(clickAbove public Number For quick attention)

Source: Bole columnist/glass cat, wechat public number – programmer Xiao Grey

Good article submission, please click → here for details

Last time, I introduced the basic concept of AES algorithm. If you haven’t seen it, you can click on the following link:

Comics: What is the AES Algorithm?

We are programmers on a quest. We can’t know why or why. This time, I’m going to talk about the underlying principles of the AES algorithm.

We have already introduced the overall encryption process of AES in the last issue, here we rearrange it:

1. Divide the plaintext into 128bit blocks.

2. Fill the last plaintext block in the selected filling mode.

3. Each plaintext block is encrypted into a ciphertext block using the AES encryption device and key.

4. Splice all ciphertext blocks to form the final ciphertext result.

 

 

 

How many rounds are there?

Initial Round: 1 time

I’m going to take N Rounds

1 Final Round

As mentioned in the previous issue, AES keys support three lengths: AES128, AES192 and AES256. The length of the Key determines the number of rounds of AES encryption.

Excluding the initial wheel, the number of rounds corresponding to each Key length is as follows:

Either AES128:10 rounds

AES192:12 rounds

AES256:14 rounds

Different phases of Round have different processing steps.

The initial round has only one step:

Add wheel key (AddRoundKey)

Ordinary wheel has four steps:

Bytes instead of (SubBytes)

Row shifts

MixColumns

Add wheel key (AddRoundKey)

The final round has three steps:

Bytes instead of (SubBytes)

Row shifts

Add wheel key (AddRoundKey)

1. SubBytes

The first thing to note is that 16-byte blocks of clear text are arranged into a 4X4 two-dimensional array at each processing step.

Byte substitution is to replace each byte of a block of clear text with another byte. What is the basis for substitution? Based on a 16X16 size two-dimensional array of constants called a Subtitution Box.

If a[2,2] = 5B (a byte is a two-bit hexadecimal) in the plaintext block, then the output value b[2,2] = S[5][11].

2. ShiftRows

This step is simple, as depicted in the picture:

The first row is the same

The second line loops to the left by 1 byte

The third line loops to the left by 2 bytes

The fourth line loops 3 bytes to the left

3. MixColumns

In this step, each column of the input array is matrix multiplied by a two-dimensional constant array called fixed Matrix to obtain the corresponding output column.

4. Add wheel key (AddRoundKey)

This is the only step where the keys are used, and the 128bit keys are also arranged in a 4X4 matrix.

The output value b[I,j] is generated by making each byte of the input array a[I,j] xOR the byte k[I,j] in the corresponding position of the key once.

It should be added that the key used for each round of encryption is not the same. There’s a concept involved here: KeyExpansions.

KeyExpansions

The AES source code uses a 4 * 4 * (10+1) byte array W to store the keys for all rounds. The value of W{0-15} is equal to the value of the original key and is used for processing the initial round.

Each subsequent element W[I] is computed from W[i-4] and W[i-1] until all elements of the array W are assigned.

In the W array, W{0-15} is used for processing the initial round, W{16-31} is used for processing the first round, and W{32-47} is used for processing the second round…… Up to W{160-175} is used for the final round (10th round) processing.

1. The ECB mode

ECB mode (Electronic Codebook) is the simplest working mode, in which the encryption of each block of plaintext is completely independent of each other.

What are the benefits?

1. Simple

2. It is conducive to parallel computing

The drawbacks are also obvious:

The same plaintext block becomes the same ciphertext block after encryption, so the security is poor.

2. The CBC mode

The CBC mode (Cipher Block Chaining) introduces a new concept: Initialization Vector IV.

What does IV do? This function is similar to the MD5 “salt” function, which is to prevent the same plaintext block from always being encrypted into the same ciphertext block.

As you can see from the figure, CBC mode makes the plaintext block and a value perform xOR operations before each plaintext block is encrypted. IV, as an initialization variable, participates in the xOR of the first plaintext block, and each subsequent block differs or from the ciphertext block encrypted by the preceding block.

In this way, the same block of plaintext can be encrypted into different ciphertext blocks.

What are the benefits of the CBC model?

Higher security

The downside is obvious:

1. No parallel computing, the performance is not as good as ECB

2. Introduce initialization vector IV to increase the complexity.

Comic algorithm Series

  • Comic algorithm: minimum stack implementation

  • Comic algorithm: determine the power of two

  • Comic algorithm: find missing integers

  • Comic algorithm: What the hell is division?

  • Comic algorithms: What is Dynamic Programming? (Integrated version)

  • Comic algorithms: What is a skip list?

  • Comic algorithms: What is a B-tree?

  • Comic algorithms: What is a B+ tree?

  • Comic algorithms: What is a consistent hash?

  • Comic algorithm: the maximum adjacent difference after sorting an unordered array

  • Comic algorithms: What is a Bitmap algorithm?

  • Comic algorithm: Bitmap algorithm (advanced)

  • Comic algorithms: What is Bloom’s algorithm?

  • Comic algorithms: What is A* Pathfinding algorithm?

  • Comic book algorithms: What is Base64 algorithms?

  • Cartoon algorithm: What is MD5 algorithm?

  • Comic algorithms: How to crack the MD5 algorithm?

  • Comic algorithms: What is the SHA series of algorithms?

  • Comics algorithm: What is AES algorithm?

Find this article helpful? Please share with more people

Pay attention to “algorithm enthusiasts” and practice internal programming skills