Principle AES encryption algorithm (encryption)

Rijndael (pronounced rain-dahl) is an advanced encryption standard by the US National Institute of Standards and Technology (NIST) selected ( AES ) algorithm candidate.

AES algorithm process:

The following outlines the role and significance of the various parts under:

Plaintext P:

　　After the data is not encrypted.

Key K:

　　　　　　Password used to encrypt the plaintext, the symmetric encryption algorithm, the encryption and decryption keys are the same. Key for the recipient and sender consultations, but not directly on the transmission network. Otherwise, key leakage, usually by an asymmetric key encryption algorithm, and then transmitted through the network to each other, face to face or direct consultation key. Key is absolutely not leak, otherwise it will be to restore the ciphertext attacker to steal confidential data.

AES encryption function:

　　　　　　Provided AES encryption function E, the C = E (K, P), where P is the plain text, K is the key, C is the ciphertext. That is, the plaintext P and a key K as input parameters of the encryption function, the encryption function E outputs ciphertext C.

Ciphertext C:

　　　　　　Data encryption function after treatment

AES decryption function:

　　　　　　Provided AES decryption function D, the P = D (K, C), where C is the cipher text, K is the key, P is the plain text. That is, the key K and the ciphertext C input parameters as a decryption function, the decryption function output plaintext P.

Briefly outline the difference between asymmetric encryption algorithm symmetric encryption algorithm.

Symmetric encryption algorithms:

　　　　　　Used in the encryption and decryption keys are the same, this encryption method encryption very fast, for regular data transmission occasion. The disadvantage is too much trouble to transport key.

Asymmetric encryption algorithms:

　　　　　　Encryption and decryption keys are different, this encryption method is to use a configuration of intractable mathematical problem, usually decrypted encryption speed is relatively slow, and occasionally the case for transmitting data. The advantage is convenient key transport. Common non-symmetric encryption algorithm is RSA, ECC and EIGamal.

In practice, typically by the AES key RSA encryption, is transmitted to the receiving side, the receiving side AES decrypted key and then the sender and receiver communication AES key.

Process AES algorithm:
AES encryption process involves four kinds of operation, namely, bytes Alternatively, line shift, plus round keys confusion and columns. Decryption process corresponding to the reverse operation, respectively. Since each step is reversible, decrypting in the reverse order to restore the plaintext. Decryption key in each round are obtained by the initial key expansion. Algorithm 16 bytes plaintext, ciphertext, and round keys are represented in a 4x4 matrix.

First, the byte substitution

1. Operation SubBytes

AES byte substitution is actually a simple table lookup operation. AES defines a S-box and an inverse S-box.
AES S-box:

2. reverse operation SubBytes

Inverse check byte substitution is inverse transformed S boxes, an inverse S-box is as follows:

Example: After replacing the 66 byte value S [6] [6] = 33, then the value can be obtained by replacing the pre-S-1, S-1 [3] [3] = 66.

Second, the line displacement

1. The row shift: shift row permutation function is to achieve a 4x4 matrix between the internal byte.

Third, confusion column

The matrix multiplication can be seen, the process of confusion in the column (using a field GF (instead of a characteristic of the arithmetic 28)), the value of each byte corresponds to only four values associated with the column. Multiplication and addition here is to note the following points:

(1) corresponding to a byte value multiplied by 2, the result is the value of the bit rotated left one bit if the maximum value is 1 (indicating that the value is not less than 128), the required the shifted result XOR 00011011

(2) the multiplication of the addition is the distribution rate, for example: 07 · S0,0 = (01⊕02⊕04) · S0,0 = S0,0⊕ (02 · S0,0) (04 · S0,0)

(3) on the matrix multiplication with matrix multiplication where different general sense, the respective values are used in addition modulo-2 addition (exclusive OR operation).

Because: Description reciprocal two matrices, after a reverse confusion through the column to recover the original.

Supplementary :( bitwise exclusive or concept)

4. Add round keys: encryption, each round and a round key input XOR a (part of the current packet and an expanded key bitwise exclusive or); as a binary number or a different number of continuous same result , so in the decryption key and then the exclusive oR of the wheel to restore the input. The use of reason and last round keys added: If other unwanted keys on stage from beginning to end, without the use of a key to complete the reverse process, which reduces the security of the algorithm.

加密原理：轮密钥加本身不难被破解，另外三个阶段分别提供了混淆和非线性功能。可是字节替换、行移位、列混淆阶段没有涉及密钥，就它们自身而言，并没有提供算法的安全性。但该算法经历一个分组的异或加密（轮密钥加），再对该分组混淆扩散（其他三个阶段），再接着又是异或加密，如此交替进行，这种方式非常有效非常安全。

5.密钥扩展：其复杂性是确保算法安全性的重要部分。当分组长度和密钥长度都是128位时,AES的加密算法共迭代10轮，需要10个子密钥。AES的密钥扩展的目的是将输入的128位密钥扩展成11个128位的子密钥。AES的密钥扩展算法是以字为一个基本单位（一个字为4个字节），刚好是密钥矩阵的一列。因此4个字（128位）密钥需要扩展成11个子密钥，共44个字。

密钥扩展过程说明：将初始密钥以列为主，转化为4个32 bits的字，分别记为w[0…3]；按照如下方式，依次求解w[i]，其中i是整数并且属于[4,43]。

1）将w[i]循环左移一个字节。