5.2. The AES Cipher
The Rijndael proposal for AES defined a cipher in which the
block length and the key length can be independently specified to be 128, 192,
or 256 bits. The AES specification uses the same three key size alternatives but
limits the block length to 128 bits. A number of AES parameters depend on the
key length (Table 5.3). In the
description of this section, we assume a key length of 128 bits, which is likely
to be the one most commonly implemented.
|
Key size
(words/bytes/bits)
|
4/16/128
|
6/24/192
|
8/32/256
|
|
Plaintext block size
(words/bytes/bits)
|
4/16/128
|
4/16/128
|
4/16/128
|
|
Number of rounds
|
10
|
12
|
14
|
|
Round key size
(words/bytes/bits)
|
4/16/128
|
4/16/128
|
4/16/128
|
|
Expanded key size
(words/bytes)
|
44/176
|
52/208
|
60/240
|
Rijndael was designed to have the following
characteristics:
-
Resistance against all known attacks
-
Speed and code compactness on a wide range of platforms
-
Design simplicity
Figure 5.1 shows the
overall structure of AES. The input to the encryption and decryption algorithms
is a single 128-bit block. In FIPS PUB 197, this block is depicted as a square
matrix of bytes. This block is copied into the State array, which is modified at each stage of
encryption or decryption. After the final stage, State is copied to an output matrix. These operations
are depicted in Figure 5.2a. Similarly,
the 128-bit key is depicted as a square matrix of bytes. This key is then
expanded into an array of key schedule words; each word is four bytes and the
total key schedule is 44 words for the 128-bit key (Figure 5.2b). Note that the ordering of bytes within a
matrix is by column. So, for example, the first four bytes of a 128-bit
plaintext input to the encryption cipher occupy the first column of the in matrix, the second four bytes occupy the second
column, and so on. Similarly, the first four bytes of the expanded key, which
form a word, occupy the first column of the w
matrix.
No comments:
Post a Comment