Foundations of Security Week10 Lecture

Lecture Outline#

Introduction to the Advanced Encryption Standard (AES)
Basic characteristics of AES encryption
AES block size and key sizes
Subkeys Generations
AES round transformations
SubBytes transformation using S-box
ShiftRows transformation
MixColumns transformation

Learning Outcomes#

By the end of this lecture, students should be able to:

Explain why AES replaced DES as a modern encryption standard
Identify the block size and supported key lengths of AES
Explain how plaintext is represented as a state matrix in AES
Describe the four main AES transformations (SubBytes, ShiftRows, MixColumns, AddRoundKey)
Explain how AES encryption rounds operate

Advanced Encryption Standard (AES)#

How it works#

Key Expansion: The original key (e.g., 128 bits) is expanded into a set of “round keys” used in each step of the encryption. This ensures the key evolves throughout the process, adding complexity.
Initial Round: The input data (a 16-byte block) is combined with the first round key using a bitwise XOR operation.
Main Rounds: It applies a series of transformations to the data in multiple rounds (10 rounds for 128-bit keys, 12 for 192-bit, 14 for 256-bit). Each round consists of four steps:
- SubBytes: Each byte in the block is replaced with another byte according to a predefined substitution table (S-box).
- ShiftRows: The rows of the data block (visualized as a 4x4 grid) are shifted to the left by different amounts.
- MixColumns: The columns of the grid are mixed using a mathematical operation, further scrambling the data.
- AddRoundKey: The current round key is XORed with the block, integrating the key into the process.
Final Round: The last round skips the MixColumns step but includes SubBytes, ShiftRows, and AddRoundKey to finalize the encryption.

Key Expansion#

Key Expansion takes the original 128-bit key and expands it into a larger set of keys (called round keys) that AES uses in its encryption rounds. Here we will choose key “cdutobufoscourse”
For AES-128, which uses 10 rounds of encryption, the process generates 11 round keys (one for the initial round and one for each of the 10 main rounds).
Each round key is 128 bits (16 bytes), so the total expanded key is 176 bytes (11 rounds $\times$ 16 bytes).

\begin{array}{ll} % 核心修改：替换 @{} 为标准两列左对齐 % 第一行：直接在文本后加 \quad=\quad 实现原间隔效果 \text{Key in text} \hspace{4.4em}\quad=\quad & \text{\textcolor{red}{cdutobufoscourse}} \\[0.6em] % 第二-四行：保持对齐 \text{Key in 128 bits} \hspace{2.8em}\quad=\quad & 01100011\ \textcolor{red}{01100100}\ 01110101\ \textcolor{red}{01110100}\ 01101111\ \textcolor{red}{01100010} \\ & 01110101\ \textcolor{red}{01100110}\ 01101111\ \textcolor{red}{01110011}\ 01100011\ \textcolor{red}{01101111} \\ & 01110101\ \textcolor{red}{01110010}\ 01110011\ \textcolor{red}{01100101} \\[0.6em] % 核心修改：*{16}{c} -> 16个c \text{Key in hexadecimal} \hspace{0.8em}\quad=\quad & \begin{array}{cccccccccccccccc} 63 & \textcolor{red}{64} & 75 & \textcolor{red}{74} & 6F & \textcolor{red}{62} & 75 & \textcolor{red}{66} & 6F & \textcolor{red}{73} & 63 & \textcolor{red}{6F} & 75 & \textcolor{red}{72} & 73 & \textcolor{red}{65} \\ \textcolor{red}{c} & \textcolor{red}{d} & \textcolor{red}{u} & \textcolor{red}{t} & \textcolor{red}{o} & \textcolor{red}{b} & \textcolor{red}{u} & \textcolor{red}{f} & \textcolor{red}{o} & \textcolor{red}{s} & \textcolor{red}{c} & \textcolor{red}{o} & \textcolor{red}{u} & \textcolor{red}{r} & \textcolor{red}{s} & \textcolor{red}{e} \end{array} \end{array}

The original key is 4 words (16 bytes $\div$ 4 = 4 words).
The total expanded key is 44 words (11 rounds $\times$ 4 words per round).
So, the Key Expansion generates 44 words (labeled $\textcolor{red}{W_0}$ to $\textcolor{red}{W_{43}}$ ), where:
$\textcolor{red}{W_0}$ to $\textcolor{red}{W_3}$ are the original key.
$\textcolor{red}{W_4}$ to $\textcolor{red}{W_{43}}$ are derived iteratively.

\begin{align} \textcolor{red}{W_4} &= \textcolor{red}{W_0} \textcolor{purple}\oplus \textcolor{blue}{g(}\textcolor{red}{W_3}\textcolor{blue}) \\ \textcolor{red}{W_5} &= \textcolor{red}{W_4} \textcolor{purple}\oplus \textcolor{red}{W_1} \\ \textcolor{red}{W_6} &= \textcolor{red}{W_5} \textcolor{purple}\oplus \textcolor{red}{W_2} \\ \textcolor{red}{W_7} &= \textcolor{red}{W_6} \textcolor{purple}\oplus \textcolor{red}{W_3} \\ \end{align}

\begin{align} \textcolor{blue}{\text{Round 1 (R1)}} &\textcolor{blue}= \textcolor{red}{W_4}\textcolor{blue}, \textcolor{red}{W_5}\textcolor{blue}, \textcolor{red}{W_6}\textcolor{blue}, \textcolor{red}{W_7} \\ \textcolor{blue}{\text{Round 2 (R2)}} &\textcolor{blue}= \textcolor{red}{W_8}\textcolor{blue}, \textcolor{red}{W_9}\textcolor{blue}, \textcolor{red}{W_{10}}\textcolor{blue}, \textcolor{red}{W_{11}} \\ \textcolor{blue}{\text{Round 3 (R3)}} &\textcolor{blue}= \textcolor{red}{W_{12}}\textcolor{blue}, \textcolor{red}{W_{13}}\textcolor{blue}, \textcolor{red}{W_{14}}\textcolor{blue}, \textcolor{red}{W_{15}} \end{align}

Function $\textcolor{blue}{g}$ #

$\colorbox{#FBE5D6}{$\textcolor{red}{W_4} = \textcolor{red}{W_0} \textcolor{purple}\oplus \underline{\textcolor{blue}{g(}\textcolor{red}{W_3}\textcolor{blue})}$}$

RotWord: Performs a one byte left circular shift on a word. This means that an input word $[\textcolor{red}{b_1}, \textcolor{red}{b_2}, \textcolor{red}{b_3}, \textcolor{red}{b_4}]$ transform into $[\textcolor{red}{b_2}, \textcolor{red}{b_3}, \textcolor{red}{b_4}, \textcolor{red}{b_1}]$ .
SubWord Apply the AES S-box substitution to each byte of the rotated word. This performs a byte substitution on each byte. The first bit represents the row number in S-Box and the second bit represents the column number in S-Box
Rcon: XOR the result from the subword operation with a round constant (Rcon). This is a fix table.

$\textcolor{blue}{g(}\textcolor{red}{W_3}\textcolor{blue})$

RotWord: Performs a one byte left circular shift on a word. This means that an input word $[\textcolor{red}{b_1}, \textcolor{red}{b_2}, \textcolor{red}{b_3}, \textcolor{red}{b_4}]$ transform into $[\textcolor{red}{b_2}, \textcolor{red}{b_3}, \textcolor{red}{b_4}, \textcolor{red}{b_1}]$ .

SubWord: Apply the AES S-box substitution to each byte of the rotated word. This performs a byte substitution on each byte. The first bit represents the row number in S-Box and the second bit represents the column number in S-Box

W₃

RotWord
(X1)

→

Row	Column
7	2
7	3
6	5
7	5

→

SubWord
(Y1)

AES S-box
	00	01	02	03	04	05	06	07	08	09	0A	0B	0C	0D	0E	0F
00	63	7C	77	7B	F2	6B	6F	C5	30	01	67	2B	FE	D7	AB	76
10	CA	82	C9	7D	FA	59	47	F0	AD	D4	A2	AF	9C	A4	72	C0
20	B7	FD	93	26	36	3F	F7	CC	34	A5	E5	F1	71	D8	31	15
30	04	C7	23	C3	18	96	05	9A	07	12	80	E2	EB	27	B2	75
40	09	83	2C	1A	1B	6E	5A	A0	52	3B	D6	B3	29	E3	2F	84
50	53	D1	00	ED	20	FC	B1	5B	6A	CB	BE	39	4A	4C	58	CF
60	D0	EF	AA	FB	43	4D	33	85	45	F9	02	7F	50	3C	9F	A8
70	51	A3	40	8F	92	9D	38	F5	BC	B6	DA	21	10	FF	F3	D2
80	CD	0C	13	EC	5F	97	44	17	C4	A7	7E	3D	64	5D	19	73
90	60	81	4F	DC	22	2A	90	88	46	EE	B8	14	DE	5E	0B	DB
A0	E0	32	3A	0A	49	06	24	5C	C2	D3	AC	62	91	95	E4	79
B0	E7	C8	37	6D	8D	D5	4E	A9	6C	56	F4	EA	65	7A	AE	08
C0	BA	78	25	2E	1C	A6	B4	C6	E8	DD	74	1F	4B	BD	8B	8A
D0	70	3E	B5	66	48	03	F6	0E	61	35	57	B9	86	C1	1D	9E
E0	E1	F8	98	11	69	D9	8E	94	9B	1E	87	E9	CE	55	28	DF
F0	8C	A1	89	0D	BF	E6	42	68	41	99	2D	0F	B0	54	BB	16

Quiz#

Compute the RotWord (X1) and Subword (Y1) of $W_3$ below.

W₃

Waiting…

W₃

RotWord
(X1)

→

Row	Column
6	9
6	e
6	7
7	2

→

SubWord
(Y1)

Rcon: XOR the result Y1 with a round constant (Rcon).

W₃

RotWord
(X1)

SubWord
(Y1)

⊕

Rcon
(R1)

g (W₃)

Round Constant Table
Round	Byte 1	Byte 2	Byte 3	Byte 4
R1	01	00	00	00
R2	02	00	00	00
R3	04	00	00	00
R4	08	00	00	00
R5	10	00	00	00
R6	20	00	00	00
R7	40	00	00	00
R8	80	00	00	00
R9	1B	00	00	00
R10	36	00	00	00

$\colorbox{#DEEBF7}{$\textcolor{red}{\text{Y1}} = \textcolor{blue}{40~8F~4D~9D} = 01000000~10001111~01001101~10011101$}$ $\textcolor{purple}\oplus$ $\colorbox{#FFF2CC}{$\textcolor{red}{\text{R1}} = \textcolor{blue}{01~00~00~00} = 00000001~00000000~00000000~00000000$}$

$\colorbox{#E2F0D9}{$\textcolor{red}{g(W_3)}= 01000001~10001111~01001101~10011101$}$ $\colorbox{#E2F0D9}{$\textcolor{red}{g(W_3)}=\hspace{3em}41\hspace{3em}8F\hspace{3em}4D\hspace{3em}9D$}$

41 8F 4D 9D

Conversion to Binary#

Hexadecimal	Decimal	Binary (4 bits)
`0`	`0`	`0000`
`1`	`1`	`0001`
`2`	`2`	`0010`
`3`	`3`	`0011`
`4`	`4`	`0100`
`5`	`5`	`0101`
`6`	`6`	`0110`
`7`	`7`	`0111`
`8`	`8`	`1000`
`9`	`9`	`1001`
`A`	`10`	`1010`
`B`	`11`	`1011`
`C`	`12`	`1100`
`D`	`13`	`1101`
`E`	`14`	`1110`
`F`	`15`	`1111`

40 = 0100 0000
9D = 1001 1101

Key Expansion#

Initial Round (AddRoundKey)#

Message
128-bits

\begin{array}{ll} % 文本行：完整红色高亮 \text{Message in text} \hspace{4.4em}= & \text{\textcolor{red}{oursecretmessage}} \\[0.6em] % 128位二进制：分行排版，等号对齐 \text{Message in 128 bits} \hspace{2.8em}= & 01101111\ 01110101\ 01110010\ 01110011\ 01100101\ 01100011 \\ & 01110010\ 01100101\ 01110100\ 01101101\ 01100101\ 01110011 \\ & 01110011\ 01100001\ 01100111\ 01100101 \\[0.6em] % 十六进制+字母：顶部对齐，逐列垂直对应 \text{Message in hexadecimal} \hspace{0.8em}= & \begin{array}{cccccccccccccccc} 6\text{F} & 75 & 72 & 73 & 65 & 63 & 72 & 65 & 74 & 6\text{D} & 65 & 73 & 73 & 61 & 67 & 65 \\ \textcolor{red}{o} & \textcolor{red}{u} & \textcolor{red}{r} & \textcolor{red}{s} & \textcolor{red}{e} & \textcolor{red}{c} & \textcolor{red}{r} & \textcolor{red}{e} & \textcolor{red}{t} & \textcolor{red}{m} & \textcolor{red}{e} & \textcolor{red}{s} & \textcolor{red}{s} & \textcolor{red}{a} & \textcolor{red}{g} & \textcolor{red}{e} \end{array} \end{array}

\begin{align} \text{Message in hexadecimal} &= 6F~75~72~73~65~63~72~65~74~6D~65~73~73~61~67~65 \\ \textcolor{blue}{\text{byte}} &\textcolor{red}{\hspace{1em}\left\{b_1\ b_2\ b_3\ b_4\ b_5\ b_6\ b_7\ b_8\ b_9\ b_{10}\ b_{11}\ b_{12}\ b_{13}\ b_{14}\ b_{15}\ b_{16}\right.} \end{align}

\begin{align} % 上半部分：符号矩阵与子密钥异或 \begin{pmatrix} b_1 & b_5 & b_9 & b_{13} \\ b_2 & b_6 & b_{10} & b_{14} \\ b_3 & b_7 & b_{11} & b_{15} \\ b_4 & b_8 & b_{12} & b_{16} \end{pmatrix} \quad &\textcolor{purple}{\oplus} \quad \begin{pmatrix} \\ \text{\textcolor{blue}{SubKey 0}} \\[0.1em] \begin{array}{|c|c|c|c|} \hline \textcolor{red}{W_0} & \textcolor{red}{W_1} & \textcolor{red}{W_2} & \textcolor{red}{W_3} \\ \hline \end{array} \\ ~ \end{pmatrix} \\ \\ % 下半部分：十六进制矩阵异或运算 \begin{pmatrix} 6\text{F} & 65 & 74 & 73 \\ 75 & 63 & 6\text{D} & 61 \\ 72 & 72 & 65 & 67 \\ 73 & 65 & 73 & 65 \end{pmatrix} \quad &\textcolor{purple}{\oplus} \quad \begin{pmatrix} 63 & 6\text{F} & 6\text{F} & 75 \\ 64 & 62 & 73 & 72 \\ 75 & 75 & 63 & 73 \\ 74 & 66 & 6\text{F} & 65 \end{pmatrix} \quad \textcolor{purple}{=} \quad \begin{pmatrix} ?? & ?? & ?? & ?? \\ ?? & ?? & ?? & ?? \\ ?? & ?? & ?? & ?? \\ ?? & ?? & ?? & ?? \end{pmatrix} \end{align}

Main Rounds (Round 1)#

Quiz#

What are the steps in a main round?

Waiting…

Main Rounds - SubBytes#

Each byte in the state matrix/array is replaced using the fixed AES S-box (Substitution box).
For example, a byte like 53 is replaced with ED according to the S-box.

\begin{array}{cc} \text{\textcolor{purple}{State Array}} & \text{\textcolor{purple}{SubBytes Result}} \\[1em] \begin{pmatrix} \textcolor{green}{0C} & \textcolor{green}{0A} & \textcolor{green}{1B} & \textcolor{green}{06} \\ \textcolor{green}{11} & \textcolor{green}{01} & \textcolor{green}{1E} & \textcolor{green}{13} \\ \textcolor{green}{07} & \textcolor{green}{07} & \textcolor{green}{06} & \textcolor{green}{14} \\ \textcolor{green}{07} & \textcolor{green}{03} & \textcolor{green}{1C} & \textcolor{green}{00} \end{pmatrix} & \begin{pmatrix} \textcolor{red}{FE} & \textcolor{red}{67} & \textcolor{red}{AF} & \textcolor{red}{6F} \\ \textcolor{red}{82} & \textcolor{red}{7C} & \textcolor{red}{72} & \textcolor{red}{7D} \\ \textcolor{red}{C5} & \textcolor{red}{C5} & \textcolor{red}{6F} & \textcolor{red}{FA} \\ \textcolor{red}{C5} & \textcolor{red}{7B} & \textcolor{red}{9C} & \textcolor{red}{63} \end{pmatrix} \end{array}

AES S-box
	00	01	02	03	04	05	06	07	08	09	0A	0B	0C	0D	0E	0F
00	63	7C	77	7B	F2	6B	6F	C5	30	01	67	2B	FE	D7	AB	76
10	CA	82	C9	7D	FA	59	47	F0	AD	D4	A2	AF	9C	A4	72	C0
20	B7	FD	93	26	36	3F	F7	CC	34	A5	E5	F1	71	D8	31	15
30	04	C7	23	C3	18	96	05	9A	07	12	80	E2	EB	27	B2	75
40	09	83	2C	1A	1B	6E	5A	A0	52	3B	D6	B3	29	E3	2F	84
50	53	D1	00	ED	20	FC	B1	5B	6A	CB	BE	39	4A	4C	58	CF
60	D0	EF	AA	FB	43	4D	33	85	45	F9	02	7F	50	3C	9F	A8
70	51	A3	40	8F	92	9D	38	F5	BC	B6	DA	21	10	FF	F3	D2
80	CD	0C	13	EC	5F	97	44	17	C4	A7	7E	3D	64	5D	19	73
90	60	81	4F	DC	22	2A	90	88	46	EE	B8	14	DE	5E	0B	DB
A0	E0	32	3A	0A	49	06	24	5C	C2	D3	AC	62	91	95	E4	79
B0	E7	C8	37	6D	8D	D5	4E	A9	6C	56	F4	EA	65	7A	AE	08
C0	BA	78	25	2E	1C	A6	B4	C6	E8	DD	74	1F	4B	BD	8B	8A
D0	70	3E	B5	66	48	03	F6	0E	61	35	57	B9	86	C1	1D	9E
E0	E1	F8	98	11	69	D9	8E	94	9B	1E	87	E9	CE	55	28	DF
F0	8C	A1	89	0D	BF	E6	42	68	41	99	2D	0F	B0	54	BB	16

Main Rounds - ShiftRows#

It shifts the bytes in each row of the subbytes result to the left by a specific number of positions.

Main Rounds - Mix Columns#

It transforms each column using matrix multiplication in Galois Field (GF $\textcolor{blue}{(2^8)}$ ) to ensure that changes to one byte affect all four bytes in the column.
This multiplication is not traditional matrix multiplication.
Each column of the state matrix (consisting of 4 bytes) is treated as a 4-byte vector and is multiplied by a fixed 4 $\times$ 4 matrix
This is done in GF $(2^8)$ using modulo operations with the irreducible polynomial $x^8+x^4+x^3+x+1$

\begin{array}{c} \text{\textcolor{purple}{Fixed 4 $\times$ 4}} \\[0.6em] \begin{pmatrix} \textcolor{red}{02} & \textcolor{red}{03} & \textcolor{red}{01} & \textcolor{red}{01} \\ \textcolor{red}{01} & \textcolor{red}{02} & \textcolor{red}{03} & \textcolor{red}{01} \\ \textcolor{red}{01} & \textcolor{red}{01} & \textcolor{red}{02} & \textcolor{red}{03} \\ \textcolor{red}{03} & \textcolor{red}{01} & \textcolor{red}{01} & \textcolor{red}{02} \end{pmatrix} \end{array}

Reading Assignment and Optional Group Presentation#

Next Lecture
What is a Galois Field?
How to compute addition and multiplication in Galois Field (GF).

音乐

音乐

Lecture Outline#

Learning Outcomes#

Advanced Encryption Standard (AES)#

How it works#

Key Expansion#

Function $\textcolor{blue}{g}$ #

Quiz#

Conversion to Binary#

Key Expansion#

Initial Round (AddRoundKey)#

Main Rounds (Round 1)#

Quiz#

Main Rounds - SubBytes#

Main Rounds - ShiftRows#

Main Rounds - Mix Columns#

Reading Assignment and Optional Group Presentation#

支持与分享

评论区

音乐

文章目录

音乐

音乐

Foundations of Security Week10 Lecture

Lecture Outline#

Learning Outcomes#

Advanced Encryption Standard (AES)#

How it works#

Key Expansion#

Function g\textcolor{blue}{g}g#

Quiz#

Conversion to Binary#

Key Expansion#

Initial Round (AddRoundKey)#

Main Rounds (Round 1)#

Quiz#

Main Rounds - SubBytes#

Main Rounds - ShiftRows#

Main Rounds - Mix Columns#

Reading Assignment and Optional Group Presentation#

支持与分享

评论区

音乐

文章目录

Function $\textcolor{blue}{g}$ #