In the past few years, the US National State Bureau (like this unit) publicly collects a 128-bit packet password algorithm to replace DES for 20 years. The Rijndael algorithm designed by two Belgian cosmetors eventually wins. You can access the author's website.
Some of the recent books of AES have recently contain the latest AES algorithm, but because more mathematical theories involved, I just understand that some fur can make me realize his hair. AES is more fast, and the length of the express text and the key can be 128, 196, 256, and can be arbitrarily combined, the length of the clear text and the key is not necessarily as long. Due to the modular design, the algorithm contains 4 steps: 1. Byte replacement; 2. Row displacement; 3. Column confusion; 4. Key plus method, these steps circulate 10 rounds. The 10th round of my nausea is not the same, no column confusion. It is strongly recommended that everyone will see English papers and books, which told a rapid implementation method of 32-bit platforms. According to the mathematical principle of each step, this is one step and is a step, and that a large stack of formulas will not be repeated. This fast implementation requires three matrices (four additions to each other), usually called them TBOX. Just use u to replace it, the last round is still replaced with SBOX, so this speed is fast ~ so, the key issue of achieving AES is how to construct 8 matrix U. It involves a problem of polynomial.
(1) Multi-class addition polynomial additives are different or computational. For example 0x57 0x83 = 01010111 xor 10000011 = 11010100 = 0xD4. (2) Multiplication in polynomial multiplication GF (2N) is a multi-class mold 2 product by exempting carry, and then the number of non-approximate polynomials of N is n, which cannot be more than a polynomial, I understand the number of prime numbers in the natural database. Corresponding, there is a feature of non-decomposable. For example, the following GF (23): f (x) * g (x) = (x2 x 1) mod (x3 x 1) = (x4 2x3 2x2 x) MOD (X3 X 1) factor is the second point directly about it, in fact, the mold 2 addition = (x4 x) mod (x3 x 1) = x2 1 rijindael selection 8 unable to more than a polynomial x8 X4 X3 X 1, the available tuple (100011011) or hexadecimal number 0x11b is represented. It is more interesting to listen to this multi-class reason, the author said that there is a bunch of 8 times in a book, the first is 0x11b, use it, ft. f (x) multiplied by multiplication of X 1 (or '03') into F (x) * 2 1, last mold m (x) about: f = f << 1; // Take 2 plus 1 IF (F & 0x100) F ^ = 0x11b; // Module M (x) The multiplication of two polynomial f and h in GF (28) can be used to speed up: G (x) is GF A polynomial of (28), the so-called generating polynomial is the value of 256 elements of the array is the arrangement of 0-255, and there is M and N to make f = Gm, h = gn, then f * h = gm x mod m (x). With this formula, we can turn the polynomial multiplication into an addition to the addition, specifically constructed the logarithm table and the opposition table, as shown below: Table of the table: 1. Construct polynomial g (x) = x 1 255 power deposits in the Alog table alog [0] = 1; for (i = 1; i <256; i ) {j = (alog [i-1] << 1) ^ alog [i-1]; // x * 3 = x * 2 1 IF ((j & 0x100)! = 0) // If more than 255, it needs to be about 25 = root; alog [i] = j;} 2. In the log table Store logs for the bottom G (x) for (i = 1; i <255; i ) log [alog [i]] = i; after the ALOG and LOG are constructed, multiplication can be completed in one step by step [(log [a ] log [b])% 255]. In fact, there are many ways to implement a polynomial multiplication, and the MSDN search AES can find a written C # implementation, and its multiplication algorithm is also a very classic method. Using a logarithmic method is very understanding, the most important thing is to check the schedule.
Realization of S-box and reverse S box (1) Initialize the S box, representing the byte in ascending order indicates GF (2
8)
All numbers, 0 to 255. (2) Use alog [255-log [x]] to map each byte in the S box to its inverse of GF (28). 0 is mapped to 0. (3) Calculate the affine transformation, that formula is very disgusting, see the author's literature. The matrix multiplication can utilize the techniques of the previous DES, and separate the S-box, and then store the multiplication in the temporary matrix of 256 * 8. Redefined inverse S box can be obtained with INSBOX [SBOX [I] & 0xFF] = i.
TBOX construction for (t = 0; t <256; t ) {s = sbox [t]; TBOX1 [T] = MUL4 (S, G [0]); TBOX2 [T] = MUL4 (S, G [1 ]); TBOX3 [T] = MUL4 (S, G [2]); TBOX4 [T] = MUL4 (S, G [3]); s = insbox [t]; TBOX5 [T] = MUL4 (S, IG [0]); TBOX6 [T] = MUL4 (S, IG [1]); TBOX7 [T] = MUL4 (S, IG [2]); TBOX8 [T] = MUL4 (S, IG [3]); } The G matrix can be found in the author's literature, IG is the reverse of G in GF (28). During the additional process, encrypt TBOX1-4, decrypt TBOX5-8, the first 9 rounds of T, the last round of SBOX. But pay attention to the call sequence, in order to confuse the column, see the column confused formula.