| 5.1 | What was the original set of criteria used by NIST to evaluate candidate AES ciphers? |
| 5.2 | What was the final set of criteria used by NIST to evaluate candidate AES ciphers? |
| 5.3 | What is power analysis? |
| 5.4 | What is the difference between Rijndael and AES? |
| 5.5 | What is the purpose of the State array? |
| 5.6 | How is the S-box constructed? |
| 5.7 | Briefly describe SubBytes. |
| 5.8 | Briefly describe ShiftRows. |
| 5.9 | How many bytes in State are affected by ShiftRows? |
| 5.10 | Briefly describe MixColumns. |
| 5.11 | Briefly describe AddRoundKey. |
| 5.12 | Briefly describe the key expansion algorithm. |
| 5.13 | What is the difference between SubBytes and SubWord? |
| 5.14 | What is the difference between ShiftRows and RotWord? |
| 5.15 | What is the difference between the AES decryption algorithm and the equivalent inverse cipher? |
| 5.1 | In the discussion of MixColumns and Inverse MixColumns, it was stated that b(x) = a1(x) mod (x4 + 1) where a(x) = {03}x3 + {01}x2 + {01}x + {02} and b(x) = {03}x3 + {0D}x2 + {09}x + {0E}. Show that this is true. |
|
[Page 162] |
| 5.2 | What is {01}1 in GF(28)? Verify the entry for {01} in the S-box.
|
| 5.3 | Show the first eight words of the key expansion for a 128-bit key of all zeros. |
| 5.4 | Given the plaintext {000102030405060708090A0B0C0D0E0F} and the key {01010101010101010101010101010101}, Show the original contents of State, displayed as a 4 x 4 matrix. Show the value of State after initial AddRoundKey. Show the value of State after SubBytes. Show the value of State after ShiftRows. Show the value of State after MixColumns.
|
| 5.5 | Verify Equation (5.11). That is show that xi (x4 + 1) = xi mod 4. |
| 5.6 | Compare AES to DES. For each of the following elements of DES, indicate the comparable element in AES or explain why it is not needed in AES. XOR of subkey material with the input to the f function XOR of the f function output with the left half of the block The f function Permutation P Swapping of halves of the block
|
| 5.7 | In the subsection on implementation aspects, it is mentioned that the use of tables helps thwart timing attacks. Suggest an alternative technique. |
| 5.8 | In the subsection on implementation aspects, a single algebraic equation is developed that describes the four stages of a typical round of the encryption algorithm. Provide the equivalent equation for the tenth round. |
| 5.9 | Compute the output of the MixColumns transformation for the following sequence of input bytes "67 89 AB CD". Apply the InvMixColumns transformation to the obtained result to verify your calculations. Change the first byte of the input from '67' to '77', perform the MixColumns transformation again for the new input, and determine how many bits have changed in the output. Note: You can perform all calculations by hand or write a program supporting these computations. If you choose to write a program, it should be written entirely by you; no use of libraries or public domain source code is allowed in this assignment. |
| 5.10 | Use the key 1010 0111 0011 1011 to encrypt the plaintext "ok" as expressed in ASCII, that is 0110 1111 0110 1011. The designers of S-AES got the ciphertext 0000 0111 0011 1000. Do you? |
| 5.11 | Show that the matrix given below, with entries in GF(24), is the inverse of the matrix used in the MixColumns step of S-AES. 
|
| 5.12 | Carefully write up a complete decryption of the ciphertext 0000 0111 0011 1000, using the key 1010 0111 0011 1011 and the S-AES algorithm. You should get the plaintext we started with in Problem 5.10. Note that the inverse of the S-boxes can be done with a reverse table lookup. The inverse of the MixColumns step is given by the matrix in the previous problem. |
