AES Proposal: Rijndael
description
Transcript of AES Proposal: Rijndael
AES Proposal: Rijndael
Joan Daemen Vincent Rijmen
“Rijndael is expected, for all key and block lengths defined, to behave as good as can be expected from a block cipher with the given block and key lengths.”
Presented by Jianning TANG
Outline
Introduction Applications of Rijndael Design Criteria Rijndael Encryption Resistance Against Known Attacks Security goal Conclusion Question
IntroductionAES:
Advanced Encryption Standard published by NIST
Block Cipher:
An encrypting method in which each block of plain text is
converted into a block of cipher text of the same length
Rijndael:
An iterated block cipher with a variable block length and a
variable key length. The block length and the key length can be
independently specified to 128, 192 or 256 bits.
Applications of Rijndael
Rijndael cipher is designed to be implemented efficiently on a wide range of
processors and in dedicated hardware. i.e. Smart Card, ATM, HDTV, B-ISDN,
Voice and Satellite (encryption).
Rijndael can also be used in MAC algorithm, iterated hash function,synchronous stream cipher, pseudo-random number generator, self-synchronizing stream cipher.
Design Criteria
• Resistance against all known attacks;
• Speed and code compactness on a wide range of platforms;
• Design simplicity.
Rijndael EncryptionPseudo code of Rijndael encryption:Rijndael(State,CipherKey){
KeyExpansion(CipherKey,ExpandedKey) ;AddRoundKey(State,roundKey[0]);For( i=1 ; i<Nr ; i++ ) Round(State,roundKey[i]) ;FinalRound(State,roundKey[Nr]);// return State;
}
Nr 128 192 256 128 10 12 14 192 12 12 14 256 14 14 14
Key Length(bits)
Block Length(bits)
Nr: number of rounds
Resistance Against Known Attacks
Attack:If the computational time of a cryptanalysis method(to find the key) is less than the computational time of an exhausted key search, the methodis said to be an effective attack.
Plain Text--Cipher Text Pairs:Known to cryptanalyst.
Keys:NOT known to cryptanalyst
List of known cryptanalysis methods:
Symmetry properties and weak keys of the DES type
Differential cryptanalysis
Linear cryptanalysis
Truncated differentials
The Square attack
Interpolation attacks
Related-key attacks
No attack has yet been found to be effective against Rijndael.
Security Goal
1. K-security:All possible attack strategies for Rijndael have the same expected work factor and storage requirements as for the majority of possible block ciphers with the same dimensions.
2. Hermetic:It does not have weaknesses that are not present for the majority of block ciphers with the same block and key length.Or:its internal structure cannot be exploited in any application.
Rijndael is expected to achieve its security goal
ConclusionIn security aspect:
“Rijndael is expected, for all key and block lengths defined,
to behave as good as can be expected from a block cipher
with the given block and key lengths.”
Question
If a block cipher is k-security, do you think it is secure enough?