Advanced Encryption Standard (AES) with Dynamic Substitution Box
-
Upload
hardik-manocha -
Category
Engineering
-
view
323 -
download
2
Transcript of Advanced Encryption Standard (AES) with Dynamic Substitution Box
1
Verilog Design of Advanced Encryption Standard with
Dynamic S-Box
Hardik Manocha Samnit Dua
Electronics & Communication Engineering Student Electronics & Communication Engineering Student
G B Pant Government Engineering College, Delhi G B Pant Government Engineering College, Delhi
India India
ABSTRACT
On October, 2, 2000, The National Institute of Standards and Technology (NIST) announced
Rijndael as the new Advanced Encryption Standard (AES).The predecessor to the AES was Data
Encryption Standard (DES) which was considered to be insecure because of its vulnerability to
brute force attacks. DES was a standard from 1977 and stayed until the mid 1990’s. However, by
the mid 1990s, it was clear that the DES’s 56-bit key was no longer big enough to prevent attacks
mounted on contemporary computers, which were thousands of times more powerful than those
available when the DES was standardized. The AES is a 128 bit Symmetric block Cipher.
This project includes the complete step by step implementation of Advanced Encryption
Technique, i.e. encrypting and decrypting 128 bit data using the AES and it’s modification for
enhanced reliability and security. The encryption process consists of the combination of various
classical techniques such as substitution, rearrangement and transformation encoding techniques.
The encryption and decryption modules include the Key Expansion module which generates Key
for all iterations. The modifications include the addition of an arithmetic operation and a route
transposition cipher in the attacks iterative rounds. The key expansion module is extended to
double the number of iterative processing rounds in order to increase its immunity against
unauthorized attacks.
Many algorithms have come out to develop more enhanced Encrypted messages from RC4 to
DES to T-DES to AES. Since, developers are developing more enhanced and secured algorithms;
Hackers are also working on to crack those algorithms. For AES, there has not been any crack
method which is discovered yet practically, but with increasing fast computing, soon AES could
be cracked. Different attacks such as Brute force, side channel etc are rapidly been applied to
AES to develop the crack for the algorithm. Therefore, to further increase the security levels, one
way is to replace standard S Box with a new and dynamic S box, through which chances of
2
obtaining the plain text are decreased. In this paper, AES (Advanced Encryption Standard) with
Dynamic S Box is used which is based on the Input Key. Xilinx ISE 14.7 is used for RTL
development in Verilog, Synthesize process and Simulation. For performance estimation, again
Xilinx 14.7 is used. No FPGA implementation is done for the design.
Project Overview
Introduction
Encryption is the most effective way to achieve data security. The Advanced Encryption Standard
(AES), also known as Rijndael (its original name), is a specification for the encryption of
electronic data established by the U.S. National Institute of Standards and Technology (NIST) in
2001.
The aim of the project is to achieve an efficient Verilog implementation of 128bit block and 128
bit key AES with Dynamic S box cryptosystem. An Optimized and Synthesizable Verilog code is
developed for the implementation of both 128 bit data encryption and decryption process &
description is verified using Xilinx.
Objective
In today's electronic age, the importance of digital cryptography in securing electronic data
transactions is unquestionable. Every day, users electronically generate and communicate a large
volume of information with others. This information includes medical, financial and legal files;
automatic and Internet banking; phone conversations; pay-per-view television; and other e-
commerce transactions. To meet these requirements, Advanced Encryption Standard (AES) for
the encryption of electronic data can be used. But increasing threats are making developers to
look for more secured algorithms and one such step is to replace standard and fixed S Box with
dynamic S box. Values of the look up table would now depend on the input key and therefore
chances to crack are decreased as the values are no more fixed. Here we are going to achieve an
efficient Verilog implementation of 128bit block and 128 bit key AES with dynamic S Box
cryptosystem.
The Advanced Encryption Standard (AES)
Introduction to Cryptography
Cryptography or cryptology is the practice and study of techniques for secure communication in
the presence of third parties (called adversaries).Cryptography prior to the modern age was
3
effectively synonymous with encryption, the conversion of information from a readable state to
apparent nonsense. Modern cryptography is heavily based on mathematical theory and computer
science practice; cryptographic algorithms are designed around computational hardness
assumptions, making such algorithms hard to break in practice by any adversary. It is
theoretically possible to break such a system, but it is infeasible to do so by any known practical
means. These schemes are therefore termed computationally secure; theoretical advances, e.g.,
improvements in integer factorization algorithms, and faster computing technology require these
solutions to be continually adapted. There exist information-theoretically secure schemes that
provably cannot be broken even with unlimited computing power but these schemes are more
difficult to implement than the best theoretically breakable but computationally secure
mechanisms.
Until modern times, cryptography referred almost exclusively to encryption, which is the process
of converting ordinary information (called plaintext) into unintelligible text (called cipher text).
Decryption is the reverse, in other words, moving from the unintelligible cipher text back to
plaintext. In cryptography, a cipher (or cipher) is an algorithm for
performing encryption or decryption—a series of well-defined steps that can be followed as a
procedure. The detailed operation of a cipher is controlled both by the algorithm and in each
instance by a "key".
Introduction to the Advanced Encryption Standard
The Advanced Encryption Standard (AES), also known as Rijndael (its original name), is a
specification for the encryption of electronic data established by the U.S. National Institute of
Standards and Technology (NIST) in 2001.AES is based on the Rijndael cipher developed by two
Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST
during the AES selection process. Rijndael is a family of ciphers with different key and block
sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of
128 bits, but three different key lengths: 128, 192 and 256 bits. AES has been adopted by the U.S.
government and is now used worldwide. It supersedes the Data Encryption Standard (DES),
which was published in 1977. The algorithm described by AES is a symmetric-key algorithm,
meaning the same key is used for both encrypting and decrypting the data. In the United States,
AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001.This
announcement followed a five-year standardization process in which fifteen competing designs
4
were presented and evaluated, before the Rijndael cipher was selected as the most suitable.AES
became effective as a federal government standard on May 26, 2002 after approval by the
Secretary of Commerce.AES is included in the ISO/IEC 18033-3 standard.
AES is available in many different encryption packages, and is the first publicly accessible and
open cipher approved by the National Security Agency (NSA) for top secret information when
used in an NSA approved cryptographic module. The name Rijndael is a play on the names of the
two inventors (Joan Daemen and Vincent Rijmen). It is also a combination of the Dutch name for
the Rhine River and a dale.
Description of the cipher
AES is based on a design principle known as a substitution-permutation network, combination of
both substitution and permutation, and is fast in both software and hardware. AES is a variant of
Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. By
contrast, the Rijndael specification per se is specified with block and key sizes that may be any
multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.AES operates on a
4×4 column-major order matrix of bytes, termed the state, although some versions of Rijndael
have a larger block size and have additional columns in the state. Most AES calculations are done
in a special finite field. For instance, if you have 16 bytes, b0, b1... b15, these bytes are
represented as this matrix:
The key size used for an AES cipher specifies the number of repetitions of transformation rounds
that convert the input, called the plaintext, into the final output, called the cipher text. The number
of cycles of repetition is as follows:
� 10 cycles of repetition for 128-bit keys.
� 12 cycles of repetition for 192-bit keys.
� 14 cycles of repetition for 256-bit keys.
5
Each round consists of several processing steps, each containing four similar but different stages,
including one that depends on the encryption key itself. A set of reverse rounds are applied to
transform cipher text back into the original plaintext using the same encryption key.
Fig 1 Cipher description
Description of the algorithm
1. KeyExpansions—round keys are derived from the cipher key using Rijndael’s key schedule.
AES requires a separate 128-bit round key block for each round plus one more.
2. InitialRound
(a) AddRoundKey—each byte of the state is combined with a block of the round key using
bitwise xor.
6
3. Rounds
(a) SubBytes—a non-linear substitution step where each byte is replaced with another according
to a lookup table.
(b) ShiftRows—a transposition step where the last three rows of the state are shifted cyclically a
certain number of steps.
(c) MixColumns—a mixing operation which operates on the columns of the state, combining the
four bytes in each column.
(d) AddRoundKey
4. Final Round (no MixColumns)
(a) SubBytes
(b) ShiftRows
(c) AddRoundKey
The Rijndael Key Schedule
The Key Schedule is responsible for expanding a short key into a larger key, whose parts are used
during the different iterations. Each key size is expanded to a different size:
� An 128 bit key is expanded to an 176 byte key.
� An 192 bit key is expanded to an 208 by
� An 256 bit key is expanded to an 240 byte key.
There is a relation between the cipher key size, the number of rounds and the Expanded Key size.
For an 128-bit key, there is one initial AddRoundKey operation plus there are 10 rounds and each
round needs a new 16 byte key, therefore we require 10+1 Round Keys of 16 byte, which equals
176 byte. The same logic can be applied to the two other cipher key sizes. The general formula is
that:
ExpandedKeySize = (nbrRounds+1) * BlockSize
7
The Rijndael Key Schedule
Schedule is responsible for expanding a short key into a larger key, whose parts are used
during the different iterations. Each key size is expanded to a different size:
An 128 bit key is expanded to an 176 byte key.
An 192 bit key is expanded to an 208 byte key.
An 256 bit key is expanded to an 240 byte key.
There is a relation between the cipher key size, the number of rounds and the Expanded Key size.
bit key, there is one initial AddRoundKey operation plus there are 10 rounds and each
eeds a new 16 byte key, therefore we require 10+1 Round Keys of 16 byte, which equals
176 byte. The same logic can be applied to the two other cipher key sizes. The general formula is
ExpandedKeySize = (nbrRounds+1) * BlockSize
Schedule is responsible for expanding a short key into a larger key, whose parts are used
There is a relation between the cipher key size, the number of rounds and the Expanded Key size.
bit key, there is one initial AddRoundKey operation plus there are 10 rounds and each
eeds a new 16 byte key, therefore we require 10+1 Round Keys of 16 byte, which equals
176 byte. The same logic can be applied to the two other cipher key sizes. The general formula is
8
AES operations
STATE MATRIX: is 4X4 matrix which contains the Input data which is to be encrypted or
decrypted. Following diagram represents how the Input/Plain data is arranged in the state matrix:
The SubBytes operation
The SubBytes operation is a non-linear byte substitution, operating on each byte of the state
independently. The substitution table (S-Box) is invertible and is constructed by the composition
of two transformations:
1. Take the multiplicative inverse in Rijndael's finite field
2. Apply an affine transformation which is documented in the Rijndael documentation.
Since the S-Box is independent of any input, pre-calculated forms are used. Each byte of the state
is then substituted by the value in the S-Box whose index corresponds to the value in the state:
b (i,j) = SBox[a(i,j)]
The inverse of SubBytes is the same operation, using the inversed S-Box, which is also
precalculated.
9
Subbyte is a non-linear process operating independently on each block from a table called
substitution. Subbyte operation is operated upon the state matrix and output results are stored in
the state matrix only.
Following structure represents how the substitution is carried out on state matrix:
Following table represents the Lookup table used in standard AES Subbyte operation:
This paper consists of Dynamic S Box which is key dependent. Following steps are performed to
generate Dynamic S Box:
� First 8 bits of Key, K are selected and stored in dynamic_creation_variable.
� If dynamic_creation_variable is 0x00, then all 8 bit chunks of Key are XORed
with each other and stored in dynamic_variable_creation. This step is performed
because any number XORed with 0 is number itself and Lookup table would
remain as it is.
� Now every value in Lookup table is XORed with dynamic_creation_variable to
generate new S Box.
� Developed S Box is used in Subbyte operation.
K2,2=dynamic_creation_variable
10
The ShiftRow operation
In this operation, each row of the state is cyclically shifted to the left, depending on the row
index.
� The 1st row is shifted 0 positions to the left.
� The 2nd row is shifted 1 position to the left.
� The 3rd row is shifted 2 positions to the left.
� The 4th row is shifted 3 positions to the left.
The inverse of Shift Row is the same cyclically shift but to the right. It is needed later for
decoding.
The MixColumn operation
In the MixColumns step, the four bytes of each column of the state are combined using an
invertible linear transformation
four bytes, where each input byte affects all four output bytes. Togeth
MixColumns provides diffusion
During this operation, each column is transformed using a fixed matrix (matrix multiplied by
column gives new value of column in the state):
This can also be seen as the following:
11
The MixColumn operation
In the MixColumns step, the four bytes of each column of the state are combined using an
linear transformation. The MixColumns function takes four bytes as input and outputs
four bytes, where each input byte affects all four output bytes. Together with ShiftRows,
diffusion in the cipher.
During this operation, each column is transformed using a fixed matrix (matrix multiplied by
column gives new value of column in the state):
This can also be seen as the following:
Or:
In the MixColumns step, the four bytes of each column of the state are combined using an
. The MixColumns function takes four bytes as input and outputs
er with ShiftRows,
During this operation, each column is transformed using a fixed matrix (matrix multiplied by
The AddRoundKey operation
In this operation, a Round Key is applied to the state by a simple
The Round Key is derived from the Cipher Key by the means of the key schedule.
The Round Key length is equal to the block key length (=16 bytes).
In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is
derived from the main key using
12
The AddRoundKey operation
In this operation, a Round Key is applied to the state by a simple bitwise XOR.
The Round Key is derived from the Cipher Key by the means of the key schedule.
The Round Key length is equal to the block key length (=16 bytes).
In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is
using Rijndael’s key schedule; each subkey is the same size as the
The Round Key is derived from the Cipher Key by the means of the key schedule.
In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is
; each subkey is the same size as the
13
state. The subkey is added by combining each byte of the state with the corresponding byte of the
subkey using bitwise XOR.
In the AddRoundKey step, each byte of the state is combined with a byte of the round subkey
using the XOR operation.
Fig 14 AddRoundKey Scheme
Implementation of the Algorithm
Implementation
The AES 128 algorithm is implemented using Verilog coding in Xilinx ISE 13.2. First, the
Algorithm’s Encryption module is designed with the Key Expansion unit. After designing this
encryption module, the next step is to design Decryption module separately. After this, a Top
module is designed where Encryption and Decryption modules are instantiated. Also Top module
is designed with Memory to hold the values of Key generated in Encryption so that Decryption
Module can use those values.
14
aes_top
clk
rst_enc
rst_dec
rst_dec
ENCRYPTION
data_in= 128’h343aaf5503e7d407ea507d41f4eeda64
key_in= 128’h155e57340f09e90d2e500c78735555e8
cipher_data= 128’hcfd167a6677d56851da896d0bb35826b
DECRYPTION
data_match=1’b1
Encryption
Module
Key
Expansion
Module
Key
Memory
Decryption
Module
Plain Tex
Cipher Key
Data Match
15
PERFORMANCE ESTIMATION
for aes_top.v module on Virtex 5 (Device= XC5VLX20T & Package= FF323)
Parameter Enhanced Pentium Architecture
Time (ns)
3.798
Frequency (MHz)
263.296
Throughput (Gbps)
3.370
Throughput/slice (Mbps/slice)
345.286
Conclusion & Future scope
16
Conclusion
The Advanced Encryption Standard algorithm is an iterative private key symmetric block cipher
that can process data blocks of 128 bits through the use of cipher keys with lengths of 128, 192,
and 256 bits. An efficient Verilog implementation of 128 bit block and 128 bit key AES with
dynamic S Box cryptosystem has been presented in this project. An Optimized and Synthesizable
Verilog code is developed for the implementation of both 128 bit data encryption and decryption
process & description is verified using Xilinx.
Future Scope
Side Channel attacks are the way to test the security levels of a Cryptosystem. Therefore, future
works of our project involves testing of the AES with Dynamic S Box design against the Side
channel attacks and thereby comparing AES and AES with Dynamic S box in terms of better
security and thereby proposed a better crypto algorithm. Also, other possible attacks are to be
tested on the design.
REFERENCES
[1] AES page available via http://www.nist.gov/CryptoToolkit.4
[2] Computer Security Objects Register (CSOR): http://csrc.nist.gov/csor/.
[3] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm
Submission, September 3, 1999, available at [1].
[4] J. Daemen and V. Rijmen, The block cipher Rijndael, Smart Card research and
Applications, LNCS 1820, Springer-Verlag, pp. 288-296.
[5] B. Gladman’s AES related home page
http://fp.gladman.plus.com/cryptography_technology/.
[6] A. Lee, NIST Special Publication 800-21, Guideline for Implementing
Cryptography in the Federal Government, National Institute of Standards and
Technology, November 1999.
[7] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied
17
Cryptography, CRC Press, New York, 1997, p. 81-83.
[8] J. Nechvatal, ET. al., Report on the Development of the Advanced Encryption
Standard (AES), National Institute of Standards and Technology, October 2, 2000,
[9] Understanding AES Inverse Mix-Columns Transformation Calculation.pdf
[10] http://www.ijsrd.com/articles/IJSRDV1I9071.pdf
[11] http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[12] http://www.jatit.org/volumes/Vol53No2/6Vol53No2.pdf