Advanced Encryption Standard (AES)
- Superseded DES as a standard in 2002
- Standard built around the Rijnael algorithm
- Is an SP-Network with a 128-bit block size, and a key length of 128, 192 or 256 bit
AES
Built around finite fields
- Uses rounds of 4 layers, and a final round of 3
- Bytes are represented as a 4x4 block called the state
SubBytes ShiftRows Mixcolumns
S-Box
- The AES s-box is based around the multiplicative inverse of 8-bit values in GF()
- This is a strongly non-linear mapping
- The inverse .. then undergo an affine transformation to produce the final s-box
- This destroys any remaining mathematical structures
Properties
- Simply described, and is bijective, as invertible 1:1 mapping
- Has no fixed points
- No inverse fixed points
- Minimisation of the largest non-trivial correlation between linear combinations of input bits and linear combination of output bits
- Minimisation of the largest non-trivial value in the EXOR table
AES Diffusion
Consists of two layers
- Shift Rows
- Mix Columns Shift rows simply moves bytes around the block
Mix columns performs a linear mixing of bytes within each column All the input bytes in a column influence all the output bytes
Implementation
- All additions and subtractions are XOR
- Multiply by 01 has no effect
- Multiply by 02 (x) is simply a left shift followed by modular reduction
- Left shift multiples by x
- If the original bit was set, then we must XOR with
0x1B
- Multiple by 03 is simply
xtime(a)^a
- AES is very fast in software and pretty fast in hardware
- CPU instructions in AES-NI makes AES faster
- Much of algorithm can be converted into series of lookup tables
- Trade-off between speed or space
- There are numerous cache-timing and other attacks possible
- Implementation must be constant time
- CPU instructions help mitigate this
- IN general AES is much harder to implement safely than ChaCha20