AES
Advanced Encryption Standard
AES
Why AES?
The Encryption Process
Types of Attacks
Current Threats to AES
Future Threats to AES
Advanced Encryption Standard
Where and Why? (1)
In September 1997 – National Institute of Standards and Technology (NIST),
requested an algorithm design for a new Advanced Encryption Standard (AES) to
replace „DES‟. The specification called for:
A symmetric algorithm using block encryption of 128 bits, supporting key sizes of a minimum of 128,
192 and 256 bits
Security of a sufficient level to protect data for the next 20 to 30 years
In 1998, 15 potential applicants were chosen
In August 1999, five algorithms were selected:
MARS – IBM Research
RC6 – RSA Security
Rijndael – Joan Daemen & Vincent Rijmen
Serpent – Ross Anderson, Eli Biham & Lars Knudsen
TwoFish – Large Research Team including Bruce Schneier
Advanced Encryption Standard
Where and Why? (2)
All were tested extensively in the programming languages of ANSI,
C and Java for characteristics such as:
Speed
Encryption and decryption speeds
Key and algorithm set-up times
Reliability
Resistance to various attacks
Finally after detailed evaluations Rijndael was considered the most efficient
algorithm with NIST reporting “it provides consistently high-end
performances for encryption, decryption and key setup”.
The table of results released by „NIST‟ shows the
performance of each algorithm against the desired
characteristics of encryption, decryption and key set-
up speeds. The value „1‟ denotes the highest score
and „3‟ denotes the lowest.
Advanced Encryption Standard
Where and Why? (3)
On 2nd October 2000, NIST announced that the Rijndael algorithm had
been selected as the proposed standard.
On 6th December 2001, the Federal Information Processing Standards
(FIP)197 was approved and released.
The Advanced Encryption Standard using the Rijndael algorithm was to be used by
the US government to encrypt top secret information
Planned use for all new commercial developments requiring a higher degree of data
security.
Internal Structure of AES
4 Transformations:
Substitute Bytes
Shift Rows
Mix Columns
Add Round Key
The Encryption Process
Attacks On AES
There are two types of threat:
Current Threats – Threats whichare at this
exact point in time, feasible to use against
AES.
Future Threats – Threats which will in the
near or distant future represent a major threat
to the security of AES.
We will now examine each in more detail.
Current Threats
Current Threats to AES
Algebraic attacks typically consist of two
steps
Collecting Step – cryptanalyst expresses
cipher as a set of simple equations in a
number of variables. These variables include
bytes from the plaintext, ciphertext and the
key.
Solving Step – cryptanalyst uses some data
input to attempt to solve the equations and
thereby recover the key.
Current Threats
XSL Attacks
Proposed by Nicolas Courtois and Josef
Pieprzyk
To break 256 bit AES
Estimated workload 2^87 or 2^100
AES‟s Substitution Box (SBOX) is the
weakest point
This has never been proven
Current Threats
Related Key Attacks (RKA‟s)
Extended model of attack to be used
against block ciphers
Best against 256 bit AES implementations
Better than exhaustive key search
However AES key schedule seems quite
resilient to RKA‟s
Current Threats
Exhaustive Key Searches (1)
Basic technique of trying each key value
until the correct key is found
Also called key length or brute force
attacks
Requires a small amount of plaintext and
the corresponding ciphertext
Can be mounted on any cipher
Cost increases as key length increases
Current Threats
Exhaustive Key Searches (2)
DES was considered secure when it was
released with a 56 bit key
Advances in technology mean a DES key
can be broken very quickly
An 80 bit key should offer security for 10-
15 years
Increases in processing power aside a 128
bit AES key should be secure until the end
of the century.
Current Threats
Exhaustive Key Search
These times were obtained using a highly powerful computer
Current Threats
Saturation Attacks
Also called square attacks
Most powerful cryptanalysis of AES to
date was by this method
Exploits the byte-oriented structure of the
cipher
Can break a reduced AES version using
only 7 rounds of encryption
But is faster than exhaustive key search
Future Threats
The known future threats to AES:
Side-Channel Attacks
Quantum Computing
Future Threats
Side-Channel Attacks (1)
Existing methods for attacks were concentrated on the messages;
Then trying to recover the key.
Side-Channel attacks look at other information
Time taken to perform an operation
How power consumption changes
Deterrents for side-channel attacks
New encryption software must be designed to mislead
Vary the processing time of identical functions (for example)
Cut Processing time
Minimising memory use
Future Threats
Side-Channel Attacks (2)
Side-Channel attacks exploit weaknesses within the implementation
of the algorithm rather than the algorithm itself.
Examples of this are:
Timing analysis
Simple power analysis
Differential power analysis
Electro-magnetic analysis
Credit Card Readers can exploit such weaknesses
Future Threats
Quantum Computing (1)
Today's PC uses bits which have two states “0 & 1”,
“on or off”
Quantum computers are not limited to two states
instead subatomic particles called qubits are used
These can exist in the states 1 or 0 and can also exist
in a superposition that is simultaneously both 1 or 0 or
somewhere in-between.
Future Threats
Quantum Computing (2)
Pictures: Early Development of Quantum Computing
www.sct.gu.edu.au/.../sci_comm/writing/qu.tech/
Future Threats
How Could
Quantum Computing Crack AES?
Many encryption standards could be broken due to the
speed
Large databases can be searched in a fraction of a second
Key exhaustion would be a primary method of cracking
AES
Shor‟s algorithm provides an exponential speed-up over
best known classical algorithms
Grover‟s algorithm could be used to search for a key that
decrypts an encrypted message
Summary
What is AES?
Internal Structure of AES
The Encryption Process
Current Threats to AES
XSL Attacks
Related Key Attacks
Exhaustive Key Search
Saturation Attacks
Future Threats to AES
Side Channel Attacks
Quantum Computing
Thank you for listening!
Any Questions?