Introduction to AES Algorithms

AES Introduction to Algorithms

First, AES The Structure

1 , Overall structure

The length of the plaintext packet is 128 bits, or 16 bytes, and the key length can be 16,24 or 32 bytes (128,192,256 bits). Depending on the length of the key, the algorithm is called aes-128,aes-192 or AE-256.

2 , clear key organization mode

3 , some related definitions and representations of terms

• State: The intermediate result of a cryptographic operation is called a state.

• State representation : The status is represented by a matrix array of basic constituent elements, with 4 rows and a number of columns in NB. nb= packet Length (bits) ÷32. NB can take a value of 4, the corresponding packet length is 128bits.

• the password key (Cipher key) representation : Cipher key is similarly represented by a 4-row matrix array, and the number of columns is recorded as NK. nk= key Length (bits) ÷32. NK can take a value of 4,6,8, the corresponding key length is 192, and the number of bits.

4 , detailed procedures

Consists of four different transformations, including one permutation and three substitutions:

byte substitution (subbytes): Use an S box to complete the byte-to-byte substitution for the packet.

Row Shift (Shiftrows): a simple permutation.

Column confusion (mixcolumns): Use a substitution of the arithmetic properties on the domain GF (28).

Round key Plus (AddRoundKey): A bitwise XOR of the current grouping and part of the extended key.

The key entered is expanded into an array of 44 32-bit sub- w[i], which is known to have four different words (128 bits) per round as the turn-key.

For encryption and decryption operations, the algorithm starts with a key addition, then performs 9-round iterations, each containing all 4 stages, followed by the three stages of the 10th round.

Use the key only during the round key plus phase. For this reason, the algorithm starts with a round key and ends with a round key.

Two, the transformation function of AES

1 , byte substitution

Forward and reverse transformations. The substitution of a forward byte called a byte instead of a transform is a simple table-checking operation.

mapping : Take the high 4 bits of the byte as the row value, the lower 4 bits as the column values, and take the elements as the index from the corresponding position in the s box as the output. For example, the line value of the s box for the hexadecimal number {95} is 9, the value of the column is {2A} in this position in the 5,s box, and the corresponding {95} is mapped to {2A}.

Here is an example of a byte substitution:

2 , Row shift

Forward and reverse transformations. The first row of state remains unchanged as the forward row shifts. The second row of state is looped to the left by one byte, the third row of state loops left by two bytes, and the fourth row of state loops left by three bytes.

Examples of line shift transformations:

The reverse row shift shifts the last three rows in the state in the opposite direction, such as the second row to the right to loop one byte, and other similar operations.

3 , column confusion

Forward and reverse transformations.

Column obfuscation transforms the forward column obfuscation transformation to operate independently of each column. Each byte in each column is mapped to a new value, which is obtained by a function transformation of 4 bytes in the column.

Examples of column obfuscation:

Calculation process:

47 = (02 87) ⊙ (03 6e) ⊙ (01 4a) ⊙ (01 A6)

which

02 87 = 02 10000111 b = 00001110b⊕00011011b = 00010101B = 15

03 6e = (01⊕02) 6e = (01 6e) ⊙ (02 6e)

= 01101110b⊕ (11011100B) = 10110010B = B2

01 46 = 46

01 A6 = A6

15⊕B2⊕46⊕A6 = 47

Note: The operation on G (28)

Addition: Bitwise XOR OR

Multiplication: Can be achieved by shifting operations on multiple intermediate results and XOR a specific bit string (e.g. 00011011). (related to the highest bit b7)

Inverse-column obfuscation transforms can be multiplied by the inverses of matrices

4 , wheel key plus

Forward and reverse transformations.

In the round key Plus, the 128-bit state is bitwise with the 128-bit wheel key XOR.

The reverse wheel key plus transformation is the same as the positive wheel key plus transformation, because the XOR operation is the inverse of itself.

A⊕b⊕b = A

Single-wheel AES input:

5 , Rijndael encryption algorithm represented by pseudo-code

Rijndael (state, Cipherkey)

{

Keyexpansion (Cipherkey, Expandedkey);

AddRoundKey (state, Expandedkey);

for (I=1; i<rnd; i++)

Round (state, Expandedkey + nb*i);

Finalround (state, Expandedkey + nb*rnd);

}

Third, key expansion

Key extension pseudo-code description

Keyexpansion (Byte, Key[16],word w[44])

{

Word temp;

for (i = 0;i < 4; i++)

W[i] = (key[4*i],key[4*i+1], key[4*i+2], key[4*i+3]);

for (i = 4;i <; i++)

{temp = w[i-1];

if (i mod 4 = 0) temp = Subword (Rotword (temp)) + RCON[I/4];

W[i] = w[i-4] + temp;

}

}

The input key is copied directly to the first four bytes of the extended key array. The remainder of the extended key array is then populated with four bytes at a time. In the extended key array, the value of each new word w[i] depends on w[i-1] and w[i-4].

Four, the equivalent decryption algorithm

Swap reverse row shift and reverse byte substitution

Reverse migration [Inverse byte substitution (si)] = reverse byte instead of [reverse migration (si)]

swap wheel key plus and inverse column obfuscation

Inverse column confusion (si⊙wj) = [Inverse column confusion (si)]⊕[inverse column confusion (WJ)]

V. References

[1] William Stallings, Wang Zhangyi and other translations. Cryptography and cyber security-principles and Practices (fifth edition) [M]. Beijing: Electronic industry Press, 2012.1.

[2]Cryptographic algorithm detailed--aes

[3] AES Encryption Algorithm animation demo

Introduction to AES Algorithms