most widely used symmetric cipher today

Overview

Rjindael Cipher
block length 128 bits
key can be 128, 192, or 256 bits long
number of rounds depend on key length (10-14)

flowchart LR
	P[PLAINTEXT]
	A[Key Addition]
	B[S-Box]
	C["Diffusion (shiftrows/mixcolumns)"]
	D[CIPHERTEXT]
	
	P --> A --> B --> C
	B --> D
	C --> A

$8 \times 8$ S-box
byte wise permutation Shift rows
mix columns
key addition

Internal Structure

imagine state as 16 byte 4x4 matrix

A_{0} A_{1} A_{2} A_{3} A_{4} A_{5} A_{6} A_{7} A_{8} A_{9} A_{10} A_{11} A_{12} A_{13} A_{14} A_{15}

Byte Substitution Layer

S (A_{i}) = B_{i}

only non-linear element. bijective mapping.

No fixed points $S (A_{i}) \neq = A_{i}$
No opposite fixed points $S (A_{i}) \oplus A_{i} \neq = FF$

Mathematical Basis:

flowchart LR

	A[A]
	B[B]
	C["GF(2) Inverse"]
	D[affine map]
	
	A --> C --> D --> B

the affine map involves a constant bitmatrix multiplication followed by the addition of a constant 8-bit vector on the result of the $GF (2)$ inverse (Math Basics)

Diffusion Layer

Shift Rows

A_{0} A_{1} A_{2} A_{3} A_{4} A_{5} A_{6} A_{7} A_{8} A_{9} A_{10} A_{11} A_{12} A_{13} A_{14} A_{15} \to B_{0} B_{5} B_{10} B_{15} B_{4} B_{9} B_{14} B_{3} B_{8} B_{13} B_{2} B_{7} B_{12} B_{1} B_{6} B_{11}

first row ← no shift
second row ← one left shift
third row ← two left shift
fourth row ← three left shift

Mix Columns

new columns formed by multiplying each column with a constant matrix

C_{0} C_{1} C_{2} C_{3} = 2113321113211132 \cdot B_{0} B_{5} B_{10} B_{15}

TIP

after only 3 rounds every byte of the state matrix depends on all 16 plaintext byes

this matrix multiplication takes place in the $GF (2)$ field.

Additions are just XOR
multiplication is also in $GF (2)$ as shown in Math Basics
the constants 0x01, 0x02, 0x03 were chosen specifically because the software implementation of this multiplication is easy
- multiplication by 0x01 is just the identity
- multiplication by 0x02 is just a left shift (into $x$ ) followed by reduction with the AES polynomial
- multiplication by 0x03 is a left shift added to the original polynomial followed by the modular reduction
- 0x02 and 0x03 are usually implemented with lookup tables though

Key Addition

simple XOR with round key

Key Schedule

precomputation:
on-the-fly:

Decryption

Modes of Operation

for messages with more than block size number of bits OR for construction of stream ciphers

flowchart TB
	A[modes]
	B[deterministic]
	C[probabilistic]
	D[Block Cipher]
	E[Stream Cipher]
	F[ECB]
	G[CBC]
	H[OFB]
	I[CFB]
	J[Counter]
	
	A --> B --> F
	A --> C --> D
		  C --> E
	            D --> G
	            E --> H
	            E --> I
	            E --> J

1. Electronic Codebook

deterministic: same plaintext always same ciphertext for given key
very very very very insecure never use
(most straightforward application, just AES on each received block)

2. Cipher Block Chaining Mode

probabilistic: same message encrypted at different times have different ciphertexts
uses an initialization vector (IV)
ciphertexts chained together

y_{1} y_{2} = E_{k} (IV \oplus x_{1}) = E_{k} (y_{1} \oplus x_{2}) = \dots

3. Output Feedback Mode

random key stream (continuous keys)
initial IV
these two will essentially keep generating random numbers of block size
that output is added to the IV and used in the next encryption
and the output is xored with the message stream to encrypt the message

4. Cipher Feedback Mode

same thing as above but the encrypted message is used as IV in the next encryption instead

5. Counter Mode

instead of passing encrypted message/output into new IV, just maintain a counter
eg 96 bit IV + 32 bit counter

subzcuber's notes

Explorer

Advanced Encrpytion Standard

Overview

Internal Structure

Byte Substitution Layer

Diffusion Layer

Shift Rows

Mix Columns

Key Addition

Key Schedule

Decryption

Modes of Operation

1. Electronic Codebook

2. Cipher Block Chaining Mode

3. Output Feedback Mode

4. Cipher Feedback Mode

5. Counter Mode

Table of Contents

Backlinks