Encryption Algorithm (iv) -- AES

With the development of symmetric passwords, The des Data Encryption Standard algorithm has a small key length (56 bits) and is no longer applicable to the requirements of distributed open networks for data encryption security, therefore, in 1997, NIST publicly solicited a New Data Encryption Standard, namely AES [1]. After three rounds of screening, the Rijndael algorithm submitted by Joan daeman and Vincent rijmen in Belgium was proposed as the final AES algorithm. This algorithm will become a new Data Encryption Standard in the United States and will be widely used in various fields. Although people have different views on AES, AES, as a new generation of data encryption standards, brings together strong security, high performance, high efficiency, easy-to-use and flexible advantages. The AES design has three key lengths: 128,192,256 bits. The 128 key of AES is 1021 times better than the 56 key of des [2]. The AES algorithm mainly includes three aspects: wheel change, number of circles, and key extension. This article takes 128 as an example to introduce the basic principles of the algorithm. Combined with the AVR assembly language, it implements the Advanced Data Encryption Algorithm AES.

1. AES encryption and decryption algorithm principles and AVR implementation

AES is a group key. The algorithm inputs 128-bit data and the key length is also 128-bit. The number of rounds encrypted by a data group using NR (the relationship between the number of encryption rounds and the key length is shown in Table 1 ). Each round requires an extension key expandedkey (I) with the same length as the input group. Due to the limited length of the encryption key K entered by external users, the algorithm uses a key Extension Program (keyexpansion) to extend the external key K to a longer bit string, to generate encryption and decryption keys for each round.

1.1 Changes
Each AES circle transformation consists of the following three layers:
Nonlinear layer -- perform subbyte transformation;
Line-row mixing layer-performs shiftrow and mixcolumn operations;
Accesskey addition layer -- perform addroundkey operations.

① Subbyte transformation is a non-linear byte conversion in each byte in the state. It can be mapped through the calculated S box.
Schange:
Ldi zh, $01; point the pointer to the first address of the S box
MoV ZL, R2; the data to be searched as the pointer's low address
Ldtemp, Z +; obtain the corresponding data
MoV R2, temp; complete data query
.
.
.
RET

② Shiftrow is a byte transposition. It cyclically shifts the rows in the status according to different offsets, and this offset is also selected based on different NB [3].
Shiftrow:; this is a subprogram for byte transposition.
MoV temp, R3; because it is 4 × 4
MoV R3, R7; r2 R6 R10 R14 R2 R6 R10 R14
MoV R7, R11; R3 R7 R11 R15 --- R7 R11 R15 r3
MoV R11, R15; R4 R8 R12 R17 R12 R17 R4 R8
MoV R15, temp; R5 R9 R13 R18 R18 R5 R9 R13
MoV temp, r4
MoV temp1, R8
MoV R4, R12
MoV R8, R17
MoV R12, temp
MoV R17, temp1
MoV temp, R18
MoV R18, R13
MoV R13, R9
MoV R9, R5
MoV R5, temp
RET

③ In the mixcolumn transformation, each column in the state is treated as the result of multiplying the polynomial A (x) on GF (28) and the fixed polynomial C (X. B (X) = C (x) * The coefficient of a (x) is calculated as follows: * is not a common Multiplication operation, but a special operation, that is
B (X) = C (x) · A (x) (mod X4 + 1)
For this operation
B0 = 02. A0 + 03. A1 + A2 + A3
Xtime (A0) = 02. A0
The symbol "." The same multiplication of an octal non-approx polynomial of the modulo [3].
MoV temp, a0; this is a mixcolimn subroutine
Rcall xtime; call the xtime Program
MoV A0, temp
MoV temp, A1
Rcall xtime
EOR A0, A1
EOR A0, temp
EOR A0, A2
EOR A0, A3; Complete B (X) Calculation
.
.
.
Xtime:; this is a sub-Program
LDI temp1, $ 1b
LSL temp
BRCs next1; if the highest bit is 1, it is transferred
Next: ret; otherwise nothing will change
Next1: EOR temp, temp1
Rjmp next

For inverter, the matrix C must be changed to the corresponding D, that is, B (X) = d (x) * a (x ).

④ The key addition layer operation (addround) refers to the bitwise "XOR" of the corresponding bytes in the ring key state ".

⑤ According to the nature of linear changes [1], decryption is the inverse of encryption changes. I will not describe it in detail here.

1.2 changes

The number of rounds varies depending on the group length, as shown in table 1.
　　　　　　

1.3 Key Extension
The AES algorithm uses the external input key K (the number of words in the key string is NK) to obtain an extended key with a total of 4 (NR + 1) words through the key Extension Program. It involves the following three modules:

① Position conversion (rotword) -- changes a 4-byte sequence [a, B, c, d] to [B, c, d, A];

② S box transform (subword) -- replace a 4-byte S box;

③ Transform rcon [I] -- rcon [I] represents 32 bit characters [XI-1, 00]. Here X is (02), as shown in figure
Rcon [1] = [01000000]; rcon [2] = [02000000]; rcon [3] = [04000000]…

Generation of an extended key: The first NK word of the extended key is the external key K; the word w [[[I] is equal to the word w [[I-1] before the NK word w [[I-nk ", that is, W [[[I] = W [[I-1] W [[I-nk]. However, if I is a multiple of NK, W [I] = W [I-nk] subword (rotword (W [[I-1]) rcon [I/nk].

When the program is executed, it mainly calls the preceding subprograms. The specific implementation is as follows:
Keyexpansion:
Rcall rotwoed
Rcall subword
Rcall rcon
.
.
.
The encryption and decryption process of AES is shown in 1.
　　　　　

Figure 1aes encryption and decryption process

2 Optimization of AES encryption and decryption algorithms

From the process of the above algorithm, we can clearly see that the most time-consuming part of the entire algorithm is the circle change, so the optimization of the algorithm is here; the circle change can be optimized, that is, column change. This is because the column change is a Modulo Multiplication and coolation rule. Due to the asymmetry between AES encryption and decryption, if we do not optimize it, the decryption speed of the algorithm will be much higher than the encryption speed [1].

① Encryption operation. You can call the xtime subroutine to optimize the column transformation (mixcolumn. The specific algorithm [1] is implemented as follows:

Another effective optimization method is to construct a table offline, that is, a column change table. In this way, you can increase the encryption speed by using the table search method.

② Optimize the decryption algorithm. The coefficients of the decrypted column transformations are 09, 0e, 0b, and 0d. It takes a lot of time to implement the above multiplication on the AVR microcontroller, resulting in reduced decryption performance.

Optimization Method 1: Decomposition of column changes reduces the multiplication times.

By carefully studying the coefficients of the decryption matrix, it is not difficult to find that the decryption matrix is related to the encryption matrix, that is, the decryption matrix is equal to the multiplication of the encryption matrix and a matrix. With this connection, you can optimize the algorithm:
　　　　　　　

In this way, only a few simple "exclusive or" columns can be changed, reducing the number of times multiplied, and improving the decryption speed.
Optimization Method 2: Create a table.

Like the encryption constructor, You can construct four tables T [EA] = E × A; t [ 9A ] = 9 × A; t [ 9A ] = 9 × A; t [Ba] = B ×. In this way, you only need to perform a look-up table and a simple XOR to complete the decryption task. Although this method adds additional overhead, it is an effective method.

3. Experimental Simulation of AES encryption and decryption

The experiment results listed in table 2 and 3 are obtained based on the above experiment steps and optimization methods.
　　　　

Set the master key to 000102030405060708090a0b. 0c 0d0e 0f (128bit ).
Encrypted plaintext: 00112233445566778899 aabbccddeeff.
Ciphertext: 69c 4e0d 86a 7b0430d8cdb78070b 4C 55a .
Decrypt the ciphertext: 69c 4e0d 86a 7b0430d8cdb78070b 4C 55a .
Plain text: 00112233445566778899 aabbccddeeff.

In short, the AES password is an asymmetric password system, and its decryption is more complex and time-consuming than encryption. The decryption optimization algorithm is processed based on column changes without increasing the storage space. The program is smaller than the original one and saves time. The decryption optimization method is the fastest and most efficient, but it needs to increase the storage space of the system. Therefore, its program is also the largest.

NOTE: For the aes128 data encryption and decryption program, see the website of this publication (www.dpj.com.cn ).

Conclusion

Advanced AES data encryption algorithms are superior to DES data encryption algorithms in terms of security, efficiency, and key flexibility. They will gradually replace DES and will be widely used in the future. This paper implements the AES algorithm based on the high-speed computing performance of AVR and optimizes the algorithm based on the assembly language. You can select a method based on the actual application requirements.

References
1 Song Zhen, et al.. cryptography. Beijing: China Water Conservancy and hydropower Press, 2002
2 Yang Yixian. New Theory of modern cryptography. Beijing: Science Press, 2002
3. Gu Dawu, et al. Design of Rijndael, Advanced Encryption Standard (AES) algorithm. Beijing: Tsinghua University Press, 2003
4 mongodegen, et al. Application Technology of AVR single chip microcomputer. Beijing: Beijing University of Aeronautics and Astronautics Press, 2002
5 song Jianguo, et al. Principles and Applications of High-speed embedded single-chip microcomputer based on AVR. Beijing: Beijing University of Aeronautics and Astronautics Press, 2001
6 NIST. Advanced Encryption Standard (AES). Federal Information processing standards publication, 2001