Skip to main content

Advanced Encryption Standard (AES)

  • Superseded DES as a standard in 2002
  • Standard built around the Rijnael algorithm
  • Is an SP-Network with a 128-bit block size, and a key length of 128, 192 or 256 bit

AES

Built around finite fields

  • Uses rounds of 4 layers, and a final round of 3
  • Bytes are represented as a 4x4 block called the state

SubBytes ShiftRows Mixcolumns

S-Box

  • The AES s-box is based around the multiplicative inverse of 8-bit values in GF(282^8)
  • This is a strongly non-linear mapping
  • The inverse .. then undergo an affine transformation to produce the final s-box
  • This destroys any remaining mathematical structures

Properties

  • Simply described, and is bijective, as invertible 1:1 mapping
  • Has no fixed points
  • No inverse fixed points
  • Minimisation of the largest non-trivial correlation between linear combinations of input bits and linear combination of output bits
  • Minimisation of the largest non-trivial value in the EXOR table

AES Diffusion

Consists of two layers

  1. Shift Rows
  2. Mix Columns Shift rows simply moves bytes around the block

Mix columns performs a linear mixing of bytes within each column All the input bytes in a column influence all the output bytes

Implementation

  1. All additions and subtractions are XOR
  2. Multiply by 01 has no effect
  3. Multiply by 02 (x) is simply a left shift followed by modular reduction
    • Left shift multiples by x
    • If the original x7x^7 bit was set, then we must XOR with 0x1B
  4. Multiple by 03 (x+1)(x+1) is simply xtime(a)^a
  • AES is very fast in software and pretty fast in hardware
  • CPU instructions in AES-NI makes AES faster
  • Much of algorithm can be converted into series of lookup tables
    • Trade-off between speed or space
  • There are numerous cache-timing and other attacks possible
    • Implementation must be constant time
    • CPU instructions help mitigate this
  • IN general AES is much harder to implement safely than ChaCha20