Đang tải... (xem toàn văn)
This chapter presents the following content: The AES selection process; The details of Rijndael – the AES cipher; looked at the steps in each round; out of four AES stages, two are discussed; substitute bytes; shift rows.
Data Security and Encryption (CSE348) Lecture # 9 Review – Data Encryption Standard (DES) – Strengths of DES – Differential & Linear Cryptanalysis – block cipher design principles DES Encryption Overview DES Encryption Overview • The overall scheme for DES encryption is illustrated in Stallings Figure • which takes as input 64-bits of data and of key • The left side shows the basic process for enciphering a 64-bit data block which consists of: • an initial permutation (IP) which shuffles the 64-bit input block • 16 rounds of a complex key dependent round function involving substitutions & permutations • a final permutation, being the inverse of IP DES Encryption Overview • The right side shows the handling of the 56-bit key and consists of: • an initial permutation of the key (PC1) which selects 56-bits out of the 64-bits input, in two 28-bit halves • 16 stages to generate the 48-bit subkeys using a left circular shift and a permutation of the two 28-bit halves Initial Permutation IP • The initial permutation and its inverse are defined by Tables 3.2a and 3.2b • The tables are to be interpreted as follows: • The input to a table consists of 64 bits numbered left to right from to 64 • The 64 entries in the permutation table contain a permutation of the numbers from to 64 Initial Permutation IP • Each entry in the permutation table indicates the position of a numbered input bit in the output – which also consists of 64 bits • Bit numbering for DES reflects IBM mainframe practice • and is the opposite of what we now mostly use Initial Permutation IP • Numbers from Bit (leftmost, most significant) to bit 32/48/64 etc (rightmost, least significant) • For example, a 64-bit plaintext value of “675a6967 5e5a6b5a” (written in left & right halves) after permuting with IP becomes “ffb2194d 004df6fb” • example values are specified using hexadecimal Initial Permutation IP first step of the data computation IP reorders the input data bits even bits to LH half, odd bits to RH half quite regular in structure (easy in h/w) example: IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb) 10 Substitute Bytes • So really only need to know the table when implementing • Decryption requires the inverse of the table These tables are given in Stallings Table 5.2 • The table was designed to be resistant to known cryptanalytic attacks 55 Substitute Bytes • Specifically, the Rijndael developers sought a design that has a low correlation between input bits and output bits • With the property that the output cannot be described as a simple mathematical function of the input • With no fixed points and no “opposite fixed points” 56 Substitute Bytes • a simple substitution of each byte • uses one table of 16x16 bytes containing a permutation of all 256 8-bit values • each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits) – eg byte {95} is replaced by byte in row column – which has value {2A} • S-box constructed using defined transformation of values in GF(28) • designed to be resistant to all known attacks 57 Substitute Bytes 58 Substitute Bytes 59 60 Substitute Bytes 61 Substitute Bytes As this diagram from Stallings Fig 5.5a shows the Byte Substitution operates on each byte of state independently with the input byte used to index a row/col in the table to retrieve the substituted value 62 Substitute Bytes Example Figure 5.5a example of the SubBytes transformation from the text 63 Shift Rows • The ShiftRows stage provides a simple “permutation” of the data • whereas the other steps involve substitutions • Further, since the state is treated as a block of columns, it is this step which provides for diffusion of values between columns • It performs a circular rotate on each row of 0, 1, & places for respective rows 64 Shift Rows • When decrypting it performs the circular shifts in the opposite direction for each row • This row shift moves an individual byte from one column to another • which is a linear distance of a multiple of bytes, and ensures that the bytes of one column are spread out to four different columns 65 Shift Rows • a circular byte shift in each – – – – 1st row is unchanged 2nd row does byte circular shift to left 3rd row does byte circular shift to left 4th row does byte circular shift to left 66 Shift Rows 67 Inverse Shift Rows • Decrypt inverts using shifts to right • since state is processed by columns, this step permutes bytes between the columns • The inverse shift row transformation, called InvShiftRows, performs the circular shifts in the opposite direction for each of the last three rows, with a 1-byte • circular right shift for the second row, and so on 68 Summary – DES review – the AES selection process – the details of Rijndael – the AES cipher – looked at the steps in each round – Out of four AES stages, first two are discussed • Substitute bytes • Shift Rows 69 ... the handling of the 56-bit key and consists of: • an initial permutation of the key (PC1) which selects 56-bits out of the 64-bits input, in two 28-bit halves • 16 stages to generate the 48-bit... scheme for DES encryption is illustrated in Stallings Figure • which takes as input 64-bits of data and of key • The left side shows the basic process for enciphering a 64-bit data block which.. .Lecture? ?# 9 Review – Data Encryption Standard (DES) – Strengths of DES – Differential & Linear Cryptanalysis – block cipher design principles DES Encryption Overview DES Encryption