- AES is a block cipher intended to replace DES for commercial applications. It uses a 128-bit block size and a key size of 128, 192, or 256 bits.
AES does not use a Feistel structure. Instead, each full round consists of four separate functions:
- Byte substitution.
- Arithmetic operations over a finite field.
- XOR with a key.
Advantages of 3DES:
- Its 168-bit key length overcomes the vulnerability to brute-force attack of DES.
- Scrutiny on its encryption algorithm.
Disadvantages of 3DES:
- No support for efficient code and have slow performance.
- Uses 64-key bit size. For reasons of both efficiency and security, a larger block size is desirable.
Initial criteria of evaluating candidate security algorithms:
- Refers to effort required to cryptanalyze an algorithm.
- Actual security: compared to other algorithms (at the same key and block size).
- Randomness: the extent of randomness in the algorithm output.
- Soundness: of the math basis of the algorithm’s security.
- The algorithm should have high computational efficiency; so as to be usable is high speed applications.
- Licensing requirements: the used sub-algorithms should be world-wide and non-exclusive.
- Computational efficiency: speed of the algorithm from software hardware wise.
- Memory requirements: memory required to implement the algorithm from software and hardware wise.
Algorithm and implementation characteristics:
Flexibility: flexibility can be evaluated from following:
- Ability to accommodate additional key and block sizes.
- Range platforms that the algorithm is acceptable.
- The algorithm can be implemented as stream cipher, message authentication code generator, pseudorandom number generator, hashing algorithm etc…
- Hardwar and software suitability: ability to be implemented efficiency on hardware and software.
- Simplicity: relative simplicity of its design.
Advanced criteria of evaluating candidate algorithms:
- Strength duo to known cryptographic (from math perspective) attacks such as differential and linear cryptanalysis.
- Execution speed, performance across variety of platforms, variation of speed with key-size.
- Restricted-space environments.
- The amount of required hardware to implement the algorithm efficiency.
Attacks on implementations:
- Strength duo to physical attacks during algorithm execution to gather information about quantities such as keys.
Examples of such algorithms are:
- Time attacks.
- Observation that the power consumed by a smart card at any particular time during the cryptographic operation is related to the instruction being executed and to the data being processed.
- For example, multiplication consumes more power than addition.
- Writing 1s consumes more power than writing 0s.
Encryption versus decryption:
- If the encryption and decryption differs, then extra space is needed for decryption.
- Ability to change keys quickly and with a minimum of resources.
Other versatility and flexibility:
- Parameter flexibility: ease of support for another key and block sizes and ease of increasing the number of rounds in order to cope with newly discovered attacks.
- Implementation flexibility: possibility of optimizing cipher elements for particular environments.
- Potential for instruction-level parallelism.
The AES Cipher
- Block and key lengths can be independently specified to be: 128 (most common used), 192 or 256 bits.
Characteristics of AES Cipher:
- Resistance against all known attacks.
- Speed and code compactness over wide range of platforms.
- Design simplicity.
Notes about AES structure
- Not Feistel cipher and entire process data block in parallel during each round.
- The provided key is expanded into an array of forty-four 32-bit words, w[i]. Four distinct words (128 bits) serve as a round key for each round.
Four different stages are used, one of permutation and three of substitution:
- Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block.
- ShiftRows: A simple permutation.
- MixColumns: A substitution that makes use of arithmetic GF(28)
- AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key.
- Initial round with AddRoundKeyStage
- Followed by 9 rounds each one includes four stages.
- Tenth round that uses three stages only.
- Each stage is easily reversible.
- The decryption algorithm is not similar to the encryption algorithm. This is a consequence of the particular structures of AES.
- AES uses arithmetic in the finite field of GF(28), with irreversible polynomial
- The MixColumns step along with the ShiftRows step is the primary source of diffusion in Rijndael cipher.
- The expanded key can be seen as an array of 32-bit words (columns) numbered from 0 to 43.
- For details about AES working mechanism see this video.
- One of the prerequisites of the MixColumn stage is to know how to apply multiplication in arithmetic field GF(28).