rijndael - AES Proposal: Rijndael Joan Daemen, Vincent...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Authors: Joan Daemen Vincent Rijmen 7KH 5LMQGDHO %ORFN &LSKHU $(6 3URSRVDO Document version 2, Date: 03/09/99 Page: 1 / 45 AES Proposal: Rijndael Joan Daemen, Vincent Rijmen Joan Daemen Proton World Int.l Zweefvliegtuigstraat 10 B-1130 Brussel, Belgium daemen.j@protonworld.com Vincent Rijmen Katholieke Universiteit Leuven, ESAT-COSIC K. Mercierlaan 94 B-3001 Heverlee, Belgium vincent.rijmen@esat.kuleuven.ac.be Table of Contents 1. Introduction 4 1.1 Document history 4 2. Mathematical preliminaries 4 2.1 The field GF(2 8 ) 4 2.1.1 Addition 4 2.1.2 Multiplication 5 2.1.3 Multiplication by x 6 2.2 Polynomials with coefficients in GF(2 8 )6 2.2.1 Multiplication by 7 3. Design rationale 8 4. Specification 8 4.1 The State, the Cipher Key and the number of rounds 8 4.2 The round transformation 10 4.2.1 The ByteSub transformation 11 4.2.2 The ShiftRow transformation 11 4.2.3 The MixColumn transformation 12 4.2.4 The Round Key addition 13 4.3 Key schedule 14 4.3.1 Key expansion 14 4.3.2 Round Key selection 15 4.4 The cipher 16 5. Implementation aspects 16 5.1 8-bit processor 16 5.2 32-bit processor 17 5.2.1 The Round Transformation 17 5.2.2 Parallelism 18 5.2.3 Hardware suitability 19 5.3 The inverse cipher 19 5.3.1 Inverse of a two-round Rijndael variant 19 5.3.2 Algebraic properties 20 5.3.3 The equivalent inverse cipher structure 20 5.3.4 Implementations of the inverse cipher 21 6. Performance figures 23 6.1 8-bit processors 23 6.1.1 Intel 8051 23
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Authors: Joan Daemen Vincent Rijmen 7KH 5LMQGDHO %ORFN &LSKHU $(6 3URSRVDO Document version 2, Date: 03/09/99 Page: 2 / 45 6.1.2 Motorola 68HC08 23 6.2 32-bit processors 24 6.2.1 Optimised ANSI C 24 6.2.2 Java 25 7. Motivation for design choices 25 7.1 The reduction polynomial m ( x )2 5 7.2 The ByteSub S-box 26 7.3 The MixColumn transformation 27 7.3.1 Branch number 27 7.4 The ShiftRow offsets 27 7.5 The key expansion 28 7.6 Number of rounds 28 8. Strength against known attacks 30 8.1 Symmetry properties and weak keys of the DES type 30 8.2 Differential and linear cryptanalysis 30 8.2.1 Differential cryptanalysis 30 8.2.2 Linear cryptanalysis 30 8.2.3 Weight of differential and linear trails 31 8.2.4 Propagation of patterns 31 8.3 Truncated differentials 36 8.4 The Square attack 36 8.4.1 Preliminaries 36 8.4.2 The basic attack 36 8.4.3 Extension by an additional round at the end 37 8.4.4 Extension by an additional round at the beginning 37 8.4.5 Working factor and memory requirements for the attacks 38 8.5 Interpolation attacks 38 8.6 Weak keys as in IDEA 38 8.7 Related-key attacks 39 9. Expected strength 39 10. Security goals 39 10.1 Definitions of security concepts 39 10.1.1 The set of possible ciphers for a given block length and key length 39 10.1.2 K-Security 40 10.1.3 Hermetic block ciphers 40 10.2 Goal 40 11. Advantages and limitations 41 11.1 Advantages 41 11.2 Limitations 41 12. Extensions 42 12.1 Other block and Cipher Key lengths 42 12.2 Another primitive based on the same round transformation 42 13. Other functionality 42 13.1 MAC 42 13.2 Hash function 43 13.3 Synchronous stream cipher 43 13.4 Pseudorandom number generator 43 13.5 Self-synchronising stream cipher 43 14. Suitability for ATM, HDTV, B-ISDN, voice and satellite 44 15. Acknowledgements 44
Background image of page 2
Authors: Joan Daemen Vincent Rijmen
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 45

rijndael - AES Proposal: Rijndael Joan Daemen, Vincent...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online