Professional Documents
Culture Documents
Spring 2006
http://www.abo.fi/~ipetre/crypto/
Ion Petre
Academy of Finland and
Department of IT, Åbo Akademi University
Initial criteria:
security – effort to practically cryptanalyze
cost – computational efficiency, so as to be used in high-speed applications, such as
broadband links
algorithm and implementation characteristics: should be suitable for a variety of
soft/hard implementations, simple enough to make analysis straightforward
Final criteria
general security: this was conducted by the public (academic) cryptographic
community: people published various attacks and weaknesses of the candidates
software and hardware implementation ease: execution speed, performance on
various platforms, variation of speed with key size
Attacks on implementation: timing attacks and power analysis
Multiplication consumes more power and takes more time than addition
Writing 1s consumes more power and takes more time than writing 0s
Flexibility (in encryption/decryption, key change, other factors)
1. Initialize the S-box with the byte values in ascending order row by row: first row
contains {00}, {01}, {02}, …,{0F}, second row contains {10}, {11}, {12},…,{1F},
etc.
2. Map each nonzero byte in the S-box to its multiplicative inverse in GF(28), {00} is
mapped to itself
3. Each byte in the S-box is a sequence of 8 bits (b7,b6,…,b1,b0). Apply the
following transformation to each bit of each byte:
bi’=bi⊕b(i+4)mod 8⊕b(i+5)mod 8⊕b(i+6)mod 8⊕b(i+7)mod 8⊕ci
where ci is the ith bit of {63}: (c7,c6,c5,c4,c3,c2,c1,c0)=(01100011)
Note that the Step 3 in producing the S-box is the transformation shown
bellow – in there, the addition is XOR and the multiplication is the
normal multiplication of 0 and 1
Mix Column
Transformations
Takes 128-bit (16-byte) key and expands into an array of 44 32-bit words
(each word has 4 bytes)
KeyExpansion(byte key[16], word w[44])
{
Word temp;
For (i=0;i<4; i++) // key is copied into the first 4 words
w[i]=(key[4*i], key[4*i+1],key[4*i+2],key[4*i+3])
For (i=4;i<44;i++) // the rest of the words are produced here
{
temp=w[i-1];
if (i mod 4 == 0)
temp=SubWord( RotWord(temp) ) ⊕ Rcon[i/4];
w[i]=w[i-4] ⊕ temp; // Most of the words are just XOR of two earlier values
}
}
Key is copied first into the first 4 words of the expanded key
Each added word depends on the previous word and on the one 4 positions
earlier
In 3 cases out of 4 a simple XOR is used
For every fourth word a more complex function is used
RotWord performs one-byte circular left-shift on a word: [b0,b1,b2,b3] is
transformed into [b1,b2,b3,b0]
SubWord performs a byte substitution on each byte of the input word, using the
S-box of AES
Results of step 1 and 2 are XORED with a round constant Rcon[j] (a geometric
progression with rate 2 computed in GF(28):
J 1 2 3 4 5 6 7 8 9 10
Rcon[J] {01} {02} {04} {08} {10} {20} {40} {80} {1B} {36}