Cryptography Reference
In-Depth Information
•
In the worst case, 3DES is still available as an alternative, and it might
continue to offer full security into the foreseeable future.
•
It is cheaper to implement one single algorithm (however, this argument
applies to hardware only).
•
The costs would be less in the event that patent claims were brought
forward by inventors of similar algorithms (I suspect this was one of the
most important reasons).
However, nobody was to be disappointed: the entire process was entirely open
and very fair. In the USA, where algorithms had been classified weapons only
a few years earlier, an algorithm developed by Belgians and studied interna-
tionally had made it to become a foundation of national security! Though the
field of use for governmental agencies is described as 'sensitive, not classified',
the NSA made a rather sloppy statement, but Rijndael will presumably form
the ciphering basis (as the NIST expects) for the next twenty years or longer
in spite of it. There is currently no reason for doubt.
The Rijndael Algorithm in Detail
That much on the background of the AES Initiative. In view of its outstanding
significance, Rijndael will be described briefly in this section. This is not par-
ticularly difficult, since it uses only bytewise substitution, byte swapping, and
the XOR operation. The following discussion uses 128-bit blocks and 128-bit
keys in the individual steps. You will find details and source texts in C and
Java on the Web site to this topic.
I will first describe Rijndael roughly for 128-bit keys.
1. A plaintext block consisting of 128 bits or 16 bytes is written into a
4
×
4 matrix column by column. Daemen and Rijmen call these matrices
'states'. The plaintext bytes are in the matrix before the first round. Each
round changes the contents of the matrix; after the 10th round, the matrix
holds the ciphertext bytes that are read column by column.
Before beginning with the encryption, the 128-bit keys for 10 rounds are
created from the 128-bit key and written in 10 matrices with 4 columns
and 4 rows each (I will skip the key generation for reasons of space,
you can find it in
algor/rijndael.ps
on our Web site). Next, the Rijndael
algorithm runs the following steps in each round:
