Encryption: Keep your data security with new Advanced Encryption Standards (AES): James McAffrey Translation: Small Knife
Original Source: MSDN Magazine November 2003 (Encrypt IT) This article download: msdnmag200311aes.exe (143kb) This article is assumed to be familiar with C # and Bit (BIT) operations. Summary AES (The Advanced Encryption Standard) is a norm of US national standards and technology research institutes for encrypted electronic data. It is expected to be a method of recognizing a recognized encryption including finance, telecommunications and government digital information. This article shows the view of the AES and parsing the algorithm it uses. An example includes a complete C # implementation and encryption .NET data. After reading this article, you will be able to encrypt with AES, test AES-based software and use AES encryption in your system.
The National Standards and Technology Institute (NIST) established a new Advanced Data Encryption Standard (AES) specification on May 26, 2002. In this article, I will provide a running AES implementation written in C #, and explain in detail what is AES and how the code works. I will show you how to encrypt data with AES and extend the code given in this article to develop a business-grade Quality AES class. I will explain how to combine AES into your software system and why do you want to do this and how to test AES-based software. Note The code provided herein and any other implementation based on this paper is within the scope of the federal encryption module export control (see Commercial Encryption Export Controls). AES is a new encryption algorithm that can be used to protect electronic data. Clearly, AES is an iterative, symmetrical key packet password, which can use 128, 192, and 256-bit keys, and packet encrypted and decrypt data with 128 bits (16 bytes). Unlike the public key password, use the key pair, the symmetric key password uses the same key encryption and decryption data. The number of digits returned by the packet password is the same as the input data. Iterative encryption uses a loop structure to repeat the input data in this loop (SubstitudeS) input data. Figure 1 shows the case where AES encrypts and decrypts a 16-bit byte block data block with a 192-bit key. Figure 1 Some Data AES Algorithm Overview AES algorithm is based on replacement and replacement. Replacement is the rearrangement of the data, instead of replacing the other with one unit data. AES uses several different techniques to achieve replacement and replacement. To clarify these technologies, let's discuss a specific AES encryption example with the data shown in Figure 1. Below is the 128-bit value you want to encrypted and the index arrays they correspond to:
00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
The value of the 192-bit key is:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 0 1 2 3 4 5 6 7 8 9 10 1112 13 14 15 16 17 18 19 20 21 22 23
Figure 2 S-box (SBOX) When the constructor of the AES is called, two tables for encryption methods are initialized. The first table is instead of the box called the S-box. It is a 16 × 16 matrix. The first five elements of the S-box and the top five columns are shown in Figure 2. After the curtain, the encrypted process acquires the key array and uses it to generate a key schedule named W [], and shown in Figure 3. Figure 3 Key Sched W [] The initial NK (6) row is used as seeds, with the original key value (0x00 to 0x17). The remaining rows are generated from seed keys. The variable NK represents the seed key length of 32-bit words. Later I analyze the AES implementation, you will clearly see how W [] is produced. The key is that there are many keys now in this now, not just one. These new keys are called Round Keys to distinguish them from the original seed key. Figure 4 State (state) array AES encryption routine begins to copy 16-byte input arrays to a 4 × 4-byte matrix called State (state). (See Figure 4). The AES encryption algorithm is named cipher, which is operated in State [], and the pseudo code described in the process is described in Figure 5. In the specification, a prepared processing step implemented by the encryption algorithm is referred to as addRoundKey. AddroundKey implements a byte of one byte of a byte or (xor) operation with the top four lines in the key schedule, and uses the wheel key table W [C, R] vary or enters State [R, C]. For example, if the byte of the first row of the State matrix is {00, 44, 88, cc}, the first column key schedule is {00, 04, 08, 0c}, then new STATE [0 The result is the result of W [2, 0] (0x08 or 0x80) or State [0,2] (0x88): 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 xor 1 0 0 0 0 0 0 0
The main loop of the AES algorithm performs four different operations on the State matrix, referred to as Subbytes, ShifTrows, MixColumns, and AddroundKey in the specification. In addition to each cycle addRoundKey being called and uses the following four lines of the key schedule, AddroundKey is the same as the addRoundKey in the preparation step. The Subbytes routine is an instead of operation that replaces each byte in the State matrix to a new byte determined by SBOX. For example, if the value of State [0,1] is 0x40 If you want to find its replacement, you take State [0,1] value (0x40) and let X equal to the left number (4) and let Y equal to the right Number (0). Then you use X and Y as an index into the SBOX table to find instead, such as Figure 2. Shiftrows is a replacement operation that rotates the bytes in the State matrix to the left. Figure 6 demonstrates how Shiftrows operates State []. The 0th line of State is rotated to the left. The first line of State is rotated to the left, and the second line of State is rotated 2 positions to the left, and the third line of State is rotated to the left. 3 Position. Figure 6 STATE STATROWS Operation MixColumns is an instead of operation, which is the most technique of understanding the AES algorithm (or is the part that needs to be done with brains). It uses the value of the State byte column for mathematical domains and domains to replace each byte. I will explain the special domain and the domain detail in the next section. Suppose the value of State [0,1] is 0x09, and other values on the column 1 are 0x60, 0xe1 and 0x04, respectively, and the new value of State [0, 1] is calculated as follows: State [0, 1] = (State [ 0, 1] * 0x01) (state [1,1] * 0x02) (state [2,1] * 0x03) (state [3,1] * 0x01) = (0x09 * 0x01) (0x60 * 0x02) (0xE1 * 0x03) (0x04 * 0x01) = 0x57
The addition and multiplication of addition and multiplication is a special math domain operation instead of the addition and multiplication of usual integers. Subbytes, Shiftrows, MixColumns and AddroundKey four operations are called in a loop that perform NR times, and NR is reduced by 1. The number of times used by the encryption algorithm is either 10, 12, or 14, depending on the seed key length is 128 bits, 192 bits or 256 bits. In this example, since NR is equal to 12, the four operations are called 11 times. After the iteration is completed, the encryption algorithm calls Subbytes, Shiftrows, and AddroundKey before copying the state matrix to the output parameters. In general, the core of the AES encryption algorithm has four operations. AddroundKey uses the rotation key generated from the seed key value in place of 4 bytes. Subbytes replace with one instead of the table replace a single byte. ShifTrows sequence replacement by rotating 4-byte lines of the 4-byte line. MixColumns uses a combination of domain and domains to replace bytes. The addition and multiplication of GF (28) is as seen, the AES encryption algorithm uses a fairly simple and clear technology instead and replace, except for the MixColumns routine. MixColumns uses special addition and multiplication. The addition and multiplication used by AES is based on math (translator Note: Number of Near). Especially AES based on a limited domain GF (28). GF (28) consists of 256 values from 0x00 to 0xFF, plus addition and multiplication, thus (28). GF represents the name of the galidava to naming the name of the mathematician invented. A feature of GF (28) is a result of an addition or multiplication operation must be in the number of {0x00 ... 0xFF}. Although the domain is quite deep, the final result of GF (28) adds is very simple. GF (28) adds is different or (xor) operations. However, the multiplication of GF (28) is a bit more difficult. As you will see later in C # implementations, AES's encryption and decryption routines need to know how only seven constants 0x01, 0x02, 0x03, 0x09, 0x0b, 0x0d, and 0x0e will be multiplied. So I don't fully introduce the multiplication of GF (28), but only for these seven special circumstances. The multiplication of 0x01 in GF (28) is special; it is equivalent to multiplication in normal calculations and results also - any value by 0x01 is equal to itself. Let us now take a multiplication with 0x02. As the addition of the addition, theory is deepest, but the final result is very simple. As long as the multiplied value is less than 0x80, the result of the multiplication is the left shift 1 bit in the left. If the multiplied value is greater than or equal to 0x80, the result of the multiplication is then re-left to remove the value of the value of 0x1b. It prevents "domain overflow" and keeps the multiplication product within the range. Once you use 0x02 in GF (28), you can use any constant to define multiplication. When multiplying 0x03, you can decompose 0x03 to 2 power. In order to use 0x03 by any byte b, because 0x03 = 0x02 0x01, therefore: b * 0x03 = b * (0x02 0x01) = (b * 0x02) (b * 0x01) This is possible, Because you know how to use 0x02 and 0x01 multiplying and adding, the same, use 0x0D to multiply any byte b can do this:
B * 0x0D = b * (0x08 0x04 0x01) = (b * 0x08) (b * 0x04) (b * 0x01) = (b * 0x02 * 0x02 * 0x02) (B * 0x02 * 0x02) (B * 0x01) In the plus decision algorithm, other multiplication of the AES MixColumns routine follows the same mode, as shown below: B * 0x09 = b * (0x08 0x01) = (B * 0x02 * 0x02 * 0x02) (B * 0x01) B * 0x0B = b * (0x08 0x02 0x01) = (b * 0x02 * 0x02 * 0x02) (b * 0x02) (b * 0x01) b * 0x0e = b * (0x08 0x04 0x02) = (B * 0x02 * 0x02 * 0x02) (B * 0x02 * 0x02) (B * 0x02) In short, in GF (28), the addition is a different or operation. Its multiplication will decompose into an addition and multiplication with 0x02, and multiplication by 0x02 is a conditional left shift 1 bit. AES specification includes additional information about GF (28) operations.
Key extension
The AES encryption and decryption algorithm uses a key schedule generated by the seed key byte array. KeyExpansion is called a key extension. In essence, generate multiple keys from an original key to replace the use of a single key to increase the spread of the bit. Although it is not difficult to resist, it is understood that KEYEXPANSION is still a difficult point in the AES algorithm. The advanced pseudo code of the Keyexpansion routine is as follows:
KeyExpansion (byte [] key, byte [] [4] w) {COPY THE SEED KEY INTO THE FIRST ROWS OF W for Each Remaining Row of W {Use Two the prepaining rows to create a new row}} "with the front two The routine of "Use Two of the Previous Rows to Create A New Row" uses two subroutines, Rotword and Subword and a constant table called "RCON" (as " "). Let us first look at these three things one by one, then return to the entire keyxpansion discussion.
The ROTWORD routine is simple. It accepts a 4-byte array and turn it to the left. Because the wheel scheduled table w [] has four columns, RotWord will turn around W []. Note that this Rotword function used by KeyExpans is very similar to the SHIFTROWS (row shift transform) routine used by the encryption algorithm, just it processes the single-line key scheduling w [], not the entire encryption status table State [].
The Subword routine uses replacement table SBOX to replace a given row of key schedule W [] by byte by one-by-line key schedule. The replacement in the KeyExpansion operation is actually the same as the replacement in the encryption algorithm. The instead of the input byte is divided into (x, y) pair, which is used as an index of replacement table SBOX. For example, the replacement result of 0x27 is x = 2 and y = 7, and SBOX [2, 7] returns to 0xCC.
The Keyexpansion routine uses an array of RCON [], which is called a circular table. These constants are 4 bytes, each matching a row of the key schedule. The KEYEXPANSION routine of the AES requires 11 wheel constants. You can see these constant lists in Figure 7.
The leftmost byte of each circular regitude is the power of 2 in the GF (28) domain. Another representation method is that each value is the previous value by 0x02, as described in the previous part discusses the GF (28) multiplication. Note 0x80 × 0 × 02 = 0x36 is 0x80 left shift 1 bit bit and then directly in the 0x1b or as described above.
Let us now take a further look at the cycles in the KEYEXPANSION inside. The false code used here is more detailed than before, this loop is:
For (ROW = NK; ROW <(4 * NR 1); ROW) {TEMP = W [ROW-1] if (ROW% NK == 0) Temp = Subword (Rotword (Temp)) xor RCON [ Row / NK] Else IF (NK == 8 and Row% NK == 4) Temp = Subword (Temp) W [ROW] = W [Row-NK] xor Temp} Do not look at the IF clause, you will see Each row to the key schedule W [] is the result of the front line and the row NK is or the length of the row NK depends on the length of the key). The first part of the IF condition uses Subword, Rotword, and each of the two, 6th or 8th lines of the key schedule, depending on whether the length of the key is 128, 192 or 256. The second part of this condition will modify lines 12, 20 and 28, etc. - For 256-bit keys - each of the eighth rows will add additional variability of the key schedule.
Let us use the examples beginning with this article to find how Keyexpansion starts. The seed key is 192-bit / 6-word value:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 1 Dimension of the key scheduling word table W [] Dimension is 4 columns and Nb × (NR 1) is equal to 4 × (12 1), or 52 lines. KeyExpansion copies the value of the seed key to the first line of the key scheduling word table w []. Because my seed key is 192 bits (24 bytes), and the W [] table is always 4 columns, KEYEXAPANSION copies the seed key to the W [] of 6 lines in this case. Let us now look at how the Keyexapansion routine is to fill the rest of the key schedule. In my example, the first row is calculated is the 6th line, because the 0-5 line has been filled by the value of the seed key:
Temp = W [ROW-1] = 14 15 16 17 Condition (ROW% NK == 0) is true, so the RotWord subroutine is applied:
Temp = 15 16 17 14 This time Subword is applied:
temp = 59 47 f0 fa [row / Nk] = Rcon [6/6] = 01 00 00 00 XORed with Rcon:
Temp = 58 47 f0 fa This time uses w [row-nk] = w [6-6] = 00 01 02 03 different or produced the following result:
W [6] = 58 46 F2 F9 Key Schedule W [] The rest of the process itself is repeated.
All in all, an important part of AES encryption and decryption is to generate multiple rounds of rotation from the initial seed key. This KeyExapansion algorithm generates a key schedule and replaces and replaces some way, in which the encryption and decryption algorithm are extremely similar. Writing the AES-class constructor with C # Now I have studied all components that make up the AES encryption algorithm, I will use C # to implement it. The official AES algorithm specification is included in the Federal Information Processing Standard Publication 197 (Federal Information Processing Standards Publication 197). I decided to use it as my implementation as my implementation, but I quickly discovered that this specification is a theoretical document rather than an implementation guide. In order to use this official specification as a resource, the variable name I use is the same as used in standard publications. (Even if they are so embarrassed, such as "NR" and "W"). My design uses 9 data members and an enumeration type, as shown below:
Public enum keySize {bits128, bits192, bits256}; private int nb; private int nk; private int nr; private bote [] key; private bote [,] sbox; private bote [,] isbox; private botte [,] w; Private Byte [,] rcon; private byte [,].
Because the key length can only be 128 bits, 192 bits or 256 bits, it is very suitable for enumeration type:
Public Enum Keysize {BITS128, BITS192, BITS256}
This specification document typically uses bytes as the basic storage unit instead of using 4 bytes of words as the length of two important data members. These two members NB and NK represent the block length of the word unit and the key length in the word unit. NR represents the number of rounds. The block length is always 16 bytes (or this is 128 bits, which is 4 words of AES), so it can be declared as a constant. The key length is assigned 4, 6 or 8 according to the value of the enumerated parameter keySize. The AES algorithm emphasizes the complexity of encrypted data through a large number of rounds. The number of wheels is any one of 10, 12 or 14 and is based on cryptographic analysis. It depends directly on the key length. When I design a class interface, I like to do it later. I envically call constructor and methods from the application. Use this approach, I decided to instantiate a AES object below:
AES A = New AES (The Key Size, The SEED Key)
The encryption and decision routines I call are as follows:
A.CIPHER (Plaintext, Ciphertext); A.INVCIPHER (Ciphertext, DeciphereEDtext);
I chose a little hgful way to name Cipher and InvCIPher because they are used in the AES specification document. Here is the code of the AES-class constructor:
Public AES (Keysize Keysize, Byte [] Keybytes) {setnbnknr (keySize); this.key = new byte [this.nk * 4]; keybytes.copyto (this.key, 0); buildsbox (); buildinvsbox (); BuildRCON (); keyexpansion ();} This constructor first calls an auxiliary method setNBNKNR to assign NB, NK, and NR, such as
Figure 8 shows. If you take into account the efficiency, you may put these code directly into the constructor to avoid the overhead of the method call.
Next, you must copy the byte of the incoming constructor to the class domain variable. The key is declared with other class domains and use the following method to get its value: this.key = new byte [this.nk * 4]; keybytes.copyto (this.key, 0);
I decided to call private auxiliary methods in the constructor Buildsbox and Buildinvsbox to initialize replacement table SBOX [] and ISBOX []. Now the key extension routine, the Cipher method, and the Invcipher method each need SBox [] and isbox [], so I can initialize SBOX [] and call the keyexpansion method in both Cipher and InvCIPher two methods, but put them in the construction The function will be clearer. SBOX [] is filled in Figure 9. Fill IsBox [] code is similar. Structured processing for readability. As you will see later, there is another surprising method to choose from to provide values for SBOX and ISBOX tables. Declaring the key schedule W [], the circular table RCON [] and status matrix State [], and use private assist methods to assign RCON [] and W [] to I seem to organize their most Good way, but that is mainly a style. Refer to Figure 7 for the assignment code of RCON. Recall that in GF (28), RCON [] The byte of each line is the power of 2, so this table can be established by the following method:
NEWVAL = prevval * 0x02;
The AES constructor ends after establishing the finite key schedule W [], and W [] is done in the KeyExpansion method (see Figure 10). Its code is quite simple. Specifies documentation uses a hypothetical 4-byte word type. Because C # doesn't have such types, you can simulate a 4-byte array. After the NEW operator is a key scheduling table W [], the W [] initial NK (4, or 8) row is obtained from the seed key key [] array passing to the constructor.
THIS.W [Row, 0] = this.key [4 * row]; this.w [row, 1] = this.key [4 * row 1]; this.w [row, 2] = this.Key [4 * row 2]; this.w [row, 3] = this.key [4 * row 3];
Two bytes of different or operation occurred in this code. It requires some forced type conversion from Byte to int to Byte, because the different or operation "^" is not defined on the BYTE type of C #, for example:
Temp [0] = (Byte) ((int) Temp [0] ^ (int) this.rcon [row / nk, 0]);
Used to replace:
Temp [0] = Temp [0] ^ this.rcon [row / nk, 0];
KeyExpansion methods Conditionally call private methods Subword and Rotword to maintain consistency with normative naming. In addition, because there is no Word type in C #, I use a 4-byte array to implement a word. Subword and Rotword's code is quite simple, see the Aeslib source code included in this article, it should be easy to understand. Slightly has some skills to find alternatives in Subword. Recall that in order to find an instead, you will enter bytes into the leftmost 4 bit and the rightmost 4 bit bits. For a given byte, the X index will be obtained with >> Operators and 4 bits, and logic with 0000 1111 and the y value is obtained. Although some long, more readable than actual code, I can like this: int x = word [0] >> 4; int y = word [0] & 0x0f; byte substitude = this.sbox [x, y] Result [0] = SUBSTITUTE;
Replace my original code:
Result [0] = this.sbox [word [0] >> 4, Word [0] & 0x0f];
In general, the AES constructor accepts a key to 128, 192, or 256 bits and one byte array seed key value. The constructor is assigned to the number of rounds of the input block length, the seed key length, and the encryption algorithm, and copies the seed key into a data member called KEY. The constructor also creates four tables: two replacement tables used by the encryption and decryption methods, a long-term table, and a key schedule for a wheel key. The AES Cipher method written in CIPHER method is shown in Figure 11. It is really simple because it divides most of the work to private methods AddroundKey, Subbytes, Shiftrows, and MixColumns. The Cipher method begins with a copy of the text input array to the status matrix State []. After initially calling AddroundKey, the Cipher method iterates less than the total number of rounds. When the last round, the MixColumns call is omitted as in the specification. The code of the private method of addRoundKey and Subbytes is shown in Figure 12. The AddroundKey method needs to know that it is in that round so that it correctly references the 4-row key schedule array W []. Note that State [R, C] is different from W [C, R] or not W [R, C]. The Subbytes method extracts an index from the input byte, which is the same as the right 4 bits and 0x0f shielding technologies used in the KeyExpansion method. The code of the Shiftrows method is shown in Figure 13. Recalling, Shiftrows (possibly called Rotaterows more) Run Row [0] to the left to rotate 0 locations, rotate the Row [1] to the left to turn 1 position, and the like. After copying State [] to the Temp [] matrix, then use the following line code to convert:
THIS.STATE [R, (C R)% NB] = TEMP [R, C];
Here, the advantages of the% operator are brought together. MixColumns Method (Figure 14) With GF (28) and multiplication, each byte is replaced with a linear combination of all other values in the byte column. The constant coefficients used by the multiplication is based on domain theory, and is the 0x01, 0x02, or 0x03 any of the values. Given a column C. Its replacement is as follows:
State [0, C] = 0x02 * State [0, C] 0x03 * State [1, C] 0x01 * State [2, C] 0x01 * State [3, C] State [1, C] = 0x01 * State [0, C] 0x02 * State [1, C] 0x03 * State [2, C] 0x01 * State [3, C] State [2, C] = 0x01 * State [0, C] 0x01 * state [1, c] 0x02 * State [2, C] 0x03 * State [3, C] State [3, C] = 0x03 * State [0, c] 0x01 * State [1, c] 0x01 * State [2, C] 0x02 * State [3, C] These expressions are slightly longer, so I decided to write a private auxiliary function that returns GF (28) and 0x01, 0x02 and 0x03. These auxiliary functions are very short. For example, one byte B is multiplied by the 0x03 domain as follows: Return (Byte) ((int) gfmultby02 (b) ^ (int) b);
As I discussed earlier, 0x02 multiplication is the basic operation of all GF (28) multiplication. I called my gfmultby02 method, I changed the use of the same method naming practice as the specification, and this routine is called XTIME. Cipher method Its input repeatedly applies four operations to generate encrypted outputs. AddroundKey replaces bytes with multiple round keys derived from a single original seed key. Subbytes replace bytes in a replacement table. Shiftrows uses mobile byte line to zone bytes, while MixColumns replaces bytes with a domain and multiplication value of a column. The basic principle behind the AES INVCIPHER method AES decryption algorithm is simple: decrypt a plurality of encryption blocks, which is to restore (UNDO) each operation with reverse order. Although this is the basic concept, there are still several details to handle. The AES specification says that the decision routine is Invcipher, not one of Decipher or Decrypt. This is the reflection of the mathematical foundation behind the AES, which is based on reversible mathematical operation. If you compare this code and the Cipher code, you will see it more than you expect, but there are two more exceptions. First, in the Invcipher method, the inverse method call (such as the invsubbytes) is not completely the same as the reverse order of corresponding calls (such as subbytes) in the Cipher method. Second, Invcipher is called an AddroundKey method instead of an InvadDroundKey method. It is worth noting that the INVCIPHER algorithm key schedule is not started downward from the higher number index. The code of Invsubbytes, InvshifTrows, and InvmixColumns methods is very close to the code related to the Subbytes, Shiftrows, and MixColumns methods. The INVSUBBYTES method is almost the subbytes method, just it is replaced with the table isbox [] instead of the SBOX [] table. As you may guess, isbox [] is to restore any corresponding operations processed by SBOX []. For example, if you have byte b equal to 0x20, and find it in SBOX [], you get 0xB7. If you find 0xB7 alternatives in Isbox [], you can get 0x20. Similarly, the InvshifTrows method restores Shiftrows method - ROW [0] is shifted by the right, and ROW [1] is shifted by 1 position, and Row [2] is shifted by 2 positions, and Row [3 ] Is shifted to three positions. The InvmixColumns method restores the work of MixColumns, but there is no obvious way. Recall that MixColumns uses the byte linear combination of the byte in the original byte column, and the coefficients are 0x01, 0x02, and 0x03, and the domain theory is again applied. It proves that inverse operation is similar, just by 0x09, 0x0b, 0x0d and 0x0e, as shown below:
State [0, c] = 0x0e * State [0, C] 0x0b * State [1, C] 0x0D * State [2, C] 0x09 * State [3, C] State [1, C] = 0x09 * State [0, C] 0x0e * State [1, C] 0x0b * State [2, C] 0x0D * State [3, C] State [2, c] = 0x0d * State [0, C] 0x09 * State [1, C] 0x0e * State [2, C] 0x0b * State [3, C] State [3, C] = 0x0b * State [0, C] 0x0D * State [1, c] 0x09 * State [2, C] 0x0e * State [3, C] For the MixColumns method, I decided to write an auxiliary function, not the inline deployment of a long expression or write a normal multiplication auxiliary function. Let me show you how I showed this function of any byte B by constant 0x0e (14), like any number, the number 14 can be indicated to 2 power and, therefore, 14 is equal to 2 4 8. And the square equal to 2, 8 equal to 2, you can represent 14 to 2 22 23. Remember that the addition is the difference between GF (28), since I already have a gfmultby02 function, I can use it to get my results: return (byte) ((int) gfmultby02 (gfmultby02 (gfmultby02 (b) )) ^ / * 23 * / (int) gfmultBy02 (GFMULTITBY02 (B)) ^ / * 22 * / (int) gfmultBy02 (b)); / * 2 * / For all the operations of the AES encryption algorithm It is reversible, so the decision algorithm is essentially a reversal of all operations.
Use the AES class
It is simple to use C # to implement AES. Look at
Figure 15, it is the code I used to generate output figure 1. After declaring the seed key of 16-byte express input hard code values and 24-byte (192-bit), a AES object is initialized, encrypted Cipher method into ciphertext, and then decrypts the ciphertext by INVCIPHER. Very clear and simple.
Because the AES object is processed for byte arrays, you can easily use it to handle other data types of .NET. I created a Windows-based small DEMO program that accepts a simple string - there are 8 characters (16-byte), encrypted and decrypt it. Running screen such as Figure 16.
Figure 16 encrypted DEMO program
Because encryption and decryption routines need to know the user-defined key length, I will declare it as a class of variables, like this:
Private aes.keysize keysize;
Note that the seed keys are not defined by the user. This DEMO program uses an "null key" as a seed key, which provides a dummy parameter new byte [16] for the constructor, making it all consisting of zero bytes. The length of dummy parameters is irrelevant because the seed key is still to be initialized to zero. Empty key is encrypted and decrypted is an easy and effective way to prevent the outside world from accidentally checking the data. Encoding. commicode.getBytes and Encoding. Enicode.getstring methods in System.Text make it very easy to convert one .NET string into a byte array, and vice versa. Implementation Selection Now let us look at some important variables that appear in this article AES implementation, this article may extends, and the password analysis of the AES. Like any code I have processed, the AES algorithm can also be implemented in other optional ways. Why is this important? AES is trying to be widely used in various systems, from only a small memory capacity, smart cards to large multiprocessor host systems. In many cases, performance is a key factor, and sometimes memory or processor resources are limited. In fact, each routine of AES can perform performance optimization for very expensive memory resources, and vice versa. For example, to replace the table SBOX [] allocated 256 values seem to be very straightforward. However, these values are based on GF (28) theory, they can be generated by programming. This is also true for reverse replacement tables and circular status. Optional to implement another interesting possibility is the GF (28) multiplication used in the Cipher and Invcipher methods. My implementation code is a basic function that is multiplied by 0x02, and then the additional function of six calls GFMultBy02. Another possibility should be to write a general multiplication function and use it instead of the seven separate functions I have implemented. Another extreme is a complete product table that you can use by all 256 possible byte values that are better by 0x01, 0x02, 0x03, 0x09, 0x0b, 0x0d, and 0x0e. In addition, the other way to implement GF (28) is to find alog [] and log [] by searching in two 256 bytes, because they are based on some similar logaries in GF (28). Methods. Although the AES given here is fully used to encrypt any form .NET data, you may consider expanding it with a variety of ways. First of all, because the focus of this article is to clearly explain AES, all errors are peeled off, with my experience, adding reasonable number of error checks to a class such as AES will generate three times the code amount expansion. Because AES uses so many arrays, you need to do a lot of index boundary checks. For example, the constructor given does not even check the length of the seed key parameter. You may also consider extending the AES class by adding more features. The most obvious place is a method of adding encryption and decryption .NET basic data type, such as System.String and System.Int32. A more ambitious extension may be a stream data encryption class. What is the security of AES? This is a problem that is difficult to answer, but the views of most people are: it is the safest encryption algorithm currently available. AES has been listed as a more secure algorithm than other other encryption algorithms today. On the basis of theory and practice, AES is considered "safe", because the only effective way is to generate all possible keys because it is to crack it. If the key length is 256 bits, there is no known attack to crack AES within an acceptable time (even in today's fastest system, it also costs a few years).
Note that the most probable attack for the AES password is from a weak implementation of the allowable time to select the attack. An attacker uses a different key and accurately measures the time required to add the plus. If the encryption routine is coarsely encoded, the execution time relies on the key value, which is likely to derive information about the key. In AES, this thing is most likely to occur in the MixColumns routine because there are domains. Two security measures to this attack are to add a virtual order so that all multiplication requires the same number of instructions, or the domain multiplication is a query table, just as previously described. AES has many possible implementations, especially using query tables instead of calculation. The AES basic class provided herein can be used to add any form of .NET data or a class that is extended into a class with more features. Conclusion New AES will undoubtedly become a factual standard for encrypting all form electronic information, replacing DES. AES encryption data is unbreakable in a sense, because there is no known password analysis attack can decrypt AES ciphertext unless you have a forgive to search all possible 256-bit keys. I found that the main obstacle to implementing the AES class on Microsoft .NET Framework is that the official documentation is based on a mathematician point of view, rather than in a software developer's point of view. In particular, this specification assumes that the reader is very familiar with the GF (28) domain, and the key facts that have been properly implemented to the GF (28) multiplication necessary. I tried to try to remove the mystery of AES, especially in the Multiplication of GF (28). The widespread support from Microsoft and third-party suppliers in the form of .NET Framework library is just a time problem. However, in various reasons, this document is still valuable as your skill reserves. This implementation is especially simple and is low resource overhead. Also, read and understand the source code will allow you to customize any of the AES classes and use it more effectively. Safe is no longer worries in any software design process. AES is a major progress, use and understand it will greatly increase the reliability and security of the software system. Related Articles Security: Protect Private Data with The Cryptography Namespaces of The .NET Framework Exploring Kerberos, The Protocol for Distributed Security In Windows 2000
Background Information
The design of rijndael: AES - The Advanced Encryption Standard by Joan Daemen and Vincent Rijmen. (Springer-Verlag, 2002)
Announce Standard (AES): Federal Information Processing Standards Pub 197
About the Author
James McAffrey works in Volt Information Sciences Inc, where he managed to Microsoft's software engineer technical training. He works as some Microsoft products, including Internet Explorer and MSN Search. Can via JMCCAFFREY@volt.com or
v-jammc@microsoft.com Contact him.
