传统的加解密法AES.ppt

Cryptography and Network SecurityChapter 5 Advanced Encryption Standard Fourth Edition by William Stallings Lecture slides by Lawrie Brown Origins clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks can use Triple-DES – but slow, has small blocks US NIST issued call for ciphers in 1997 15 candidates accepted in Jun 98 5 were shortlisted in Aug-99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001 AES Requirements private key symmetric block cipher 128-bit data, 128/192/256-bit keys stronger faster than Triple-DES active life of 20-30 years (+ archival use) provide full specification design details both C Java implementations NIST have released all submissions unclassified analyses AES Evaluation Criteria initial criteria: security – effort for practical cryptanalysis cost – in terms of computational efficiency algorithm implementation characteristics final criteria general security ease of software hardware implementation implementation attacks flexibility (in en/decrypt, keying, other factors) AES Shortlist after testing and evaluation, shortlist in Aug-99: MARS (IBM) - complex, fast, high security margin RC6 (USA) - v. simple, v. fast, low security margin Rijndael (Belgium) - clean, fast, good security margin Serpent (Euro) - slow, clean, v. high security margin Twofish (USA) - complex, v. fast, high security margin then subject to further analysis comment saw contrast between algorithms with few complex rounds verses many simple rounds which refined existing ciphers verses new proposals The AES Cipher - Rijndael designed by Rijmen-Daemen in Belgium has 128/192/256 bit keys, 128 bit data an iterative cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity Rijndael data blo