The introduction of the DES algorithm has finally come to an end. Because the key of DES is only 64 bits per group, the security performance of DES is worrying. Therefore, Amerika (USA) has successively launched symmetric encryption algorithms such as 3DES and AES. 3DES will not go into details for this, and interested friends can look for "strategy" online. Next, introduce the AES encryption and decryption algorithm.
If there are friends who are not familiar with DES, I will post the previous DES introduction article:
https://blog.csdn.net/qq_31236027/article/details/128209185
What is the AES algorithm, and what are the similarities and differences between the AES algorithm and the DES algorithm?
AES is an advanced encryption algorithm launched by America (USA), released on November 26, 2001. The great thing about this algorithm is that its key is not long but the difficulty of brute force cracking increases exponentially. Although its key is not long, it still expands a lot of bits compared to the DES algorithm that stretches across. Key lengths come in several versions: 128-bit, 192-bit, and 256-bit. But the plaintext is always calculated according to 128 bits, and the number of rounds of encryption will change with the length of the key, as shown in the following figure:
Next, let’s talk about the similarities and differences between AES and DES algorithms:
The difference between AES and DES:
- Friends who have read my previous introduction to DES should know that DES is to divide the plaintext binary stream into the left half and the right half, and then complete the encryption through operations such as permutation, f-function operations, and bit XOR, and the same is true for decryption. . This is not the case with AES. It generates ciphertext by processing the entire plaintext as a whole. In addition, the operations used are mainly byte substitution, row shifting, and column mixing, which may be more efficient.
- The AES key is at least 128 bits, while DES is 64 bits, and AES is better than DES for brute force cracking. The number of rounds of AES encryption is 16 rounds, and the number of rounds of AES key encryption is up to 14 rounds, which improves the efficiency of encryption and decryption.
The same points between AES and DES:
- They are all symmetric encryption algorithms, there is no doubt about it.
- Both AES and DES use the S box, and the design of the S box directly determines the quality of the algorithm.
- Both AES and DES use cyclic shifts and follow Shannon's diffusion and confusion principles.
Overview of the overall process of the AES algorithm (see the follow-up article for details)
plaintext encryption
- byte instead
- row shift
- column mix
- Round key addition
Briefly explain the above figure:
First, a round key addition is performed in the initial encryption round. The number of initial plaintext matrix rows is 4, because it is a 128-bit block encryption with 32 bits in each column, and the number of key matrix rows is also 4. Perform an XOR operation with the initial plaintext matrix. Afterwards, the byte replacement of the s-box is performed to increase the diffusion. The design of the s-box directly determines the quality of the algorithm. After that, row shifting and column mixing are performed, and round key addition is performed again. This process is repeated until the ninth round. Rounds only perform byte substitution, row shifting, and round key addition. Get the final matrix ciphertext result.
For key extension
, see https://blog.csdn.net/qq_40739219/article/details/120860258
Mathematical basics related to AES algorithm
Group, Ring, Domain
Reference from https://blog.csdn.net/weixin_44584702/article/details/122709135
Groups and Commutative Groups Group G is a set of binary operations [ can be arbitrary
] defined , denoted as {G, } [ Note: the following binary operations are all recorded as this symbol ] , each ordinal pair in G ( a, b) generates elements (a, b) in G through operations, and if a b = b a is called a commutative group . The properties are as follows: Closedness: If both a and b belong to G, then a·b also belongs to G, such as 3 and 4 belong to a certain group, then the result of 3 and 4 after a certain binary operation must also belong to this group associative law : For any element a, b, c in G, a·(b·c)=(a·b)·c holds trueUnity element: There is an element e in G, and for any element a in G, a·e=e·a=a holds true.
Inverse element: For any element a in G, there is an element a' in G, so that the following formula holds a·a'=a'·a=e (identity element, addition is 0, multiplication is 1).
Rings and Integral
Rings A ring R, denoted {R, +, x}, is a set of two binary operations with the following properties and laws. R is a
commutative group with respect to addition ; therefore R satisfies all the commutative groups from the above in principle.
Closure of multiplication: If both a and b belong to R, then a*b also belongs to R.
The associative law of multiplication: For any elements a, b, and c in R, a(bc)=(ab)c holds true.
Distributive law: For any element a, b, c in R, the following two formulas are always true a (b+c) = ab + ac; (a+b) c = ac + bc if the following conditions are also satisfied,
then It is called the whole ring:
the commutative law of multiplication: for any elements a and b in R, ab=ba is established.
Multiplicative identity element: There is an element 1 in R, so that for any element a in R, a1=1a=a holds.
No zero factor: If there are elements a and b in R, and ab=0, then there must be a=0 or b=0. '
Field and Galois field
Field F, denoted as {F, +, x}, is a set of two binary operations, and the premise is a whole ring , satisfying for any element a (except 0) in F, There is an inverse element a' in F, so that a*a' = e (identity element).
In abstract algebra, a field is an algebraic structure that can perform addition, subtraction, multiplication, and division operations. The concept of field is the generalization of number field and four operations. A field containing a finite number of elements is called a finite field. The number of elements in a finite field is called the order of the finite field. Although there exist infinite fields with an infinite number of elements, only finite fields are widely used in cryptography. The order of each finite field must be a power of a prime number, that is, the order of a finite field can be expressed as pⁿ (p is a prime number and n is a positive integer), and this finite field is usually called Galois Fields (Galois Fields), denoted as GF( pⁿ). When n=1, there is a finite field GF(p), also known as the field of prime numbers. 【From Baidu Encyclopedia】
Are you a little dizzy? Haha, let me explain now:
a group can be understood as the most basic unit, it can only accommodate one binary operation, and then all elements in the group can perform this binary operation to become elements in another group. For example, {Z, +} This is a group, but it is an infinite group, because it is composed of all integers. Then we have 3 belonging to this group, 4 also belonging to this group, 3+4 also belonging to this group, and this group also belongs to the exchange group (because 3+4=4+3).
So, what is a ring?
For example, {Z,+,*} is a ring. On the additive level, {Z,+} belongs to the commutative group, because there are inverses and identity elements on the additive level. For example, the additive inverse of 2 is -2, and the addition Unity is 0. And satisfy the principles of closure and associativity. But the commutative group is not satisfied in multiplication, because the inverse of 2 is 1/2, which is not in the group {Z,*}. See the process at the top of the picture above.
What is a ring?
Simply put, if a group is a commutative group for addition and has no multiplicative inverse for multiplication, then it can be called an integral ring. The process in the middle of the figure.
What is a domain?
A field can be understood as a whole ring containing multiplicative inverses. It has all the above characteristics and principles.
What is a Galois Field?
- it is a finite field
- Its order (the number of elements in it) must be a power of a prime number. why? We know that finite fields are extended based on prime number fields, such as 4 = 2+2, 6=2 3,. That is, its base domain is Zp (p is a prime number), then based on the concept of domain, it satisfies (Zp, +, ), so we can consider its order as p^n. When n=1, the domain is is a prime field. The order of the prime field is equal to itself.
Why does AES encryption and decryption need to use the Galois field?
3. The numbers in the field are limited and easy to handle
4. The order is a prime number
5. There are addition and multiplication inverse elements (can be inverse)
One last thing, encryption and decryption generally use the prime number field GF§ or the extended field GF(2^m), why use the extended field? You can think about it, and I will add it later.
Let's answer the previous question:
Why do encryption and decryption generally use extended fields?
The answer is very simple, because the extended field is a power of 2, which is convenient for computer processing. Among them, the binary operation is convenient to be processed by bit operation, and the efficiency is high.
Finally, add one point:
Galois field generally takes GF(2^8), and its irreducible polynomial (the product that cannot be divided into any two subpolynomials) is generally X^8+X^4+X^3+X+1,
The binary operations in it follow the rules of modulo operation.
Next, let's introduce the detailed process of AES encryption and decryption.
First, let's take a look at the plaintext encryption processing module
Plaintext initial matrix and key initial matrix
The plaintext initial matrix, as shown in the figure below
Source of the picture: https://blog.csdn.net/qq_40739219/article/details/120860258
A brief introduction, a total of 16 bytes, each byte is 8 bits, divided into 4 bytes *4 matrix. 1-4 bytes are the first column, 5-8 are the second column, and so on.
The key initial matrix, as shown in the figure below,
can be divided into different matrices (4 4, 4 6, 4 8) according to different key lengths (128bit/192bit/256bit) [ rows and columns ]
image source: [https://blog .csdn.net/qq_40739219/article/details/120860258]
plaintext encryption
-
Byte Substitution
Literally, byte substitution refers to increasing diffusion through replacement.
It uses a 16*16 S box. As mentioned before, each unit of the plaintext initial matrix is 8 bits, the first four bits represent the number of rows of the S box, and the last four bits represent the number of columns of the S box. Then perform the replacement operation. [The s box can be searched online, so I won’t put it here] -
Row Shift
The first row remains unchanged, the second row is rotated left by one bit, the third row is rotated left by two bits, and the fourth row is rotated left by three bits.
As shown below:
become
-
Column mixing
Take the result (matrix) of the row shift and perform matrix multiplication with the fixed matrix to get the result. [Note: For the calculation of Galois field, please refer to the basic knowledge of mathematics above]
The fixed matrix is as follows:
As for why it is such a matrix, I haven’t figured it out yet. If you have any friends who know, please tell me in private messages or in the comment area Thank you.
For example:
B =
{ 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 25 } Then take the matrix multiplication of the first row and the first column as an example: (02 * 25) ⊕ (03 * 25) ⊕ (01 * 25) ⊕ (01 * 25) Before the introduction, let’s talk about the meaning of 02, 03, 01, (02)16【subscript, means hexadecimal】 => (0000 0010) 2【Subscript means binary】 => 0*x^7 + 0*x^6 + … + 1*x^1 + 0*x^0 => x, similarly, (03)16 = > ( 0000 0011)2 => x+1 (25)16 => (0010 0101)2 => x^5 + x^2 + 1 02 * 25 => x * (x^5 + x^2 + 1) = > x^6 + x^3 + x then we have, (02 * 25) ⊕ (03 * 25) ⊕ (01 * 25) ⊕ (01 * 25) =>
(x^6 + x^3 + x) + (x^6 + x^5 + x^3 + x^2 + x + 1) + (x^5 + x^2 + 1) + (x^5 + x^2 + 1) => x^5 + x^2 + 1
[Note: This is an addition modulo operation, that is, x^5 + x^5 + x^5 => x^5(mod 2), x ^6 + x^6 => 0(mod 2)] -
Round key plus
input: 128bit current state matrix (matrix after plaintext processing) and 128bit subkey.
Operation: bitwise exclusive OR XOR, [Note: For the operation of Galois field, please refer to the basic knowledge of mathematics above, in short, it is an addition modulo operation of 2] Output: the input of the next round of
plaintext encryption processing
Key Scheduling Principles
As mentioned above, AES keys are divided into 128, 192, and 256 bits. For keys of different lengths, the implementation process of key arrangement is inconsistent.
Taking a 128bit key as an example below, the corresponding number of encryption rounds is 10, and 11 subkeys are obtained, each of which has a length of 128bit.
Why is the number of subkeys one more than the number of rounds?
Careful friends may have discovered that a round of key addition is required in the initial round, and then a round of key addition will be performed in each round of repeated encryption operations. Therefore, the total number of subkeys required is the number of rounds + 1
After understanding these, let's introduce the specific implementation process below.
As shown in the figure, the first round of sub-keys is the value of the key initial matrix, which can be recursively calculated in a certain way to obtain subsequent keys, increasing the diffusion.
According to the above figure + mathematical induction, the specific operation formula can be obtained as follows: (i represents the number of rows, j represents the number of columns, the same below) the
leftmost value of the round key
W[4*i] = W[4*(i- 1)] + g(W[4*i-1]) [g function will be introduced below] the
other three values:
W[4*i + j] = W[4*(i-1)+j] + W[4*i+j-1]
( 4*(i-1) + j represents the value of the same column of the previous round key, 4*i+j-1 represents the value of the previous column of the same round key)
According to the textbook, the g function
is a function that flips the input four bytes, performs the byte-by-byte S-box replacement operation, and finally replaces the leftmost byte with the S-box and adds the wheel coefficient RC, which can be imagined Into the f function of DES. As shown below.
Among them, RC (wheel coefficient) will change with the change of the wheel, and its transformation rules will be introduced later.
The appearance of the round coefficient increases the non-linearity of the key arrangement, and also eliminates the symmetry of the AES algorithm. Can add confusion.
ps: If anyone is interested in the 192-bit and 256-bit key arrangement, you can leave a message in the comment area, and I will introduce it next time.
————————————————Encryption ends here, decryption will be introduced next time————————————————