0263 03F2 017D 01D4 Multiplication by 2 Left shift by 1 bit padding the least

# 0263 03f2 017d 01d4 multiplication by 2 left shift by

This preview shows page 70 - 90 out of 119 pages.

02*63 03*F2 01*7D 01*D4 Multiplication by 2: Left shift by 1 bit, padding the least significant bit (LSB) with 0 If the most significant bit was 1 before shift, XOR the result with 1B 16 or 0001 1011 2 Multiplication by 3: Write 3*x = (10 01) * x = 2*x x Therefore, the above formula becomes: 02*63 ( 02*F2 F2 ) 01*7D 01*D4 70 Example 02*63 63 16 = 0110 0011 2 Left shift by 1 bit: 1100 0110 2 = C6 16 02*F2 F2 16 = 1111 0010 2 MSB = 1, need to add 1B 16 to the left shift result Left shift by 1 bit: 1110 0100 2 = E4 16 Result will be E4 16 1B 16 Therefore 02*63 ( 02*F2 F2 ) 01*7D 01*D4 = C6 (E4 1B F2) 7D D4 = 62 Online tool: 71 Alternative Method All the matrix entries are elements of the Galois field GF(2 8 ), using irreducible polynomial x 8 +x 4 +x 3 +x+1 02*63 02 = 0000 0010 x 63 = 0110 0011 x 6 + x 5 + x + 1 02*63 x * (x 6 + x 5 + x + 1) = x 7 + x 6 + x 2 + x It corresponds to 1100 0110 = C6 03*F2 03 = 0000 0011 x + 1 F2 = 1111 0010 x 7 + x 6 + x 5 + x 4 + x 03*F2 = (x + 1)*(x 7 + x 6 + x 5 + x 4 + x) = (x 8 + x 7 + x 6 + x 5 + x 2 ) + (x 7 + x 6 + x 5 + x 4 + x) = x 8 + x 4 + x 2 + x 72 Alternative Method Divide the result by x 8 +x 4 +x 3 +x+1 1 (Q) x 8 +x 4 +x 3 +x+1 x 8 + x 4 + x 2 + x x 8 + x 4 +x 3 + x+1 x 3 + x 2 +1 (R) Remainder is the result: 03*F2 = 0000 1101 = 0D Therefore 02*63 03*F2 01*7D 01*D4 = C6 0D 7D D4 = 62 73 Exercise Verify the MixColumn result 74 Operation in Each Round 75 AddRoundKey adds (i.e. xor) a round key word with each state column matrix 76 How can we get the round key? AES uses a key-expansion process If the number of rounds is N r , the key-expansion routine creates N r + 1 128-bit round keys from one single 128-bit cipher key 1 word = 4 bytes = 32 bits 1 round key = 4 words 77 AES-128 bit Key Expansion 78 AES-128 bit Key Expansion Words for each round 79 RotWord & SubWord RotWord: Perform simple cyclic permutation of a word [a 0 ,a 1 ,a 2 ,a 3 ] [a 1 ,a 2 ,a 3 ,a 0 ] SubWord: applies the S-box value used in SubBytes to each of the 4 bytes in the argument 80 Rcon Constants 81 SubBytes Transformation Table The S-box used is derived from the multiplicative inverse over GF(2 8 ) with an invertible affine transformation 82 Example Given the cipher key (24 75 A2 B3 34 75 56 88 31 E2 12 00 13 AA 54 87 ) 16 w 0 = 24 75 A2 B3 w 1 = 34 75 56 88 w 2 = 31 E2 12 00 w 3 = 13 AA 54 87 Calculate t 4 Input: w 3 = 13 AA 54 87 RotWord AA 54 87 13 SubWord: Subbytes ( AA 54 87 13 ) (AC 20 17 7D) Rcon (4/4) = Rcon(1) = 01 00 00 00 ( AC 20 17 7D) ( 01 00 00 00) = AD 20 17 7D 83 Example w 4 = t 4 w 0 = (AD 20 17 7D) (24 75 A2 B3) = (89 55 B5 CE) w 5 = w 4 w 1 = (89 55 B5 CE) ( 34 75 56 88) = (BD 20 E3 46) w 6 = w 5 w 2 = (BD 20 E3 46) (31 E2 12 00) = (8C C2 F1 46) w 7 = w 6 w 3 = (8C C2 F1 46) ( 13 AA 54 87) = (9F 68 A5 C1) ... 84 Summary of Round Operation 85 Overall flow Original Design 86 Overall flow Alternate Design 87 Rijndael in C 88 /* BC byte count rk round key S sbox*/ /* plaintext in a */ KeyAddition(a,rk,BC); /* ROUNDS-1 ordinary rounds */ for(r = 1; r < ROUNDS; r++) { Substitution(a,S,BC); ShiftRow(a,0,BC); MixColumn(a,BC); KeyAddition(a,rk[r],BC); } /* Last round is special: there is no MixColumn */ Substitution(a,S,BC); ShiftRow(a,0,BC); KeyAddition(a,rk[ROUNDS],BC); Rijndael in hardware 8-bit processor (smartcard) addroundkey is a bytewise XOR shiftrows is byte rotates subbytes  #### You've reached the end of your free preview.

Want to read all 119 pages?

• Spring '14
• Cryptography, Advanced Encryption Standard, Block cipher, Data Encryption Standard
• • • 