AES review
1.pre-requisition
-
mathematic
-
XOR 可以理解成找到AB不同的点(求异)因此能理解 a XOR b XOR b = a (两种理解方式,1.a和b交集的补集再跟b交集的补集就是a 2.异或满足交换律,a xor (b xor b) = a xor 0 = a)
eg. 以GF(2^8)为例 两个多项式进行加法运算(
XOR或者模2相加
)( x 6 + x 4 + x 2 + x + 1 ) (x^6+x^4+x^2+x+1) (x6+x4+x2+x+1) ⨁ \bigoplus ⨁ ( x 7 + x + 1 ) = (x^7+x+1)= (x7+x+1)=
按照逻辑理解,可以直接得到:不同部分为 x 7 + x 6 + x 4 + x 2 x^7+x^6+x^4+x^2 x7+x6+x4+x2 (只有x+1是相同得,去掉)
-
Polynomial Multiplication
In the finite filed G F ( 2 8 ) GF(2^8) GF(28) , 列混淆过程中的乘积大于 x 8 x^8 x8 需要再mod x 8 + x 4 + x 3 + x + 1 ( M A X ( G F ( 2 8 ) = 256 = x 8 ) x^8+x^4+x^3+x+1(MAX(GF(2^8)=256=x^8) x8+x4+x3+x+1(MAX(GF(28)=256=x8)
- for mod, a mod b = c , for another word $d·b+c=a $
- normally, a < b, a mod b = a. whereas when a > b, we do
-
Matrix Inverse
-
Matrix Multiplication
-
Combination
( a b ) = C b a = a ! b ! ( a − b ) ! \left( \begin{matrix} a\\ b \end{matrix} \right)=C^a_b=\frac{a!}{b!(a-b)!} (ab)=Cba=b!(a−b)!a!
-
2.Algorithm
Input (AES 属于分组密码,symmetric encryption,同样也是) ,以aes 128为例,直接用实际例子计算
eg:00 11 22 33 44 55 66 77 88 99 0a 0b 0c 0d 0e 0f
分组之后的规律如下
00 | 44 | 88 | 0c |
---|---|---|---|
11 | 55 | 99 | 0d |
22 | 66 | 00 | 0e |
33 | 77 | 0b | 0f |
pre:
key-expandation
-
assuming the key is 2b7e151628aed2a6abf7158809cf4f3c
Thus 分组密码即
2B 28 AB 09 7E AE F7 CF 15 D2 15 4F 16 A6 88 3C 将每一列转换成一组,hence we have fout 32bits( 8 bytes (4 two hex))
thus W0 = 2b7e1516,W1 = 28aed2a6, w2= abf71588,W3 = 09cf4f3c
由于AES 128分组长度为128bit,并且共10轮,因此需要44个密钥,即扩展10轮
-
求出其他分组情况
$$
\begin{cases}W_j = W_(j-4) \bigoplus g(W_(j-1)),j/%4=0 \
W_j = W_(j-4) \bigoplus W_(j-1),j%4!=0 \tag{1}
\end{cases}
$$
能被4整除情况与通常情况hence
W 4 = W 0 ⨁ g ( W 3 ) W 3 ′ = W 3 l e f t s h i f t o n e b y t e s = 09 c f 4 f 3 c → c f 4 f 3 c 09 W_4 = W0\bigoplus g_(W3)\\W_3'=W_3\ leftshift\ one\ bytes=09cf4f3c\rightarrow\ cf4f3c09 W4=W0⨁g(W3)W3′=W3 leftshift one bytes=09cf4f3c→ cf4f3c09
Thus
W 3 ′ = C F 4 F 3 C 09 W_3'=CF4F3C09 W3′=CF4F3C09
look-up table
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YxAvbfPX-1668572560860)(C:\Users\Merlinlee\Desktop\SBOX.png)]
according to the table, c f → 8 a 4 f → 84 3 c → e b 09 → 01 cf \rightarrow 8a\\4f\rightarrow 84\\3c\rightarrow eb \\09\rightarrow 01 cf→8a4f→843c→eb09→01
thus W " = 8 a 84 e b 01 W"=8a84eb01 W"=8a84eb01
这里引入轮常量 R c o n [ i ] = ( R C [ i ] , 0 , 0 , 0 ) R_{con}[i]=(RC[i],0,0,0) Rcon[i]=(RC[i],0,0,0),大小为4字节,仅第一字节有效(右边补三个0),之后与该轮密钥做xor,R[i]
R[1]=1,RC[i]=2·RC[i-1] (算了吧,凡人,你理解不了数论的,用数学家的结果就可以了)
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-V3HyYyzL-1668572560861)(https://1.bp.blogspot.com/-DTu3DnVo66M/YNG-8LxCJXI/AAAAAAAACgc/xlxBP00UDlsS0T-LGAkZ2hkZSme-eXfsQCPcBGAYYCw/s835/Key%2BExp%2BFig%2B2.png)]
from https://www.chiragbhalodia.com/2021/10/key-expansion-in-AES.html
here we get R c o n [ 1 ] = 01000000 R c o n [ 2 ] = 02000000 R c o n [ 3 ] = 04000000 R c o n [ 4 ] = 08000000 R c o n [ 5 ] = 10000000 R c o n [ 6 ] = 2000000 R c o n [ 7 ] = 40000000 R c o n [ 8 ] = 80000000 R c o n [ 9 ] = 1 B 000000 R c o n [ 10 ] = 36000000 R_{con[1]}=0100 0000 R_{con[2]}=0200 0000 R_{con[3]}=0400 0000 R_{con[4]}=0800 0000 R_{con[5]}=1000 0000 \\ R_{con[6]}=200 0000 R_{con[7]}=4000 0000 R_{con[8]}=8000 0000 R_{con[9]}=1B00 0000 R_{con[10]}=3600 0000 Rcon[1]=01000000Rcon[2]=02000000Rcon[3]=04000000Rcon[4]=08000000Rcon[5]=10000000Rcon[6]=2000000Rcon[7]=40000000Rcon[8]=80000000Rcon[9]=1B000000Rcon[10]=36000000
from finite domain GF2^1 to GF2^9
$$
g(n) =
\begin{cases}
W3’’ \ \ \ \ \ 1000 \ |1010|1000|0100|1110|1011|0000|0001|\
R_{con}[0]0000 \ |0001|0000|0000|0000|0000|0000|0000| \
W_3’‘’= |1000|1011||1000|0100|1110|1011|0000|0001|=8b84eb01\end{cases}
$$
如上,得到 g ( W 3 ’ ′ ) = W 3 ′ ′ ′ = 8 b 84 e b 01 g(W_3’')=W_3'''=8b84eb01 g(W3’′)=W3′′′=8b84eb01, by the way n = J = 0,(每轮的Rcon都不同)G(2^8)乘法:
先进行多项式相乘,然后再将结果模不可约多项式 m ( x ) = X 8 + x 4 + x 3 + x + 1 m(x)=X^8+x^4+x^3+x+1 m(x)=X8+x4+x3+x+1
next we get W4 = W0 ⨁ W ′ ′ ′ \bigoplus \ W''' ⨁ W′′′ = A0FA FE17
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fbAto6my-1668572560862)(C:\Users\Merlinlee\AppData\Roaming\Typora\typora-user-images\image-20221114083425774.png)]
as the (1)
now we have W5 = W1 ⨁ \bigoplus ⨁W4= 8854 2CB1,W6=23A33939,W7=2A6C7605
so the second set
KaTeX parse error: Undefined control sequence: \matrix at position 9: \left[ \̲m̲a̲t̲r̲i̲x̲{ A0 & 88 & 23 …Following the same step as below,10 turns keys
Encryptions
-
AddRoundKey
simply just xor plaintext and cipher,here we take “32 43 f6 a8 88 5a 30 8d 31 31 98 a2 e0 37 07 34’’”
KaTeX parse error: Undefined control sequence: \matrix at position 15: \left[ \̲m̲a̲t̲r̲i̲x̲{ 32 & 88… -
Subbytes
mapping matrix (2) to S-box, then we have the subbytes matrix
(note that the row to first byte, eg 19 => D4)
thus we have
KaTeX parse error: Undefined control sequence: \matrix at position 9: \left[ \̲m̲a̲t̲r̲i̲x̲{ D4 & e0 & b8 … -
ShiftRows
First row stay
second row left shift one byte
third row left shift two bytes
The fourth row left shifts three bytes
as to our matrix
KaTeX parse error: Undefined control sequence: \matrix at position 9: \left[ \̲m̲a̲t̲r̲i̲x̲{ D4 & e0 & b8 … -
MixColumn
左乘一个固定矩阵
KaTeX parse error: Undefined control sequence: \matrix at position 9: \left[ \̲m̲a̲t̲r̲i̲x̲{ 02 & 03 & 01 …
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-1EtWkqJZ-1668572560862)(C:\Users\Merlinlee\AppData\Roaming\Typora\typora-user-images\image-20221114111657210.png)]
S 0 , j ′ = 02 × S 0 , j ′ ⨁ 03 × S 1 , j ′ ⨁ 01 × S 2 , j ′ ⨁ 01 × S 3 , j ′ S 0 , j ′ = 01 × S 0 , j ′ ⨁ 02 × S 1 , j ′ ⨁ 03 × S 2 , j ′ ⨁ 01 × S 3 , j ′ S 0 , j ′ = 01 × S 0 , j ′ ⨁ 01 × S 1 , j ′ ⨁ 02 × S 2 , j ′ ⨁ 03 × S 3 , j ′ S 0 , j ′ = 03 × S 0 , j ′ ⨁ 01 × S 1 , j ′ ⨁ 01 × S 2 , j ′ ⨁ 02 × S 3 , j ′ S'_{0,j}= 02 \times S'_{0,j} \bigoplus 03 \times S'_{1,j}\bigoplus 01 \times S'_{2,j}\bigoplus 01 \times S'_{3,j} \\ S'_{0,j}= 01 \times S'_{0,j} \bigoplus 02 \times S'_{1,j}\bigoplus 03 \times S'_{2,j}\bigoplus 01 \times S'_{3,j} \\ S'_{0,j}= 01 \times S'_{0,j} \bigoplus 01 \times S'_{1,j}\bigoplus 02 \times S'_{2,j}\bigoplus 03 \times S'_{3,j} \\ S'_{0,j}= 03 \times S'_{0,j} \bigoplus 01 \times S'_{1,j}\bigoplus 01 \times S'_{2,j}\bigoplus 02 \times S'_{3,j} S0,j′=02×S0,j′⨁03×S1,j′⨁01×S2,j′⨁01×S3,j′S0,j′=01×S0,j′⨁02×S1,j′⨁03×S2,j′⨁01×S3,j′S0,j′=01×S0,j′⨁01×S1,j′⨁02×S2,j′⨁03×S3,j′S0,j′=03×S0,j′⨁01×S1,j′⨁01×S2,j′⨁02×S3,j′-
GF2^8乘法:
-
满足乘法分配律,即03 x S = 01 x S ⨁ \bigoplus ⨁ 02 x S
-
x01类似普通乘法
-
x02表示左移一位,右边补0,
if 最高为1,讲以为结果和0x1B xor
else 保留
S 0 , 0 ′ = D 4 × 02 ⨁ 27 × 03 ⨁ 11 × 01 ⨁ a e × 01 = 11010100 → { 10101000 ⨁ 00011011 = 1011 001 1 = b 3 } ⨁ { b f ⨁ ( 1011 1111 → { 0111 1110 ⨁ 0001 1011 = 0110 010 1 = 65 ) ⨁ 5 d ⨁ 30 = b 3 ⨁ b f ⨁ 65 ⨁ 5 d ⨁ 30 = 04 S'_{0,0}=D4 \times 02 \bigoplus 27\times03\bigoplus11\times01\bigoplus ae\times01=1101 0100 \rightarrow \{10101000 \bigoplus 00011011\\=1011 \ 0011_{=b3}\}\bigoplus\{bf \bigoplus(1011\ 1111\rightarrow \{0111\ 1110 \bigoplus 0001\ 1011 =0110\ 0101_{=65})\\\bigoplus 5d \bigoplus 30 = b3 \bigoplus bf \bigoplus 65 \bigoplus 5d \bigoplus 30 =04 S0,0′=D4×02⨁27×03⨁11×01⨁ae×01=11010100→{10101000⨁00011011=1011 0011=b3}⨁{bf⨁(1011 1111→{0111 1110⨁0001 1011=0110 0101=65)⨁5d⨁30=b3⨁bf⨁65⨁5d⨁30=04
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-X4TXnBnO-1668572560863)(C:\Users\Merlinlee\AppData\Roaming\Typora\typora-user-images\image-20221114151417764.png)]
-
之后重复上述步骤即可完成明文加密,
-
LLY by Nov.14.2022
-
01\ 1011 =0110\ 0101_{=65})\\bigoplus 5d \bigoplus 30 = b3 \bigoplus bf \bigoplus 65 \bigoplus 5d \bigoplus 30 =04
$$
[外链图片转存中...(img-X4TXnBnO-1668572560863)]
之后重复上述步骤即可完成明文加密,