Welcome to MSDN>
safety
Keep data security with new advanced encryption standards
Release Date: 12/6/2004
| Update Date: 12/6/2004
James McAffrey
This article assumes that you are familiar with C # and bit operations.
Download this article: AES.exe (143KB)
Summary
Advanced Encryption Standard (AES) is a norm established by the US Standard and Technology Research Institute for electronic data, which will become a recognized digital information (including financial data, telecom data, and government data) encryption methods. This article outlines AES and explains the algorithm it uses. This article also includes an example of a complete C # implementation and .NET data encryption. After reading this article, you will be able to encrypt the data using AES, test AES-based software, and use AES encryption methods in your own system.
This page
AES Algorithm Overview The AES Cipher method in the AES-class constructor in the GF (28) in the AES Cipher method C # in the AES Cipher method C # in the AES Cipher method in C # in the AES Cipher method in C #, using the AES class to implement the replacement method
US Standards and Technology Research Institutes (NIST) have developed a new Advanced Encryption Standard (AES) specification on May 26, 2002. In this article, I will provide the work implementation of AES written in C # and explain the full explanation to what is AES and how the code works. I will show you how to use AES to encrypt data and extend the code given here to develop commercial quality AES. I will also explain how and why I will encrypt AES into the software system and how to test AES-based software.
Note that the code provided herein and any other implementation based on this article is subject to applicable federal encryption module export control (for exact regulations, see Commercial Encryption Export Controls).
AES is a new encryption algorithm that can be used to protect electronic data. In particular, AES is an iterative symmetric key block password that can use 128, 192 and 256-bit keys, and can encrypt and decrypt 128 bits (16 bytes) blocks. Unlike the public key password using the key pair, the symmetrical key password uses the same key to encrypt and decrypt the data. The encrypted data returned by the block password has the same number of bits as the input data. Iterative Passwords use the loop structure to repeatedly perform arrangements and replacement operations for input data. Figure 1 shows the AES in the operation, which uses a 192-bit key to encrypt and decrypt the data blocks of 16 bytes.
Figure 1 A data
AES is the follow-up standard for the Old Data Encryption Standard (DES). DES was approved as a federal standard in 1977. It has been feasible before 1998. Since then, the combination of hardware, software and password analysis theory allows messages that will be encrypted in 56 hours to decrypt within 56 hours. After that, many other attacks have been successfully made in accordance with DES encrypted data. Now DES has passed its useful life.
In the second half of 1999, the Rijndael (read "Rain Doll" algorithm created by researchers Joan Daemen and Vincent Rijmen was selected by NIST as a proposal for design guidelines such as security, efficiency, versatility, and simplicity. Although both terms AES and Rijndael sometimes use it, they are very different. AES is increasingly an actual standard for encrypting various forms of electronic data, including data for commercial applications (such as banking and financial transactions, telecommunications, and private and federal information).
AES algorithm overview
The AES algorithm is based on arrangement and replacement operations. The arrangement is to rearrange the data, and the replacement is replaced with another data unit to another. AES uses several different ways to perform arrangements and replacement operations. To illustrate these methods, let us demonstrate a specific example that performs AES encryption using the data displayed in Figure 1. The 128-bit value below will be encrypted using the index array:
00 1122 33 44 55 66 77 88 99 AA BB CC DD EE FF
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
The 192-bit key value is:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Figure 2 When the SBOX is called when the AES constructor is called, the two tables that will be initialized will be initialized. The first table is a replacement box named SBOX. It is a 16 ã 16 matrix. Figure 2 shows the top five and the top five columns of SBOX. After the curtain, the encryption routine extracts the key array and uses it to generate a "key order table" named W [] shown in FIG.
Figure 3 The key sequence sheet is in W [], the front NK (6) line is based on the initial key value (0x00 to 0x17), and the remaining rows are generated from the seed key. The variable NK uses 32-bit words to represent the size of the seed key. When I introduce the AES implementation later, you will exactly understand the way W [] generation. The main point is that many keys can now be used instead of only one key. These new keys are referred to as a wheel back key to separate them from the initial seed key.
figure 2
image 3
Figure 4
Figure 4 The stateAs encryption routine first copies 16-bytes of input arrays to a 4 ã-4 byte matrix named State (see Figure 4). The AES encryption algorithm is named Cipher and performs operations for State [], which can be described in pseudo code (see Figure 5).
The encryption algorithm performs a pre-processing step (called AddroundKey in the specification). AddroundKey performs an in-one byte xor operation using the first four lines of the key subordinum, and performs XOR operations for INPUT STATE [R, C] using a wheel back key table W [C, R].
For example, if the first row of bytes {00, 44, 88, cc}, the first column of the key sequence table is {00, 04, 08, 0c}, and the new STATE [0, 2] The value is the result of the XOR calculation of State [0,2] (0x88) with W [2, 0] (0x08), ie 0x80:
1 0 0 0 1 0 0 0
0 0 0 0 1 0 0 0 xor
1 0 0 0 0 0 0 0 0
The main loop of the AES encryption algorithm performs four different operations in the State matrix, in the specification, the names of these operations are Subbytes, Shiftrows, MixColumns and AddroundKey. The AddroundKey operation is basically the same as the previous AddroundKey. The only difference is that when addRoundKey is called, the next four lines of the key order meter are used. The Subbytes routine is a replacement operation that extracts each byte in the State matrix and is replaced by the new byte determined by the Sbox table. For example, if the value of State [0, 1] is 0x40, and you want to find its replacement value, you can get the value at State [0, 1] (0x40), and let X equal to LEFT DITIT (4), let Y Is equal to Right Digit (0). Then use X and Y as the index of the SBOX table to find the replacement value, as shown in Figure 2. Shiftrows is an arrangement operation that transfers the bytes in the State matrix to the left. Figure 6 shows how Shiftrows acts on State []. The line 0 of State is moved by 0 positions, and the line 1 is transferred to the left-rotation bit, and the line 2 is moved to the left-rotate position, and the line 3 is moved to the left-handed position.
Figure 6
Figure 6 For State Running ShiftrowsMixColumns operations is a replacement operation, it is the most difficult part of the AES algorithm. It replaces each byte as the result of the mathematical domain addition and multiplication of the value of the byte column. I will explain the extraordinary addition and multiplication in the next section.
Suppose the value of State [0, 1] is 0x09. The other values in column 1 is 0x60, 0xe1 and 0x04, then the new value of State [0, 1] will be displayed as follows:
State [0,1] = (State [0,1] * 0x01)
(State [1,1] * 0x02)
(State [2,1] * 0x03)
(State [3,1] * 0x01)
= (0x09 * 0x01) (0x60 * 0x02) (0xE1 * 0x03)
(0x04 * 0x01)
= 0x57
The addition and multiplication is a special math domain operation, not the usual integer addition and multiplication.
In a loop to perform NR, Subbytes, Shiftrows, MixColumns, and AddroundKey, NR is equal to the number of cycles of the given key size. The number of cycles used by the encryption algorithm is 10, 12 or 14, and the specific value depends on the size of the seed key is 128, 192 or 256 bits. In this example, since NR is equal to 12, these four calculations are called 11 times. After the iterative operation is completed, the encryption algorithm finally calls Subbytes, Shiftrows, and AddroundKey before copying the State matrix to the output parameters.
The AES encryption algorithm has four core operations. AddroundKey replaces groups of four bytes using a reset key generated from the seed key value. Subbytes uses the replacement table to replace a single byte. Shiftrows arranges four bytes of groups by rotating 4-byte rows. MixColumns uses domain add-on and multiply combinations to use bytes.
Back to top
Domain plus and multiplication in GF (28)
As you have already seen, in addition to the MixColumns routine, the AES encryption algorithm uses a fairly simple replacement and arrangement method. MixColumns routines use special additions and multiplication. The addition and multiplication used by AES is based on mathematical domain theory. In particular, AES is based on a domain named GF (28).
The GF (28) domain includes a set of values from 0x00 to 0xFF (256) and addition and multiplication, thus derived (28). GF represents the Galohua field, which is named by mathematician who creates domain theory. A feature of GF (28) is that the results of addition or multiplication must be located in the collection {0x00 ... 0xFF}. Although the domain theory is quite deep, the final result of GF (28) adds is very simple: GF (28) adds just XOR operations. However, the multiplication in GF (28) is more complicated. As you will see in later C # implementations, the AES encryption and decryption routines need to know how to multiply only seven constants 0x01, 0x02, 0x03, 0x09, 0x0b, 0x0d, and 0x0e. Therefore, I will not introduce GF (28) multiplication theory, but only for this seven special circumstances.
In GF (28), it is specially multiplied by 0x01, which corresponds to 1 in ordinary calculation and the same mode of operation - any value is equal to itself with 0x01.
Now let's take a look at how to take the 5x02 multihard. Just as the case of addition, theory is deep, but the final result is quite simple. If the multiplied value is less than 0x80, then the multiplication result is only a value of 1 bit to the left. If the multiply value is greater than or equal to 0x80, then the multiplication result will be a value of the XOR operation with the 0x1b value to the left. This will prevent "domain overflow" and make the multiplication result in the range.
Once the addition and multiplication of 0x02 in GF (28) is established, they can be used to define multiplications with any constant. To multiplied by 0x03 in GF (28), 0x03 can be decomposed to 2 power and addition. To multiply any byte b with 0x03, you will see 0x03 = 0x02 0x01. therefore:
B * 0x03 = b * (0x02 0x01)
= (b * 0x02) (b * 0x01)
Because you know how to multiplied with 0x02 and 0x01 and how to perform an addition, the above operation can be done. Similarly, to multiply any byte b with 0x0D, you can perform the following operations:
B * 0x0D = b * (0x08 0x04 0x01)
= (B * 0x08) (B * 0x04) (b * 0x01)
= (B * 0x02 * 0x02 * 0x02) (B * 0x02 * 0x02) (b * 0x01)
Other multiplication required by the AES MixColumns routine in the encryption and decryption algorithm follows the same general mode, as shown below:
B * 0x09 = b * (0x08 0x01)
= (B * 0x02 * 0x02 * 0x02) (b * 0x01)
B * 0x0b = b * (0x08 0x02 0x01)
= (B * 0x02 * 0x02 * 0x02) (b * 0x02) (b * 0x01)
B * 0x0e = b * (0x08 0x04 0x02)
= (B * 0x02 * 0x02 * 0x02) (B * 0x02 * 0x02) (b * 0x02)
In short, the addition of GF (28) is a xor operation. The multiplication in GF (28) simplifies into addition and multiplying 0x02, wherein the three-bit left shift multiplied by 0x02 is conditional. The AES specification contains many other information about the calculation of GF (28).
Back to top
Key extension
AES encryption and decryption algorithm use a key sequence table generated from the byte array of seed keys. The AES specification is called this as a KeyExpansion routine. In essence, a plurality of keys (rather than using a single key) are greatly increased from the initial key. Although it is not very difficult to understand Keyexpansion, this is also a more complex part of the AES algorithm. In the advanced pseudo code, the appearance of the Keyexpansion routine is as follows:
KeyExpansion (byte [] key, byte [] w)
{
Copy The Seed Key Into The First Rows of W
For Each Remaining Row of W
{
Use Two of the previous rows to create a new row
}
}
The "Use Two of the Previous Rows to Create A New Row" uses two subroutines (Rotword and Subword), and a constant table called RCON (for "loop constant"). Let's take a look at each item in these three, then return to the entire KeyExpansion routine.
The Rotword routine is very simple, it accepts 4-bytes of arrays and one bit to the left-handed rotation. Because the wheel backward form w [] has four columns, RotWord will turn the line W [] to the left to turn down. Note that the Rotword function used by KeyExpans is very similar to the SHIFTROWS routine used by the encryption algorithm, the only difference is that it acts on a single line of the key sequence table W [], not the entire encryption status table State [].
Subword routine uses the replacement table SBOX, performs a word-by-by-by-by-by-by-by-by-by-by-word. The replacement in the KeyExpansion operation is exactly the same as the replacement in the encryption algorithm. To be replaced, the input byte is divided into (x, y) pair, which is used as an index of the replacement table SBOX. For example, the replacement 0x27 will cause x = 2, y = 7, and SBOX [2, 7] will return 0xcc.
The KeyExpansion routine uses an array RCON [] named a circular constant table. These constants have 4 bytes, each with a row of the key sequence table. The AES KeyExpansion routine requires 11 cyclic constants. You can view these constants in Figure 7.
The byte of each loop constant is the power of 2 in the GF (28) domain. Another way to check it is that it is noted that each value is by the previous value by 0x02, just as described in the previous section (discussing the multiplication in GF (28). Please note that, as mentioned above, 0x80 ã 0x02 = 0x1b is 0x80 to shift 1 bit to the left, then execute the XOR operation with 0x1b.
Now let us know more about the cycle in the keyexpansion. In a more detailed pseudo code than before, the cycle is as follows:
For (ROW = NK; ROW <(4 * NR 1); ROW)
{
Temp = w [row-1]
IF (ROW% NK == 0)
Temp = Subword (Rotword (Temp)) xor rcon [row / nk]
Else IF (nk == 8 and row% NK == 4)
Temp = Subword (TEMP)
w [ROW] = W [Row-NK] xor Temp
}
If you temporarily ignore the IF clause, you will see that each line of the key sequence table W [] is after the line NK (4, 6 or 8, the specific value depends on the key size) after the XOR operation is performed. result. The first part of the IF condition uses the Subword, Rotword, and XOR results of the loop constant, modify each fourth, sixth or eighth line of the key subordinum, depending on the size of the key is 128, 192 or 256 bits. . The second part of the condition will modify 12, 20, 28 rows, or the like, or 256-bit keys to add other variability to the key sequence table. Let's take a look at how KeyexPans is started using the examples of this article. The seed key is 192-bit / 6-word value:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17
The dimensions of the key order by the key sequence field w [] are: 4 columns, NB ã (NR 1) is equal to 4 ã (12 1) rows or 52 rows. The KeyExpansion routine copies the value in the seed key to the first line of the key order by a table w []. Because my seed key is 192 bits (24 bytes), and the W [] table has 4 columns, in this case, KeyExapansion will copy the seed key to the first 6 lines of W []. . Now let's take a look at how the KeyExpansion routine fill the rest of the key sequence table. In my example, because the line 0 to row 5 is filled with the seed key value, the first line calculated is line 6:
Temp = w [row-1] = 14 15 16 17
Condition (ROW% NK == 0) is true, so use the first ROTWORD subroutine:
TEMP = 15 16 17 14
Subsequent use of Subword:
Temp = 59 47 f0 fa
Then execute the XOR operation with RCON [ROW / NK] = RCON [6/6] = 01 00 00 00:
Temp = 58 47 F0 FA
Next, the XOR operation is performed with W [Row-NK] = W [6-6] = 00 01 02 03, and the result is obtained:
W [6] = 58 46 F2 F9
This process is repeated for all of the rest of the key sequence table W [].
In short, an important part of AES encryption and decryption is to generate multiple loop keys from the initial seed key. This KeyExpansion algorithm generates a key sequence table and uses the replacement and arrangement operations in a manner similar to the encryption and decryption algorithm.
Back to top
AES-class constructor in C #
Since I have checked all the components of the AES encryption algorithm, I will implement it in C #. The formal specification of the AES algorithm is included in the Federal Information Processing Standard Notice 197. I decided that my implementation is based on it as close as possible, but I quickly found that this specification is more like a theoretical document, not guidance. To use the formal specification as a resource, I use the variable name used in the standard announcement (although they are as conceivable as "NR" and "W").
My design uses nine data members and an enumeration type as follows:
Public enum keySize {bits128, bits192,
Bits256};
Private int NB;
Private Int NK;
Private int NR;
Private byte [] key;
Private Byte [,] sbox;
Private Byte [,] isbox; private byte [,] w;
Private Byte [,] rcon;
Private Byte [,] State;
Because the key size can only be 128, 192 or 256, it is a great candidate for enumeration type:
Public Enum Keysize {BITS128, BITS192, BITS256}
This specification document typically uses bytes as its basic storage unit, but uses 4-byte words as the size of two important data members. Two members NB and NK use words to represent block size and key size, respectively. NR represents the number of cycles. The block size is always 16 bytes (or 128 bits, 4 words for AES), so it may have been declared as constant. The value of 4, 6 or 8 is assigned to the key size according to the value of the enumerated parameter keySize. The AES algorithm is iterated by many cycles to increase the complexity of encrypted data. The number of cycles is 10, 12 or 14 and based on cryptographic analysis. It directly depends on the key size.
I like reverse work when designing a class interface. Imagine call constructor and method from the application. With this method, I have decided to instantiate the AES object as follows:
AES A = New AES (The Key Size, The SEED Key)
I call encryption and decryption routines as follows:
A.CIPHER (Plaintext, Ciphertext);
A.invcipher (Ciphertext, DeciphereEDtext);
I have chosen the method name Cipher and Invcipher because they are used in the AES specification documentation. Below is the code of the AES-class constructor:
Public AES (Keysize Keysize, Byte [] Keybytes)
{
Setnbnknr (keySize);
THIS.key = new byte [this.n/4];
KeyBytes.copyto (this.key, 0);
Buildsbox ();
Buildinvsbox ();
BuildRCon ();
KeyExpansion ();
}
This constructor first sets the value of NB, NK, and NR by calling the Helper method setnbnknr (as shown in FIG. 8). If you pay attention to efficiency, you can put this code directly in the constructor to avoid overhead due to method calls.
Next, the byte of the incoming constructor must be copied into the class domain variable. The key is declared in other class fields, which obtains its value by executing the following code:
THIS.key = new byte [this.n/4];
KeyBytes.copyto (this.key, 0);
I decided to use the Helper private method in the constructor to call the replacement table SBOX [] and ISBox []. Now, sbox [] and isbox [] are required for key extension routines and Cipher and Invcipher methods, so I can put SBOX [] initialization and KeyExpansion methods in the Cipher and InvCIPher methods, but will They are placed in a constructor to generate a more concise code structure. SBOX [] is filled in Figure 9. The code used to populate Isbox [] is similar. This code is constructed to be readable. As you will see later, there is an amazing alternative method for this method of providing values for SBOX and ISBOX tables.
Declaring key order table w [], cycle constant table RCON [], cycle constant table RCON [], and the Helper private method assigns RCON [] and W [], which seems to be organizational for me. Their best way, but this is primarily a problem. Figure 7 shows the code used to fill the loop constant table RCON. Let's recall, the left byte of each line in RCON [] is the power of 2 in GF (28), so the table can be constructed by using the following code:
NEWVAL = prevval * 0x02;
The AES constructor finally builds key order table w [], which is done in the KeyExpansion method (see Figure 10). This code is quite simple. Specific documents use imaginary 4-byte word data types. Since there is no such type because C #, it is simulated with 4 bytes array. After using the operator NEW to the key sequence table W [] allocated space, the first NK (4, 6 or 8) row in W [] will acquire the value from the seed key [] array of the incoming constructor:
THIS.W [Row, 0] = this.key [4 * row];
THIS.W [Row, 1] = this.key [4 * row 1];
THIS.W [Row, 2] = this.key [4 * row 2];
THIS.W [Row, 3] = this.key [4 * ROW 3];
The XOR operations performed on 2 bytes have multiple times in this code. It needs to be converted back and forth between BYTE and INT because the XOR operator is defined for the C # Byte type. For example, use
Temp [0] = (Byte) ((int) Temp [0] ^ (int) this.rcon [row / nk, 0]);
Not using:
Temp [0] = Temp [0] ^ this.rcon [row / nk, 0];
KeyExpansion methods Conditionally call private methods Subword and RotWord to maintain naming consistency with specifications. Again, because there is no word type in C #, I use the 4-byte array to implement a word type. The code of Subword and Rotword is quite simple. You should easily understand it by checking it in the Aeslib source code included in this article.
A bit complicated part is to find the displacement value in Subword. Let's recall, in order to find the displacement, you need to divide the input bytes into two parts: the leftmost 4 digits and the rightmost 4 digits. For a given byte, use the >> Operator to right, the X index is generated, and the logical AND 0000 1111 will generate the Y value. Using a slightly longer-readable form than actual code, I can perform similar code like the following
INT x = Word [0] >> 4;
INT Y = Word [0] & 0x0f;
Byte Substitution = this.sbox [x, y];
Result [0] = SUBSTITUTE;
Instead, I have used the code:
Result [0] = this.sbox [word [0] >> 4, Word [0] & 0x0f];
In summary, the AES constructor accepts a key with a size of 128, 192 or 256, and a zygmented seed key value. The constructor is assigned to the input block size of the encryption algorithm, the seed key size, and the number of cyclic times, and copies the seed key to the data member named Key. The constructor also constructs four tables: two replacement tables used by encryption and decryption methods, a loop constant table, a key sequence table consisting of a rotation key. Back to top
AES Cipher method in C #
Figure 11 shows the code of the CiPher method. It is indeed very simple because it will be handed over most of the work to the private method AddroundKey, Subbytes, Shiftrows, and MixColumns.
The Cipher method first copies the plain text input array to the status matrix State []. After the initial call to AddroundKey, the Cipher method is iterated, and the number of iterations is less than the total number of cycles. As described in the specification, in the last cycle, the call to MixColumns is omitted.
Figure 12 shows the code for addRoundKey and Subbytes private methods. The AddroundKey method needs to know which loop it is located so that it can correctly reference the four lines of the key sequence forms W []. Note that State [R, C] performs XOR operations with W [C, R] (not W [R, C]). The Subbytes method extracts an index from the input byte by using the same "right shift 4 bits" and "0x0F mask" in the keyexpansion method.
Figure 13 shows the code of the SHIFTROWS method. Let's recall, Shiftrows (called Rotaterows may be better) Punch ROW [0] to turn left to left to turn down, turn the Row [1] to the left-handed position, and so on.
After copying State [] to the TEMP [] matrix, execute the displacement with the following code:
THIS.STATE [R, (C R)% NB] = TEMP [R, C];
This will use% operators to surround rows.
MixColumns method (see Figure 14) Using GF (28) addition and multiplication to acquire each byte and replace it as a linear combination of all other values in the byte column. The constant coefficients used for multiplication are based on domain theory, which are 0x01, 0x02 or 0x03. The replacement of the given column C is:
State [0, C] = 0x02 * State [0, C] 0x03 * State [1, C] 0x01 * State [2, C]
0x01 * State [3, C]
State [1, c] = 0x01 * State [0, C] 0x02 * State [1, C] 0x03 * State [2, C]
0x01 * State [3, C]
State [2, c] = 0x01 * State [0, C] 0x01 * State [1, C] 0x02 * State [2, C]
0x03 * State [3, C]
State [3, C] = 0x03 * State [0, C] 0x01 * State [1, C] 0x01 * State [2, C]
0x02 * State [3, C]
These expressions have been a bit long, so I decided to write the Helper private function to return GF (28) and the product of 0x01, 0x02 and 0x03. The Helper function is very short. For example, the code used to perform the domain bytes B and 0x03 is as follows:
Return (BYTE) (INT) (int) b); as I have previously discussed, multiplication with 0x02 is the basic operation of all GF (28) multiplication. I call GFMultby02 method and use the same method names in the specification to comply with my agreement; the specification calls the routine XTime.
The Cipher method applies four operations for its input repeatedly to generate encrypted outputs. AddroundKey displaces bytes using a plurality of rotation keys derived from a single initial seed key. Subbytes uses the value in the replacement table to replace bytes. SHIFTROWS is arranged by panning character lines, and MixColumns uses the domain addition and multiplication of column values and multiplication.
Back to top
AES invcipher method in C #
Basic assumptions of the AES decryption algorithm are very simple: to decrypt the encryption block, just cancel each operation in the reverse order. Although this is the basic concept, there are still several details that need to be handled.
The AES specification is named INVCIPHER instead of replacement name Decipher or Decrypt. This is the reflection of the mathematical operation behind the AES, which is based on reverse math operation.
If you compare this code with the Cipher code, it will find that it is basically in line with your expectations, but there are two exceptions. First, the order in which the reverse method call (such as INVSUBYTES) is not entirely the reverse of the corresponding call (such as subbytes) in the Cipher method. Second, InvCIPHER calls the AddroundKey method (not the InvadDroundKey method). Note that the INVCIPHER algorithm uses a key sequence table, but starts from the higher index and works down to line 0.
INVSUBBYTES, INVSHIFTROWS methods code is closely reflected in the code of the relevant Subbytes, Shiftrows, and MixColumns methods. The INVSUBBYTES method is basically the same as the subbytes method, and the only difference is that it uses reverse plate ISBOX [] without using the SBOX [] table.
As you may be guessed, isbox [] just cancels any mapping executed by SBOX []. For example, if your byte b is equal to 0x20 and finds its replacement value in SBOX [], it will be 0xB7. If you look for 0xB7 replacement values in Isbox [], you will get 0x20.
Similarly, the InvShiftyRows method cancels the Shiftrows method - ROW [0] 3. Right shift 1 position right, ROW [2] is moved to the right, and the ROW [3] is moved 3 position.
The InvmixColumns method cancels the work of the InvmixColumns method in an unaptimistic manner. Let us recall, MixColumns replace each byte in the State matrix to the linear combination of bytes in the initial byte, and the coefficients are 0x01, 0x02 and 0x03. Domain theory once again. As a result, the reverse operation is similar, but using the multiplication of 0x09, 0x0b, 0x0d and 0x0e, as shown below:
State [0, C] = 0x0e * State [0, C] 0x0b * State [1, C] 0x0D * State [2, C]
0x09 * State [3, C]
State [1, C] = 0x09 * State [0, C] 0x0e * State [1, C] 0x0b * State [2, C] 0x0d * State [3, C]
State [2, C] = 0x0D * State [0, C] 0x09 * State [1, C] 0x0e * State [2, C]
0x0b * State [3, c]
State [3, C] = 0x0b * State [0, C] 0x0D * State [1, C] 0x09 * State [2, C]
0x0e * State [3, C]
As the MixColumns method, I decided to write a dedicated Helper function, rather than extending existing interlaced long expressions or writing universal Helper multiplication functions. Let me introduce you how to write a function that multiply any byte b with constant 0x0e (14, the base 10). As with any number, the number 14 can be expressed as 2 power and. In this example, 14 is equal to 2 4 8. Since the square equal to 2 is equal to 2, 8 equal to 2, you can represent 14 as 2 22 23. Keep in mind that the addition is just the xor (^) in GF (28), because I already have a GFMultby02 function, so I can use it to get the results:
Return (Byte) ((int) gfmultBy02 (GFMultby02 (gfmultby02 (b))) ^ / * 23 * /
(int) gfmultby02 (gfmultBY02 (b)) ^ / * 22 * /
(int) gfmultby02 (b)); / * 2 * /
All operations used by the AES encryption algorithm are reversible, so the decryption algorithm substantially reverses all the operations performed by the encryption algorithm.
Back to top
Use the AES class
One of the features of AES implemented in C # is its simplicity. Consider the code in Figure 15, I use it to generate the output result shown in FIG. 1. After declaring 16-byte plain text input and 24-byte (192-bit) seed keys, the AES object is initialized, and the Cipher Encryption method will encrypt the plain text as a password text, then password Text will be very simple and simple to decrypt the use of invcipher.
Because the AES object acts on byte arrays, you can easily modify it to make it act on other .NET data types. I constructed a Windows--based small demo application and allow it to accept a single 8-character (16-byte) string and then encrypt and decrypt it. Figure 16 shows an example of an example of an operation.
Figure 16 Encryption Demo
Because encryption and decryption routines need to know the key size that the user has specified, I declare it as a variable within the class, as shown below:
Private aes.keysize keysize;
Note that the seed key is not specified by the user. This demonstration uses a "empty key" composed of zero bytes by providing virtual New Byte [16] to the constructor. Because the seed key is all initialized to zero, the size of the virtual parameters is irrelevant. Encrypted and decrypt with empty keys, it is convenient to effectively prevent external checking of data. Using the Encoding.Unicode.getBytestring method in System.Text, it can be easily converted between .NET strings and byte arrays. Back to top
Implementation method
Now let's take a look at some important variants implemented in this article, this article provides the possible expansion of the code and the password analysis of AES.
For any code I have used, the AES algorithm has an important replacement method. Why is this important? AES will apply to a wide range of systems; from smart cards with minute memory capacity to large multiprocessor host systems. In many cases, performance is critical, memory or processing resources are sometimes limited. Almost all routines in AES can be modified to optimize performance in the case of sacrificing memory, and vice versa. For example, 256 values are given to the replacement table SBOX [] seems to be quite simple. However, these values are based on GF (28) theory, and the result is that these values can be generated by programming. The same is true for reversing tables and cyclic constant tables.
For replacement implementations, another interesting may be a GF (28) multiplication used by the Cipher and InvCIPHER methods. My implementation has been encoded for the basic function of the 0x02 multiplication and six other functions of GFMultBy02. Another possibility will be a common multiplication function and use it, not as seven separate functions like I used. Another extreme is that you can use a complete product table, which is composed of all 256 possible byte values with 0x01, 0x02, 0x03, 0x09, 0x0b, 0x0d, and 0x0e. Another way to implement GF (28) multiplication is to implement it as two 256-byte arrays (often referred to as Alog [] and LOG []), because they are based on GF (28 Some of a certain attribute similar to logarithm.
Although the AES provided herein is fully capable of encrypting any form .NET data, you might want to consider expanding it in a variety of ways. First, since the focus of this paper is to clearly explain AES, all errors are omitted. With my experience, add an appropriate number of error check functions to the class similar to the AES class will increase the size of the source code to three times. Because AES uses many arrays such as this, many index bound checks should be performed. For example, the constructor provided herein does not even check the size of the seed key parameters.
You can also consider extending this AES class by adding more features. The most obvious start position will be, add a number of methods that can encrypt and decrypt the basic .NET data types (such as System.String and System.InT32). More powerful extensions will be streaming of encryption.
How much security is AES? This is a problem that is difficult to answer, but the general opinion is that it is an existing safest encryption algorithm. So far, AES has been reviewed more than any other encryption algorithm. The only effective way to attack AES is to generate all possible keys, in this point,, whether in theory and still in practice, AES is considered "safe". For 256-bit key sizes, any known powerful attacks cannot be destroyed within a certain amount of time (even in existing fastest systems).
Note that for AES passwords, the most likely to succeed coming from a weak implementation that can allow so-called timing attacks. An attacker uses different keys and accurately measures the time required for encryption routines. If it is a bit careless when encoding the encryption routine, the execution time depends on the key value, it is possible to derive information about the key. In AES, this is most likely to appear in the MixColumn routine due to the domain multiplication. There are two security measures for this attack: inserting virtual instructions so that all multiplication requires the same number of instructions; if I have already described, the domain multiplication is implemented as a lookup table. For AES, there are many possible implementations, especially using lookup tables (rather than computational). The basic AES classes provided herein can be used to encrypt and decrypt any form of .NET data, and can be extended to be class with additional functions.
Back to top
summary
The new AES will undoubtedly replace DES, which is an actual standard for encrypting all forms of electronic information. If you do not use a powerful search for all possible 256-bit keys, any known password analysis attack cannot decrypt the AES password text. In this regard, the data encrypted with AES is unbreakable.
I found that there is a major obstacle when implementing the AES class in Microsoft® .NET Framework, that is, formal specification document is written from mathematicians 'views (rather than software developers' views). In particular, this specification assumes that the reader is very familiar with the GF (28) domain, which saves some key details about the GF (28) multiplication, and these details are necessary to implement AES. Here, I have tried my best to uncover the mystery of AES (especially around the GF (28) domain multiplication).
Microsoft and third-party suppliers provide AES encryption in the form of .NET Framework library is just a time problem. However, for a variety of reasons, it is also very valuable to master this code. This implementation is particularly simple and has low resource overhead. Also, if you access and understand the source code, you will be able to customize the AES class and use any implementation more effectively.
Safe is no longer a horse after any person's software design and development. AES is an important pre-consideration, use and understand it will greatly enhance the reliability and security of the software system.
For related articles, see:
Security: Protect Private Data with The Cryptography Namespaces of The .NET FRMEWORK
Exploring Kerberos, The Protocol for Distributed Security In Windows 2000
For background information, see:
The design of rijndael: AES - The Advanced Encryption Standard by Joan Daemen and Vincent Rijmen. (Springer-Verlag, 2002)
Announcing the advanced encryption standard (AES): Federal Information Processing Standards Pub 197
James McAffrey is working on Volt Information Sciences Inc., he managed technical training for Microsoft software engineers. He has worked as a contractor to work on several Microsoft products (including Internet Explorer and MSN Search). You can contact him with JMCCAFFREY@volt.com or v-jammc@microsoft.com. Go to the original English page
