用新的高级加密标准AES保持你的数据安全毕业论文外文翻译.docx
《用新的高级加密标准AES保持你的数据安全毕业论文外文翻译.docx》由会员分享,可在线阅读,更多相关《用新的高级加密标准AES保持你的数据安全毕业论文外文翻译.docx(18页珍藏版)》请在冰点文库上搜索。
用新的高级加密标准AES保持你的数据安全毕业论文外文翻译
KeepYourDataSecurewiththeNewAdvancedEncryptionStandard
JamesMcCaffrey
SUMMARY
TheAdvancedEncryptionStandard(AES)isaNationalInstituteofStandardsandTechnologyspecificationfortheencryptionofelectronicdata.Itisexpectedtobecometheacceptedmeansofencryptingdigitalinformation,includingfinancial,telecommunications,andgovernmentdata.ThisarticlepresentsanoverviewofAESandexplainsthealgorithmsituses..AfterreadingthisarticleyouwillbeabletoencryptdatausingAES,testAES-basedsoftware,anduseAESencryptioninyoursystems.
NotethatthecodepresentedinthisarticleandanyotherimplementationbasedonthisarticleissubjecttoapplicableFederalcryptographicmoduleexportcontrols(seeCommercialEncryptionExportControlsfortheexactregulations).
AESisanewcryptographicalgorithmthatcanbeusedtoprotectelectronicdata.Specifically,AESisaniterative,symmetric-keyblockcipherthatcanusekeysof128,192,and256bits,andencryptsanddecryptsdatainblocksof128bits(16bytes).Unlikepublic-keyciphers,whichuseapairofkeys,symmetric-keyciphersusethesamekeytoencryptanddecryptdata.Encrypteddatareturnedbyblockciphershavethesamenumberofbitsthattheinputdatahad.Iterativeciphersusealoopstructurethatrepeatedlyperformspermutationsandsubstitutionsoftheinputdata.Figure1showsAESinactionencryptingandthendecryptinga16-byteblockofdatausinga
192-bitkey.
Figure1SomeData
AESisthesuccessortotheolderDataEncryptionStandard(DES).DESwasapprovedasaFederalstandardin1977andremainedviableuntil1998whenacombinationofadvancesinhardware,software,andcryptanalysistheoryallowedaDES-encryptedmessagetobedecryptedin56hours.SincethattimenumerousothersuccessfulattacksonDES-encrypteddatahavebeenmadeandDESisnowconsideredpastitsusefullifetime.
Inlate1999,theRijndael(pronounced"raindoll")algorithm,createdbyresearchersJoanDaemenandVincentRijmen,wasselectedbytheNISTastheproposalthatbestmetthedesigncriteriaofsecurity,implementationefficiency,versatility,andsimplicity.AlthoughthetermsAESandRijndaelaresometimesusedinterchangeably,theyaredistinct.AESiswidelyexpectedtobecomethedefactostandardforencryptingallformsofelectronicdataincludingdatausedincommercialapplicationssuchasbankingandfinancialtransactions,telecommunications,andprivateandFederalinformation.
OverviewoftheAESAlgorithm
TheAESalgorithmisbasedonpermutationsandsubstitutions.Permutationsarerearrangementsofdata,andsubstitutionsreplaceoneunitofdatawithanother.AESperformspermutationsandsubstitutionsusingseveraldifferenttechniques.Toillustratethesetechniques,let'swalkthroughaconcreteexampleofAESencryptionusingthedatashowninFigure1.
Thefollowingisthe128-bitvaluethatyouwillencryptwiththeindexesarray:
00112233445566778899aabbccddeeff
0123456789101112131415
The192-bitkeyvalueis:
000102030405060708090a0b0c0d0e0f1011121314151617
01234567891011121314151617181920212223
Figure2Sbox
WhentheAESconstructoriscalled,twotablesthatwillbeusedbytheencryptionmethodareinitialized.ThefirsttableisasubstitutionboxnamedSbox.Itisa16×16matrix.ThefirstfiverowsandcolumnsofSboxareshowninFigure2.Behindthescenes,theencryptionroutinetakesthekeyarrayandusesittogeneratea"keyschedule"tablenamedw[],showninFigure3.
Figure3KeySched.
ThefirstNk(6)rowsofw[]areseededwiththeoriginalkeyvalue(0x00through0x17)andtheremainingrowsaregeneratedfromtheseedkey.ThevariableNkrepresentsthesizeoftheseedkeyin32-bitwords.You'llseeexactlyhoww[]isgeneratedlaterwhenIexaminetheAESimplementation.Thepointisthattherearenowmanykeystouseinsteadofjustone.Thesenewkeysarecalledtheroundkeystodistinguishthemfromtheoriginalseedkey.
Figure4State
TheAESencryptionroutinebeginsbycopyingthe16-byteinputarrayintoa4×4bytematrixnamedState(seeFigure4).TheAESencryptionalgorithmisnamedCipherandoperatesonState[]andcanbedescribedinpseudocode(seeFigure5).
Theencryptionalgorithmperformsapreliminaryprocessingstepthat'scalledAddRoundKeyinthespecification.AddRoundKeyperformsabyte-by-byteXORoperationontheStatematrixusingthefirstfourrowsofthekeyschedule,andXORsinputState[r,c]withroundkeystablew[c,r].
Forexample,ifthefirstrowoftheStatematrixholdsthebytes{00,44,88,cc},andthefirstcolumnofthekeyscheduleis{00,04,08,0c},thenthenewvalueofState[0,2]istheresultofXORingState[0,2](0x88)withw[2,0](0x08),or0x80:
10001000
00001000XOR
10000000
ThemainloopoftheAESencryptionalgorithmperformsfourdifferentoperationsontheStatematrix,calledSubBytes,ShiftRows,MixColumns,andAddRoundKeyinthespecification.TheAddRoundKeyoperationisthesameasthepreliminaryAddRoundKeyexceptthateachtimeAddRoundKeyiscalled,thenextfourrowsofthekeyscheduleareused.TheSubBytesroutineisasubstitutionoperationthattakeseachbyteintheStatematrixandsubstitutesanewbytedeterminedbytheSboxtable.Forexample,ifthevalueofState[0,1]is0x40andyouwanttofinditssubstitute,youtakethevalueatState[0,1](0x40)andletxequaltheleftdigit(4)andyequaltherightdigit(0).ThenyouusexandyasindexesintotheSboxtabletofindthesubstitutionvalue,asshowninFigure2.
ShiftRowsisapermutationoperationthatrotatesbytesintheStatematrixtotheleft.Figure6showshowShiftRowsworksonState[].Row0ofStateisrotated0positionstotheleft,row1isrotated1positionleft,row2isrotated2positionsleft,androw3isrotated3positionsleft.
Figure6RunningShiftRowsonState
TheMixColumnsoperationisasubstitutionoperationthatisthetrickiestpartoftheAESalgorithmtounderstand.Itreplaceseachbytewiththeresultofmathematicalfieldadditionsandmultiplicationsofvaluesinthebyte'scolumn.Iwillexplainthedetailsofspecialfieldadditionandmultiplicationinthenextsection.
SupposethevalueatState[0,1]is0x09,andtheothervaluesincolumn1are0x60,0xe1,and0x04;thenthenewvalueforState[0,1]isshowninthefollowing:
State[0,1]=(State[0,1]*0x01)+(State[1,1]*0x02)+(State[2,1]*0x03)+(State[3,1]*0x01)=(0x09*0x01)+(0x60*0x02)+(0xe1*0x03)+(0x04*0x01)
=0x57
Theadditionandmultiplicationarespecialmathematicalfieldoperations,nottheusualadditionandmultiplicationonintegers.
ThefouroperationsSubBytes,ShiftRows,MixColumns,andAddRoundKeyarecalledinsidealoopthatexecutesNrtimes—thenumberofroundsforagivenkeysize,less1.Thenumberofroundsthattheencryptionalgorithmusesiseither10,12,or14anddependsonwhethertheseedkeysizeis128,192,or256bits.Inthisexample,becauseNrequals12,thefouroperationsarecalled11times.Afterthisiterationcompletes,theencryptionalgorithmfinishesbycallingSubBytes,ShiftRows,andAddRoundKeybeforecopyingtheStatematrixtotheoutputparameter.
Insummary,therearefouroperationsthatareattheheartoftheAESencryptionalgorithm.AddRoundKeysubstitutesgroupsof4bytesusingroundkeysgeneratedfromtheseedkeyvalue.SubBytessubstitutesindividualbytesusingasubstitutiontable.ShiftRowspermutesgroupsof4bytesbyrotating4-byterows.MixColumnssubstitutesbytesusingacombinationofbothfieldadditionandmultiplication.
FieldAdditionandMultiplicationinGF(28)
Asyou'veseen,theAESencryptionalgorithmusesfairlystraightforwardtechniquesforsubstitutionandpermutation,exceptfortheMixColumnsroutine.TheMixColumnsroutineusesspecialadditionandmultiplication.TheadditionandmultiplicationusedbyAESarebasedonmathematicalfieldtheory.Inparticular,AESisbasedonafieldcalledGF(28).
TheGF(28)fieldconsistsofasetof256valuesfrom0x00to0xff,plusadditionandmultiplication,hencethe(28).GFstandsforGaloisField,namedafterthemathematicianwhofoundedfieldtheory.OneofthecharacteristicsofGF(28)isthattheresultofanadditionormultiplicationoperationmustbeintheset{0x00...0xff}.Althoughthetheoryoffieldsisratherdeep,thenetresultforGF(28)additionissimple:
GF(28)additionisjusttheXORoperation.
MultiplicationinGF(28)istrickier,however.Asyou'llseelaterintheC#implementation,theAESencryptionanddecryptionroutinesneedtoknowhowtomultiplybyonlythesevenconstants0x01,0x02,0x03,0x09,0x0b,0x0d,and0x0e.SoinsteadofexplainingGF(28)multiplicationtheoryingeneral,Iwillexplainitjustforthesesevenspecificcases.
Multiplicationby0x01inGF(28)isspecial;itcorrespondstomultiplicationby1innormalarithmeticandworksthesameway—anyvaluetimes0x01equalsitself.
Nowlet'slookatmultiplicationby0x02.Asinthecaseofaddition,thetheoryisdeep,butthenetresultisfairlysimple.Ifthevaluebeingmultipliedislessthan0x80,thentheresultofmultiplicationisjustthevalueleft-shifted1bitposition.Ifthevaluebeingmultipliedisgreaterthanorequalto0x80,thentheresultofmultiplicationisthevalueleft-shifted1bitpositionXORedwiththevalue0x1b.Thisprevents"fieldoverflow"andkeepstheproductofthemultiplicationinrange.
Onceyou'veestablishedadditionandmultiplicationby0x02inGF(28),youcanusethemtodefinemultiplicationbyanyconstant.Tomult
升级会员 