Saturday, 4 June 2016

On 03:22 by Unknown in    No comments

Example Mini-AES Encryption


The application of the four components NibbleSub, ShiftRow, MixColumn and KeyAddition in sequence constitutes one round. The full Mini-AES encryption consists of two such rounds, with the exclusion of MixColumn from the last round and the inclusion of an extra KeyAddition prior to the first round.  Hence, Mini-AES encryption can be denoted by:
Mini-AESEncrypt = sK2 o p o g o sK1 o q o p o g o sK0
Note that the symbol o refers to the composition of functions and the order of execution is from right to left, which means that sK0 is executed first.  Figure 7 provides a pictorial view  of Mini-AES encryption.

Figure 7:         The Mini-AES Encryption Process

Example 9


       
To provide an illustrative example for the student, suppose that the input 16-bit plaintext block is P = 1001 1100 0110 0011.  Expressed as a matrix of 2 ´ 2 of nibbles, it is then

Suppose also that the secret key, K = 1100 0011 1111 0000. This is also expressed as a 2 ´ 2 matrix.
 
Firstly, the round keys are derived from the secret key, K by way of the key schedule.
 Derivation of the Round Keys

K0 = (w0, w1, w2, w3) = (k0, k1, k2, k3) = K = 1100 0011 1111 0000
K1 = (w4, w5, w6, w7) is calculated as follows:
w4                = w0 Å NibbleSub( w3 ) Å 0001
= 1100 Å NibbleSub(0000) Å 0001
= 1100 Å 1110 Å 0001
= 0011
w5                = w1 Å w4
= 0011 Å 0011
= 0000
w6                = w2 Å w5
= 1111 Å 0000
= 1111
w7                = w3 Å w6
= 0000 Å 1111
= 1111
K2 = (w8, w9, w10, w11) is calculated as follows:
w8                = w4 Å NibbleSub( w7 ) Å 0010
= 0011 Å NibbleSub(1111) Å 0010
= 0011 Å 0111 Å 0010
= 0110
w9                = w5 Å w8
= 0000 Å 0110
= 0110
w10              = w6 Å w9
= 1111 Å 0110
= 1001
w11              = w7 Å w10
= 1111 Å 1001
= 0110

Encryption of the Plaintext
Next, we proceed with encryption. Given plaintext, P = 1001 1100 0110 0011, then after the first KeyAddition with the 0th round key, K0, the output is
A = P Å K0             = 1001 1100 0110 0011 Å  1100 0011 1111 0000
= 0101 1111 1001 0011
Round 1
After NibbleSub, the output is
B          = NibbleSub(0101), NibbleSub(1111), NibbleSub(1001), NibbleSub(0011)
= 1111 0111 1010 0001

After ShiftRow, the output is
C          = ShiftRow (1111 0111 1010 0001)
= 1111 0001 1010 0111   
MixColumn is a bit more involved. The input block is rearranged as a 2 ´ 2 matrix, hence:
Taking the first column and multiplying it with the constant matrix, we get:

Taking the second column and multiplying it with the constant matrix, we get:

Therefore, the output after MixColumn is

or                    D  = 0000 1110 0011 1110

After KeyAddition with K1, the output is
E = D Å K1            = 0000 1110 0011 1110 Å 0011 0000 1111 1111
= 0011 1110 1100 0001
 Round 2
After NibbleSub, the output is
F          = NibbleSub(0011), NibbleSub(1110), NibbleSub(1100), NibbleSub(0001)
= 0001 0000 0101 0100

After ShiftRow, the output is
G         = ShiftRow (0001 0000 0101 0100)
= 0001 0100 0101 0000

Note that in the last round, there is no MixColumn. After KeyAddition, the output is H = G Å K2       = 0001 0100 0101 0000 Å 0110 0110 1001 0110
= 0111 0010 1100 0110

Therefore, the final ciphertext is H  = 0111 0010 1100 0110

   Mini-AES Decryption

In order to get back the original plaintext, the reverse process of encryption must be  performed on the ciphertext. This is called decryption.  Noting that decryption is the inverse  of encryption, then
Mini-AESDecrypt = (sK2 o p o g o sK1 o q o p o g o sK0) –1
= sK0 -1 o g -1 o p -1 o q -1 o sK1 -1 o g -1 o p -1 o sK2 -1
= sK0 o g -1 o p o q o sK1 o g -1 o p o sK2
We arrive at this expression since sKi is an XOR operation, which is its own inverse.  We  have also specially chosen the constant matrix in MixColumn, q such that the inverse of MixColumn, q -1 is the same as MixColumn itself. Since ShiftRow simply causes the second row to be rotated left by one nibble amount, then the inverse of ShiftRow, p -1 causes the second row to be rotated right by one nibble. Rotating the nibble left or right are one and the same operation because one row only has two nibbles, therefore inverse ShiftRow is the same as ShiftRow. NibbleSub is a nibble substitution operation based on Table 1. The inverse of Table 1 is easily computed by interchanging the input nibble with the output nibble, and then resorting it based on the new input nibble, as given in Table 3 below.

Input
Output

Input
Output
0000
1110
1000
0111
0001
0011
1001
1101
0010
0100
1010
1001
0011
1000
1011
0110
0100
0001
1100
1011
0101
1100
1101
0010
0110
1010
1110
0000
0111
1111
1111
0101

Table 3:  Inverse S-box of Mini-AES
 Example 10
For an input nibble, a0 = 1111, then based on Table 1, the output nibble is b0 = 0111. To get back the original nibble a0 given the value of b0, we use the inverse of Table 1, which is Table
3.  Referring to Table 3, then given the input b0 = 0111, the output is a0 = 1111.
Observe also that the order in which inverse NibbleSub, g -1 and ShiftRow,  p is carried out is not important, since inverse NibbleSub operates on each individual nibble whereas ShiftRow simply shifts the nibbles around. Hence, the final expression for Mini-  AES decryption is:
Mini-AESDecrypt = sK0 o p o g -1 o q o sK1 o  p o g -1 o sK2
Comparing the expression for decryption and encryption, we see that they are similar in structure, except that the round keys and the round constants are applied in reverse order, and the NibbleSub component is replaced by its inverse.

As an exercise, the student can try by pen and paper to decrypt the ciphertext, H obtained in Example 9 to get back the original plaintext, P.

0 comments:

Post a Comment