Cryptology II.6 AES

a7Hzq .#5r< kÜ\as TâÆK$ ûj(Ö2 ñw%h: Úk{4R f~`z8 ¤˜Æ+Ô „&¢Dø

Contents

1. The structure of AES [PDF]
2. The arithmetic of the base field [PDF]
3. Linear Cryptanalysis
4. Differential cryptanalysis
5. The Wide-Trail strategy

Here is the complete section as a PDF file. Furthermore you find

• the (raw) S-Box of AES—the true S-box derives from this by composition with an affine map, effecting a permutation of rows and columns of the linear and differential profiles.
• the result of the Fourier analysis—caution: long (2.3 MB)
• a graphical illustration of the differential profile

Introduction

The cipher AES (»Advanced Encryption Standard«) is the successor of the obsolete DES. It was adopted after a thorough competitive selection procedure in 2001. The winner of the competiton was the Belgian algorithm Rijndael, henceforth called AES, sparing English speaking people the plight of correct pronunciation, and neglecting a small difference in the specifications: Rijndael contains some extended parameter options that are not standardized for AES.

AES is a multiple cipher with several rounds but not a Feistel cipher, not even an SP-network in the proper sense. The kernel map is based on an S-box that essentially is the multiplicative inversion in the finite field F₂₅₆. For a comprehensive analysis of the nonlinear properties of this S-box see Appendix D.

In this text we only give an introduction into the overall scheme and the kernel map. The inventors Joan Daemen and Vincent Rijmen themselves published a book that provides a very comprehensive und comprehensible description of the method:

Joan Daemen, Vincent Rijmen, The Design of Rijndael. AES – The Advanced Encryption Standard. Springer-Verlag, Berlin 2002. ISBN 3-540-42580-2.