Chapter 3-4 Symmetric Cryptography AES PDF

Summary

This document details the AES algorithm, its history, and applications in computer science. It covers the essential steps of the algorithm and is part of a wider course on cryptography at King Khalid University.

Full Transcript

Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Course

Cryptography (Classic & Modern)

https://www.tutorialspoint.com/cryptography/
cryptography_need_for_encryption.htm

College of Computer Science,
King Khaled University 'KKU', KSA
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

CHAPTER 3-4 : Symmetric Cryptography, AES...

AES History, and Principle…
 AES Description…
 Essential AES Steps:
o SubBytes
o ShiftRows
o MixColumns
o AddRoundKey
 AES Key EXPANSION…

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Early 1970s: Horst Feistel designs Lucifer at IBM
key-len = 128 bits ; block-len = 128 bits
1973: NBS asks for block cipher proposals.
IBM submits variant of Lucifer.

AE
1976: NBS adopts DES as a federal standard

S
H
key-len = 56 bits ; block-len = 64 bits

is
to
1997: DES broken by exhaustive search

ry
…
2000: NIST adopts Rijndael as AES to replace DES
Widely deployed in banking (ACH) and
commerce
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

In 1997 the NIST (National Institute of Standards and Technology) launched a new call
for projects to develop AES (Advanced Encryption Standard), an encryption algorithm
intended to replace DES

A ES H i s
t or y …
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES algorithm (Rijndael algorithm) : A ES
Hi st
o Symmetrical Block Cipher Algorithm
or y …
o Plain text in blocks of 128 Bits and converts them to
ciphertext
o keys of 128, 192, and 256 Bits.
o AES algorithm is considered secure, it is in the worldwide
DES AES
standard.
Developed 1977 2000
Symmetric Block Symmetric Block
Cipher Type
Cipher Cipher
Block size 64 bits 128 bits
Key length 56 bits 128/192/256 bits
Security Rendered insecure Considered secure
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Block Ciphers Built by Iterations
A ES
key k Hi st
or y …
key expansion
k1 k2 k3 kn

c
R(k1,

R(k2,

R(k3,

R(kn,
m
)

)

)

)
R(k,m) is called a round function
for 3DES (n=48), for AES-128 (n=10)
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES - Applicability A ES
Hi st
or y …
AES development was initiated in 1997 by the NIST.
AES was adopted as the standard method of encryption in June 2003 for
securing classified information, including data from the government.
In addition, it became the 1st open cipher that the National Security Agency
‘NSA’ has authorised for use in the public domain to protect national security
systems and Top Secret data.

ISO/IEC 18033-3 standard from the International Organisation for
Standardisation also includes AES and describes block ciphers that improve
data confidentiality.
One of the most widely used symmetric key cryptography algorithms
nowadays for a variety of encryption uses in both commercial and
government settings is AES.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES – Applicability Here are a few examples −

 Information on storage devices, like USB drives and hard drives.
 Apps for electronic communication.
 Libraries for programming.
 Web Browsers. A ES
Hi st
 Compression of Files and Discs. or y …
 Wireless Systems.
 Databases.
 Passwords and Login Credentials.
 VPNs.
This standard can be used in addition to, other FIPS-approved cryptographic algorithms.
Instead of using this standard, federal departments or agencies that use cryptographic devices to
secure sensitive (unclassified) information can use the same devices to protect sensitive data.
Additionally, organisations outside of the federal government can adopt and apply this standard.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

A ES
AES Main Features : Hi st
or y …
 AES is a subset of Rijndael Block Cipher.
 AES is the Successor of (DES) and is stronger and faster than DES.
 It is a symmetric key , symmetric block cipher.
 It operates on 128-bit (16 bytes) data , 192 or 256...
 The cipher key may be of 128 bits, 192 or 256 bits.
 All computations are performed on bytes rather than bits.
 AES gives full specification and design details.

Implemented using languages C and Java for software protection.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

CHAPTER 3-4 : Symmetric Cryptography, AES...

 Revision (10Slds) : Symmetric Cryptography, Essential Encryption Algorithms
 AES History, and Principle…
 AES Description…
 Essential AES Steps:
o SubBytes
o ShiftRows
o MixColumns
o AddRoundKey
 AES Key EXPANSION…

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Fy2te = 8Bits
AES : Elements of Field(B 8
)
Elements of Field F28 : bits’ vectors (or bytes) representing binary
polynomials.
Example the byte given by 0x83 in hexadecimal, gives the bit
pattern
1, 0, 0, 0, 0, 0, 1, 1

since , 0x83 = 8 · 16 + 3 = 131 , in decimal.

Bit pattern directly : 8 in binary is 1, 0, 0, 0 and 3 in 4-bit
binary is 0, 0, 1, 1
and one simply concatenates these two bit strings together.

Bit pattern corresponds to the binary polynomial : x7 + x
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES : Elements of Field(B
Fy2te = 8Bits) 8

Arithmetic in F28 is performed using polynomial arithmetic modulo the
irreducible polynomial :
m(x) = x8 + x4 + x3 + x + 1.
Rijndael identifies 32-bit words with polynomials in F28 [X] of
degree less than ‘4’.
In a big-endian format, smallest index corresponds to the least
important coefficient.
Hence, the word : a0ǁa1ǁa2ǁa3

will correspond to the polynomial : a3X3 + a2X2 + a1X + a0.

Arithmetic: polynomials in F 8 [X] , modulo reducible polynomial: M
okhtar BEN HMIDA, Dr. & Full Professor, Head2of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES G Description

AES winner, decided in 2000, the Rijndael Algo, by Daemen and

Rijmen. Rijndael..
Block Cipher which does not rely on the basic design of the Feistel
cipher.
However, Rijndael does have a number of similarities with DES.
It uses a repeated number of rounds to obtain security and each
round consists of Substitutions and Permutations, plus a key
addition phase.
Rijndael in addition has a strong mathematical structure, as most
of its
okhtar BEN operations
HMIDA, are based
Dr. & Full Professor, Head ofon
ATMSarithmetic in the
Lab, Expert in Signal field,
Processing F2
8 (Byte
CS =
College at King Kh
Dan Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ES : Byte Matrix 4x4 ; ‘S’ vs ‘Ki’
Rijndael is a parametrized algorithm: Block Cipher sizes of 128, 192 or
256 bits…
It can also accept keys of size 128, 192 or 256 bits.
For each combination of block and key size, a different number of
rounds is specified.

Ex: Block size of 128 bits and a key size of 128 bits, in which case 10
rounds are specified.
s0,0operates
Rijndael s0,1 s0,2 s0,3
on an k0,0called
internal ‘4X4 Matrix’ of Bytes, k0,1 the
k0,2state
k0,3
s1,0
matrix ‘S’s:1,1 s1,2 s1,3 Each k1,0 k1,1 k1,2 k1,3
‘S’ round key ‘K
s2,0 s2,1 s2,2 s2,3 i k2,0 k2,1 k2,2 k2,3
s3,0 s3,1 s3,2 s3,3 ’ k3,0 k3,1 k3,2 k3,3
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College atDan
King Kh
Boneh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 : Enc vs Dec

Key - Iterations

128 bits - 10
iterations
192 bits - 12
iterations
256 bits - 14
iterations
Example: Data and key are 128 bits

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 : Enc
Plain Text : 128Bits

AddRoundKey
SubBytes

En c n d s
Key - Iterations

R ou
ShiftRows

ry pt
MixColumns
128 bits - 10

io n
iterations AddRoundKey
192 bits - 12 SubBytes
iterations

Rou
Las
ShiftRows
256 bits - 14

nd
t
AddRoundKey
iterations
Example: Data and key are 128 bits
Cipher Text : 128Bits

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 : Enc…

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 : Enc… K0, K0,1 K0,2 K0,
0

0
3
K1, K1,1 K1,2 K1,
3
s0, s0, s0, s0,
0 1 2 3
s1, s1, s1, s1,
K2, K2,1 K2,2 K2, 0 1 2 3

Key Expansion : The round keys are calculated from the
0

0
3
K3, K3,1 K3,2 K3,
3
s2, s2, s2, s2,
0 1 2 3
s3, s3, s3, s3,
cipher key using Rijndael's block cipher schedule. 0 1 2 3

Pre−Transformation: One process namely Add_Round_Key.
XOR is performed on each data byte with a byte of the round key.
Byte Substitution (SubBytes) : The 16 input bytes are
substituted by looking up a fixed table (S-box) given in design.
The result is in a matrix of four rows and four columns.
Shiftrows : Each of the four rows of the matrix is shifted to the
left. Any entries that 'fall off' are re-inserted on the right side of
row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but
shifted with respect to each other.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 : Enc… K0, K0,1 K0,2 K0,
0

0
3
K1, K1,1 K1,2 K1,
3
s0, s0, s0, s0,
0 1 2 3
s1, s1, s1, s1,
K2, K2,1 K2,2 K2, 0 1 2 3
0 3 s2, s2, s2, s2,
MixColumns : Each column of four bytes is now transformed K3, K3,1 K3,2 K3,
0 3
0 1 2 3
s3, s3, s3, s3,
using a special mathematical function. 0 1 2 3

This function takes as input the four bytes of one column and
outputs four completely new bytes, which replace the original
column.
The result is another new matrix consisting of 16 new bytes.
It should be noted that this step is not performed in the last
round.
Addroundkey : The 16 bytes of the matrix are now
considered as 128 bits and are XORed to the 128 bits of the
round key.
If this is the last round then the output is the ciphertext.
Otherwise, the resulting 128 bits are interpreted as 16 bytes
and we begin another similar round.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

s0, s0, s0, s0,
0 1 2 3
s1, s1, s1, s1,
0 1 2 3
s2, s2, s2, s2,
0 1 2 3
s3, s3, s3, s3,
0 1 2 3

K0, K0,1 K0,2 K0,
0 3
Key Expansion : The round
K1, K1,1 K1,2 K1, keys are calculated from the s0, s0, s0, s0,
0 1 2 3
0 3 cipher key using Rijndael's block s1, s1, s1, s1,
K2, K2,1 K2,2 K2,
0 3 cipher schedule. 0 1 2 3

K3, K3,1 K3,2 K3, s2, s2, s2, s2,
0 1 2 3
0 3
s3, s3, s3, s3,
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , 0 1 2 CS3 College at King Kh
AES 128 : Plain Text : 128Bits

Enc vs Dec
En c n d s
R ou
ry pt
io n
Rou
Las
nd
t

Cipher Text : 128Bits
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

CHAPTER 3-4 : Symmetric Cryptography, AES...

 Revision : Symmetric Cryptography, Essential Encryption Algorithms
 AES History, and Principle…
 AES Description…
 Essential AES Steps: (04) : Step 0 First !!!
o Setp 1 : SubBytes
o Step 2 : ShiftRows
o Step 3 : MixColumns
o Step 4 : AddRoundKey
 AES Key EXPANSION…

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 bit input
(‘S’ 16 bytes)
Round

Step 0 128 bit round
key + XOR
S(i) = k xor rol(k,4) xor rol(k,5)
tep1 16 8x8 S boxes S
S xor rol(k,6) xor rol(k,7) xor 0x63
where k = i-1 in GF(28),
tep2 ShiftRow rol = rotate byte left
S
s

tep3
S Multiply by M in GF(28)
23 1 1
Mixcolumn over polynomial
12 3 1
x8+x4+x3+x+1 where M=
p4 s 11 2 3
Ste
31 1 2

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA
Step 0:
AddRoundKey
Binary Xor addition:

‘S’ bytes of the data with
the
‘K’ bytes of the key

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Step ‘1’ Now,
SubBytes (Step1): (Substittion of Bytes
S- b ox
4x4) St e p
1
There are two types of S-Boxes used in Rijndael: One for
Encryption rounds and one for Decryption rounds, each one being
the inverse of the other.
The S-Boxes of DES were chosen by searching through a large space
of possible S-Boxes, so as to avoid attacks such as differential
cryptanalysis.
The S-Box of Rijndael is chosen to have a simple mathematical
structure, which allows one to formally argue how resilient the cipher
is from differential and linear cryptanalysis.
Not only does this mathematical structure help protect against
okhtar differential cryptanalysis,
BEN HMIDA, Dr. but it also convinces users that it has
& Full Professor, Head of ATMS Lab, Expert in Signal Processing ,
not
CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

SubBytes Now,
(s) = [s ,... , s ] tep 1
Sand
(Step1)
Each byte 0 7 of the Rijndael state matrix is taken in turn
considered as an element of F2 8. The S-Box can be mathematically described in two
steps:
(1) The multiplicative inverse in F28 of s is computed to produce a new byte (x) = [x0,... ,
x7].
[0,... , 0], which has no multiplicative inverse, one(x)
Element (y) uses the convention that this
y 0 x0 1
is mapped to zero. 1 0 0 0 1 1 1 1
1
F2 e

y x
1 (x) is then mapped, via the following affine F2 1transformation, to the
byt ven b

(2) The bit-vector
0
is g

:T

1 1 0 0 0 1 1 1
bit- vector (y):y2 x2 0
=
he
i

y3 1 1 1 0 0 0 1 1 * x3 + 0
new

y4 x4 1
1 1 1 1 0 0 0 1
y‘

1
y5 x5
y’

1 0 0 0 1 1 1 1
0
y6 x6
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
1 1 1 1 1 0 0 0
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

SubBytes Now,
(Step1)
The multiplicative inverse in F2 8 of (s) is (x) = [x0,... , x7]. St e p
With F2 TRANSFORMATION, we get a new byte (y) = F2(x) ; (y) = [y0,... , y7]. 1
The matrix multiplication can be calculated by the following algorithm:

1. Store the multiplicative inverse of the input number in two 8-bit unsigned temporary variables: (s) and (x).

2. Rotate the value (s) one bit to the left; if the value of (s) had a high bit (eighth bit from the right) of one,
make the low bit of (s) one; otherwise the low bit of (s) is zero.

3. Xor the value of (x) with the value of (s), storing the value in (x).
4. For three more iterations, repeat steps two and three; steps two and three are done a total of four times.

5. The value of (x) will now have the result of the multiplication.
After the matrix multiplication is done, Xor the value by the decimal number 99 (the hexadecimal
number 0x63, the binary number 1100011, and the bit string 11000110 representing the number in
LSb first notation).

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

SubBytes (y) (x)
(Step1)
The new byte is given by ‘y’. y0 x0 1
1 0 0 0 1 1 1 1
y1 x1 1
Decryption S-Box is obtained y2 1 1 0 0 0 1 1 1 x2 0
by first inverting the affine trans- y3 = x3 0
1 1 1 0 0 0 1 1 * + 0
formation and then taking the y4 x4
y5 1
multiplicative inverse. 1 1 1 1 0 0 0 1 x5
1
y6 x6
1 0 0 0 1 1 1 1 0
These byte substitutions can y7 x7
1 1 1 1 1 0 0 0
either be implemented using
table look-up or by 0 0 1 1 1 1 1 0

implementing circuits, or code, 0 0 0 1 1 1 1 1 Now,
which implement the inverse
operation in F28 and the affine
St e p
transformation. 1
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

SubBytes Now,
(Step1) St e p
Substitute each element of
the data block ; by
1
corresponding element in
the substitution table
(denoted S-Box), [ Rijndael ].

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
SubBytes S-box Now,
(Step1) Step 1
SubBytes X is
Y is
Left
(4Bit
R i gh s)
(Step1) t (4B of S0,1
its) o
fS
0, 1

S-box

Now,
St e p
1
 SubBytes Now,
(Step1)
Each individual byte of State Matrix is S- St e p
mapped into a new byte in the following way:
box 1
The leftmost 4 bits of the byte are used as a
row value and the rightmost 4 bits are used
as a column value. These (row and column)
values serve as indexes into the S-box to
select a unique 8-bit output value.

For example, the hexadecimal value {EA}
references:
row E, column A of the S-box,
which contains the value {87}.

Accordingly, value {EA} is mapped into
https://www.chiragbhalodia.com/search?q=AES
value {87}.
https://www.youtube.com/watch?v=I68uBhHdnM4
SubBytes Now,
(Step1)
S- St e p
box 1
SubBytes
(Step1) Now,
St e p
1

S-
box

S−Box is a predetermined Substitution table: Substitute Bytes at each encryption round.
AES S−Box is a key element of the AES algorithm's security because it is made to withstand a
variety of cryptographic attacks.
S−Box (fixed T) by its complexly and nonlinearly substituting input values with corresponding
output values, adds nonlinearity and improves security to cryptographic methods.
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

SubBytes
(Step1)
 Non−linearity − The relationship between the input and output values is not a
straightforward mathematical function since S−Boxes are made to be nonlinear.
The non−linearity of this system helps in preventing multiple cryptographic attacks,
including asymmetric and linear cryptanalysis.
 Confusion − S−Boxes are necessary to achieve the encryption property of
confusion. They make sure that there is a complex connection between Ciphertext
and Plaintext, which makes it difficult for attackers to work out patterns and details
about the encrypted data.
 Fixed and Predefined − A cryptographic algorithm's S−Boxe is a fixed and
well−known part. Transparency and confidence in the encryption process are
ensured by its public awareness and standard design.
 Substitution − S−Boxes carry out substitution process, substituting corresponding
output value from the S−Box for each input value. This replacement takes place
either bit by bit or byte by byte, dependent upon how the algorithm is constructed.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 bit input
(‘S’ 16 bytes)
Round Now,
St e p
2
Step 0 128 bit round
key + XOR
S(i) = k xor rol(k,4) xor rol(k,5)
tep1 16 8x8 S boxes S
S xor rol(k,6) xor rol(k,7) xor 0x63
where k = i-1 in GF(28),
tep2 ShiftRow rol = rotate byte left
S
s

tep3
S Multiply by M in GF(28)
23 1 1
Mixcolumn over polynomial
12 3 1
x8+x4+x3+x+1 where M=
p4 s 11 2 3
Ste
31 1 2

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ShiftRows (Step2): Now,
S t ep
ShiftRows operation in Rijndael performs a cyclic shift on the state
matrix. 2
Each row is shifted by different offsets. For the version of Rijndael we are
considering this:
Circular shift
of lines li by i-1 bytes
>>permutation
Inverse of ShiftRows
operation is simply a
similar shift but in the
opposite direction. 1 byte
Such operation ensures offset
that the columns of state
matrix ‘S’ ‘interact’ with 2 byte
each other over a number offset
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing ,
of rounds. CS College at King Kh
Now,
St e p
2
Now,
St e p
2
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 bit input
(‘S’ 16 bytes)
Round Now,
St e p
3
Step 0 128 bit round
key + XOR
S(i) = k xor rol(k,4) xor rol(k,5)
tep1 16 8x8 S boxes S
S xor rol(k,6) xor rol(k,7) xor 0x63
where k = i-1 in GF(28),
tep2 ShiftRow rol = rotate byte left
S
s

tep3
S Multiply by M in GF(28)
23 1 1
Mixcolumn over polynomial
12 3 1
x8+x4+x3+x+1 where M=
p4 s 11 2 3
Ste
31 1 2

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA
Now,
MixColumns (Step3): St e p
3 security.
 MixColumns Transform attempts to add diffusion and strengthen encryption
 Operation on columns of state matrix: Column as a polynomial over a finite field F28.

MixColumns provide
confusion
and make Encryption process
resistant to various
cryptanalysis techniques.

ttps://www.youtube.com/watch?v=WPz4Kzz6vk4
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

MixColumns (Step3):
We consider each column [a0,a1,a2,a3] of the state in turn (as a Word = 04 Bytes = 32 Bits) and consider it

as a Polynomial of degree less than four (04) with coefficients in F2.
8

The new column [b0,b1,b2,b3] is produced by taking this polynomial : a(X) = a0 + a1X+ a2X2 + a3X3

and multiplying it by the polynomial : c(X) = 0x02 + 0x01 ·X+ 0x01 ·X2 + 0x03 ·X3;Modulo : M(X) =
X4 + 1.
This operation is conveniently represented by the following matrix operation in F2
8
,

b0 0x02 0x03 0x01 0x01 a0
b10x01 0x02 0x03 0x01
=
a1
* Now,
b 0x01 0x01 0x02 0x03 a2
St e p
2

b30x03 0x01 0x01 0x02 a3
3
In F28 ; the above matrix is invertible, hence the inverse of the MixColumns operation can also be
implemented using a matrix multiplication such as that above. https://www.youtube.com/watch?v=WPz4Kzz6

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
MixColumns (Step3):

Now,
St e p
https://www.youtube.com/watch?v=WPz4Kzz6vk4
3
Exercise (Step3): Now,
St e p
3
Exercise (Step3): Now,
St e p
3
Exercise (Step3): Now,
St e p
3
Exercise (Step3): Now,
St e p
3
Exercise (Step3):

Now,
St e p
3
Exercise (Step3):

Advantages
 Diffusion is introduced into the encryption process using MixColumns,
which mixes the bytes in each state matrix column. Now,
 It increases overall encryption security by ensuring that each byte in St e p
the state matrix affects many bytes in subsequent encryption rounds. 3
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES 128 bit input
(‘S’ 16 bytes)
Round Now,
St e p
2
Step 0 128 bit round
key + XOR
S(i) = k xor rol(k,4) xor rol(k,5)
tep1 16 8x8 S boxes S
S xor rol(k,6) xor rol(k,7) xor 0x63
where k = i-1 in GF(28),
tep2 ShiftRow rol = rotate byte left
S
s

tep3
S Multiply by M in GF(28)
23 1 1
Mixcolumn over polynomial
12 3 1
x8+x4+x3+x+1 where M=
p4 s 11 2 3
Ste
31 1 2

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
Now,
St e p
4
Exercise (Step4):

Now,
St e p
4
Exercise (Step4):

Now,
St e p
4
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

CHAPTER 3-4 : Symmetric Cryptography, AES...

 Revision : Symmetric Cryptography, Essential Encryption Algorithms
 AES History, and Principle…
 AES Description…
 Essential AES Steps: (04) : Step 0 First !!!
o Setp 1 : SubBytes
o Step 2 : ShiftRows
o Step 3 : MixColumns
o Step 4 : AddRoundKey
 AES Key EXPANSION… !!!

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
AES 128 : Plain Text : 128Bits

Enc vs Dec
En c n d s
R ou
ry pt
io n
Rou
Las
nd
t

Cipher Text : 128Bits
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES Key EXPANSION… !!!
 Key Schedule. The only thing left to describe is how Rijndael computes the round keys
from the main key.
 Main key is 128 bits long, and we need to produce 11 round keys K0,... ,K11
 All of which consist of four 32-bit words.
 Each word corresponding to a column of a matrix as described above.
 The key schedule makes use of a round constant which we shall denote by :

RCi = xi (mod x8 + x4 + x3 + x + 1).
 We label the round keys as (W4i,W4i+1,W4i+2,W4i+3) where i is the round.
 The initial main key is first divided into four 32-bit words (k0, k1, k2, k3).
 Round keys (computed Algorithm), where RotBytes: function which rotates a word to
left by a single byte, and SubBytes: Rijndael encryption S-Box to every byte in a word.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Algorithm 8.3: Rijndael Key Schedule

o W0 = K0,W1 = K1,W2 = K2,W3 = K3
o for i= 1 to 10 do
o T=RotBytes(W4i−1)
o T=SubBytes(T)
o T= TXorRCi
o W4i = W4i−4 XorT
o W4i+1 = W4i−3 XorW4i
o W4i+2 = W4i−2 XorW4i+1
o W4i+3 = W4i−1 XorW4i+2
o end

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

AES is widely used in many applications which require secure data storage and
transmission:
Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to
ensure data confidentiality and prevent unauthorized access.
Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This
helps protect personal information, financial records, and other confidential data from unauthorized access
in case of a data breach.
Secure communications: AES is widely used in protocols like such as internet
communications, email, instant messaging, and voice/video calls. It ensures that the data
remains confidential.
Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and
other storage media, protecting it from unauthorized access in case of loss or theft.
Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the
communication between a user’s device and a remote server. It ensures that data sent and
received through the VPN remains private and cannot be deciphered by eavesdroppers.
Secure Storage of Passwords: AES encryption is commonly employed to store passwords
securely. Instead of storing plaintext passwords, the encrypted version is stored. This adds an
extra layer of security and protects user credentials in case of unauthorized access to the
storage.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh