The Advanced Encryption Standard and the RSA Algorithm
AES is the United States Government's standard for symmetric encryption, defined by FIPS Publication #197 (2001) [2, 3]. It is used in a large variety of applications where high throughput and security are required. In HTTPS, it can be used to provide confidentiality for the information that is transmitted over the Internet. AES is a symmetric encryption algorithm, which means that the same key is used for converting a plaintext to ciphertext, and vice versa. The structuree of AES is shown in Figure 2.
AES first expands a key (that can be 128, 192, or 256 bits long) into a key schedule. A key schedule is a sequence of 128-bit words, called "round keys", that are used during the encryption process. The encryption process itself is a succession of a set of mathematical transformations called AES rounds.
During an AES round the input to the round is first XOR'd with a round key from the key schedule. The exclusive OR (XOR) logical operation can also be seen as addition without generating carries.
In the next step of a round, each of the 16 bytes of the AES state is replaced by another value by using a non-linear transformation called "S-box". The AES S-box consists of two stages. The first stage is an inversion, not in regular integer arithmetic, but in a finite field arithmetic based on the set GF(28). The second stage is an affine transformation. During encryption, the input x, which is considered an element of GF(28); that is, an 8-bit vector, is first inverted, and then an affine map is applied to the result. During decryption, the input (y) goes through the inverse affine map and is then inverted in GF(28). The GF(28) inversions just mentioned are performed in The GF(28), defined by the irreducible polynomial p(x) = x8 + x4 + x3 + x + 1 or 0x11B.
Next, the replaced byte values undergo two linear transformations called ShiftRows and MixColumns. ShiftRows is just a byte permutation. The MixColumns transformation operates on the columns of a matrix representation of the AES state. Each column is replaced by another one that results from a matrix multiplication. The transformation used for encryption is shown in Equation 1. In this equation, matrix-times-vector multiplications are performed according to the rules of the arithmetic of GF(28) with the same irreducible polynomial that is used in the AES S-box, namely, p(x) = x8 + x4 + x3 + x + 1.
During decryption, inverse ShiftRows is followed by inverse MixColumns. The inverse MixColumns transformation is shown in Equation 2.
Note that while the MixColumns transformation multiplies the bytes of each column with the factors 1, 1, 2 and 3, the inverse MixColumns transformation multiplies the bytes of each column by the factors 0x9, 0xE, 0xB, and 0xD. The same process is repeated 10, 12, or 14 times depending on the key size (128, 192, or 256 bits). The last AES round omits the MixColumns transformation.
RSA is a public key cryptographic scheme. The main idea behind public key cryptography is that encryption techniques can be associated with back doors. By back doors we mean secrets, known only to at least one of the communicating parties, which can simplify the decryption process. In public key cryptography, a message is encrypted by using a public key. A public key is associated with a secret called the private key. Without knowledge of the private key it is difficult to decrypt a message. Similarly, it is very difficult for an attacker to determine what the plaintext is.
We further explain how public key cryptography works by presenting the RSA algorithm as an example. In this algorithm, the communicating parties choose two random large prime numbers p and q. For maximum security, p and q are of equal length. The communicating parties then compute the product:
Then the parties choose the public key E, such that the numbers E and (p-1) * (q-1) are relatively prime. The private key associated with the public key is a number D, such that:
The encryption formula is simply:
where M is the plaintext and C is the ciphertext. The decryption formula is similarly:
One can show that the decryption formula is correct by using elements of number theory:
The above calculation is correct since (p-1) * (q-1) is the Euler function of the product p * q, and we know from number theory (by using the Little Fermat Theorem) that:
for some l. D and E can be used interchangeably, meaning that encryption can be done by using D, and decryption can be done by using E.
RSA is typically implemented using Chinese Remainder Theorem that reduces a single modular exponentiation operation into two operations of half length. Each modular exponentiation in turn is implemented, by using the square-and-multiply technique that reduces the exponentiation operation into a sequence of modular squaring and modular multiplication operations. Square-and-multiply may also be augmented with some windowing method for reducing the number of modular multiplications. Finally, modular squaring and multiplication operations can be reduced to big number multiplications by using reduction techniques such as Montgomery's or Barrett's [4, 5].