Академический Документы
Профессиональный Документы
Культура Документы
INTRODUCTION
Extensive research has been done in the areas of improving encryption standards, providing
better hardware as well as software architecture for implementing security and keeping the cost
sensitivity, low disk space and the energy constraints in check. This can be implemented using
hardware and software. The advantages of software implementation are portability and flexibility
but it offers only limited physical security, especially with respect to key storage and speed.
When data is integrated in the design, the hardware implementation is more physically secure
and performs in a high speed but has a limited flexibility. The Data Encryption Standard (DES)
which was used earlier for data encryption is being replaced with Advanced Encryption Standard
(AES), because DES uses only a very small 56 bit key length. The longer the key length, the
more secure is the key. Using larger key length makes more possible keys to search, which
makes the algorithm to be more secure. AES has larger key length and has been efficiently
implemented both in hardware and software. The National Institute of Standards and Technology
(NIST) on January 2, 1997 invited proposals for new algorithms for the AES, where both
hardware and software performance measures were also included in their efficiency testing. In
October 2000, NIST had chosen Rijndael as the Advanced Encryption Algorithm which was
designed by Joan Daemen and Vincent Rijmen. This project primarily focuses on AES
encryption algorithm of key length 128 bit, briefs its architecture, and evaluates the performance
of the algorithm using software models with slight modifications to improve the security level.
2. AES ALGORITHM
AES algorithm can be operated in four modes, Electronic Code Block mode (ECB), Cipher
Block chain mode (CBC), Cipher feedback (CFB), Output Feedback (OFB). In ECB mode, data
block is directly encrypted to form the cipher text and other three modes belong to feedback.
ECB mode can be achieved with high speed as it can simultaneously process multiple blocks.
Based on this looping structure, the following architecture options were investigated so as to
yield optimization of AES algorithm as iterative looping.
The Rijndael AES algorithm uses a symmetric key block cipher both in encryption and
decryption. At the start of encryption, input is copied to the State array. State array is nothing but
a 4 x 4 matrix of bytes. The encryption algorithm encrypts one block of data at a time to produce
the encrypted data block with the use of a secret key. The decryption is simply the reverse of the
encryption, and each operation is the inverse of the corresponding one in encryption. The data
block length is fixed to 128 bits, while the key length can be 128, 192, or 256 bits. Each data
block is rearranged in a matrix form. AES algorithm is an iterative algorithm and each iteration
is called a round. The number of bytes in a row of key length is given by equation
N = L / (8 X Br)
where, N is the number of bytes, L is the block length in bits, and Br is the number of rows in a
state array matrix. Each round is iterated 10 times for a 128-bit length key, 12 times for a 192-bit
key and 14 times for 256 bit key with 4,6 and 8 bytes in a row of key lengths respectively. Each
round uses four transformations and inverses but finalround excludes MixColumn
transformations.
AES (State,CipherKey)
{
KeyExpansion(CipherKey,ExpandedKey);
AddRoundKey(State,ExpandedKey[0]);
For(i=1;i< ;i++)
Round (State,ExpandedKey[i]);
FinalRound (State,ExpandedKey[ ]);
}
The round transformation is consisting of four different transformations:
i) The ShiftRow transformation: the rows of the State are cyclically shifted over different
offsets.
ii) The MixColumn transformation: the columns of the State are considered as polynomials
over GF (28 ) and multiplied modulo x4 +1 with a fixed polynomial c( x ).
iii) The Round Key addition: a Round Key is applied to the State by a simple bitwise EXOR.
iv) The ByteSub transformation: is a non-linear byte substitution, operating on each of the
State bytes
independently depending on substitution table (or S-box ) which is invertible and is constructed
by the composition of two transformations:
a) First, taking the multiplicative inverse in GF(28).
b)Then, applying an affine (over GF(2) ) transformation.
A round can be represented as follows:
Round(State , ExpandedKey[i])
{
SubBytes(State);
ShiftRows(State);
MixColumns(State);
AddRoundKey(State,ExpandedKey[i]);
}
The final round of the cipher is slightly different as below which misses the MixColumns stage:
Round(State,ExpandedKey[ ])
{
SubBytes(State);
ShiftRows(State);
AddRoundKey(State,ExpandedKey[ ]);
}
The following section introduces the different representation forms of a byte and discusses the basic
arithmetic’s of finite fields.
A finite field, also called a Galois Field [3], [2], is a field with only finitely many elements. The finite
field GF(28) e. g. consists of the 28 = 256 different numbers (0 . . . 255) represented by one byte
(8 bits). Special xor- and modulo-operations, explained in detail in the following sections, make
sure that the sum and the product of two finite field elements remain within the range of the
original finite field.
The following sections convert an example through the usual representation forms of a finite field
element.
A byte consists of 8 bits, leading to the binary representation of an arbitrarily chosen example:
10100011b
3.1.2 Decimal Representation
This example can be represented in decimal form by multiplying every bit by its corresponding
power of two:
1 · 27 + 0 · 26 + 1 · 25 + 0 · 24 + 0 · 23 + 0 · 22 + 1 · 21 + 1 · 20 = 27 + 25 + 21 + 20
= 128 + 32 + 2 + 1 = 163d
The conversion from binary to hexadecimal is now very straightforward. The byte is divided into
two nibbles and each nibble is represented by its hexadecimal digit:
Ex: (10100011)h = 1010 0011 = A3h
Ah 3h
For the conversion from hexadecimal back to decimal every hexadecimal digit is multiplied by its
valence: The left digit is multiplied by 16, while the right one is multiplied by 1 and is therefore
just added:
Once again, some coefficients of the resulting polynomial in Figure 3 are 2 or even 3 and have to be
treated differently. The generalization of the xor-concept would now omit every power having an
even coefficient and reduce every odd coefficient to 1, leading to a polynomial of
x 13 + x 8 + x7 + x 4 + x3 + 1
On the bit level (see Figure 4) the same result is achieved by shifting the second byte one bit to the
left for every bit in the first byte. If a bit in the first byte is 0, a 0-byte is used instead of the
second byte. Finally all corresponding bits are xor’ed.
Unfortunately the resulting polynomial (7) has a degree greater than 7, can therefore not be
expressed in one byte (i. e. it is not a GF(28) element) and has to be transformed back into the ”byte
range” by the modulo division described in the next section.
Figure4: Binary polynomial multiplication (curtsey: Wikipedia)
The greatest power of the numerator (x13) is divided by the greatest power of the denom-
inator (x8) yielding the first resulting term (x5). This term is multiplied by the complete
denominator (® x13 + x9 + x8 + x6 + x5) and subtracted from the numerator, resulting in a new
numerator (-x9 + x7 - x6 - x5 + x4 + x3 + 1). This procedure is repeated until the greatest power of
the new numerator has become less than the greatest power of the denominator. The final numerator
(x7 - x6 + 2x4 + x3 + x2 + x + 1) is the remainder of this modulo operation. Applying
the”generalized xor-rules” to the remainder leaves the desired byte-conform polynomial:
x7 + x 6 + x3 + x 2 + x + 1
The bit level operations illustrated in Figure 6 achieve the same result by bit-wise shift and xor
operations: The denominator is shifted to the left until its most significant bit (MSB) matches the
MSB of the numerator. The subtraction is then performed via xor, resulting in a new, smaller
numerator. The shifting and xor-ing is repeated, until the resulting numerator (the remainder) fits
into one byte
The data to be encrypted is represented as matrix of bytes called State Matrix. As shown in fig.7
the presenation as a matrix, AES process will be initiated & each matrix value is byte valued.
After the representation of the input data as a matrix the individula column elements form
WORD which is of value 4 bytes. This word representation will be very helpful while going for
the key generation which is essential for symetric cryptography.
The individual bytes of the state table are processed for the encryption using keys and the
process of encryption is classified as modules and can be depicted by means of following fig8.
Fig 8 . AES round Discription (curtasy : Google images)
AES is a cipher that encrypts & decrypts a data block of 128 bits. It uses 10, 12, or 14 rounds.
The key size, which can be 128,192,256 bits, depends on number of rounds. The
generalized design of the AES encryption is shown in fig.9. The Design for the
decryption is similar to that of encryption but round keys are applied in reverse order.
There is a need for an additional AddRoundKey operation during an AES process, as there are Nr
rounds and Nr+1 subkeys.
The irreducible polynomial to derive the elements of the substitution table by GF(2 8) field
defined as X8 + X4 +X3 + X +1 and as steps the process is discribed for SubByte process.
• Matrix Addition of above result with the column matrix y, which cosists the initial value
for combination 00, the 1X1 element in subByte transformation table.
For the InvSubBytes process steps will be carries in reverse manner with inverse value of the
constant matrix X. by modifying 1X1 element or the constant matrix, the respective table
byte value will changes. This gives more security in a simple manner for the entire AES
process.
| 0 1 2 3 4 5 6 7 8 9 a b c d e f
---|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|
0 |63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76
1 |ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0
2 |b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15
3 |04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75
4 |09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84
5 |53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf
6 |d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8
7 |51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
8 |cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73
9 |60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
a |e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
b |e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
c |ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
d |70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
e |e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
f |8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16
S-Box for Encryption Process (curtsey : http://en.wikipedia.org/wiki/Rijndael_S-box)
| 0 1 2 3 4 5 6 7 8 9 a b c d e f
---|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|
0 |52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb
1 |7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb
2 |54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e
3 |08 2e a1 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25
4 |72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92
5 |6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9d 84
6 |90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06
7 |d0 2c 1e 8f ca 3f 0f 02 c1 af bd 03 01 13 8a 6b
8 |3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73
9 |96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e
a |47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b
b |fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4
c |1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f
d |60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef
e |a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61
f |17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d
Courtasy : http://www.iis.ee.ethz.ch/~kgf/acacia
MixColumns is a 32-bit operation that transforms four bytes of each column in the state. The new
bytes of the column S’r,c are obtained by the given constant matrix multiplication in GF(28). If the
polynomial representation of binary numbers is used, the multiplication process is carried as
shown in fig13. where Snc (n=0 to 3) represent the original byte column in the state matrix and
S’nc(n=0 to 3) represent corresponding modified state matrix column values.
2. The following words wi are calculated recursively from this initial set of words using a
for all values of i that are not multiples of 4 i.e. if(I mod 4) ≠ 0 then
W i = W i-1 W i-4
3. For the words with indices that are a multiple of 4 (w4k), a special transformation is
used. First, the byte ordering of w4k-1 is changed by cyclic left shift, and then the
SubBytes function is applied to all four bytes. In the AES standard these operations are
named RotWord and SubWord respectively. The result is XOR'ed with Wi-4 and a round
For AES-128 version with 10 rounds there are total 44 Words and as a schematic the key
expansion can be shown in fig. 14.
Fig14. Key Expansion
Where ti temporary words for i=4 Nr, where Nr is Number of rounds, i is round value and is
carried as shown in fig15.
RCon(i/4
)
W RotWord SubWord
ti
i-1
In the process of image security using AES cryptographic method, there exist some challenging
issues viz. statistical and brute force attacks, memory space requirements and execution speed. to
improve the efficiency of the algorithm in the view of security as well as not effecting the speed
and the memory space requirements various modifications are carried. The major modifications
are at the modules viz. the substitution box (S-BOX) design which is required at Sub Bytes stage,
choosing various Constant matrix at the stage of matrix multiplication and shift row processing
stage. Among all these stage modifications in shift row transformation is effective in the sense of
fast execution and complexity when compared to the modifications that are carried with other
modules. Even though the modifications in other modules rather than shift rows give reasonable
performance, they lag at the point of memory requirements and circuit complexity.
Step 1: Examine the value of the first Row & first Column, State [0][0] value is even or odd.
Step 2: If it is odd, The Shift Rows step operates on the rows of the state matrix; it cyclically
shifts the bytes in each row by a certain offset. For MAES, the first & third rows are unchanged
& each byte of second row is shifted one to left. Similarly, the fourth row is shifted three to the
left respectively.
Step 3: If it is even, the Shift rows step operates on the rows of the stage; it cyclically shifts the
bytes in each row by a certain offset. The first & fourth are unchanged and each byte of second
row is shifted three to the right. Similarly, the third row is shifted by two respectively on to the
right.
5.2 Pseudo code expected results:
end for
end for
else
for r = 2 step 2, 4
k=0
x = r mod 4
if x = 0 step 0 to 3
for c = Nb - 1, c >= 0 , c -1
t[c] = state[x, (c + x) mod Nb , k + 1
end for
for c = 0 , c < Nb , c + 1
state[x,c] = t[c]
end for
end for
end