Page 46 - DCAP516_COMPUTER_SECURITY
P. 46
Computer Security
Notes Description of the Cipher
AES is based on a design principle known as a Substitution permutation network. It is fast in
both software and hardware. Unlike its predecessor, DES, AES does not use a Feistel network.
AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael can
be specified with block and key sizes in any multiple of 32 bits, with a minimum of 128 bits. The
blocksize has a maximum of 256 bits, but the keysize has no theoretical maximum.
AES operates on a 4×4 column-major order matrix of bytes, termed the state (versions of Rijndael
with a larger block size have additional columns in the state). Most AES calculations are done in
a special finite field.
The AES cipher is specified as a number of repetitions of transformation rounds that convert the
input plaintext into the final output of ciphertext. Each round consists of several processing
steps, including one that depends on the encryption key. A set of reverse rounds are applied to
transform ciphertext back into the original plaintext using the same encryption key.
High-level description of the algorithm
1. KeyExpansion—round keys are derived from the cipher key using Rijndael’s key schedule
2. Initial Round
(i) AddRoundKey—each byte of the state is combined with the round key using bitwise
xor
3. Rounds
(i) SubBytes—a non-linear substitution step where each byte is replaced with another
according to a lookup table.
(ii) ShiftRows—a transposition step where each row of the state is shifted cyclically a
certain number of steps.
(iii) MixColumns—a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
(iv) AddRoundKey
4. Final Round (no MixColumns)
(i) SubBytes
(ii) ShiftRows
(iii) AddRoundKey
The SubBytes Step
In the SubBytes step, each byte in the state is replaced with its entry in a fixed 8-bit lookup table,
S; b = S(a ).
ij ij
In the SubBytes step (Figure 4.3), each byte in the matrix is updated using an 8-bit substitution
box, the Rijndael S-box. This operation provides the non-linearity in the cipher. The S-box used
8
is derived from the multiplicative inverse over GF(2 ), known to have good non-linearity
properties. To avoid attacks based on simple algebraic properties, the S-box is constructed by
combining the inverse function with an invertible affine transformation. The S-box is also
chosen to avoid any fixed points (and so is a derangement), and also any opposite fixed points.
40 LOVELY PROFESSIONAL UNIVERSITY
