Bài giảng Lý thuyết mật mã - Chương 4: Hệ mật AES - Hán Trọng Thanh
Thám mã hệ mật AES
61
AES was designed after DES. Most of the known attacks on DES
were already tested on AES.
Brute-Force Attack
AES is definitely more secure than DES due to the larger-size key.
Statistical Attacks
Numerous tests have failed to do statistical analysis of the
ciphertext.
Differential and Linear Attacks
There are no differential and linear attacks on AES as yet
Statistical Attacks
Numerous tests have failed to do statistical analysis of
the ciphertext.
Differential and Linear Attacks
There are no differential and linear attacks on AES as
yet.
31 trang |
Chia sẻ: hachi492 | Ngày: 07/01/2022 | Lượt xem: 439 | Lượt tải: 1
Bạn đang xem trước 20 trang tài liệu Bài giảng Lý thuyết mật mã - Chương 4: Hệ mật AES - Hán Trọng Thanh, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
4/19/2016
1
BỘ MÔN ĐIỆN TỬ HÀNG KHÔNG VŨ TRỤ
4/19/2016 1
TRƯỜNG ĐẠI HỌC BÁCH KHOA HÀ NỘI
VIỆN ĐIỆN TỬ - VIỄN THÔNG
Môn học:
LÝ THUYẾT MẬT MÃ
Giảng viên: TS. Hán Trọng Thanh
Email: httbkhn@gmail.com
Mục tiêu học phần
Cung cấp kiến thức cơ bản về mật mã đảm bảo an toàn và bảo mật
thông tin:
Các phương pháp mật mã khóa đối xứng; Phương pháp mật mã
khóa công khai;
Các hệ mật dòng và vấn đề tạo dãy giả ngẫu nhiên;
Lược đồ chữ ký số Elgamal và chuẩn chữ ký số ECDSA;
Độ phức tạp xử lý và độ phức tạp dữ liệu của một tấn công cụ thể
vào hệ thống mật mã;
Đặc trưng an toàn của phương thức mã hóa;
Thám mã tuyến tính, thám mã vi sai và các vấn đề về xây dựng hệ
mã bảo mật cho các ứng dụng.
2
4/19/2016
2
Nội Dung
1. Chương 1. Tổng quan
2. Chương 2. Mật mã khóa đối xứng
3. Chương 3. Hệ mật DES
4. Chương 4. Hệ mật AES
5. Chương 5. Dãy giả ngẫu nhiên và hệ mật dòng
6. Chương 6. Kỹ thuật quản lý khóa
4/19/2016 3
Tài liệu tham khảo
1. A. J. Menezes, P. C. Van Oorschot, S. A. Vanstone, Handbook
of applied cryptography, CRC Press 1998.
2. B. Schneier, Applied Cryptography. John Wiley Press 1996.
3. M. R. A. Huth, Secure Communicating Systems, Cambridge
University Press 2001.
4. W. Stallings, Network Security Essentials, Applications and
Standards, Prentice Hall. 2000.
4
4/19/2016
3
Nhiệm vụ của Sinh viên
1. Chấp hành nội quy lớp học
2. Thực hiện đầy đủ bài tập
3. Nắm vững ngôn ngữ lập trình Matlab
5
Chương 4. Hệ mật AES
4.1. Giới thiệu sơ lược hệ mật AES
4.2. Cấu trúc hệ mật AES
4.3. Mở rộng bộ khóa hệ mật AES
4.4. Cách triển khai hệ mật AES
4.5. Thám mã hệ mật AES
6
4/19/2016
4
4.1. Sơ lược hệ mật AES
7
The Advanced Encryption Standard (AES) is a symmetric-key
block cipher published by the National Institute of Standards
and Technology (NIST) in December 2001.
In February 2001, NIST announced that a draft of
the Federal Information Processing Standard (FIPS)
was available for public review and comment. Finally,
AES was published as FIPS 197 in the Federal
Register in December 2001.
4.1. Sơ lược hệ mật AES
8
The Advanced Encryption Standard (AES) is a symmetric-key
block cipher published by the National Institute of Standards
and Technology (NIST) in December 2001.
The criteria defined by NIST for selecting AES fall
into three areas:
1. Security
2. Cost
3. Implementation.
4/19/2016
5
4.2. Cấu trúc hệ mật AES
9
AES is a non-Feistel cipher that encrypts and decrypts a data
block of 128 bits. It uses 10, 12, or 14 rounds. The key size,
which can be 128, 192, or 256 bits, depends on the number of
rounds.
AES has defined three versions, with 10, 12, and 14
rounds.
Each version uses a different cipher key size (128, 192,
or 256), but the round keys are always 128 bits.
4.2. Cấu trúc hệ mật AES
10
General design of AES encryption cipher
4/19/2016
6
4.2. Cấu trúc hệ mật AES
11
Data units used in AES
4.2. Cấu trúc hệ mật AES
12
Data units used in AES
4/19/2016
7
4.2. Cấu trúc hệ mật AES
13
Data units used in AES
4.2. Cấu trúc hệ mật AES
14
Block-to-state and state-to-block transformation
4/19/2016
8
4.2. Cấu trúc hệ mật AES
15
Structure of each round at
the encryption site
4.2. Cấu trúc hệ mật AES
16
To provide security, AES
uses four types of
transformations:
substitution, permutation,
mixing, and key-adding.
4/19/2016
9
4.2. Cấu trúc hệ mật AES
17
AES, like DES, uses substitution. AES uses two
invertible transformations.
SubBytes
The first transformation, SubBytes, is used at the
encryption site. To substitute a byte, we interpret the
byte as two hexadecimal digits.
The SubBytes operation involves 16 independent byte-
to-byte transformations.
4.2. Cấu trúc hệ mật AES
18
4/19/2016
10
4.2. Cấu trúc hệ mật AES
19
SubBytes table
4.2. Cấu trúc hệ mật AES
20
invSubBytes
table
4/19/2016
11
4.2. Cấu trúc hệ mật AES
21
This figure shows how a state is transformed using the SubBytes
transformation. The figure also shows that the InvSubBytes
transformation creates the original one. Note that if the two bytes
have the same values, their transformation is also the same.
4.2. Cấu trúc hệ mật AES
22
Transformation Using the GF(28) Field
AES also defines the transformation algebraically using the
GF(28) field with the irreducible polynomials
(x8 + x4 + x3+ x + 1).
The SubBytes and InvSubBytes transformations are
inverses of each other.
4/19/2016
12
4.2. Cấu trúc hệ mật AES
23
SubBytes and InvSubBytes processes
Constant matrix
X
4.2. Cấu trúc hệ mật AES
24
4/19/2016
13
4.2. Cấu trúc hệ mật AES
25
Another transformation found in a round is shifting, which permutes
the bytes.
ShiftRows
In the encryption, the transformation is called ShiftRows.
ShiftRows transformation = Permutation
4.2. Cấu trúc hệ mật AES
26
InvShiftRows
In the decryption, the transformation is called InvShiftRows and the
shifting is to the right.
4/19/2016
14
4.2. Cấu trúc hệ mật AES
27
This figure shows how a state is transformed using ShiftRows
transformation. The figure also shows that InvShiftRows
transformation creates the original state.
ShiftRows transformation example
4.2. Cấu trúc hệ mật AES
28
Mixing
We need an interbyte transformation that changes the bits inside
a byte, based on the bits inside the neighboring bytes. We need to
mix bytes to provide diffusion at the bit level.
Mixing bytes using matrix multiplication
4/19/2016
15
4.2. Cấu trúc hệ mật AES
29
Mixing
Constant matrices used by MixColumns and InvMixColumns
4.2. Cấu trúc hệ mật AES
30
MixColumns
The MixColumns transformation operates at the column
level; it transforms each column of the state to a new
column.
MixColumns transformation
4/19/2016
16
4.2. Cấu trúc hệ mật AES
31
InvMixColumns
The InvMixColumns transformation is basically the
same as the MixColumns transformation.
The MixColumns and InvMixColumns transformations
are inverses of each other.
4.2. Cấu trúc hệ mật AES
32
4/19/2016
17
4.2. Cấu trúc hệ mật AES
33
Figure below shows how a state is transformed using the MixColumns
transformation. The figure also shows that the InvMixColumns transformation
creates the original one.
The MixColumns transformation example
4.2. Cấu trúc hệ mật AES
34
AddRoundKey
• AddRoundKey proceeds one column at a time.
• AddRoundKey adds a round key word with each state
column matrix
• The operation in AddRoundKey is matrix addition.
The AddRoundKey transformation is the inverse of
itself.
Key Adding
4/19/2016
18
4.2. Cấu trúc hệ mật AES
35
AddRoundKey transformation
4.3. Mở rộng bộ khóa hệ mật AES
36
KEY EXPANSION
To create round keys for each round, AES uses a key-
expansion process.
If the number of rounds is Nr , the key-expansion routine
creates Nr + 1 128-bit round keys from one single 128-bit
cipher key.
• Key Expansion in AES-128
• Key Expansion in AES-192 and AES-256
• Key-Expansion Analysis
The key-expansion mechanism in AES has been designed to
provide several features that thwart the cryptanalyst.
4/19/2016
19
4.3. Mở rộng bộ khóa hệ mật AES
37
To create round keys for each round, AES uses a key-expansion
process. If the number of rounds is Nr , the key-expansion
routine creates Nr + 1 128-bit round keys from one single 128-
bit cipher key.
4.3. Mở rộng bộ khóa hệ mật AES
38
Key Expansion in AES-128
4/19/2016
20
4.3. Mở rộng bộ khóa hệ mật AES
39
Key Expansion in AES-128
4.3. Mở rộng bộ khóa hệ mật AES
40
Key Expansion in AES-128
4/19/2016
21
4.3. Mở rộng bộ khóa hệ mật AES
41
Key Expansion in AES-128
4.3. Mở rộng bộ khóa hệ mật AES
42
Key Expansion in AES-128
The key-expansion routine can either use the above table when
calculating the words or use the GF(28) field to calculate the
leftmost byte dynamically, as shown below (prime is the
irreducible polynomial):
4/19/2016
22
4.3. Mở rộng bộ khóa hệ mật AES
43
Key Expansion in AES-128
4.3. Mở rộng bộ khóa hệ mật AES
44
Key Expansion in AES-128
Each round key in AES depends on the previous round key. The
dependency, however, is nonlinear because of SubWord
transformation. The addition of the round constants also
guarantees that each round key will be different from the previous
one.
4/19/2016
23
4.3. Mở rộng bộ khóa hệ mật AES
45
Ví dụ
This table shows how the keys for each round are calculated
assuming that the 128-bit cipher key agreed upon by Alice and
Bob is (24 75 A2 B3 34 75 56 88 31 E2 12 00 13 AA 54 87)16.
4.3. Mở rộng bộ khóa hệ mật AES
46
Ví dụ
The concept of weak keys, as we discussed for DES in Chapter 3, does not
apply to AES. Assume that all bits in the cipher key are 0s. The following
shows the words for some rounds:
The words in the pre-round and the first round are all the same. In the second
round, the first word matches with the third; the second word matches with the
fourth. However, after the second round the pattern disappears; every word is
different.
4/19/2016
24
4.3. Mở rộng bộ khóa hệ mật AES
47
Key-expansion algorithms in the AES-192 and AES-256
versions are very similar to the key expansion algorithm in
AES-128, with the following differences:
4.4. Cách triển khai hệ mật AES
48
• AES uses four types of transformations for
encryption and decryption.
• In the standard, the encryption algorithm is referred
to as the cipher and the decryption algorithm as the
inverse cipher.
- Original Design
- Alternative Design
4/19/2016
25
4.4. Cách triển khai hệ mật AES
49
Ciphers and
inverse ciphers of
the original
design
Original Design
4.4. Cách triển khai hệ mật AES
50
4/19/2016
26
4.4. Cách triển khai hệ mật AES
51
Alternative Design
• In this version, the transformation in the reverse cipher are
rearranged to make the order of transformations the same in the
cipher and reverse cipher.
• In this design, invertibility is provided for a pair of
transformations, not for each single transformation
4.4. Cách triển khai hệ mật AES
52
Alternative Design
Cipher and reverse
cipher in alternate
design
4/19/2016
27
4.4. Cách triển khai hệ mật AES
53
Alternative Design
Changing Key-Expansion Algorithm
Instead of using InvRoundKey transformation in the reverse
cipher, the key-expansion algorithm can be changed to create a
different set of round keys for the inverse cipher.
Note that:
- The round key for the pre-round operation and the last round
should not be changed.
- The round keys for round 1 to 9 need to be multiplied by the
constant matrix
4.4. Cách triển khai hệ mật AES
54
Alternative Design
Ví dụ
The following shows the ciphertext block created from a plaintext
block using a randomly selected cipher key.
4/19/2016
28
4.4. Cách triển khai hệ mật AES
55
4.4. Cách triển khai hệ mật AES
56
4/19/2016
29
4.4. Cách triển khai hệ mật AES
57
4.4. Cách triển khai hệ mật AES
58
This figure shows the state entries in one round, round 7.
States in a single round
One may be curious to see the result of encryption when the
plaintext is made of all 0s.
4/19/2016
30
4.4. Cách triển khai hệ mật AES
59
The avalanche effect
4.4. Cách triển khai hệ mật AES
60
The following shows the effect of using a cipher key in which all
bits are 0s.
4/19/2016
31
4.5. Thám mã hệ mật AES
61
AES was designed after DES. Most of the known attacks on DES
were already tested on AES.
Brute-Force Attack
AES is definitely more secure than DES due to the larger-size key.
Statistical Attacks
Numerous tests have failed to do statistical analysis of the
ciphertext.
Differential and Linear Attacks
There are no differential and linear attacks on AES as yet.
4.5. Thám mã hệ mật AES
62
Statistical Attacks
Numerous tests have failed to do statistical analysis of
the ciphertext.
Differential and Linear Attacks
There are no differential and linear attacks on AES as
yet.
Các file đính kèm theo tài liệu này:
- bai_giang_ly_thuyet_mat_ma_chuong_4_he_mat_aes_han_trong_tha.pdf