Advanced Encryption Standard (AES)

• Superseded DES as a standard in 2002
• Standard built around the Rijnael algorithm
• Is an SP-Network with a 128-bit block size, and a key length of 128, 192 or 256 bit

AES

Built around finite fields

• Uses rounds of 4 layers, and a final round of 3
• Bytes are represented as a 4x4 block called the state

SubBytes ShiftRows Mixcolumns

S-Box

• The AES s-box is based around the multiplicative inverse of 8-bit values in GF($2^8$)
• This is a strongly non-linear mapping
• The inverse .. then undergo an affine transformation to produce the final s-box
• This destroys any remaining mathematical structures

Properties

• Simply described, and is bijective, as invertible 1:1 mapping
• Has no fixed points
• No inverse fixed points
• Minimisation of the largest non-trivial correlation between linear combinations of input bits and linear combination of output bits
• Minimisation of the largest non-trivial value in the EXOR table

AES Diffusion

Consists of two layers

1. Shift Rows
2. Mix Columns Shift rows simply moves bytes around the block

Mix columns performs a linear mixing of bytes within each column All the input bytes in a column influence all the output bytes

Implementation

1. All additions and subtractions are XOR
2. Multiply by 01 has no effect
3. Multiply by 02 (x) is simply a left shift followed by modular reduction
   • Left shift multiples by x
   • If the original $x^7$ bit was set, then we must XOR with 0x1B
4. Multiple by 03 $(x+1)$ is simply xtime(a)^a

• AES is very fast in software and pretty fast in hardware
• CPU instructions in AES-NI makes AES faster
• Much of algorithm can be converted into series of lookup tables
  • Trade-off between speed or space
• There are numerous cache-timing and other attacks possible
  • Implementation must be constant time
  • CPU instructions help mitigate this
• IN general AES is much harder to implement safely than ChaCha20