武汉大学密码学课件-张焕国教授

111111121222HASHHASHAESAES11••19971997AESAES••••••••••AESAES22AESAES198419841212DESDES1991199119941994EESEES1995199555M.BlazeM.BlazePCPC45451995199577EESEES19971997AESAESAESAESDESEESAESAESAES33AESAESAESAES44::128,128,128/192/256128/192/256,,128128::::≥≥1010AESAES5566••••AESAES128S128NrNrNrNr11AESAESGF(2GF(288))••GF(2)GF(2)88GF(2GF(288))••GF(2GF(288))••GF(2GF(288))••GF(2GF(288))GFGF2288={a={a77,a,a66,…a,…a11,a,a00}}GFGF2288={a={a77xx77+a+a66xx66+…+a+…+a11x+ax+a00}}GF(2GF(288)*={)*={αα00,,αα11……αα254254}}GF(2GF(288)*={0,)*={0,1…1…254254}}••GF(2GF(288))2222AESAESGF(2GF(288))••AESAESm(x)=xm(x)=x88+x+x44+x+x33+x+1+x+1••AESAESGF(2GF(288))575722AESAESGF(2GF(288))••222257578383D4D4••m(x)m(x)3357578383C1C1010111••a(x)a(x)b(x)b(x)a(x)b(x)=1a(x)b(x)=1modmodm(x)m(x)EuclidEuclid22AESAESGF(2GF(288))••xxxtimextimexxGF(2GF(288))xtime(57)=xtime(57)=xtime(83)=xtime(83)=xx7700xx7711m(x)m(x)xx88+x+x44+x+x33+x+1+x+133AESAES••AESAES••44••57834AD15757834AD15783834A4AD1D1••••33AESAES••a(x)=aa(x)=a33xx33+a+a22xx22+a+a11x+ax+a00c(x)=cc(x)=c33xx33+c+c22xx22+c+c11x+cx+c00b(x)=bb(x)=b33xx33+b+b22xx22+b+b11x+bx+b0000=a=a00cc00++aa33cc11++aa22cc22++aa11cc33bb11=a=a11cc00++aa00cc11++aa33cc22++aa22cc33bb22=a=a22cc00++aa11cc11++aa00cc22++aa33cc33bb33=a=a33cc00++aa22cc11++aa11cc22++aa00cc3333AESAES••33AESAES••••AESAES11AESAES22AESAES22NbNbNkNkNrNrNbNb44NkNk44aa0,00,0aa0,10,1aa0,20,2aa0,30,3kk0,00,0kk0,10,1kk0,20,2kk0,30,3aa1,01,0aa1,11,1aa1,21,2aa1,31,3kk1,01,0kk1,11,1kk1,21,2kk1,31,3aa2,02,0aa2,12,1aa2,22,2aa2,32,3kk2,02,0kk2,12,1kk2,22,2kk2,32,3aa3,03,0aa3,13,1aa3,23,2aa3,33,3kk3,03,0kk3,13,1kk3,23,2kk3,33,3AESAES22NbNbNkNkNrNrNrNrNb=Nb=44Nb=Nb=66Nb=Nb=88Nk=Nk=44101012121414Nk=Nk=66121212121414Nk=Nk=88141414141414AESAES33Round(State,RoundKey)Round(State,RoundKey)⎨⎨ByteSub(State)ByteSub(State);;SSShiftRow(State)ShiftRow(State);;MixColumn(State)MixColumn(State);;AddRoundKey(State,RoundKey)AddRoundKey(State,RoundKey)⎬⎬AESAES33Round(State,RounKey)Round(State,RounKey)⎨⎨ByteSub(State)ByteSub(State);;SSShiftRow(State)ShiftRow(State);;AddRoundKey(State,RoundKey)AddRoundKey(State,RoundKey)⎬⎬AESAES44SSByteSub(State)ByteSub(State)SSAESAESAESAESAESAES1616SSDESDES88SSAESAESSS8888DESDESSS6644S(AES)S(DES)88886644AESAES44SSByteSub(State)ByteSub(State)SS::a)a)GF(GF(2288))b)b)a)a)xx00xx77yy00yy77AESAES44SSByteSub(State)ByteSub(State)yy001100000011111111xx0011yy111111000000111111xx1111yy221111110000001111xx2200yy33==1111111100000011xx33++00yy441111111111000000xx4400yy550011111111110000xx5511yy660000111111111100xx6611yy770000001111111111xx7711AESAES44SSByteSub(State)ByteSub(State)zzSSzz551155zz551155AESAES55ShiftRow(State)ShiftRow(State)0011C1C122C2C233C3C3C1C1C2C2C3C3NbC1C2C3NbC1C2C34123412361236123AESAES55ShiftRow(State)ShiftRow(State)AESAESAESAES66MixColumn(State)MixColumn(State)GF(2GF(288))a(x)a(x)c(x)c(x)xx44+1:+1:b(x)=a(x)c(x)modxb(x)=a(x)c(x)modx44+1+1c(x)=03xc(x)=03x33+01x+01x22+01x+02+01x+02xx44++1166MixColumn(State)MixColumn(State)••AESAES77AddRoundKey()AddRoundKey()AESAESByteSubByteSubRconRconWW00WW11WW22…W…WNkNk--11WWNkNkWWNk+1Nk+1……••jjNkNk::WWjjWWjj--NkNkWWjj--11••jjNkNk::WWjjWWjj--NkNkByteSubByteSub(Rotl(Rotl((WWjj--11))))Rcon[j/Nk];Rcon[j/Nk];•••‘‘’’’’’’‘‘’’••ByteSubByteSub••ByteSubByteSubNkNk66NkNkByteSubByteSubByteSubByteSub……………………AESAESEncryptionEncryptionState,CipherKeyState,CipherKey{{KeyExpansion(CipherKey,KeyExpansion(CipherKey,RoundKeyRoundKey))AddRoundKey(State,AddRoundKey(State,RoundKeyRoundKey))For(I=1;INr;I++)For(I=1;INr;I++)Round(State,Round(State,RoundKeyRoundKey)){ByteSub(State);{ByteSub(State);ShiftRow(State);ShiftRow(State);MixColumn(State);MixColumn(State);AddRoundKey(State,AddRoundKey(State,RoundKeyRoundKey)})}FinalRound(State,FinalRound(State,RoundKeyRoundKey)){ByteSub(State);{ByteSub(State);ShiftRow(State);ShiftRow(State);AddRoundKey(State,AddRoundKey(State,RoundKeyRoundKey))}}}}::•••AESAES••AESAES••AESAES••AESAES11((AddRoundKey)AddRoundKey)--11=AddRoundKey=AddRoundKey22NbNb--C1C1NbNb--C2C2NbNb--C3C3AESAES33••c(x):c(x):••c(x)c(x)•c(x)=03xc(x)=03x33+01x+01x22+01x+02+01x+02••d(x)=0Bxd(x)=0Bx33+0Dx+0Dx22+09x+0E+09x+0EAESAES44SS••••GF(2GF(288))AESAES••SSyy00xx00yy11xx11yy22xx22yy33xx33yy44xx44yy55xx55yy66xx66yy77xx77AESAES55••••InvMixColumnInvMixColumnAESAES66••Inv_Round(State,Inv_RoundKey)Inv_Round(State,Inv_RoundKey){{Inv_ByteSub(State)Inv_ByteSub(State);;Inv_ShiftRow(State)Inv_ShiftRow(State);;Inv_MixColunm(State)Inv_MixColunm(State);;AddRoundKey(State,Inv_RoundKey)AddRoundKey(State,Inv_RoundKey);;}}AESAES66••Inv_FinalRound(State,Inv_RoundKey)Inv_FinalRound(State,Inv_RoundKey){Inv_ByteSub(State);{Inv_ByteSub(State);Inv_ShiftRow(State);Inv_ShiftRow(State);AddRoundKey(State,Inv_RoundKey);AddRoundKey(State,Inv_RoundKey);}}AESAESAESAES••••••Decryption(State,CipherKey)Decryption(State,CipherKey)Inv_KeyExpansion(CipherKey,Inv_Inv_KeyExpansion(CipherKey,Inv_RoundKey)RoundKey);;AddRoundKey(State,Inv_AddRoundKey(State,Inv_RoundKey)RoundKey);;For(I=For(I=11;;INrINr;;I++)I++)Inv_Round(State,Inv_Round(State,Inv_Inv_RoundKey)Roun