Seminar Block Ciphers DES&AES

B.
Block Ciphers
B.1. Data Encryption Standard
1. Being given the chosen 56-bit cipher key POVESTE, compute the 64-bit key (i.e., as normally
given for DES). Chosen parity type is odd.
We shall recall the fact that the DES cipher key is normally given as a 64-bit key in which 8 extra bits, i.e.,
bits 8, 16, 24, 32, 40, 48, 56 and 64) are the parity bits, which are dropped before the actual key-generation
process.
Thus, with the aid of ASCII Table1, one can writhe the hexadecimal representation of the chosen 56-bit
cipher key as follows: 0x50 4F 56 45 53 54 45.
In what follows, parity bits are inserted:
56-bit K Retained bits Parity bit Remaining bits 64-bit K
50 0 1 0 1 0 0 0 1 0 51
4F 0 0 1 0 0 1 1 0 1 1 26
56 1 1 0 1 0 1 0 1 1 1 0 D5
45 1 1 0 0 1 0 0 0 0 1 0 1 C8
53 0 1 0 1 0 1 0 0 1 0 0 1 1 54
54 1 0 0 1 1 0 1 1 0 1 0 1 0 0 9B
45 0 1 0 1 0 0 0 1 1 0 0 0 1 0 1 51
- 1 0 0 0 1 0 1 0 - - - - - - - 9A
R: 0x51 26 D5 C8 54 9B 51 9A
2. Being given the 8th round 56-bit encryption key (i.e., before compression) 0xC0 14 03 F0 83 5F 2C,
compute the 9th round encryption key.
The round key is divided into two 28-bit halves. Each halve is circularly shifted to the left one or two bits,
according to the following table (i.e., in round 1, 2, 9 and 16, shifting is one bit; in the other rounds, it is
two bits):
Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Bit shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Thus, in the given case, the two halves are circularly shifted to the left one bit:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
1 1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1
1 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 1 1 1 0 0 1 0 1 1 0 0
0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 1 1 1 0 0 1 0 1 1 0 0 0
Then, the resulted 56-bit key is compressed (i.e., using the key-compression box) to produce the 48-bit
round key:
= 0011.1001.0000.1000.1000.1010.1100.1000.0100.1010.0110.1001
R: 0x39 08 8A C8 4A 69
1
www.asciitable.com, APPENDIX F
Key-compression box
14 17 11 24 01 05 03 28
15 06 21 10 23 19 12 04
26 08 16 07 27 20 13 02
41 52 31 37 47 55 30 40
51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32
3. Find the output of the initial permutation box (i.e., IP) when the input is given in hexadecimal as
0x00 02 00 00 00 00 00 01.
The input has only two 1s (i.e., bit 15 and bit 64); the output must also have only two 1s. Using the Initial
Permutation box (i.e., following table), we can find the output related to these two bits. Bit 15 in the input
becomes bit 63 in the output whilst bit 64 in the input becomes bit 25 in the output. So, the output has
only two 1s, bit 25 and bit 63.
R: 0x00 00 00 80 00 00 00 02
Initial Permutation
58 50 42 34 26 18 10 02
60 52 44 36 28 20 12 04
62 54 46 38 30 22 14 06
64 56 48 40 32 24 16 08
57 49 41 33 25 17 09 01
59 51 43 35 27 19 11 03
61 53 45 37 29 21 13 05
63 55 47 39 31 23 15 07
4. Show the result of passing 000000 through S-box 4.

We have to follow the pre-determined rule based on a 4-row by 16-column table, i.e., the combination of
bits 1 and 6 of the input defines one of the four rows whilst the combination of bits 2 through 5 defines
one of the sixteen columns.
The following table represents S-box 4:
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
Thus, according to the rule, if we write the first and the sixth bits together (i.e., the combination {0, 0}),
we get 0 in decimal (i.e., = 0). The remaining bits (i.e., the combination {0, 0, 0, 0}) are 0 in
decimal (i.e., = 0). We look for the value in row 0, column 0, in S-box 4.
The result is 7 in decimal (i.e., ( , ) = 7), which is 0111 in binary. So, the
input 000000 yields the output 0111.
5. Being given the 48-bit round key 0xA1 92 A2 3B 23 C1, resp., 16th rounds 64-bit input ciphertext
0x46 B9 43 7A 17 7F 28 7F, trace the data through rounds Fiestel structure (i.e., function f).
Since the input of the f function is 32-bit long and the key size is 48-bit, we first need to expand rounds
right halve, using the following predetermined rule: (i) the 32-bit right halve is divided into 8 4-bit sections;
(ii) each 4-bit section is then expanded to 6 bits, i.e., for each section, input bits 1, 2, 3 and 4 are copied to
output bits 2, 3, 4 and 5, resp., output bit 1 comes from bit 4 of the previous section whilst output bit 6
comes from bit 1 of the next sections. Associated Expansion box is the following:
32 01 02 03 04 05
04 05 06 07 08 09
08 09 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 01
Thus, with = 0x17 7F 28 7F, we have = 0x8A EB FE 95 03 FE.

Then, after XORing with rounds key, we have _
= 0x2B 79 5C AE 20 3F.
Next, the 48-bit data is divided into 8 6-bit sections, and each section is fed into an S-box (i.e., one S-box
for each 6-bit section, as shown in APPENDIX B). The substitution in each box follows a pre-determined
rule: the combination of bits 1 and 6 of the input defines one of the four rows whilst the combination of
bits 2 through 5 defines one of the sixteen columns. Thus, _ = 0xFC D4 EE 4B.
Finally, the round permutation (i.e., shown in table below) is applied to the 32-bit _
, thus resulting
the output of DESs f function: 0x1D BF 9B 9A. These 32 bits are then XORed with 0x46 B9 43 7A (i.e.,
) to compute rounds output = .
Round permutation box
16 07 20 21 29 12 28 17
01 15 23 26 05 18 31 10
02 08 24 14 32 27 03 09
19 13 30 06 22 11 04 25
6. Being given the 64-bit encryption key 0x50 41 53 53 57 4F 52 44, resp., the 64-bit plaintext
0x4D 45 52 45 20 4D 4F 56, trace the data for DES (i.e., compute the round keys, output of the IP,
each encryption rounds output, resp., ciphertext after the final permutation).
Using the MATLAB R2014b script presented in APPENDIX A the requested values are computed as follows:
Encryption keys (i.e., for each round):
Round 1 Key: 0xA0 92 4A 66 22 67 Round 9 Key: 0x39 08 8A C8 4A 69
Round 2 Key: 0xB0 12 D2 72 C1 03 Round 10 Key: 0x30 28 8C 92 DA 1C
Round 3 Key: 0x34 52 50 46 25 0E Round 11 Key: 0x10 2C 14 91 17 B0
Round 4 Key: 0x06 51 54 EC 31 C8 Round 12 Key: 0x44 2C 34 99 2A 21
Round 5 Key: 0x0E 41 55 60 D2 6B Round 13 Key: 0xC6 A4 24 72 6A 14
Round 6 Key: 0x0F 41 29 56 9C 2A Round 14 Key: 0xCA 86 22 31 21 9E
Round 7 Key: 0x8B 01 A9 8C 1D 78 Round 15 Key: 0xE8 92 2A A5 30 83
Round 8 Key: 0x99 0A 89 09 FA 70 Round 16 Key: 0xA1 92 A2 3B 23 C1
Output of IP: 0xEF 84 EB 6B 00 10 61 C4
Round output:
R01 L: 0x00 10 61 C4, R: 0x04 49 23 90 R09 L: 0x67 D7 E8 5F, R: 0x31 D7 BA 5A
R02 L: 0x04 49 23 90, R: 0xC0 5C 1B 5D R10 L: 0x31 D7 BA 5A, R: 0xE9 1F 37 08
R03 L: 0xC0 5C 1B 5D, R: 0x2C 7D 19 C3 R11 L: 0xE9 1F 37 08, R: 0xA0 09 DB 11
R04 L: 0x2C 7D 19 C3, R: 0x25 E0 A1 00 R12 L: 0xA0 09 DB 11, R: 0xF8 FC 47 00
R05 L: 0x25 E0 A1 00, R: 0x43 7F B8 0F R13 L: 0xF8 FC 47 00, R: 0x82 B3 8C B6
R06 L: 0x43 7F B8 0F, R: 0xAB 6A B0 83 R14 L: 0x82 B3 8C B6, R: 0x46 B9 43 7A
R07 L: 0xAB 6A B0 83, R: 0x1D E5 D3 4C R15 L: 0x46 B9 43 7A, R: 0x17 7F 28 7F
R08 L: 0x1D E5 D3 4C, R: 0x67 D7 E8 5F R16 L: 0x5B 06 D8 E0, R: 0x17 7F 28 7F
Ciphertext after final permutation (i.e., IP-1): 0xE2 F2 B2 6E E6 2B 67 05
B.2. Advanced Data Encryption Standard
1. Trace the data through a complete AES round, knowing the current state and the round key below:
00 3C 6E 47 E2 91 B1 D6
SM = 1F 4E 22 74 RK = 32 21 59 79
0E 08 1B 31 FC 91 E4 A2
54 59 0B 1A F1 88 E6 93
Firstly, the Byte_Sub operation (i.e., non-linear layer designed with the purpose of increasing resistance
to differential and linear cryptanalysis attacks) must be performed, i.e., substitute each entry (byte) of the
current state matrix by the corresponding entry in AES S-box (shown below).
For instance: byte 00 is substituted by entry of S-Box in row 0 and column 0, i.e., by 63 (highlighted with
red), byte 1F is substituted by entry of S-box in row 1 and column F, i.e., by C0 (highlighted with green)
and so on. This leads to the new SM:
63 EB 9F A0
SM = C0 2F 93 92
AB 30 AF C7
20 CB 2B A2
AES S-box
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
1 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0
2 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15
3 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75
4 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84
5 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF
6 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8
7 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2
8 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73
9 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB
A E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79
B E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08
C BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A
D 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E
E E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF
F 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16
Secondly, the Shift_Row operation (i.e., linear mixing step which causes diffusion of the bits over multiple
round) must be performed, i.e., the four rows are shifted circularly to the left by offsets of 0, 1, 2 and 3.
Thus, the new state matrix is:
63 EB 9F A0
SM = 2F 93 92 C0
AF C7 AB 30
A2 20 CB 2B
Then, the Mix_Column operation follows, i.e., product of the so called Multiplication Matrix (shown below)
with the current state matrix.
2 3 1 1
MM = 1 2 3 1
1 1 2 3
3 1 1 2
Therefore, for the first column of the current state matrix, following operations will be performed:
b1 = (b1 2) XOR (b2 3) XOR (b3 1) XOR (b4 1)
b2 = (b1 1) XOR (b2 2) XOR (b3 3) XOR (b4 1)
b3 = (b1 1) XOR (b2 1) XOR (b3 2) XOR (b4 3)
b4 = (b1 3) XOR (b2 1) XOR (b3 1) XOR (b4 1)
Whilst the products above are performed over a Galois Field, the mathematics behind this being beyond
the scope of this seminar, they can be replaced: (i) with the result of a look-up of the L table (i.e., shown
on the next page), (ii) followed by the addition of the results (keeping the resulted sum within one byte
integer value), (iii) followed by a look-up to the E Table (i.e., shown on the next page).
For example, the new SM (1, 1) value (i.e., b1) will be computes as follows:
b1 = (63 2) XOR (2F 3) XOR (AF 1) XOR (A2 1)
= E L(63) + L(02) XOR E L(2F) + L(03) XOR AF XOR A2
= E(C3 + 19) XOR E(78 + 01) XOR AF XOR A2
= E(DC) XOR E(79) XOR AF XOR A2
= C6 XOR 71 XOR AF XOR A2
= BA
Thus, the new state matrix is:
BA 84 E8 1B
SM = 75 A4 8D 40
F4 8D 06 7D
7A 32 0E 5D
Finally, the Round Key is added (i.e., XORed) to the state matrix:
BA 84 E8 1B E2 91 B1 D6 58 15 59 CD
75 A4 8D 40 32 21 59 79 = 47 B6 D4 39
F4 8D 06 7D FC 91 E4 A2 08 1C E2 DF
7A 32 0E 5D F1 88 E6 93 8B BA E8 CE
R: 0x58 47 08 8B 15 B6 1C BA 59 D4 E2 E8 CD 39 DF CE
E Table
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 01 03 05 0F 11 33 55 FF 1A 2E 72 96 A1 F8 13 35
1 5F E1 38 48 D8 73 95 A4 F7 02 06 0A 1E 22 66 AA
2 E5 34 5C E4 37 59 EB 26 6A BE D9 70 90 AB E6 31
3 53 F5 04 0C 14 3C 44 CC 4F D1 68 B8 D3 6E B2 CD
4 4C D4 67 A9 E0 3B 4D D7 62 A6 F1 08 18 28 78 88
5 83 9E B9 D0 6B BD DC 7F 81 98 B3 CE 49 DB 76 9A
6 B5 C4 57 F9 10 30 50 F0 0B 1D 27 69 BB D6 61 A3
7 FE 19 2B 7D 87 92 AD EC 2F 71 93 AE E9 20 60 A0
8 FB 16 3A 4E D2 6D B7 C2 5D E7 32 56 FA 15 3F 41
9 C3 5E E2 3D 47 C9 40 C0 5B ED 2C 74 9C BF DA 75
A 9F BA D5 64 AC EF 2A 7E 82 9D BC DF 7A 8E 89 80
B 9B B6 C1 58 E8 23 65 AF EA 25 6F B1 C8 43 C5 54
C FC 1F 21 63 A5 F4 07 09 1B 2D 77 99 B0 CB 46 CA
D 45 CF 4A DE 79 8B 86 91 A8 E3 3E 42 C6 51 F3 0E
E 12 36 5A EE 29 7B 8D 8C 8F 8A 85 94 A7 F2 0D 17
F 39 4B DD 7C 84 97 A2 FD 1C 24 6C B4 C7 52 F6 01
L Table
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 00 19 01 32 02 1A C6 4B C7 1B 68 33 EE DF 03
1 64 04 E0 0E 34 8D 81 EF 4C 71 08 C8 F8 69 1C C1
2 7D C2 1D B5 F9 B9 27 6A 4D E4 A6 72 9A C9 09 78
3 65 2F 8A 05 21 0F E1 24 12 F0 82 45 35 93 DA 8E
4 96 8F DB BD 36 D0 CE 94 13 5C D2 F1 40 46 83 38
5 66 DD FD 30 BF 06 8B 62 B3 25 E2 98 22 88 91 10
6 7E 6E 48 C3 A3 B6 1E 42 3A 6B 28 54 FA 85 3D BA
7 2B 79 0a 15 9B 9F 5E CA 4E D4 AC E5 F3 73 A7 57
8 AF 58 A8 50 F4 EA D6 74 4F AE E9 D5 E7 E6 AD E8
9 2C D7 75 7A EB 16 0b F5 59 CB 5F B0 9C A9 51 A0
A 7F 0C F6 6F 17 C4 49 EC D8 43 1F 2D A4 76 7B B7
B CC BB 3E 5A FB 60 B1 86 3B 52 A1 6C AA 55 29 9D
C 97 B2 87 90 61 BE DC FC BC 95 CF CD 37 3F 5B D1
D 53 39 84 3C 41 A2 6D 47 14 2A 9E 5D 56 F2 D3 AB
E 44 11 92 D9 23 20 2E 89 B4 7C B8 26 77 99 E3 A5
F 67 4A ED DE C5 31 FE 18 0D 63 8C 80 C0 F7 70 07
2. Being given the following 64-bit key 0x54 68 61 74 73 20 6D 79 20 4B 75 6E 67 20 46 75 (i.e., for
AESs i-th round), compute AESs next round key.
Firstly, a function g( ) is applied to the 3rd word within AESs i-th round key:
(i) extract w3, i.e., = [67 20 46 75];
(ii) perform a one-byte left circular rotation to w3, i.e., = [20 46 75 67];
(iii) making use of AES S-box, perform a byte substitution for each byte of w3, i.e., = [B7 5A 9D 85];
(iv) XOR w3 with the round constant, i.e., = [B7 5A 9D 85] [01 00 00 00] = [B6 5A 9D 85];2
(v) compute next rounds 64-bit constant:
- = ( ) = [54 68 61 74] [B6 5A 9D 85] = [E2 32 FC F1];
- = = [73 20 6D 79] [E2 32 FC F1] = [91 12 91 88];
- = = [20 4B 75 6E] [91 12 91 88] = [B1 59 E4 E6];
- = = [67 20 46 75] [B1 59 E4 E6] = [D6 79 A2 93].
R: 0xE2 32 FC F1 91 12 91 88 B1 59 E4 E6 D6 79 A2 93
3. Compute all round keys, following one from previous exercise.
Using the MATLAB R2014b script presented in APPENDIX C the requested values are computed as follows:
R02: 0x56 08 20 07 C7 1A B1 8F 76 43 55 69 A0 3A F7 FA
R03: 0xD2 60 0D E7 15 7A BC 68 63 39 E9 01 C3 03 1E FB
R04: 0xA1 12 02 C9 B4 68 BE A1 D7 51 57 A0 14 52 49 5B
R05: 0xB1 29 3B 33 05 41 85 92 D2 10 D2 32 C6 42 9B 69
R06: 0xBD 3D C2 87 B8 7C 47 15 6A 6C 95 27 AC 2E 0E 4E
R07: 0xCC 96 ED 16 74 EA AA 03 1E 86 3F 24 B2 A8 31 6A
R08: 0x8E 51 EF 21 FA BB 45 22 E4 3D 7A 06 56 95 4B 6C
R09: 0xBF E2 BF 90 45 59 FA B2 A1 64 80 B4 F7 F1 CB D8
R10: 0x28 FD DE F8 6D A4 24 4A CC C0 A4 FE 3B 31 6F 26
2
AESs 1st round key computation was considered. Depending on AESs round, the round constant takes the following
value: RC(0) = [01 00 00 00]; RC(1) = [02 00 00 00]; RC(2) = [04 00 00 00]; RC(3) = [08 00 00 00]; RC(4) = [10 00 00 00];
RC(5) = [20 00 00 00]; RC(6) = [40 00 00 00]; RC(7) = [80 00 00 00]; RC(8) = [1B 00 00 00]; RC(9) = [36 00 00 00];
RC(10) = [6c 00 00 00]. Addition of the round constant destroys any symmetries that may have been introduced by
the other steps in the key expansion algorithm.
APPENDIX A
clear; clc;
%Key Generation
%Set-up the encryption key
Key = '50415353574F5244';
%Convert the encryption key from hexa to binary

Key_bin = [];
for i = 1:16
Temp=de2bi(hex2dec(Key(i)), 4, 'left-msb');
Key_bin = [Key_bin Temp];
End
%Drop parity bits, i.e., 8, 16, 24, 32, 40, 48, 56, 64
%Permute remaining 56 bits according to parity-bit drop table
Parity_drop = [57 49 41 33 25 17 09 01 58 50 42 34 26 18 10 02 59 51 43 35 27 19 11 03
60 52 44 36 63 55 47 39 31 23 15 07 62 54 46 38 30 22 14 06 61 53 45 37 29 21 13 05 28
20 12 04];
Key_bin = Key_bin(Parity_drop);
%Divide the 56-bit key, i.e., in two 28-bit halves

%Left shift each halve accoring to round's number of bit shifts
%Compress the 56-bit key to compute the 48-bit round key
Left_shifts = [1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1];
Key_Compr_Box = [14 17 11 24 01 05 03 28 15 06 21 10 23 19 12 04 26 08 16 07 27 20 13 02
41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32];
Key_bin_L = Key_bin ( 1:28);

Key_bin_R = Key_bin (29:56);
Keys = [];
for i = 1:16
Key_bin_L = circshift(Key_bin_L, [0 -Left_shifts(i)]);
Key_bin_R = circshift(Key_bin_R, [0 -Left_shifts(i)]);
Round_Key_ext = [Key_bin_L Key_bin_R];

Keys (i, :) = Round_Key_ext(Key_Compr_Box);
end
%Convert each round key from binary representation to hexa

Keys_hex = cell(16, 1);
Keys_hex (:) = {''};
for i = 1:16
for j = 1:4:48
Keys_hex (i) = strcat(Keys_hex(i),dec2hex(bi2de(Keys(i, j:(j+3)),'left-msb')));
end
end
%Set-up the message
Message = '4D455245204D4F56';
%Convert the message from hexa to binary

Message_bin = [];
for i = 1:16
Temp=de2bi(hex2dec(Message(i)), 4, 'left-msb');
Message_bin = [Message_bin Temp];
End
%Apply IP
%Write the result in .txt file
IP = [58 50 42 34 26 18 10 02 60 52 44 36 28 20 12 04 62 54 46 38 30 22 14 06 64 56 48
40 32 24 16 08 57 49 41 33 25 17 09 01 59 51 43 35 27 19 11 03 61 53 45 37 29 21 13 05
63 55 47 39 31 23 15 07];
Message_bin = Message_bin(IP);
%For 16 rounds
load S_box.mat
Expansion = [32 01 02 03 04 05 04 05 06 07 08 09 08 09 10 11 12 13 12 13 14 15 16 17 16
17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 01];
Round_Perm= [16 07 20 21 29 12 28 17 01 15 23 26 05 18 31 10 02 08 24 14 32 27 03 09 19
13 30 06 22 11 04 25];
Message_bin_L = Message_bin (1:32); Message_bin_R = Message_bin (33:64);
%For right halve

for k = 1:16
Message_bin_R_Sbox = [];
%Expand right halve

%Then XOR with Round Key
Message_bin_R_exp = Message_bin_R(Expansion);
Message_bin_R_exp = xor(Message_bin_R_exp, Keys(k,:));
%Apply S-boxes
j = 1;
for i= 1:6:48
S_box_row = [Message_bin_R_exp(i) Message_bin_R_exp(i+5)];
S_box_col = Message_bin_R_exp((i+1):(i+4));
S_box_val = S_box(bi2de(S_box_row,'left-msb')+j,bi2de(S_box_col,'left- msb')+1);
Message_bin_R_Sbox = [Message_bin_R_Sbox de2bi(S_box_val, 4, 'left-msb')];
j = j+4;
end
Message_bin_R_Sbox = Message_bin_R_Sbox(Round_Perm);
Message_bin_R_Sbox = xor(Message_bin_R_Sbox, Message_bin_L);
%Swap halves, except last round

if k<16
Message_bin_L = Message_bin_R;
Message_bin_R = Message_bin_R_Sbox;
else
Message_bin_L = Message_bin_R_Sbox;
Message_bin_R = Message_bin_R;
end
%Apply Final Permutation

Message_enc = [Message_bin_L Message_bin_R];
FP = [40 08 48 16 56 24 64 32 39 07 47 15 55 23 63 31 38 06 46 14 54 22 62 30 37 05 45
13 53 21 61 29 36 04 44 12 52 20 60 28 35 03 43 11 51 19 59 27 34 02 42 10 50 18 58 26
33 01 41 09 49 17 57 25];
Message_enc = Message_enc(FP);
APPENDIX B

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
1 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
2 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
3 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
1 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
2 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
3 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
1 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
2 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
3 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
1 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
2 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
3 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
2 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
3 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
3 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11
APPENDIX C
clear;
clc;
load AES_S_box.mat
load AES_RC_box.mat
load L_Table.mat
load E_Table.mat
%Key Generation
Key = '5468617473206D79204B756E67204675';
Keys_decimal = [];
%Convert the encryption key from hexa to decimal
Key_dec = [];
for i = 1:2:32
Temp = hex2dec(Key(i))*16 + hex2dec(Key(i+1));
Key_dec = [Key_dec Temp];
end
Keys_decimal(1,:) = Key_dec;
for j = 1:10
%Extract w3
Temp = Keys_decimal(j, 13:16);
%Apply g() function to w3
%Circular byte left shift of w3
Temp = circshift(Temp, [0 -1]);
%Byte substitution (AES_S_box)
for i = 1:4
Bin = de2bi(Temp(1,i), 8, 'left-msb');
Temp(1,i) = AES_S_box(bi2de(Bin(1:4),'left-msb')+1, bi2de(Bin(5:8),'left-msb')+1);
end
%Adding round constant
Temp(1,1) = bitxor(Temp(1,1),AES_RC_box(j));
%Compute w4, w5, w6, w7 and update Round Keys' matrix
Keys_decimal(j+1, 1:4) = bitxor(Temp, Keys_decimal(j, 1:4));
Keys_decimal(j+1, 5:8) = bitxor(Keys_decimal(j+1, 1:4), Keys_decimal(j, 5:8));
end
Keys_hex = cell(11, 1);

Keys_hex (:) = {''};
File_ID = fopen('AES.txt', 'wt');
fprintf(File_ID, '%s\n', 'Round Keys:');
for i = 1:11
for j = 1:16
Keys_hex (i) = strcat(Keys_hex(i),dec2hex(Keys_decimal(i,j),2));
end
fprintf(File_ID, '%s\n', char(Keys_hex(i)));
end
Message = '54776F204F6E65204E696E652054776F';
%Convert the message from hexa to decimal
Message_dec = [];
for i = 1:2:32
Temp = hex2dec(Message(i))*16 + hex2dec(Message(i+1));
Message_dec = [Message_dec Temp];
end
Ciphertexts(1,:) = bitxor(Message_dec(1, :), Keys_decimal(1,:));
for j = 1:10
%Byte Sub
for i = 1:16
Bin = de2bi(Ciphertexts(j,i), 8, 'left-msb');
Ciphertexts(j+1,i) = AES_S_box(bi2de(Bin(1:4),'left-msb')+1, bi2de(Bin(5:8),'left-msb')+1);
end
%Shift Row
Ciphertexts(j+1,:) = Ciphertexts(j+1, [1 6 11 16 5 10 15 4 9 14 3 8 13 2 7 12]);
%Mix Column
if j < 10 %Ensures a skip in MixColumn, for the last round
Temp = [];
for i = 1:16
if mod(i,4) == 1
if Ciphertexts(j+1,i) ~= 0
Bin_1 = de2bi(Ciphertexts(j+1,i), 8, 'left-msb');
Dec_1 = L_Table(bi2de(Bin_1(1:4), 'left-msb')+1, bi2de(Bin_1(5:8), 'left-msb')+1);
Dec_1 = Dec_1 + 25;

if Dec_1 > 255
Dec_1 = Dec_1 - 255;
end
Bin_1 = de2bi(Dec_1, 8, 'left-msb');

Dec_1 = E_Table(bi2de(Bin_1(1:4), 'left-msb')+1, bi2de(Bin_1(5:8), 'left-msb')+1);
else
Dec_1 = Ciphertexts(j+1,i);
end
if Ciphertexts(j+1,i+1) ~= 0
Bin_2 = de2bi(Ciphertexts(j+1,i+1), 8, 'left-msb');
Dec_2 = Dec_2 + 1;
if Dec_2 > 255
Dec_2 = Dec_2 - 255;
end

else
Dec_2 = Ciphertexts(j+1,i+1);
end
Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i+2)), Ciphertexts(j+1, i+3));

elseif mod(i,4) == 2
Dec_1 = Dec_1 + 25;

if Dec_1 > 255
Dec_1 = Dec_1 - 255;
end

else
end
Dec_2 = Dec_2 + 1;
if Dec_2 > 255
Dec_2 = Dec_2 - 255;
end

else
end
Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i-1)), Ciphertexts(j+1, i+2));

elseif mod(i, 4) == 3
Dec_1 = Dec_1 + 25;

if Dec_1 > 255
Dec_1 = Dec_1 - 255;
end

else
end
Dec_2 = Dec_2 + 1;
if Dec_2 > 255
Dec_2 = Dec_2 - 255;
end

else
end
Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i-1)), Ciphertexts(j+1, i-2));

else
Dec_1 = Dec_1 + 25;

if Dec_1 > 255
Dec_1 = Dec_1 - 255;
end

else
end
if Ciphertexts(j+1,i-3) ~= 0
Bin_2 = de2bi(Ciphertexts(j+1,i-3), 8, 'left-msb');
Dec_2 = Dec_2 + 1;
if Dec_2 > 255
Dec_2 = Dec_2 - 255;
end

else
Dec_2 = Ciphertexts(j+1,i-3);
end
Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i-1)), Ciphertexts(j+1, i-2));

end
end
else
Temp = Ciphertexts(j+1,:);
end
%Add RoundKey
Ciphertexts(j+1,:) = bitxor(Temp(1, :), Keys_decimal(j+1,:));
end
%Print the results, in hexadecimal
Ciphertexts_hex = cell(11, 1);
Ciphertexts_hex (:) = {''};
fprintf(File_ID, '%s\n', 'Round Ciphertexts:');
for i = 1:11
for j = 1:16
Ciphertexts_hex (i) = strcat(Ciphertexts_hex(i),dec2hex(Ciphertexts(i,j),2));
end
fprintf(File_ID, '%s\n', char(Ciphertexts_hex(i)));
end
fclose(File_ID);
APPENDIX D
APPENDIX E
APPENDIX F

Seminar Block Ciphers DES&amp;AES

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Seminar Block Ciphers DES&amp;AES

Enviado por

Direitos autorais:

Formatos disponíveis

B.

4. Show the result of passing 000000 through S-box 4.

Thus, with = 0x17 7F 28 7F, we have = 0x8A EB FE 95 03 FE.

Round permutation box

%Convert the encryption key from hexa to binary

%Divide the 56-bit key, i.e., in two 28-bit halves

Key_bin_L = Key_bin ( 1:28);

Round_Key_ext = [Key_bin_L Key_bin_R];

%Convert each round key from binary representation to hexa

%Convert the message from hexa to binary

Message_bin_L = Message_bin (1:32); Message_bin_R = Message_bin (33:64);

%For right halve

%Expand right halve

%Swap halves, except last round

%Apply Final Permutation

The following table represents S-box 1:

Keys_hex = cell(11, 1);

Ciphertexts(1,:) = bitxor(Message_dec(1, :), Keys_decimal(1,:));

Dec_1 = Dec_1 + 25;

Bin_1 = de2bi(Dec_1, 8, 'left-msb');

Bin_2 = de2bi(Dec_2, 8, 'left-msb');

Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i+2)), Ciphertexts(j+1, i+3));

Dec_1 = Dec_1 + 25;

Bin_1 = de2bi(Dec_1, 8, 'left-msb');

Bin_2 = de2bi(Dec_2, 8, 'left-msb');

Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i-1)), Ciphertexts(j+1, i+2));

Dec_1 = Dec_1 + 25;

Bin_1 = de2bi(Dec_1, 8, 'left-msb');

Bin_2 = de2bi(Dec_2, 8, 'left-msb');

Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i-1)), Ciphertexts(j+1, i-2));

Dec_1 = Dec_1 + 25;

Bin_1 = de2bi(Dec_1, 8, 'left-msb');

Bin_2 = de2bi(Dec_2, 8, 'left-msb');

Temp(i) = bitxor(bitxor(bitxor(Dec_1, Dec_2), Ciphertexts(j+1, i-1)), Ciphertexts(j+1, i-2));

Você também pode gostar

Seminar Block Ciphers DES&AES

Seminar Block Ciphers DES&AES