Block Ciphers - Modern Cryptanalysis: Techniques for Advanced Code Breaking

Cryptography Reference

In-Depth Information

4.9 AES/Rijndael

The Rijndael algorithm was chosen by the U.S. Government as the successor to DES [2]. The Rijndael al-

gorithm (and certain parameter settings) was then dubbed the Advanced Encryption Standard (AES) .

Rijndael is a variable-sized block cipher named after its inventors, Vincent Rijmen and Joan Daemen. It is a

variant of the SPN concept, with more sophisticated and elegant variants of S-box and P-box operations.

Rijndael itself supports block sizes and key sizes of 128, 160, 192, 224, and 256 bits, although AES supports

only 128-bit blocks and keys with bit lengths of 128, 192, and 256. The number of rounds for Rijndael varies

depending on the key size and the block size. For AES (block size of 128 bits only), the number of rounds is

shown in Table 4-4 .

Table 4-4 The Number of Rounds for Different Values of the Key Length for AES

KEY LENGTH (N k ), IN WORDS

BLOCK SIZE (N b ), IN WORDS

ROUNDS (r)

4

10

6

4

12

8

4

14

Here, the values for key length and block size are the number of 32-bit words: Thus “4” corresponds to 128 bits, “6” to 192

bits, and “8” to 256 bits.

The key is, as for most of the ciphers I have been discussing, broken out into a large key schedule, derived

from the original key. This is covered in Section 4.9.3.

Rijndael breaks its blocks into a matrix, called the state , with four rows and various numbers of columns

(4-8). With block sizes of 128-256, this means that each element of the matrix is an 8-bit value. Figure 4-10

shows an example of this state.

Figure 4-10 A state associated with a 128-bit block size Rijndael, such as in AES. If the state is a 128-bit

value, then it it is split into the matrix by breaking it down: S 0,0 || S 0,1 || S 0,2 || S 0,3 || S 1,0 || S 1,1 || S 1,2 || S 1,3 || S 2,0 ||

S 2,1 || S 2,2 || S 2,3 || S 3,0 || S 3,1 || S 3,2 || S 3,3 .

4.9.1 Rijndael Encryption Algorithm

The Rijndael encryption algorithm essentially consists of four basic operations, applied in succession to each

other, and looped multiple times:

1. SubBytes — Each element of the state is run through an S-box.

2. ShiftRows — The elements of each row of the state are cyclically shifted.

3. MixColumns — Each column is run through a function to mix up its bits.

4. AddRoundKey — A portion of the key schedule is XORed with the state.

The AddRoundKey is the only portion of the algorithm dependent on the current round number and the key.

Using the above four pieces, we can specify the Rijndael encryption algorithm.

Search WWH ::

Custom Search

Home