced Encryption Standard For Text And Images

Design and Implementation of Rijndael Encryption Algorithm Based on FPGA

ENHANCED AES ALGORITHM FOR STRONG ENCRYPTION

CSCE 813 Internet Security Symmetric Cryptography

Goals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010

FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM

Advanced Encryption Standard (AES) Algorithm to Encrypt and Decrypt Data

Symmetric Cryptography. Chapter 6

Cryptography (Overview)

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Symmetric Key Cryptography

IMPROVEMENT KEYS OF ADVANCED ENCRYPTION STANDARD (AES) RIJNDAEL_M

3 Symmetric Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

FPGA Can be Implemented Using Advanced Encryption Standard Algorithm

EEC-484/584 Computer Networks

Symmetric Cryptography

Fundamentals of Cryptography

Tuesday, January 17, 17. Crypto - mini lecture 1

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

FPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY

Security Applications

Keywords :Avalanche effect,hamming distance, Polynomial for S-box, Symmetric encryption,swapping words in S-box

Stream Ciphers and Block Ciphers

Piret and Quisquater s DFA on AES Revisited

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

A New ShiftColumn Transformation: An Enhancement of Rijndael Key Scheduling

Efficient Hardware Design and Implementation of AES Cryptosystem

Cryptography and Network Security

CENG 520 Lecture Note III

H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)

Cryptography III: Symmetric Ciphers

Data Encryption Standard

Transcription:

Advanced Encryption Standard Vincent Rijmen Institute for Applied Information Processing and Communications (IAIK) - Krypto Group Faculty of Computer Science Graz University of Technology

Outline Modern cryptography Data encryption & advanced data encryption AES structure AES in use Ongoing research 2

A cryptographer s view on the world Clear %^C& %^C& E D text @&^( @&^( Clear text KEY KEY 3

Caesar cipher Substitute characters by characters 3 positions later in the alphabet Yhql ylgl ylfl Veni vidi vici Key is always the same Not enough variability possible 4

Simple substitution cipher Define permutation on 26 characters in: A B Z out: W E M 26! (= 4 x 10 26 ) different keys Break: frequency of characters, digraphs, trigraphs 5

Frequency distribution 14 12 10 8 6 4 2 0 E T A O I N S H R D L C U M W F G Y P B V K J Q X Z 6

Advanced substitution cipher Define permutation on blocks of characters in: AAAA AAAB ZZZZ out: WIJT ENTO MIHB code book Many different keys Frequency analysis impossible 7

Block cipher Transport & storage of huge permutation table Introduce computation rule: T[X] = f(x,key) Good rule: effective (secure) and efficient (fast) Iterative: f(x,key)=g(g(g(x,k 1 ),K 2 ), ) 8

The Advanced Encryption Standard (AES) 1997: public call for submission Encrypt blocks of 128 bits Key of lengths 128, 192, 256 To be available royalty-free August 1998: start of evaluation October 2000: selection of Rijndael November 2001: Federal Information Processing Standard July 2003: approved for top secret data 9

The design of Rijndael Based on doctoral dissertations of Daemen ( 95), Rijmen ( 97) Design of round transformation g: Security Efficiency Simplicity Luke O Connor (IBM): Most ciphers are secure after sufficiently many rounds James L. Massey (ETH Zuerich): Most ciphers are too slow after sufficiently many rounds 10

Step 1: SubBytes S-box a 0,0 a 0,1 a 0,2 a 0,3 a i,j a 1,0 a 1,1 a 1,2 a 1,3 a 2,0 a 2,1 a 2,2 a 2,3 a 3,0 a 3,1 a 3,2 a 3,3 b 0,0 b 0,1 b 0,2 b 0,3 b i,j b 1,0 b 1,1 b 1,2 b 1,3 b 2,0 b 2,1 b 2,2 b 2,3 b 3,0 b 3,1 b 3,2 b 3,3 Bytes are transformed by invertible lookup. One lookup table for complete cipher: High non-linearity 11

Step 2: ShiftRows m n o p g h i j w x y z b c d e m n o p h i j g y z w x e b c d Rows are shifted over 4 different offsets Diffusion of the columns 12

Step 3: MixColumns a 0,j a 0,0 a 0,1 a 0,2 a 0,3 a 1,j a 1,0 a 1,1 a 1,2 a 1,3 a 2,0 a 2,1 a 2,2 a 2,3 a 2,j a 3,0 a 3,1 a 3,2 a 3,3 2 1 1 3 3 2 1 1 1 3 2 1 1 1 3 2 b 0,j b 0,0 b 0,1 b 0,2 b 0,3 b 1,j b 1,0 b 1,1 b 1,2 b 1,3 b 2,j b 2,0 b 2,1 b 2,2 b 2,3 a 3,j b 3,0 b 3,1 b 3,2 b 3,3 b 3,j Columns transformed by matrix multiplication High intra-column diffusion: based on theory of error-correcting codes 13

Step 4: Key addition a 0,0 a 0,1 a 0,2 a 0,3 k 0,0 k 0,1 k 0,2 k 0,3 b 0,0 b 0,1 b 0,2 b 0,3 a 1,0 a 1,1 a 1,2 a 1,3 a 2,0 a 2,1 a 2,2 a 2,3 + k 1,0 k 1,1 k 1,2 k 1,3 k 2,0 k 2,1 k 2,2 k 2,3 = b 1,0 b 1,1 b 1,2 b 1,3 b 2,0 b 2,1 b 2,2 b 2,3 a 3,0 a 3,1 a 3,2 a 3,3 k 3,0 k 3,1 k 3,2 k 3,3 b 3,0 b 3,1 b 3,2 b 3,3 Makes round function key-dependent As simple as possible 14

AES Use AES is a building block Used for Confidentiality (encryption) Authentication Is symmetric cryptography 15

Symmetric cryptography versus PKI Symmetric cryptography Sender and receiver use the same key Key management problem PKI Sender and receiver use different keys Easier key management (somewhat) Nice wrapper around symmetric cryptography 16

AES is used in US federal administration applications AES or 3-DES Software applications Cipher suites (SSL, ) New applications 17

AES in RFC RFC 3853: S/MIME RFC 3825: SNMP RFC 3686: confidentiality in ESP RFC 3664: pseudo-random function RFC 3602: IPSec RFC 3566: Message Authentication Code (MAC) RFC 3565: CMS RFC 3537: Key wrap RFC 3394: Key wrap RFC 3268: TLS 18

Other 3GPP: Milenage cipher suite IEEE 802.11i (wep) ISO/IEC 18033-3: block ciphers Winzip and similar tools Backup software, RfID tags Remote controls 19

AES is not used in Bank cards Applications with large installed base 20

Ongoing research Security against mathematical attacks Security against implementation attacks Implementations for special environments 21

Mathematical attacks Pre-1997 attacks: wide trail design strategy 1997-2000: NIST s evaluation process Post 2000: controversy 22

Rijndael controversy Simple, elegant structure (mathematically speaking) Easier to optimize for different platforms Easier to reason about the security, trapdoors Easier to protect against implementation attacks Too simple to be true? 23

Algebraic attacks: principle Very simple description [Murphy & Robshaw, 00] BES [Murphy & Robshaw, 02] XSL [Courtois & Pieprzyk, 02] 1. Write out equations, round by round Many intermediate variables Equations of low degree (2, 3) 2. Solve for the unknown key 24

Algebraic attacks: results Attacks work on simplified variant: Byte nibble 4x4 matrix 1x1 matrix Theoretical estimations for full version: Mostly wrong Difficult to exclude 100% 25

Implementation attacks Power consumption of a chip correlates to: Instruction being executed Address of operands Value of operands Also execution time, chip radiation, Serious problem for any cryptographic algorithm using secret parameters 26

Solutions 1. Reduce signal by careful design of HW, SW (uniformity) 2. Increase noise 3. Remove correlation between operands and secret values (masking) 27

Implementations `Difficult environments: Low-power Low-energy Small area/ small code size Competing against `niche ciphers Satellites, broadband, car immobilizer 28

Tiny AES (Tina) Features: Encryption and decryption, 128-bit key Microcontroller interface Specs: 0.27 mm 2 in 0.35 µm (4800 gate eq.) 3 µa @ 100kHz, 1.5V 100 encr./s 29

Conclusions AES has been standardized by many bodies Usage is still taking off Active research: Secure (elegant) implementation Proving that certain attacks don t work 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback