Khoa học và Công nghệ trong lĩnh vực An toàn thông tin From AES to Dynamic AES Pablo Freyre, Oristela Cuellar, Nelson Díaz and Adrián Alfonso Abstract—The cryptographic algorithm AES Other cryptographic algorithms have been (Advanced Encryption Standard) works with the proposed with dynamic transformations in transformations SubBytes, ShiftRows, terms of greater security in their design. Two MixColumns and AddRoundKey, all of them fixed examples are: the block cipher Twofish [19], and selected a priori. In this paper, we will show resulting a finalist in the AES competition, and dynamic variants of AES, where the new the block cipher Grand Cru [17], submitted to transformations are RandomSubBytes, RandomShiftRows, RandomMixColumns and the NESSIE process. RandomAffineTransfKey. The aim of this paper is to show dynamic Tóm tắt—Thuật toán mã hóa AES (Tiêu chuẩn variants of the block cipher AES, working in all mã hóa nâng cao) bao gồm các phép biến đổi cases with the transformations RandomSubBytes, SubBytes, ShiftRows, MixColumn và RandomShiftRows, RandomMixColumns and AddRoundKey. Tất cả các phép biến đổi này đều RandomAffineTransfKey, which are obtained at cố định và được chọn ưu tiên. Trong bài báo này, random from the set of all its possible choices. nhóm tác giả sẽ trình bày một số biến thể động của AES, trong đó các phép biến đổi mới là We also present the algorithms for the RandomSubBytes, RandomShiftRows, random generation of the dynamic RandomMixColumns và transformations cited above from RandomAffineTransfKey. pseudorandom sequences generated through Keywords—Block cipher; AES; Dynamic transformations. the key schedule of AES or any other pseudorandom number generator, and we Từ khóa—Mã khối; AES; Phép biến đổi động. explain how the transformations I. INTRODUCTION RandomSubBytes and RandomAffinTransfKey represent two different approaches. Rijndael is a cryptographic algorithm designed by the Belgian Joan Daemen and This work begins with a brief description of Vincent Rijmen and submitted to the AES the cryptographic algorithm AES, continue with competition in 1997. Announced as a winner in the explanation of the dynamic variants that we 2001, Rijndael was adopted as a standard [1] and propose, as well as the dynamic transformations named AES (Advanced Encryption Standard), used in the rounds, and conclude with the with some specifications in terms of block and presentation of the necessary algorithms for the key sizes. random generation of these transformations. AES works with the fixed transformations Our contributions: In this paper, fully dynamic SubBytes, ShiftRows, MixColumns and variants of the block cipher AES are presented, AddRoundKey, all of them selected a priori [2], where all original transformations are replaced by [3]; however, a large number of AES variants key-dependent transformations, selected at with dynamic transformations depending on random from the set of all its possible choices. A secret key can be seen in the specialized new algorithm for the random generation of MDS 8 literature [4]–[18]. matrices in 퐺퐿4푥4(퐺퐹(2 )), and a random key- dependent affine transformation as an alternative variant for the key addition are presented. This manuscript is received on May 22, 2020. It is commented on May 28, 2020 and is accepted on August 14, 2020 by the first reviewer. It is commented on June 31, 2020 and is accepted on August 18, 2020 by the second reviewer. Số 1.CS (11) 2020 11 Journal of Science and Technology on Information security II. THE BLOCK CIPHER AES for (i = 1; i < 푁푟; i++) The operations in the cryptographic algorithm { AES are performed in the Galois field 퐺퐹(28), so the input block and the output block are arrays of SubBytes(State); 16 bytes each one. ShiftRows(State); The bytes of the input block are located inside MixColumns(State); a matrix with 4 rows and 4 columns, named state matrix 푆 = (푠푖,푗), so that for every input block AddRoundKey(State, ExpandedKey[i]); 푝0푝1푝2, … , 푝15 we have 푠푖,푗 = 푝푖+4푗 , 0 ≤ 푖, 푗 < } 4. The last state is transformed into the output block 푐0푐1푐2푐3, … , 푐15 in the inverse sense SubBytes(State); 푐 = 푠 for every 0 ≤ 푖, 푗 < 4. 푖+4푗 푖,푗 ShiftRows(State); The secret key is another array of bytes, of size AddRoundKey(State, ExpandedKey[N ]); 16, 24 or 32, which is transformed into a matrix r of 4 rows and 푁푘 columns, where 푁푘 = 4, 푁푘 = } 6 or 푁푘 = 8 depending on the size of the key. The number of rounds 푁 also depends on the In AES, the S-box has been selected in such a 푟 way that the maximum correlation over it is at size of the key, and it is computed as 푁 = 푁 + 푟 푘 most 2−3 and the difference propagation 6, where 푁푘 rounds are added as security margin −6 according to the criteria of the designers [3]. probability is at most 2 . It is proven that the number of active S-boxes in four rounds of AES In each round a 16-byte-key is available. The is lower bounded by 25, it gives us a minimum 16-byte-keys are generated from the key schedule weight of 150 for any four-round differential independently of the encryption process, and the trail, and a maximum correlation contribution of following transformations act on the state matrix 2−75 for any four-round linear trail. offering confusion and diffusion: Hence, there are no eight-round trails with a 1. SubBytes, acting like an S-box on every byte weight below 300 or a correlation contribution of the state. less than 2−150. The designers of AES consider this sufficient to resist differential and linear 2. ShiftRows, performing cyclic rotations on the attacks; however, they added 푁 extra rounds as rows of the state. 푘 security margin. 3. MixColumns, multiplying every column of III. THE DYNAMIC AES the state by one MDS matrix. Dynamic encryption is a way to design block 4. AddRoundKey, adding all bytes of the state cipher algorithms, and AES has several dynamic with the round key. variants in specialized literature. This idea is The key schedule of AES can be seen in [2], formally presented in [18] and constitutes a [3] as well as any other detail of interest in its practical strength for block ciphers if the dynamic design criteria. We present next the pseudocode transformations satisfy the design requirements of the encryption process. of the original transformations, since the dynamic algorithm has at least the same security as the Encryption process of AES original algorithm [18], [20]. AES(State, CipherKey) In this section, we propose dynamic variants of the cryptographic algorithm AES, using the { random transformations RandomSubBytes, KeyExpansion(CipherKey, ExpandedKey); RandomShiftRows, RandomMixColumns and RandomAffinTransfKey, as is shown in the AddRoundKey(State, ExpandedKey[0]); next pseudocode. 12 No 1.CS (11) 2020 Khoa học và Công nghệ trong lĩnh vực An toàn thông tin Encryption process of the dynamic variants AES designers taking in mind a complex algebraic expression; however, in the AESDynamicVariant(State, CipherKey); proposed dynamic variants, we consider to use a random S-box so that its algebraic { expression will be unknown. KeyExpansion(CipherKey, ExpandedKey) The first change that we propose is the generation of a random invertible matrix in 퐺퐿 (퐺퐹(2)) RandomSubBytes(sequence1, SubBytes) 8푥8 used to construct a key-dependent affine RandomShiftRows(sequence2, ShiftRows) transformation, this way RandomMatrix composed with 푆퐷푅 acts like a random S-box 푅푆퐷푅[푥]. RandomMixColumns(sequence3, MixColumns) The second change is to construct a random S- RandomAffineTransfKey(sequence4, TransfKey) box independent from 푆퐷푅 through a random AffineTransfKey(State, ExpandedKey[0]) permutation Π of the symmetric group 푆256, this way the transformation RandomPermutation acts for (i = 1; i < Nr; i++) like the random S-box 푅푆퐷푅[푥] = Π[푥]. { Both, RandomMatrix and SubBytes(State) RandomPermutation, can be used without worrying on the cryptographic properties of the ShiftRows(State) random S-box 푅푆퐷푅 if we use the encryption process in short plain texts or we use a rekeyed MixColumns(State) mode of operation for big plain texts. For the use AffineTransfKey(State, ExpandedKey[i]) of a block cipher in one of these modes, see for example [21] and [22]. } B. RandomShiftRows and RandomMixColumns SubBytes(State) The random transformations ShiftRows (State) RandomShiftRows and RandomMixColumns are AffineTransfKey(State, ExpandedKey[N ]) presented for the replacement of the fixed r transformations ShiftRows and MixColumns of } AES respectively, providing both diffusion as well as the original transformations. Here sequencei is a pseudorandom sequence for all 1 ≤ 푖 ≤ 4 that can be obtained from any ShiftRows acts on the rows of the state pseudorandom number generator or directly from cyclically rotating their bytes 0, 1, 2 or 3 positions the AES key schedule. to the left respectively, providing dispersion between the columns of the state. The random A. RandomSubBytes ShiftRows is a random diffusion optimal The random transformation RandomSubBytes permutation 푅 of the symmetric group 푆16 [3] so is presented for the replacement of the fixed that the bytes inside every column of the state transformation SubBytes of AES, but it is derived are located into different columns after 푅. into the two random transformations MixColumns acts on the state multiplying RandomMatrix and RandomPermutation with a every column by the MDS matrix different approach, each one of them used separately to provide confusion into the 02 03 01 01 encryption process. 01 02 03 01 [ ] 01 01 02 03 SubBytes acts like a S-box denoted as 푆퐷푅 on 03 01 01 02 every byte of the state, constructed through a non- affine transformation and an affine providing maximal local diffusion into the transformation. This S-box was selected by the columns of the state. The random MixColumn is 8 a random MDS matrix in 퐺퐿4푥4(퐺퐹(2 )).
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages12 Page
-
File Size-