chapter 6

Questions and Answers

Which of the following is true about irreducible polynomials?

They cannot be expressed as a product of two polynomials of lower degree (correct)

They can only be expressed as a product of two polynomials of the same degree

They can be expressed as a product of two polynomials of lower degree

They can only be expressed as a product of two polynomials of higher degree

What is the degree of the irreducible polynomial used in AES?

8 (correct)

3

4

2

How many rounds are there in AES for a 24-byte key?

12 rounds (correct)

14 rounds

16 rounds

10 rounds

What is the size of a plaintext block in AES?

128 bits

Which field is used for arithmetic operations in AES?

GF(28)

What is the definition of division in a field?

a/b = a(b-1)

Which set of integers is used for arithmetic defined over a field?

Z2n

What is the definition of a finite field GF(2n)?

A set of all polynomials of degree n with binary coefficients

Which of the following is a stage in the AES encryption process?

Mix columns

What is used in the decryption algorithm to achieve the inverse of the AddRoundKey stage?

XORing the same round key

Which of the following is true about the decryption algorithm in AES?

It uses the expanded key in reverse order

What is the forward transformation called that maps each individual byte of State into a new byte using a table lookup?

Substitute bytes

Which of the following is NOT a stage used in the AES encryption process?

MixColumns

How many rounds are there in the AES encryption process?

10

What is the key size (in bits) for AES encryption with a 256-bit key length?

256

What is the size of the expanded key (in bytes) for AES encryption with a 128-bit key length?

44

Which of the following statements about polynomial arithmetic is true?

The product of polynomials of degrees m and n has degree m + n.

Perform the following polynomial multiplication: $(x^2 + 2x + 9)(x^3 + 11x^2 + x + 7)$.

$x^5 + 13x^4 + 21x^3 + 28x^2 + 9x + 63$

Determine which of the following polynomials are reducible over $GF(2)$:

$x^2 + 1$

Find the greatest common divisor (gcd) of the polynomials $(x^3 + 1)$ and $(x^2 + x + 1)$ over $GF(2)$:

$x^3 + x^2 + x + 1$

According to Equation (6.2), what is the result of the multiplication 1 1 1 1 H 1 0 0 0 4 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 0 0 0 0 1 1 0 1 0 1 XH X ⊕ H X = H X ⊕ H X = H X 0 0 0 0 0 0 0 0 1 0 1 1 0 0 1 1 1 0 1 1 0 0 0 0

{2A}

What is the purpose of the inverse substitute byte transformation, InvSubBytes?

To construct the inverse S-box

Which equation represents the inverse transformation in InvSubBytes?

bi = b(i + 2) mod 8 ⊕ b(i + 5) mod 8 ⊕ b(i + 7) mod 8 ⊕ d

What is the purpose of the inverse S-box in AES?

To perform the inverse substitute byte transformation

What is the input to the inverse S-box that produces the output {2A}?

{2A}

What is the result of the multiplication YX?

The identity matrix

Which of the following is true about the inverse S-box in AES?

The inverse S-box is constructed by applying the inverse of the transformation in Equation (6.1)

Which equation represents the inverse transformation in InvSubBytes?

bi = b(i + 2) mod 8 ⊕ b(i + 5) mod 8 ⊕ b(i + 7) mod 8 ⊕ di

What is the result of the multiplication 1 1 1 1 H 1 0 0 0 4 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 0 0 0 0 1 1 0 1 0 1 XH X ⊕ H X = H X ⊕ H X = H X 0 0 0 0 0 0 0 0 1 0 1 1 0 0 1 1 1 0 1 1 0 0 0 0?

The result is {2A}

What is the input to the inverse S-box that produces the output {2A}?

The input is {95}

What is the purpose of the inverse substitute byte transformation, InvSubBytes?

The purpose is to apply the inverse of the substitute byte transformation

What is the definition of division in a field?

Division in a field is defined as the inverse operation of multiplication

What is the degree of the irreducible polynomial used in AES?

The degree is 8

What is the size of the expanded key (in bytes) for AES encryption with a 128-bit key length?

The size is 176 bytes

What is the forward transformation called that maps each individual byte of State into a new byte using a table lookup?

The forward transformation is called SubBytes

What is the key size (in bits) for AES encryption with a 256-bit key length?

The key size is 256 bits

Study Notes

Advanced Encryption Standard (AES) Overview

• AES, published by NIST in 2001, is a symmetric block cipher designed to replace DES.
• Key sizes for AES can be 128, 192, or 256 bits, denoted as AES-128, AES-192, or AES-256.
• AES operates on 128-bit (16 bytes) blocks and uses finite field arithmetic over GF(2^8).
• Understanding AES can benefit from studying a simplified version described in an appendix.

Finite Field Arithmetic

• Operations in AES are performed on 8-bit bytes using GF(2^8), which includes addition, multiplication, and division.
• Division in a field requires the existence of a multiplicative inverse for nonzero elements.
• GF(2^n) is constructed from polynomials of degree n-1 with binary coefficients.
• Operations in GF(2^8) involve modulo 2 addition (XOR) and reductions using an irreducible polynomial.

AES Structure and Transformations

• Cipher uses N rounds of transformations; 10 rounds for 128-bit keys, 12 for 192 bits, and 14 for 256 bits.
• Four main transformation functions are applied: SubBytes, ShiftRows, MixColumns, and AddRoundKey.
• The initial transformation is the AddRoundKey, which involves a bitwise XOR of the current state with a round key.

Key Expansion and Rounds

• A key is expanded into an array of key schedule words, with a distinct 4x4 matrix for each round.
• The transformation stages include:
  • SubBytes (substitution)
  • ShiftRows (permutation)
  • MixColumns (substitution with arithmetic)
  • AddRoundKey (XOR with expanded key)

Details on Operations

• The S-box used in SubBytes is a fixed 16x16 matrix mapping 256 possible byte values.
• SubBytes transformation uses a table lookup based on the byte’s row and column calculated from its binary representation.
• Inverse operations are defined for each transformation stage to allow decryption.

Notable Characteristics

• AES does not follow a Feistel structure; it operates on the entire block at once.
• Each transformation is reversible, a necessary property for the decryption process.
• The final encryption round contains only three transformations, as opposed to four in the previous rounds.

Irreducible Polynomials in AES

• For GF(2^n) fields, irreducible polynomials are chosen to define multiplication properly.
• AES uses the irreducible polynomial m(x) = x^8 + x^4 + x^3 + x + 1 for GF(2^8).
• The choice of polynomials is crucial for ensuring security and efficiency in computations.

Summary and Importance of AES

• AES offers a highly secure method of encryption through its complex structure and transformation processes.
• Its reliance on finite field arithmetic contributes to both security and implementation efficiency.
• The strength of AES lies in its ability to resist various cryptanalytic attacks through confusion and diffusion provided by its transformation stages.### Finite Fields and Polynomial Arithmetic
• In matrix multiplication for finite fields, each element's product is derived using bitwise XOR instead of regular addition.
• The bitwise XOR is analogous to addition in GF(2^8).
• Key properties of polynomial multiplication:
  • The product of monic polynomials remains monic.
  • The degree of the product of two polynomials is equal to the sum of their degrees.
  • The degree of the sum of polynomials is the maximum of their degrees.

Polynomial Reducibility and GCD

• Determination of reducibility over GF(2) for polynomials:
  • (x^2 + 1) is irreducible.
  • (x^2 + x + 1) is irreducible.
  • (x^4 + x + 1) is irreducible.
• GCD calculations for various polynomial pairs over specified fields:
  • GCD of ((x^3 + 1)) and ((x^2 + x + 1)) over GF(2).
  • GCD of ((x^3 + x + 1)) and ((x^2 + 1)) over GF(3).
  • GCD of ((x^3 - 2x + 1)) and ((x^2 - x - 2)) over GF(5).
  • GCD of ((x^4 + 8x^3 + 7x + 8)) and ((2x^3 + 9x^2 + 10x + 1)) over GF(11).

Advanced Encryption Standard (AES) Overview

• AES, published by NIST in 2001, is a symmetric block cipher designed to replace DES.
• AES processes 128-bit blocks with key lengths of 128, 192, or 256 bits (AES-128, AES-192, AES-256).
• It consists of various transformation functions: SubBytes, ShiftRows, MixColumns, and AddRoundKey, modifying the State at each stage.

AES Structure

• The encryption process involves multiple rounds, determined by the key length:
  • 10 rounds for a 128-bit key.
  • 12 rounds for a 192-bit key.
  • 14 rounds for a 256-bit key.
• Each round consists of four transformations, except the last round, which has only three.
• The initial transformation (AddRoundKey) occurs before round one, while the final state after the last round is the ciphertext.

AES Transformation Functions

• Substitute Bytes Transformation: Uses an S-box for byte substitution, mapping each byte of the State to a new byte using a lookup table.
• ShiftRows Transformation: A simple permutation operation affecting the rows of the State matrix.
• MixColumns Transformation: Combines columns of the State using arithmetic over GF(2^8) to provide diffusion.
• AddRoundKey Transformation: Involves a bitwise XOR between the current block and a round key.

Key Field Operations in AES

• All arithmetic operations within AES occur over GF(2^8).
• Addition is defined as the bitwise XOR, while multiplication is defined using polynomial multiplication followed by reduction modulo an irreducible polynomial.
• The irreducible polynomial used in AES is (m(x) = x^8 + x^4 + x^3 + x + 1).

AES Key Expansion

• The key expansion generates a sufficient number of round keys from a single input key.
• Each round key is a 4x4 matrix constructed from the input key, facilitating various transformations during encryption.

Programming Tasks

• Develop calculators in GF(2^4) and GF(2^8) to perform basic functions using table lookups and on-the-fly calculations for multiplicative inverses, reinforcing the framework of finite field arithmetic.### AES Transformation Functions
• SubBytes Transformation: A crucial operation in AES that replaces each byte of the state matrix with a corresponding byte from the S-box.
• S-Box: A substitution box used in AES that maps each byte to its multiplicative inverse in GF(2^8), plus a fixed constant transformation.
• Inverse S-Box: Used primarily during decryption to revert the substitution process done by the S-box.

S-Box Construction

• Begins with initializing bytes in ascending order from {00} to {FF}.
• Each byte undergoes a transformation to find its multiplicative inverse in the finite field.
• The final S-box is generated through a complex series of XOR operations to ensure cryptographic strength.

Key Operations

• Byte-Level Operations: Involve transformations applied to each byte during encryption, including the substitution and key addition processes.
• Add Round Key Transformation: Each byte of the state matrix is combined with the corresponding byte of the round key using the XOR operation.

Important Tables

• S-Box Values: Contains values from 0x00 to 0xFF, where each entry signifies an encrypted byte transformation.
• Inverse S-Box Values: Contains values that facilitate reverse transformation during decryption, ensuring that each output can trace back to its original byte.

Mathematical Transformations

• The updating expression for the transformation of bits is given by:
  • (b_i' = b_i \oplus b_{(i+4) \mod 8} \oplus b_{(i+5) \mod 8} \oplus b_{(i+6) \mod 8} \oplus b_{(i+7) \mod 8} \oplus c_i)
• This transformation incorporates GF(2^8) principles, specifically the use of XOR as the addition operation.

Example S-Box Values

• The S-box contains unique values ensuring non-linear mapping, critical for security. For instance:
  • S(0x00) = 0x63, S(0x01) = 0x7C, S(0x02) = 0x77, etc.

AES Algorithm Structure

• Rounds: AES operates through multiple rounds of transformations for strong encryption, typically 10, 12, or 14 rounds depending on the key length (128, 192, or 256 bits).
• Pseudorandom Generation: The transformations are designed to produce pseudorandom outputs to enhance security against attacks.

Encryption Process Flow

• Input plaintext is organized into a state matrix, and through a series of transformations (SubBytes, ShiftRows, MixColumns, AddRoundKey), the output is generated as ciphertext.
• The detailed definitions of each transformation work together to build strong cryptographic resistance against different types of attacks.

Description

Test your knowledge of AES S-Boxes with this quiz! Identify the values of y and x for the given table of hexadecimal values. Challenge yourself to recognize the patterns and decrypt the encrypted message.