The encryption process uses a set of specially derived keys called round keys. These are applied, along with other operations, on an array of data that holds exactly one block of data the data to be encrypted. This array we call the state array. You take the following steps to encrypt a 128-bit block: Derive the set of round keys from the cipher key. Initialize the state array with the block data (plaintext). Add the initial round key to the starting state array. Perform nine rounds of state manipulation. Perform the tenth and final round of state manipulation. Copy the final state array out as the encrypted data (ciphertext).
The reason that the rounds have been listed as "nine followed by a final tenth round" is because the tenth round involves a slightly different manipulation from the others. The block to be encrypted is just a sequence of 128 bits. AES works with byte quantities so we first convert the 128 bits into 16 bytes. We say "convert," but, in reality, it is almost certainly stored this way already. Operations in RSN/AES are performed on a two-dimensional byte array of four rows and four columns. At the start of the encryption, the 16 bytes of data, numbered D Each round of the encryption process requires a series of steps to alter the state array. These steps involve four types of operations called: SubBytes ShiftRows ##### Table A.5. Initial Value of the State ArrayD _{0}D _{4}D _{8}D _{12}D _{1}D _{5}D _{9}D _{13}D _{2}D _{6}D _{10}D _{14}D _{3}D _{7}D _{11}D _{15}MixColumns XorRoundKey
The details of these operations are described shortly, but first we need to look in more detail at the generation of the Round Keys, so called because there is a different one for each round in the process. ## Round KeysThe cipher key used for encryption is 128 bits long. Where this key comes from is not important here; refer to Chapter 10 on key hierarchy and how the temporal encryption keys are produced. The cipher key is already the result of many hashing and cryptographic transformations and, by the time it arrives at the AES block encryption, it is far removed from the secret master key held by the authentication server. Now, finally, it is used to generate a set of eleven 128-bit round keys that will be combined with the data during encryption. Although there are ten rounds, eleven keys are needed because one extra key is added to the initial state array before the rounds start. The best way to view these keys is an array of eleven 16-byte values, each made up of four 32-bit words, as shown in Table A.6. To start with, the first round key Rkey
For each of the round keys Rkey
The rule for the value of W The value of W _{0}from the previous round keyThe value of W _{3}from the previous round key, rotated right by 8 bitsA special value from a table called Rcon
Thus, we write:
where W >>> 8 means rotate right 8 for example (in hexadecimal) 1234 becomes 4123 and Rcon[i] is an entry in Table A.7.
There is a good reason why the sequence of this table suddenly breaks off from 128 to 27. It is because of the way finite fields overflow, as described in the previous section. Although the algorithm for deriving the round keys seems rather complicated, you will notice that no difficult computations have been performed and it is not at all computationally intensive. Also note that, after the first, each key is generated sequentially and based on the previous one. This means that it is possible to generate each round key just in time before it is needed in the encryption computation. Alternatively, if there is plenty of memory, they can be derived once at the start and stored for use with each subsequent AES block. ## Computing the RoundsHaving described how the round keys are derived, we can now return to the operations used in computing each round. Earlier we mentioned that four operations are required called: SubBytes ShiftRows MixColumns XorRoundKey
Each one of these operations is applied to the current state array and produces a new version of the state array. In all but the rarest cases, the state array is changed by the operation. The details of each operation are given shortly. In the first nine rounds of the process, the four operations are performed in the order listed. In the last (tenth) round, the MixColumns operation is not performed and only the SubBytes, ShiftRows, and XorRoundKey operations are done. ## SubBytesThis operation is a simple substitution that converts every byte into a different value. AES defines a table of 256 values for the substitution. You work through the 16 bytes of the state array, use each byte as an index into the 256-byte substitution table, and replace the byte with the value from the substitution table. Because all possible 256 byte values are present in the table, you end up with a totally new result in the state array, which can be restored to its original contents using an inverse substitution table. The contents of the substitution table are not arbitrary; the entries are computed using a mathematical formula but most implementations will simply have the substitution table stored in memory as part of the design. ## ShiftRowsAs the name suggests, ShiftRows operates on each row of the state array. Each row is rotated to the right by a certain number of bytes as follows:
As an example, if the ShiftRows operation is applied to the stating state array shown in Table A.8, the result is shown in Table A.9. ## MixColumnsThis operation is the most difficult, both to explain and perform. Each column of the state array is processed separately to produce a new column. The new column replaces the old one. The processing involves a matrix multiplication. If you are not familiar with matrix arithmetic, don't get to concerned it is really just a convenient notation for showing operations on tables and arrays. The MixColumns operation takes each column of the state array C ## Figure A.2. MixColumns Operation
The new column is computed as follows:
Remember that we are not using normal arithmetic we are using finite field arithmetic, which has special rules and both the multiplications and additions can be implemented using XOR. ## XorRoundKeyAfter the MixColumns operation, the XorRoundKey is very simple indeed and hardly needs its own name. This operation simply takes the existing state array, XORs the value of the appropriate round key, and replaces the state array with the result. It is done once before the rounds start and then once per round, using each of the round keys in turn. ## DecryptionAs you might expect, decryption involves reversing all the steps taken in encryption using inverse functions: InvSubBytes InvShiftRows InvMixColumns
XorRoundKey doesn't need an inverse function because XORing twice takes you back to the original value. InvSubBytes works the same way as SubBytes but uses a different table that returns the original value. InvShiftRows involves rotating left instead of right and InvMixColumns uses a different constant matrix to multiply the columns. The order of operation in decryption is: Perform initial decryption round: XorRoundKey InvShiftRows InvSubBytes Perform nine full decryption rounds: XorRoundKey InvMixColumns InvShiftRows InvSubBytes Perform final XorRoundKey
The same round keys are used in the same order. ## Summary of AESNow we have seen all the steps needed to take a 128-bit block of data and transform it into ciphertext. We also looked at the reverse process for decryption. The process of encryption can be summarized as shown in Figure A.3. The mathematics behind the algorithm is rather hard to understand for nonmathematicians and we have focused on how rather than why in this book. If you are interested in such matters, it is probably worth reading the theoretical papers of looking at the book that specialize in cryptography. What is interesting, however, is the way in which all the operations are based on byte values and operations that are simple to implement in digital logic gates. AES achieves the goal of being both secure and practical for real systems. ## Figure A.3. Summary of AES/RSN Encryption |

Real 802.11 Security: Wi-Fi Protected Access and 802.11i

ISBN: 0321136209

EAN: 2147483647

EAN: 2147483647

Year: 2005

Pages: 151

Pages: 151

Authors: Jon Edney, William A. Arbaugh

Similar book on Amazon

flylib.com © 2008-2017.

If you may any questions please contact us: flylib@qtcs.net

If you may any questions please contact us: flylib@qtcs.net