Académique Documents
Professionnel Documents
Culture Documents
Submitted to
C.S. Rai
Professor
USICT , DELHI
Submitted By
GAURAV
Roll no: 01016405314
M.Tech (CSE) 1stSem
USICT
Introduction
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic
data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is based on the Rijndael cipher developed by two Belgiancryptographers, Joan
Daemen and Vincent Rijmen, who submitted a proposal to NIST during the AES selection
process. Rijndael is a family of ciphers with different key and block sizes.
For AES, NIST selected three members of the Rijndael family, each with a block size of 128
bits, but three different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government and is now used worldwide. It supersedes
the Data Encryption Standard (DES), which was published in 1977. The algorithm described by
AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and
decrypting the data.
This standard specifies the Rijndael algorithm ([3] and [4]), a symmetric block cipher that can
process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits.
Rijndael was designed to handle additional block sizes and key lengths, however they are not
adopted in this standard.
Rijndael is an iterated block cipher with a variable block length and a variable key length. The
block length and the key length can be independently specified to 128, 192 or 256 bits.
The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are
sufficient to protect classified information up to the SECRET level. TOP SECRET information
will require use of either the 192 or 256 key lengths. The implementation of AES in products
intended to protect national security systems and/or information must be reviewed and certified
by NSA prior to their acquisition and use.
For cryptographers, a cryptographic "break" is anything faster than a brute forceperforming
one trial decryption for each key (see Cryptanalysis). This includes results that are infeasible
with current technology. The largest successful publicly known brute force attack against any
block-cipher encryption was against a 64-bit RC5 key by distributed.net in 2006.
AES has a fairly simple algebraic description. In 2002, a theoretical attack, termed the "XSL
attack", was announced byNicolas Courtois and Josef Pieprzyk, purporting to show a weakness
in the AES algorithm due to its simple description. Since then, other papers have shown that the
attack as originally presented is unworkable; see XSL attack on block ciphers.
During the AES process, developers of competing algorithms wrote of Rijndael, "...we are
concerned about [its] use...in security-critical applications."[17] However, in October 2000 at the
end of the AES selection process, Bruce Schneier, a developer of the competing
algorithm Twofish, wrote that while he thought successful academic attacks on Rijndael would
be developed someday, he does not "believe that anyone will ever discover an attack that will
allow someone to read Rijndael traffic.
Side-channel attacks
Side-channel attacks do not attack the underlying cipher, and thus are not related to security in
that context. They rather attack implementations of the cipher on systems which inadvertently
leak data. There are several such known attacks on certain implementations of AES.
In April 2005, D.J. Bernstein announced a cache-timing attack that he used to break a custom
server that used OpenSSL's AES encryption. The attack required over 200 million chosen
plaintexts. The custom server was designed to give out as much timing information as possible
(the server reports back the number of machine cycles taken by the encryption operation);
however, as Bernstein pointed out, "reducing the precision of the server's timestamps, or
eliminating them from the server's responses, does not stop the attack: the client simply uses
round-trip timings based on its local clock, and compensates for the increased noise by averaging
over a larger number of samples."
Performance
High speed and low RAM requirements were criteria of the AES selection process. Thus AES
performs well on a wide variety of hardware, from 8-bit smart cards to high-performance
computers.
On a Pentium Pro, AES encryption requires 18 clock cycles per byte, equivalent to a throughput
of about 11 MB/s for a 200 MHz processor. On a 1.7 GHz Pentium M throughput is about
60 MB/s.
On Intel Core i3/i5/i7 and AMD APU and FX CPUs supporting AES-NI instruction
set extensions, throughput can be over 700 MB/s per thread.
Implementation
Rijndael is free for any use public or private, commercial or non-commercial. The authors of
Rijndael used to provide a homepage[1] for the algorithm. Care should be taken when
implementing AES in software. Like most encryption algorithms, Rijndael was designed onbigendian systems. For this reason, little-endian systems, which include the common PC, return
correct test vector results only through swapping bytes of the input and output words.
C++ library
Botan has implemented Rijndael since its very first release in 2001
Java Cryptography Extension, integrated in the Java Runtime Environment since version
1.4.2
IAIK JCE
SJCL library - contains JavaScript implementations of AES in CCM, CBC, OCB and GCM
modes - sjcl
AES-JS - portable JavaScript implementation of AES ECB and CTR modes - aes-js
Forge - JavaScript implementations of AES in CBC, CTR, OFB, CFB, and GCM
modes forge
asmCrypto - JavaScript implementation of popular cryptographic utilities with focus on
performance. Supports CBC, CFB, CCM, GCM modes. asmcrypto.js
pidCrypt - open source JavaScript library. Only supports the CBC and CTR modes. pidCrypt
Rijndael
Of the five Round-2 finalists, Rijndael selected by the NIST as the proposed AES algorithm. It
was developed and submitted by two Belgian cryptographers named Dr. Joan Daemen and Dr.
Vincent Rijmen. Rijndael is a block cipher. Block ciphers are the most common form of private
key algorithms. They transform a short string to a string of the same length under control of a
secret key and usually involve between 8 and 32 rounds, which use half the value as input, and
whose output is XORd with the other half.
From the authors themselves, here are the reasons that make Rijndael stand out from the other
finalists:
In addition the algorithm can be implemented very efficiently on a wide range of processors and
in hardware (smart cards, for example). Compared to the other finalists, it has the shortest
encryption/decryption time, and provides the best performance of all the candidates when both
hardware and software performance was taken into account.
Future scope
Once the AES becomes an official standard, that standard will be formally reevaluated every
five years. If needed, certain maintenance activities for the standard will be developed
whenever circumstances dictate.1
Recent laws have reformed export restrictions on American-made encryption products. Aware of
these changes, the NIST required that all submissions conform to the new laws. The new
standard will be exportable, and all current implementations in proprietary systems will just need
to be reviewed prior to being exported. The Department of Commerces Bureau of Export
Administration maintains export regulations.
Commercially, companies are not required to adopt the new standard, but are welcome to.
Rijndael hasnt officially been named the standard, however many technology developers and
companies are committing to the new standard, as commercial use will be the largest audience.
At present, it is not possible to design a block cipher which is both very fast and secure. Most
ciphers are secure after many rounds, however they are too slow after many rounds.
Improvements have been made, although performance is the expense.
Most designs, like Rijndael, are developed in a trial-and-error environment. Cryptography will
be around for a long, long time. There may be changes on the horizon such as, key lengths,
which will become longer as hackers continue to advance their attacks. In response, algorithms
will become more highly evolved - and innovations that are not even contemplated today will
emerge in the not-so-distant future.
References
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard