Beruflich Dokumente
Kultur Dokumente
Cryptanalysis is the science of recovering the plaintext of a One of the most intense areas of research in the field of
message without the access to the key. Successful symmetric block ciphers is that of S-box design. The
cryptanalysis may recover the plaintext or the key. It also characteristic of the S-box is its size. An n x m S-box has n
finds weakness in the cryptosystem. input bits and m output bits. Larger S-boxes, by and large,
Brute – Force attack: The attack tries every possible key are more resistant to differential and linear cryptanalysis.
on a piece of cipher text until an intelligible translation into However, large dimension n leads to larger lookup table.
plain text is obtained. This is tedious and may not be The size of lookup table decides the size of the program
feasible if key length is relatively long. memory. Therefore, the small S-box is required for the
hardware with less program memory and large S-box can be
1.4 Confusion and Diffusion used with hardware having more program memory. For
These are the two important techniques for building any example, AES uses 16 x 16 S-box. This is implemented in a
cryptographic system. Claude Shannon introduced the terms suite of hardware platforms: 8051 based microcontrollers,
Confusion and Diffusion. According to Shannon, in an ideal PIC processor, ARM processors, FPGA based processors,
cipher, “all statistics of the cipher text are independent of ASIC, etc. It is possible to implement 256 x 256 S-box in
the particular key used”. In Diffusion, each plaintext digit high end processors.
affects many cipher text digits, which is equivalent to saying
that each cipher text digit is affected by many plain text Another practical consideration is that the larger the S-box,
digits. the more difficult it is to design it properly. S-box is
All encryption algorithms will make use of diffusion and required for both encryption and decryption. An n x m S-box
confusion layers. Diffusion layer is based upon simple linear typically consists of 2n rows of m bits each. The n bits of
operations such as multi-permutations, key additions, input select one of the rows of the S-box, and the m bits in
multiplication with known constants etc. On the other hand, that row are the output. For example, in an 8 x 32 S-box, if
confusion layer is based upon complex and linear operations the input is 00001001, the output consists of the 32 bits in
such as Substitution Box (S-box). row 9 (the first row is labeled row 0).
Nb = 4 which reflects the number of 32-bit words (number Hence, at the beginning of the Cipher or Inverse Cipher, the
of columns) in the State. input array, in, is copied to the State array according to the
For the AES algorithm, the length of the Cipher Key, K, scheme:
is 128, 192, or 256 bits. The key length is represented by Nk s[r, c] = in[r + 4c] for 0 ≤ r < 4 and 0 ≤ c < Nb
= 4, 6, or 8, which reflects the number of 32-bit words and at the end of the Cipher and Inverse Cipher, the State is
(number of columns) in the Cipher Key. For the AES copied to the output array out as follows:
algorithm, the number of rounds to be performed during the out[r + 4c] = s[r, c] for 0 ≤ r < 4 and 0 ≤ c < Nb.
execution of the algorithm is dependent on the key size. The 4.2 The State as an Array of Columns
number of rounds is represented by Nr, where Nr = 10 when
The four bytes in each column of the State array form 32-bit
Nk = 4, Nr = 12 when Nk = 6, and Nr = 14 when Nk = 8.
words, where the row number r provides an index for the
four bytes within each word. The state can hence be
interpreted as a one-dimensional array of 32 bit words
(columns), w0...w3, where the column number c provides an
index into this array. Hence, for the example in Fig. 2, the
State can be considered as an array of four words, as
follows:
w0 = s0,0 s1,0 s2,0 s3,0 w2 = s0,2 s1,2 s2,2 s3,2
w1 = s0,1 s1,1 s2,1 s3,1 w3 = s0,3 s1,3 s2,3 s3,3
The only Key-Block-Round combinations that conform
are shown below.
5. Diffusion Analysis
Figure 1. Key-Block-Round Combinations. Diffusion analysis of any encryption algorithm enables to
estimate the strength of that algorithm. The strength of the
For both its Cipher and Inverse Cipher, the AES algorithm is related to how cipher values are sensitive to
algorithm uses a round function that is composed of four input plain text changes. In other words, how many of
different byte-oriented transformations: 1) byte substitution output cipher text bits undergo changes when a single bit of
using a substitution table (S-box), 2) shifting rows of the input plain text is changed.
State array by different offsets, 3) mixing the data within Hamming distance is a measure of Hamming weight of a
each column of the State array, and 4) adding a Round Key function derived from xoring two cipher text values.
to the State. Hamming distance indicates the Avalanche of encryption
algorithm. For well-diffused cipher values, higher avalanche
4.1 The State values are required. Therefore, it is imperative to define the
Internally, the AES algorithm’s operations are performed on amount of avalanche is required for a given encryption
a two-dimensional array of bytes called the State. The State algorithm. Strict Avalanche Criterion (SAC) is defined to
consists of four rows of bytes, each containing Nb bytes, indicate the required diffusion level. It is mandatory to every
where Nb is the block length divided by 32. In the State encryption algorithm to satisfy the SAC in order to meet the
array denoted by the symbol s, each individual byte has two diffusion requirements.
indices, with its row number r in the range 0 £ r < 4 and its In this paper, Avalanche values are measured for this
column number c in the range 0 £ c < Nb. This allows an encryption algorithm for First order SAC and for Higher
individual byte of the State to be referred to as either sr,c or Order SAC. The measured results are shown in later
s[r,c]. For this standard, Nb=4, i.e., 0 £ c < 4. sections.
At the start of the Cipher and Inverse Cipher, the input – Flipping one bit input plain text and keeping the key value
the array of bytes in0, in1 … in15 – is copied into the State constant, avalanche values are measured for each round.
array as illustrated in Fig. 2. The Cipher or Inverse Cipher The measured result shows a definite pattern.
operations are then conducted on this State array, after With respect to CASE (1) i.e. implementation of the first
which its final value is copied to the output – the array of order SAC, keeping the plaintext constant. Initially in the
bytes out0, out1 … out15. first round it is low, the number of bits that differ are 22 and
the SAC value is 17. Then increases to a maximum, in the
7th round ,the number of bits that differ are 75 with a SAC
value 58 and decreases, finally after the 10 round, it ends
with the number of bits differ are 72 with a SAC value 56
which satisfies the desired Strict Avalanche Criteria.
Similarly the same holds for all the other cases which are
shown in the later sections. From the results, it is evident
that Avalanche values exceed the SAC value in the initial,
rounds, sometimes in the second round itself.
Figure 2. State array input and output. The AES encryption algorithm is designed based upon
the various criteria, and then the number of rounds in here
is adequate and robust, as it uses S-boxes as nonlinear
components. So far Rijndael has no known security attacks.
54 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 9, September 2010
6. Alternate S-box
In a block cipher, S-box provides the confusion. S-box maps
the plain text to a cipher value using nonlinear operations.
Since plain text and cipher values are not related linearly, it
6.3 Proposed S-box
is difficult to construct plain text from a given cipher value.
This problem is generally known as “hard”. Some of the Here we are proposing that we can generate our own S-
block ciphers have used multiplicative inverse of a byte in boxes by choosing different constant value which is used in
the GF(28) field for constructing S-box. This S-box is the affine transformation in the construction of S-box.
constructed by filling the multiplicative inverse values. The
same S-box can be used for decryption thus providing 7. Experimental Results
involution. However, these are not as secure as that of an S-
AES algorithm is designed with a same three key size
box constructed using double transformation, i.e., separate
alternatives i.e. 128/192/256 but limits the block length to
S-box for each encryption and decryption. But involution S-
128 bits. The algorithm efficiently encrypts and decrypts the
box is extremely useful for involution cipher, where
plaintext and the result is tabulated. Also diffusion analysis
hardware is premium such as Smart card, etc. This is also
is used as a tool to measure the strength of the AES
used as a basic building block to construct an S-box using
algorithm. This is achieved by analyzing the diffusion that
double transformation.
exhibits a strong avalanche effect for the First order SAC
6.1 Design Criteria for S-Box and Higher order SAC taking the following cases.
Following are the design criteria for S-box, appearing in • Changing one bit at a time in a plaintext, keeping
order of importance: key as constant.
• Non – Linearity: • Changing one bit at a time in a key, keeping
(a) Correlation: The maximum input-output correlation plaintext as constant.
amplitude must be as small as possible. • Changing many bits at a time in a plaintext,
(b) Difference propagation probability: The maximum keeping key as constant.
difference propagation probability must be as small as • Changing many bits at a time in a key, keeping
possible. plaintext as constant.
• Algebraic Complexity: Each round avalanche value is tabulated for all the above
The algebraic expression of SRD in GF (28) has to be cases and proved that the Rijndael algorithm exhibit good
complex. Strict avalanche Criteria.
Also, generation of an alternate S-box is an attempt to
6.2 S-Box of AES secure the algorithm from any attacks and then using the
S-box is constructed in the following fashion: generated S-box for encryption and diffusion analysis, for
• Initialize the S-box with the byte values in ascending comparison.
sequence row by row contains {00},{01},{02},……..{0F}; The following are the results that have been achieved:
the second row contains {10},{11},etc.; and so on. Thus
the value of a byte at row x, column y is {xy}. 7.1 Encryption
• Map each byte in the S-box to its Multiplicative inverse in The length of the key is entered; accordingly the key and the
the finite field GF(28); the value {00} is mapped to itself. plaintext are to be entered in hexadecimal. Simultaneously
• Consider that each byte in the S-box consists of 8 bits the cipher text is generated.
labeled (b7,b6,b5,b4,b3,b2,b1,b0). Apply the following
transformation to each bit of each byte in the S-box:
b`i=bi b(i+4)mod 8 b(i+5)mod 8 b(i+6)mod 8 b(i+7)mod 8
b(i+8) mod 8 ci
Where ci is the ith bit of byte c with the value {63} i.e. (c7
c6 c5 c4 c3 c2 c1 c0) = (01100011). The prime (`) indicates that
the variable is to be updated by the value on the right.
The AES standard depicts this transformation in matrix
form as follows:
7.2 Decryption
The key has to be entered, which was previously entered for
encryption. As a result, the plain text entered during
encryption and the text after decrypting is generated.
Figure 4. Showing the result after decryption for 128 bit key
length.
7.3 Diffusion Analysis for First Order SAC
CASE 1: Changing one bit at a time in a key, keeping
plaintext as constant
Authors Profile
The basic design of an encryption algorithm is based upon Mohan H.S. received his Bachelor’s
the strength of diffusion and confusion. This dissertation degree in computer Science and
explored diffusion and confusion elements used in the AES Engineering from Malnad college of
to an extent. Based on the studies, following techniques are Engineering, Hassan during the year
developed as a security improvement, these are 1999 and M. Tech in computer Science
• Diffusion analysis, which is used as a tool to measure the and Engineering from Jawaharlal Nehru
strength of the algorithm. Therefore from the Experimental National College of Engineering, Shimoga during the year
results; it is proved that AES meets the Strict Avalanche 2004. Currently pursing his part time Ph.D degree in Dr.
Criteria which is mandatory to an encryption algorithm in MGR university ,Chennai. He is working as a professor in
order to meet the diffusion requirements. the Dept of Information Science and Engineering at SJB
• Suggesting an alternate S-box. Institute of Technology, Bangalore-60. He is having total 12
years of teaching experience. His area of interests are
9. Future Enhancements Networks Security, Image processing, Data Structures,
Computer Graphics, finite automata and formal languages,
• An alternate S-box for decryption can be developed.
Compiler Design. He has obtained a best teacher award for
• All encryption algorithms both symmetric and public key,
his teaching during the year 2008 at SJBIT Bangalore-60.
involve with arithmetic operations on integers with a finite
He has published and presented papers in journals,
field. Rijndael algorithm uses a irreducible polynomial
international and national level conferences.
m(x) = x8 +x4 +x3+x+1 = 0x11b (hex).
So, a new irreducible polynomial of degree 8 could be used.
A. Raji reddy received his M.Sc from
There are 30 irreducible polynomials of degree 8 are present
Osmania University and M.Tech in
Electrical and Electronics and
References communication Engineering from IIT,
[1] W Stallings, CRYPTOGRAPHY AND NETWORK Kharagpur during the year 1979 and his
SECURITY, Printice Hall, 2003. Ph.D degree from IIT, kharagpur during
[2] AES page available via the year 1986.He worked as a senior
http://www.nist.gov/CryptoToolkit.4 scientist in R&D of ITI Ltd, Bangalore for about 24 years.
[3] Computer Security Objects Register (CSOR): He is currently working as a professor and head in the
http://csrc.nist.gov/csor/. department of Electronics and Communication,
[4] J. Daemen and V. Rijmen, AES Proposal: Rijndael, Madanapalle Institute of Technology & Science.
AES Algorithm Submission, September 3, 1999. Madanapalle. His current research areas in Cryptography
[5] J. Daemen and V. Rijmen, The block cipher Rijndael, and its application to wireless systems and network security.
Smart Card research and Applications, LNCS 1820, He has published and presented papers in journals,
Springer-Verlag, pp. 288-296. international and national level conferences.
[6] B. Gladman’s AES related home page
http://fp.gladman.plus.com/cryptography_tetechnolo/.
[7] A. Lee, NIST Special Publication 800-21, Guideline for
Implementing Cryptography in the Federal
Government, National Institute of Standards and
Technology, November 1999.
[8] A. Menezes, P. van Oorschot, and S. Vanstone,
Handbook of Applied Cryptography, CRC Press, New
York, 1997, p. 81-83.
[9] J. Nechvatal, Report on the Development of the
Advanced Encryption Standard (AES), National
Institute of Standards and Technology, October 2, 2000.
[10] Mohan H.S and A. Raji Reddy. " Diffusion Analysis of
Mars Encryption Algorithm","International conference
on current trends of information technology,MERG-
2005”,Bhimavaram, Andhrapradesh.
[11] Mohan H.S and A. Raji Reddy. "An Effective Defense
Against Distributed Denial of Service in Grid”, "IEEE
International conference on integrated intelligent
computing ICIIC-2010.SJBIT, Bangalore-60. ISBN
978-0-7695-4152-5, PP. 84-89.