Cryptography Reference
In-Depth Information
Faster Encryption with the Advanced Encryption
Standard (AES) Algorithm
3DES works and is secure — that is, brute-force attacks against it are compu-
tationally infeasible, and it has withstood decades of cryptanalysis. However,
it's clearly slower than it needs to be. To triple the key length, you also have to
triple the operation time. If DES itself were redesigned from the ground up to
accommodate a longer key, processing time could be drastically reduced.
In 2001, the NIST announced that the
Rijndael
algorithm (
http://csrc.nist
.gov/publications/fips/fips197/fips-197.pdf
) would become the offi cial
replacement for DES and renamed it the
Advanced Encryption Standard
. NIST
evaluated several competing block-cipher algorithms, looking not just at secu-
rity but also at ease of implementation, relative effi ciency, and existing market
penetration.
If you understand the overall workings of DES, AES is easy to follow as well.
Like DES, it does a non-linear s-box translation of its input, followed by several
permutation- and shift-like operations over a series of rounds, applying a key-
schedule to its input at each stage. Just like DES, AES relies heavily on the XOR
operation — particularly the reversibility of it. However, it operates on much
longer keys; AES is defi ned for 128-, 192-, and 256-bit keys. Note that, assuming
that a brute-force attack is the most effi cient means of attacking a cipher, 128-bit
keys are
less
secure than 3DES, and 192-bit keys are about the same (although
3DES does throw away 24 bits of key security due to the parity check built into
DES). 256-bit keys are much more secure. Remember that every extra bit doubles
the time that an attacker would have to spend brute-forcing a key.
AES Key Schedule Computation
AES operates on 16-byte blocks, regardless of key length. The number of rounds
varies depending on key length. If the key is 128 bits (16 bytes) long, the number
of rounds is 10; if the key size is 192 bits (24 bytes) long, the number of rounds is
12; and if the key size is 256 bits (32 bytes), the number of rounds is 14. In general,
rounds = (key-size in 4-byte words) + 6. Each round needs 16 bytes of keying
material to work with, so the key schedule works out to 160 bytes (10 rounds
* 16 bytes per round) for a 128-bit key; 192 bytes (12 * 16) for a 192-bit key; and
224 bytes (14 * 16) for a 256-bit key. (Actually there's one extra key permutation at
the very end, so AES requires 176, 208, and 240 bytes of keying material). Besides
the number of rounds, the key permutation is the only difference between the
three algorithms.
So, given a 16-byte input, the AES key schedule computation needs to produce
176 bytes of output. The fi rst 16 bytes are the input itself; the remaining 160 bytes
are computed four at a time. Each four bytes are a permutation of the previous
four bytes. Therefore, key schedule bytes 17-20 are a permutation of key bytes
Search WWH ::
Custom Search