Subject Name: Cryptography and Network

Security
Unit No: 02 Unit Name: Symmetric and
Asymmetric key Cryptography
Faculty Name : Mrs. Tabassum A. Maktum
Index

Lecture 10 – Double DES, Triple DES

3

Lecture 11– Advanced Encryption Standard (AES)

17

Lecture 12 – Advanced Encryption Standard (AES) :Key Generation

25
Unit No: 2

Lecture No: 10
Double DES, Triple DES
Multiple DES

• The major criticism of DES regards its key length. This

means that we can use double or triple DES to increase the
key size.
Double DES

• The first approach is to use double DES (2DES).

• Encryption in 2-DES
C=Ek2(Ek1(m))
• Decryption in 2-DES
m=Dk1(Dk2(C))
• 2-DES should provide security equivalent to 56x2=112 bits.
But it is vulnerable to “Meet-in-the-middle Attack.
Figure 14 Meet-in-the-middle attack for double DES
Meet-in-the-Middle Attack
However, using a known-plaintext attack called meet-in-the-
middle attack proves that double DES improves this
vulnerability slightly (to 257 tests), but not tremendously (to
2112).
Figure 15 Tables for meet-in-the-middle attack
Triple DES
Figure 16 Triple DES with two keys
Triple DES with Three Keys
The possibility of known-plaintext attacks on
triple DES with two keys has enticed some
applications to use triple DES with three keys.
Triple DES with three keys is used by many
applications such as PGP.
Unit No: 1 Unit Name: Introduction

Lecture No: 11
Advanced Encryption Standard
(AES)
INTRODUCTION

• The Advanced Encryption Standard (AES) is a symmetric-

key block cipher published by the National Institute of
Standards and Technology (NIST) in December 2001.
• The criteria defined by NIST for selecting AES fall into three
areas:
1. Security
2. Cost
3. Implementation.
Rounds

• AES is a non-Feistel cipher that encrypts and decrypts a data

block of 128 bits. It uses 10, 12, or 14 rounds. The key size,
which can be 128, 192, or 256 bits, depends on the number of
rounds.

AES has defined three versions, with 10, 12,

and 14 rounds.
Each version uses a different cipher key size
(128, 192, or 256), but the round keys are
always 128 bits.
Figure 1 General design of AES encryption cipher
Figure 7.2 Data units used in AES
Figure 3 Block-to-state and state-to-block transformation
Example 1

Figure 4 Changing plaintext to state

 Structure of Each Round

Figure 5 Structure of
each round at the
encryption site
TRANSFORMATIONS

To provide security, AES uses four types of

transformations: substitution, permutation, mixing,
and key-adding.

Topics discussed in this section:

Substitution
Permutation
Mixing
Key Adding
Substitution

AES, like DES, uses substitution. AES uses two

invertible transformations.

SubBytes
The first transformation, SubBytes, is used at the
encryption site. To substitute a byte, we interpret the
byte as two hexadecimal digits.

Note

The SubBytes operation involves 16

independent byte-to-byte transformations.
Figure 6 SubBytes transformation
SubByte transformation table
SubByte transformation table
InvSubBytes
InvSubBytes (Continued)
 Example 2
Figure 7 shows how a state is transformed using the
SubBytes transformation. The figure also shows that the
InvSubBytes transformation creates the original one. Note
that if the two bytes have the same values, their
transformation is also the same.
Figure 7 SubBytes transformation for Example 7.2
Permutation

Another transformation found in a round is shifting, which

permutes the bytes.
ShiftRows
In the encryption, the transformation is called ShiftRows.
Figure 9 ShiftRows transformation
InvShiftRows
In the decryption, the transformation is called
InvShiftRows and the shifting is to the right.
 Example 4
Figure 10 shows how a state is transformed using ShiftRows
transformation. The figure also shows that InvShiftRows
transformation creates the original state.

Figure 10 ShiftRows transformation in Example 4

Mixing

We need an interbyte transformation that changes

the bits inside a byte, based on the bits inside the
neighboring bytes. We need to mix bytes to provide
diffusion at the bit level.
Figure 11 Mixing bytes using matrix multiplication
Figure 12 Constant matrices used by MixColumns and InvMixColumns
MixColumns
The MixColumns transformation operates at the
column level; it transforms each column of the state
to a new column.
Figure 13 MixColumns transformation
InvMixColumns
The InvMixColumns transformation is basically the
same as the MixColumns transformation.

Note

The MixColumns and InvMixColumns

transformations are inverses of each other.
 Example 5
Figure 14 shows how a state is transformed using the
MixColumns transformation. The figure also shows that the
InvMixColumns transformation creates the original one.

Figure 14 The MixColumns transformation in Example 5

Key Adding

AddRoundKey
AddRoundKey proceeds one column at a time.
AddRoundKey adds a round key word with each state
column matrix; the operation in AddRoundKey is
matrix addition.

Note

The AddRoundKey transformation is the

inverse of itself.
Figure 15 AddRoundKey transformation
Thank You
Unit No: 2

Lecture No: 12
AES Key Generation
KEY EXPANSION

To create round keys for each round, AES uses a

key-expansion process. If the number of rounds is
Nr , the key-expansion routine creates Nr + 1 128-bit
round keys from one single 128-bit cipher key.
Key Expansion

• Key expansion routine creates round keys word by word, where word is an
array of four bytes
• It creates 4X(Nr+1) words
Key Expansion in AES-128

Figure 16 Key expansion in AES

Key Expansion in AES-128

• Procedure:
– First four words W0 to W3 are made from K0 to
K15 of key K, where W0 is made up of K0to K3,
W1 is made up of K4 to K7 and so on
– For all other Wi’s:
• If i mod4!=0 then Wi=Wi-1 exor Wi-4
• If i mod4 =0 then Wi=t exor Wi-4
Where t=subword(RotWors(Wi-1)) exor Rconi/4
Key Expansion Analysis

• Even if attacker knows only part of the cipher key or values

of the words in some round keys, attacker still needs to find
rest of the cipher key before she find all round keys. This id
due to SubWord transformation in key expansion.
• Two different cipher keys, no matter how similar to each
other produce two expansions that differ atleast in few
rounds.
• Each bit of cipher key is diffused in several rounds.
• There are no serious weak keys in AES, unlike in DES
• The use of constants, removes any symmetry that may have
been created by the other transformations.
CIPHERS

AES uses four types of transformations for

encryption and decryption. In the standard, the
encryption algorithm is referred to as the cipher and
the decryption algorithm as the inverse cipher.

Topics discussed in this section:

Original Design
Alternative Design
Original Design
Figure 17 Ciphers and inverse ciphers of the original design
Alternative Design

Figure 18 Invertibility of SubBytes and ShiftRows combinations

Figure 19 Invertibility of MixColumns and AddRoundKey combination
Figure 20 Cipher and reverse cipher in alternate design
Changing Key-Expansion Algorithm
Instead of using InvRoundKey transformation in
the reverse cipher, the key-expansion algorithm can
be changed to create a different set of round keys
for the inverse cipher.
 ANALYSIS OF AES : Security
AES was designed after DES. Most of the known attacks on
DES were already tested on AES.

Brute-Force Attack
AES is definitely more secure than DES due to the larger-size
key.

Statistical Attacks
Numerous tests have failed to do statistical analysis of the
ciphertext.
Implementation

AES can be implemented in software, hardware, and

firmware.

The implementation can use table lookup process or

routines that use a well-defined algebraic structure.

The transformation can be either byte-oriented or

word-oriented
Simplicity and Cost

The algorithms used in AES are so simple that they

can be easily implemented using cheap processors
and a minimum amount of memory.
Thank You