0 Introduction to AES

The American Institute of Standards and Technology released the Advanced Encryption Standard (AES) in 2001. AES is a symmetric block cipher algorithm designed to replace des as a widely used standard.

Based on the length of the password used, AES has the most common 3 options for adapting to different scene requirements, namely AES-128, AES-192, and AES-256. This article mainly introduces the AES-128, the other two kinds of ideas are basically the same, but the number of rounds will be appropriately increased.

1 Algorithmic Flow

The AES plus decryption flowchart is as follows:

The AES encryption process involves 4 operations: **byte substitution** (subbytes), **row shift** (shiftrows), **column obfuscation** (mixcolumns), and **wheel key plus** (AddRoundKey). The decryption process is the corresponding inverse operation respectively. Since each step is reversible, decrypting in reverse order restores the plaintext. Each round of the encryption key is **extended** by the initial key, respectively. The 16-byte plaintext, ciphertext, and wheel keys in the algorithm are represented by a 4x4 matrix.

The following 5 types of operations are described.

1.1 bytes instead

The main function of byte substitution is to complete the mapping of one byte to another through the S box. The detailed construction method of S-box can be referenced in reference [1].

(a) for S box, figure (b) is S-1 (inverse of S box).

S and S-1 are 16x16 matrices, respectively. Assuming the value of the input byte is a=a7a6a5a4a3a2a1a0, the transformation with the output value s[a7a6a5a4][a3a2a1a0],s-1 is the same.

For example: Byte 00 replaced with a value of (s[0][0]=) 63, and then S-1 to get the value before the replacement, (S-1 [6][3]=) 00.

1.2-row shift

The function of row shift is to implement a permutation between bytes within a 4x4 matrix.

1.2.1 Forward line shift

The schematic diagram of the forward line shift is as follows:

The actual shift operation is: The first row is saved unchanged, the second row loops left 1 bytes, the third line loops left 2 bytes, the fourth line loops left 3 bytes. Assuming that the name of the matrix is state, the formula is expressed as follows: State ' [i][j] = state[i][(j+i)%4]; where I, J belongs to [0,3]

1.2.2 Reverse Row shift

The reverse line shift is the opposite operation, expressed in the equation as follows: State ' [i][j] = state[i][(4+j-i)%4]; where I, J belongs to [0,3]

1.3 Column Confusion

Column confusion: Take advantage of a substitution of arithmetic properties on the GF (28) domain.

1.3.1 The column is confused

The schematic diagram of the forward column confusion is as follows:

Based on the multiplication of matrices, it is known that in the process of column confusion, the corresponding value of each byte is only related to the 4 values of the column. The multiplication and addition here are defined on the GF (28), with the following points to note:

1) ** Multiply the value of a byte by 2, and the result is to shift the value's bits to the left one bit, and if the highest bit of the value is 1 (indicating that the number is not less than 128), then the result of the shift will be different or 00011011;[1]**

2) multiplication to addition satisfies the allocation rate, for example: 07 · s0,0= (01⊕02⊕04) · s0,0= S0,0⊕ (02 · s0,0) (04 · s0,0)

3) The matrix multiplication here is different from the multiplication of the matrix in the general sense, where the values are added using modulo 2 addition (equivalent to an XOR operation).

Suppose that the value of a column is, for example, the following operation:

In the same vein, you can find several other values.

1.3.2 Inverse Column Confusion

The schematic diagram of the inverse column confusion is as follows:

Because:

It is shown that the two matrices are mutually inverse, and the original text can be restored after a reverse column is confused.

1.4-wheel cipher Plus

Any number and its own XOR result is 0. During the encryption process, each round of input and wheel key is different or once, therefore, the decryption can be different or the key on the wheel to restore the input.

1.5 Key expansion

The schematic of the key extension is as follows:

Key extension Process Description:

1) The initial key to the column-based, converted to 4 bits of the word, recorded as w[0 ... 3];

2) in the following way, solve W[j], where J is an integer and belongs to [4,43];

3) If j%4=0, then W[j]=w[j-4]⊕g (W[j-1]), otherwise w[j]=w[j-4]⊕w[j-1];

Process description for function g:

4) Move the W loop one byte to the left;

5) Each byte is mapped by the S box respectively;

6) Xor with the constant (rc[j/4],0,0,0) of all bits, RC is a one-dimensional array with the following values. (RC has a value of only 10, which is used 11, in fact rc[0] is not used in the operation, the increase of rc[0] is to facilitate the use of the array representation. Since the minimum value of J is 4,J/4, the minimum value is 1, so no error is generated. ）

RC = {xx,%, Geneva, 36}, (+)

2 Source code

The AES implementation code found on GitHub feels good to write.

Https://github.com/dhuertas/AES/blob/master/aes.c

3 references

[1] William Stallings, Wang Zhangyi and other translations. Cryptography and cyber security-principles and Practices (fifth edition) [M]. Beijing: Electronic industry Press, 2011.1.

Cryptographic algorithm Detailed--aes