NIST (US NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY) called for a new Advanced Encryption Standard. The process for selection of this algorithm was open for the community. The following requirements for all AES submission were mandatory:
- block cypher with a 128-bit block size
- three key lengths must be supported: 128, 192 and 256 bit
- efficiency in software and hardware
NIST declared the block cipher Rijndael as the new AES and published it as a final standard in 2001.
AES is a symmetric-key block cipher. It is an iterative cipher, which means that bots decryption and encryption consist of multiple iterations of the same basic round function.
In each round, a different key is generated according to the rounds index. The number of rounds depends on the size of the key. For this project, the number of rounds is equal with 10 because of the key length is 128 bits.
The input can be represented as a regtangular array of bytes, with four rows. The number of columns is equal to the block length divided by 32. Similarly, the key is mapped onto a two-dimensional cipher key.
HIGH-LEVEL DESCRIPTION OF ALGORITHM
The round transformation has four steps called: SubBytes, ShiftRows, MixColumn, and AddRoundKey except the Final Round where the MixColumns step is removed. AES has required an inverted version of all transformations for decryption. These inverse transformations are called: InvSubBytes, InvShiftRows, InvMixColumns, and InvAddRoundKey.
The structure of round is shown in this figure.
Short description of the layers:
The Key Addition Layer consists in a 128-bit round key, or subkey, which has been dirived from the main key schedule, is XORed to the state.
The Byte Substitution layer (S-BOX) shows the fact that each element of the state is nonlinearly transformed using lookup tables with special mathematical properties. In this way it is introduced confusion to the data.
The diffusion layer consists of two sublayers, both of which perform linear operations: The ShiftRows and the MixColumn.
BYTE SUBSTITUTION LAYER
This operation transforms individual bytes of the internal state using an S-Box. The S-Box is a block with 8 input and output bits. The S-box substitution is a bijective mapping, each of 256 possible input elements is one-to-one mapped to one output element. This allows us to uniquely reverse the S-Box, which is needed for decryption. For testing the hardware design, the S-box is realized as a 256-by-8 bit lookup table.
The S-box is defined in two steps:
- Inversion in GF(2^8): a * a^(-1) = 1 ( multiplication is done module the irreductibl e polynomial P(x) = x^8 + x^4 + x^3 + x + 1.
- Affine Transformation is defined by:
MIXCOLUMN and INVMIXCOLUMN LAYERS
This layer provides difussion, so simply modifying a bit in a byte must influence the calculation of the other bytes. The combination of the ShiftRows and MixColumn layer makes it possible that after only three rounds every byte of the state matrix depends on all 16 plaintext bytes.
The ShiftRows transformation cyclically shifts the seconds row of the state matrix by three bytes to the right, the third row by two bytes to the right and the fourth row by one byte to the right. The first row is not changed in this layer.
The key addition layer consists in a simple XOR operation between the data from the current round and the internal key generated. The XOR operation is equal to addition in the Galois field GF(2).