1.

INTRODUCTION
Extensive research has been done in the areas of improving encryption standards, providing
better hardware as well as software architecture for implementing security and keeping the cost
sensitivity, low disk space and the energy constraints in check. This can be implemented using
hardware and software. The advantages of software implementation are portability and flexibility
but it offers only limited physical security, especially with respect to key storage and speed.
When data is integrated in the design, the hardware implementation is more physically secure
and performs in a high speed but has a limited flexibility. The Data Encryption Standard (DES)
which was used earlier for data encryption is being replaced with Advanced Encryption Standard
(AES), because DES uses only a very small 56 bit key length. The longer the key length, the
more secure is the key. Using larger key length makes more possible keys to search, which
makes the algorithm to be more secure. AES has larger key length and has been efficiently
implemented both in hardware and software. The National Institute of Standards and Technology
(NIST) on January 2, 1997 invited proposals for new algorithms for the AES, where both
hardware and software performance measures were also included in their efficiency testing. In
October 2000, NIST had chosen Rijndael as the Advanced Encryption Algorithm which was
designed by Joan Daemen and Vincent Rijmen. This project primarily focuses on AES
encryption algorithm of key length 128 bit, briefs its architecture, and evaluates the performance
of the algorithm using software models with slight modifications to improve the security level.

2. AES ALGORITHM
AES algorithm can be operated in four modes, Electronic Code Block mode (ECB), Cipher
Block chain mode (CBC), Cipher feedback (CFB), Output Feedback (OFB). In ECB mode, data
block is directly encrypted to form the cipher text and other three modes belong to feedback.
ECB mode can be achieved with high speed as it can simultaneously process multiple blocks.
Based on this looping structure, the following architecture options were investigated so as to
yield optimization of AES algorithm as iterative looping.
The Rijndael AES algorithm uses a symmetric key block cipher both in encryption and
decryption. At the start of encryption, input is copied to the State array. State array is nothing but
a 4 x 4 matrix of bytes. The encryption algorithm encrypts one block of data at a time to produce
the encrypted data block with the use of a secret key. The decryption is simply the reverse of the
encryption, and each operation is the inverse of the corresponding one in encryption. The data
block length is fixed to 128 bits, while the key length can be 128, 192, or 256 bits. Each data
block is rearranged in a matrix form. AES algorithm is an iterative algorithm and each iteration
is called a round. The number of bytes in a row of key length is given by equation

N = L / (8 X Br)
where, N is the number of bytes, L is the block length in bits, and Br is the number of rows in a
state array matrix. Each round is iterated 10 times for a 128-bit length key, 12 times for a 192-bit
key and 14 times for 256 bit key with 4,6 and 8 bytes in a row of key lengths respectively. Each
round uses four transformations and inverses but finalround excludes MixColumn
transformations.

Figure1. Flowchart of AES Encryption algorithm

The flow of the AES encryption process is given with figure 1 in which the there will be
existence of variability in the round elements based on the round number Nr.

2.1 AES structure:

AES is an iterated block cipher where it a repeat set of transformations called a round
transformation :

AES (State,CipherKey)
{
KeyExpansion(CipherKey,ExpandedKey);
AddRoundKey(State,ExpandedKey[0]);
For(i=1;i< ;i++)
Round (State,ExpandedKey[i]);
FinalRound (State,ExpandedKey[ ]);
}
The round transformation is consisting of four different transformations:
i) The ShiftRow transformation: the rows of the State are cyclically shifted over different
offsets.
ii) The MixColumn transformation: the columns of the State are considered as polynomials
over GF (28 ) and multiplied modulo x4 +1 with a fixed polynomial c( x ).
iii) The Round Key addition: a Round Key is applied to the State by a simple bitwise EXOR.
iv) The ByteSub transformation: is a non-linear byte substitution, operating on each of the
State bytes
independently depending on substitution table (or S-box ) which is invertible and is constructed
by the composition of two transformations:
a) First, taking the multiplicative inverse in GF(28).
b)Then, applying an affine (over GF(2) ) transformation.
A round can be represented as follows:
Round(State , ExpandedKey[i])
{
SubBytes(State);
ShiftRows(State);
 MixColumns(State);
AddRoundKey(State,ExpandedKey[i]);
}
The final round of the cipher is slightly different as below which misses the MixColumns stage:
Round(State,ExpandedKey[ ])
{
SubBytes(State);
ShiftRows(State);
AddRoundKey(State,ExpandedKey[ ]);
}

3. MATHEMATICAL BACK GROUND:

3.1. Finite Field Arithmetic’s:

The following section introduces the different representation forms of a byte and discusses the basic
arithmetic’s of finite fields.

A finite field, also called a Galois Field [3], [2], is a field with only finitely many elements. The finite
field GF(28) e. g. consists of the 28 = 256 different numbers (0 . . . 255) represented by one byte
(8 bits). Special xor- and modulo-operations, explained in detail in the following sections, make
sure that the sum and the product of two finite field elements remain within the range of the
original finite field.

The following sections convert an example through the usual representation forms of a finite field
element.

3.1.1 Binary Representation

A byte consists of 8 bits, leading to the binary representation of an arbitrarily chosen example:

10100011b
 3.1.2 Decimal Representation

This example can be represented in decimal form by multiplying every bit by its corresponding
power of two:

1 · 27 + 0 · 26 + 1 · 25 + 0 · 24 + 0 · 23 + 0 · 22 + 1 · 21 + 1 · 20 = 27 + 25 + 21 + 20

= 128 + 32 + 2 + 1 = 163d

3.1.3 Hexadecimal Representation

The numbers 0 . . . 15 can be expressed by a group of four bits called a nibble. The numbers
10 . . . 15 cannot be represented by a single decimal digit (0 . . . 9) and are
therefore”abbreviated” by the letters A . . . F in hexadecimal notation.
Binary presentation Decimal Equivalent Hexadecimal Equivalent
0000 0 0
0001 1 1
0010 2 2
0011 3 3
0100 4 4
0101 5 5
0110 6 6
0111 7 7
1000 8 8
1001 9 9
1010 10 A
1011 11 B
1100 12 C
1101 13 D
1110 14 E
1111 15 F

Table1. Usual representation forms of a finite field element

The conversion from binary to hexadecimal is now very straightforward. The byte is divided into
two nibbles and each nibble is represented by its hexadecimal digit:
Ex: (10100011)h = 1010 0011 = A3h
Ah 3h

For the conversion from hexadecimal back to decimal every hexadecimal digit is multiplied by its
valence: The left digit is multiplied by 16, while the right one is multiplied by 1 and is therefore
just added:

A3h = A · 24 + 3 · 20 = 10 · 16 + 3 · 1 = 160 + 3 = 163d

3.2 Polynomial Multiplication

Two polynomials are multiplied by multiplying each summand of the first polynomial
by (every summand of ) the second polynomial and adding the coefficients of like powers

Figure 3: ”Classical” polynomial multiplication (curtsey : Wikipedia)

Once again, some coefficients of the resulting polynomial in Figure 3 are 2 or even 3 and have to be
treated differently. The generalization of the xor-concept would now omit every power having an
even coefficient and reduce every odd coefficient to 1, leading to a polynomial of
x 13 + x 8 + x7 + x 4 + x3 + 1
On the bit level (see Figure 4) the same result is achieved by shifting the second byte one bit to the
left for every bit in the first byte. If a bit in the first byte is 0, a 0-byte is used instead of the
second byte. Finally all corresponding bits are xor’ed.

Unfortunately the resulting polynomial (7) has a degree greater than 7, can therefore not be
expressed in one byte (i. e. it is not a GF(28) element) and has to be transformed back into the ”byte
range” by the modulo division described in the next section.
 Figure4: Binary polynomial multiplication (curtsey: Wikipedia)

3.3 Polynomial Division

The manual algorithm to divide two polynomials is depicted in Figure 5.

Figure 5:”Classical” polynomial division (curtsey: Wikipedia)

The greatest power of the numerator (x13) is divided by the greatest power of the denom-
inator (x8) yielding the first resulting term (x5). This term is multiplied by the complete
denominator (® x13 + x9 + x8 + x6 + x5) and subtracted from the numerator, resulting in a new
numerator (-x9 + x7 - x6 - x5 + x4 + x3 + 1). This procedure is repeated until the greatest power of
the new numerator has become less than the greatest power of the denominator. The final numerator
(x7 - x6 + 2x4 + x3 + x2 + x + 1) is the remainder of this modulo operation. Applying
the”generalized xor-rules” to the remainder leaves the desired byte-conform polynomial:

x7 + x 6 + x3 + x 2 + x + 1
The bit level operations illustrated in Figure 6 achieve the same result by bit-wise shift and xor
operations: The denominator is shifted to the left until its most significant bit (MSB) matches the
MSB of the numerator. The subtraction is then performed via xor, resulting in a new, smaller
numerator. The shifting and xor-ing is repeated, until the resulting numerator (the remainder) fits
into one byte

Figure 6: Binary polynomial division (curtsey: Wikipedia)

4. DATA UNIT PRESENTATION & STRUCTURE OF AES :

The data to be encrypted is represented as matrix of bytes called State Matrix. As shown in fig.7
the presenation as a matrix, AES process will be initiated & each matrix value is byte valued.
After the representation of the input data as a matrix the individula column elements form
WORD which is of value 4 bytes. This word representation will be very helpful while going for
the key generation which is essential for symetric cryptography.

S00 S01 S02 S03

S10 S11 S12 S13
S20 S21 S22 S23
S30 S31 S32 S33 S00
S10
word
S20 W0
S30
(4 bytes)

Fig7. State Matrix

The individual bytes of the state table are processed for the encryption using keys and the
process of encryption is classified as modules and can be depicted by means of following fig8.
Fig 8 . AES round Discription (curtasy : Google images)
AES is a cipher that encrypts & decrypts a data block of 128 bits. It uses 10, 12, or 14 rounds.
The key size, which can be 128,192,256 bits, depends on number of rounds. The
generalized design of the AES encryption is shown in fig.9. The Design for the
decryption is similar to that of encryption but round keys are applied in reverse order.

Fig.9. ENCRYPTION & DECRYPTION PROCESS

4.1. AddRoundKey
During each round of an AES process, a separate 128-bit round key is used. The round keys are
derived from the cipherkey using a key expansion routine. The AddRoundKey operation is a
simple bit-by-bit XOR operation between the state and the round key. An AES process requires a
total of Nr+1 AddRoundKey operations, as an additional 'initial' AddRoundKey operation is
performed prior to the round operations. For an AES encryption process this initial
AddRoundKey operation XORs the plaintext with the cipherkey.

There is a need for an additional AddRoundKey operation during an AES process, as there are Nr
rounds and Nr+1 subkeys.

4.2. SubBytes and InvSubBytes

The Substitution mechanism in AES is done for each byte & only one table is used for every
byte, which means that if two bytes are same, their transformation is also same. The
transformation is defined by either a table look-up process or mathematical calculation in the
GF(28) field. The substitution box for SubBytes transformation is derived from GF(28) field by
taking predefined irreducable polynomial ( polynomial which will have no factors). The contents
of the state box are substituted with reference to the SubBytes transformation table & can be
shown in fig.10.
 Fig.10 SubByte Transformation

The irreducible polynomial to derive the elements of the substitution table by GF(2 8) field
defined as X8 + X4 +X3 + X +1 and as steps the process is discribed for SubByte process.

• Finding the Multiplicative Invers of the Byte value.

• Byte to Matrix conversion.

• Matrix multiplication with constant square matrix X

• Matrix Addition of above result with the column matrix y, which cosists the initial value
for combination 00, the 1X1 element in subByte transformation table.

Ex: 63, the 1X1 element

• Matrix to byte conversion.

For the InvSubBytes process steps will be carries in reverse manner with inverse value of the
constant matrix X. by modifying 1X1 element or the constant matrix, the respective table
byte value will changes. This gives more security in a simple manner for the entire AES
process.

| 0 1 2 3 4 5 6 7 8 9 a b c d e f
---|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|
0 |63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76
1 |ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0
2 |b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15
3 |04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75
4 |09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84
5 |53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf
6 |d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8
7 |51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
8 |cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73
9 |60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
a |e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
b |e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
c |ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
d |70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
e |e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
f |8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16
 S-Box for Encryption Process (curtsey : http://en.wikipedia.org/wiki/Rijndael_S-box)

| 0 1 2 3 4 5 6 7 8 9 a b c d e f
---|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|--|
0 |52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb
1 |7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb
2 |54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e
3 |08 2e a1 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25
4 |72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92
5 |6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9d 84
6 |90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06
7 |d0 2c 1e 8f ca 3f 0f 02 c1 af bd 03 01 13 8a 6b
8 |3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73
9 |96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e
a |47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b
b |fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4
c |1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f
d |60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef
e |a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61
f |17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d

S-Box for Decryption Process (curtsey : http://en.wikipedia.org/wiki/Rijndael_S-box)

4.3 ShiftRows and InvShiftRows

The Shift Rows operation changes the order of bytes in each row of the state. The first row is not
affected by this transformation. The second row is shifted cyclically to left by one byte, the third
row by two and the fourth row by three bytes as seen in figure 11. The inverse operation
InvShiftRows is quite similar in style, with only the cyclic shifts made to the right.
 Fig. 11 : Shift and inverse Shift row transformation

Courtasy : http://www.iis.ee.ethz.ch/~kgf/acacia

4.4 MixColumns and InvMixColumns

MixColumns is a 32-bit operation that transforms four bytes of each column in the state. The new
bytes of the column S’r,c are obtained by the given constant matrix multiplication in GF(28). If the
polynomial representation of binary numbers is used, the multiplication process is carried as
shown in fig13. where Snc (n=0 to 3) represent the original byte column in the state matrix and
S’nc(n=0 to 3) represent corresponding modified state matrix column values.

S’0C X X+1 1 1 S0C

S’1C 1 X X+1 1 S1C

S’2C 1 1 X X+1 S2C

S’3C X+1 1 1 X S3C

Fig13. : Mix Columns Representation

4.5 Key generation:

The key expansion routine is used to generate the roundkeys from the cipherkey. The AES
standard defines the key expansion operations on four byte words called wi. A subkey is
composed of four such words. The key expansion for AES-128 is relatively straightforward:

1. The first subkey (w3,w2,w1,w0) corresponds to the cipher key itself.

2. The following words wi are calculated recursively from this initial set of words using a

simple XOR function:

for all values of i that are not multiples of 4 i.e. if(I mod 4) ≠ 0 then

W i = W i-1 W i-4

3. For the words with indices that are a multiple of 4 (w4k), a special transformation is

used. First, the byte ordering of w4k-1 is changed by cyclic left shift, and then the

SubBytes function is applied to all four bytes. In the AES standard these operations are

named RotWord and SubWord respectively. The result is XOR'ed with Wi-4 and a round

constant Rconi/4 applied within a constant ‘t’.

If (I mod 4) =0, W I = t W i-4 , Here ‘t’ is a temporary word is a result of applying

mentioned two routines, SubWord & RotWord on Wi-1 & XORing the result with a Round
Constants Rcon. The final value of the temporary word ‘t’ is given to be :

T= SubWord(RotWord(W i-1)) Rcon i/4

For AES-128 version with 10 rounds there are total 44 Words and as a schematic the key
expansion can be shown in fig. 14.
 Fig14. Key Expansion

Where ti temporary words for i=4 Nr, where Nr is Number of rounds, i is round value and is
carried as shown in fig15.
RCon(i/4
)

W RotWord SubWord
ti
i-1

Fig15. Temporary word generation

5. DESIGN PRINCIPLES OF THE PROPOSED OF MAES

In the process of image security using AES cryptographic method, there exist some challenging
issues viz. statistical and brute force attacks, memory space requirements and execution speed. to
improve the efficiency of the algorithm in the view of security as well as not effecting the speed
and the memory space requirements various modifications are carried. The major modifications
are at the modules viz. the substitution box (S-BOX) design which is required at Sub Bytes stage,
choosing various Constant matrix at the stage of matrix multiplication and shift row processing
stage. Among all these stage modifications in shift row transformation is effective in the sense of
fast execution and complexity when compared to the modifications that are carried with other
modules. Even though the modifications in other modules rather than shift rows give reasonable
performance, they lag at the point of memory requirements and circuit complexity.

5.1 Modifications in the algorithm

In regular AES algorithms shift row transformation stage, the bytes in the last three rows shifted
over 1, 2 & 3 respectively. In the case of MAES, the modified version of Advanced Encryption
Standard, following procedure is followed for transformation.

Step 1: Examine the value of the first Row & first Column, State [0][0] value is even or odd.

Step 2: If it is odd, The Shift Rows step operates on the rows of the state matrix; it cyclically
shifts the bytes in each row by a certain offset. For MAES, the first & third rows are unchanged
& each byte of second row is shifted one to left. Similarly, the fourth row is shifted three to the
left respectively.

Step 3: If it is even, the Shift rows step operates on the rows of the stage; it cyclically shifts the
bytes in each row by a certain offset. The first & fourth are unchanged and each byte of second
row is shifted three to the right. Similarly, the third row is shifted by two respectively on to the
right.
5.2 Pseudo code expected results:

ShiftRows (byte state [4, Nb] )

begin byte t[Nb]
if state[0][0] odd numbers
for r = 1 step 1, 3
x = r mod 4
if x = 0 step 0 to x + 1
for c = 0 step 1 to Nb – 1
t[c] = state[r, (c + x) mod Nb]
end for
for c = 0 step 1 to Nb – 1
state[r,c] = t[c]

end for
end for
else
for r = 2 step 2, 4
k=0
x = r mod 4
if x = 0 step 0 to 3
for c = Nb - 1, c >= 0 , c -1
t[c] = state[x, (c + x) mod Nb , k + 1
end for
for c = 0 , c < Nb , c + 1
state[x,c] = t[c]
end for
end for
end