中国矿业大学：《密码学》课程教学资源（PPT讲稿）认证协议（Authentication Protocol）Block ciphers-AES

Block ciphers-AES Advanced Encryption Standard 曹天杰 Tianjie Cao ticao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou China 中国矿业大学计算机科学与技术学院 2003.523

1 曹天杰 Tianjie Cao tjcao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou, China 中国矿业大学计算机科学与技术学院 2003.5.23 Block ciphers-AES Advanced Encryption Standard

Origins of aes Security Software Hardware Efficiency Efficiency Flexibility

2 Security Software Efficiency Hardware Efficiency Flexibility Origins of AES

Flexibility Additional key-sizes and block-sizes ability to function efficiently and securely in a wide variety of platforms and applications low-end smartcards, wireless: small memory requirements IPSec, atM-small key setup time in hardware B-ISDN, Satellite communication -large encryption speed

3 • Additional key-sizes and block-sizes • Ability to function efficiently and securely in a wide variety of platforms and applications low-end smartcards, wireless: small memory requirements IPSec, ATM – small key setup time in hardware B-ISDN, satellite communication – large encryption speed Flexibility

AES Contest 1997-2001 June 1998 15 Candidates Round 1 from USA, Canada, Belgium, Security France, Germany, Norway, UK, Israel Software efficiency Korea, Japan, Australia, Costa rica Flexibility August 1999 Round 2 5 final candidates Security Mars, RC6, Rijndael, Serpent, Twofish Hardware efficien October 2000 I winner: Rijndael Belgium

4 15 Candidates from USA, Canada, Belgium, France, Germany, Norway, UK, Israel, Korea, Japan, Australia, Costa Rica June 1998 August 1999 October 2000 1 winner: Rijndael Belgium 5 final candidates Mars, RC6, Rijndael, Serpent, Twofish Round 1 Round 2 Security Software efficiency Flexibility Security Hardware efficiency AES Contest 1997-2001

AES In 1999. nist issued a new standard that said BDES Should be used 168-bit key length Algorithm is the same as des 3DES had drawbacks Algorithm is sluggish in software Only uses 64-bit block size In 1997, NiST issued a calls for proposals for the new Advanced Encryption Standard(aes) security strength >=3DES improved efficiency must be a symmetric block cipher (128-bit key lengths of 128. 192 and 256 bits

5 AES • In 1999, NIST issued a new standard that said 3DES should be used – 168-bit key length – Algorithm is the same as DES • 3DES had drawbacks – Algorithm is sluggish in software – Only uses 64-bit block size • In 1997, NIST issued a calls for proposals for the new Advanced Encryption Standard (AES) – security strength >= 3DES – improved efficiency – must be a symmetric block cipher (128-bit) – key lengths of 128, 192, and 256 bits

AES Evaluation Criteria used by nist to evaluate potential candidates Initial criteria Security ·COS Algorithm characteristics Final criteria General security hardware Implementations Software Implementations Attacks on Implementations Restricted-space environments Encryption Vs. Decryption Flexibility Key agility

6 AES Evaluation • Criteria used by NIST to evaluate potential candidates – Initial Criteria: • Security • Cost • Algorithm characteristics – Final Criteria: •General Security •Software Implementations •Restricted-space environments •Flexibility •Hardware Implementations •Attacks on Implementations •Encryption vs. Decryption •Key agility

Europe NESSIE Project New European Schemes for Signatures, Integrity, and encryption 2000-2002 Japan CRYPTREC Proiect 2000-2002

7 NESSIE Project New European Schemes for Signatures, Integrity, and Encryption 2000-2002 CRYPTREC Project 2000-2002 Europe Japan

NESSIE, CRYPTREC Multiple types of transformations: Symmetric-key block ciphers Stream ciphers Hash functions ·MACs Asymmetric encryption schemes Asymmetric digital signature schemes Asymmetric identification schemes Development of methodology of a fair evaluation and comparison of algorithms belonging to the same class including software and hardware efficiency

8 Multiple types of transformations: Development of methodology of a fair evaluation and comparison of algorithms belonging to the same class, including software and hardware efficiency • Symmetric-key block ciphers • Stream ciphers • Hash functions • MACs • Asymmetric encryption schemes • Asymmetric digital signature schemes • Asymmetric identification schemes NESSIE, CRYPTREC

Survey filled by 167 participants of the Third aEs Conference, April 2000 f votes 100 90 80 70 60 50 30 20 5-5-5555555- Rijndael serpent Twofish RC6 Mars

0 9 10 20 30 40 50 60 70 80 90 100 Rijndael Serpent Twofish RC6 Mars Survey filled by 167 participants of the Third AES Conference, April 2000 # votes

Speed of the final aes candidates in hardware Speed Mbit/s K Gai, P. Chodowiec, AES3, April, 2000 500 450 400 350 300 250 200 150 100 50 Serpent rijndael twofish RC6 Mars

10 0 50 100 150 200 250 300 350 400 450 500 Serpent Rijndael Twofish RC6 Mars Speed of the final AES candidates in hardware Speed [Mbit/s] K.Gaj, P. Chodowiec, AES3, April, 2000