Question

3. Explain key generation process in AES-256.

Answer 1

Answer:

Advanced Encryption Standard (AES):

Advanced Encryption Standard is a symmetric key block cipher encryption algorithm which is based on substitution - permutation network (S - P Network). It performs all its operations in bytes rather than bits. It takes a plaintext of 16 bytes (128-bits) as input and generates 128-bits (16 bytes) ciphertext as output.
In AES the number of rounds is variable and it depends on the key size.

The below figure shows the structure of AES.

Fig: AES

Key generation process in AES-256

128-bit plaintext Round keys (128 bits) Pre-round transformation к, Cipher key (128, 192, or 256 bits) Round 1 Round 2 Key expansion R Key size 10 128 12 192 14 256 Relationship between number of rounds(R) and cipher key size Round N, (slightly different) 128-bit ciphertext

The number of internal rounds of the cipher in AES is is depends on key length as shown below:

Key Length (in bits)	Number of rounds
128	10
192	12
256	14

The internal structure of round transformation are as follows

1. The 16-byte input message is arranged in the 4X4 byte matrix called the state matrix.

[Α]4X4 = |Α, Ας A, A13 A6 A10 A14 A7 A1 A15)

2. The key bytes are also arranged in a matrix of 4-rows and 4,6 or 8 -columns depend on key length 128, 192 or 256 respectively. The key array of 256- bit key is as follows:

[K]4X8 「Ko K4 Ks Kiz K16 Kao K24 Kg] Ki Ks Ko Kis Kiz Kai Kas Key | Kg Ko Kio Ki4 Rig K22 Kee Kao| [KS Ks Kil Kis Kis K23 Kai Ka」

3. Byte Substitution Layer: It is the first layer of each round for encryption of a text. In this 16 S-Boxes (Substitution boxes) are used which replace each byte of matrix A with another byte  of matrix B

S(A_i) = B_i

4. Shift Row Transformation Layer: In this cyclically shift left the second row by one, third row by two and fourth row by three positions as shown below:

B12] B B. B, B13) After Shift Row Transformation B B6 B10 B14 [ BB-_B11B ម៉ង់ នាំ ៨ ៨នាំ [ BoB4B_B12] | B, B B3 B1 B10B1B2B [Bis_B _B, BiJ

5. Mix column transformation: In this, a linear transformation is used which mixes each column of the state matrix with the arithmetic involve in coefficients in Galois Field (GF(2⁸)).

This combination is also known as diffusion layer and it performs the linear operation on state matrix as
????(?)+????(?) = ????(?+?)

کی تک MixColum(B) = C [02 03 01 01] [ Bo | 01 02 03 01| | | 01 01 02 03]^ [03 01 01 02] [B15

6. Key Addition Layer: In this layer, the resultant state matrix is XORed with the subkeys of the previous round.

AES round key generations for 256-bit:

Input: The original key of length 256 - bit
Output: 15 round subkeys

Procedure:

1. Arranged the key in byte-wise and divide them in such a way that each block has 4 key bytes like
W0 = [K_0, K_1, K_2, K₃]
  W1 = [K_4, K_5, K_6, K₇] , ...
Like these total 8 words are generated.

2. The four functions g(), h(), t() and y() are performed in words. The below figures show their operations.


Fig: g() function

+32 bit 32 bit input word Byte wise rotation Byte wise Substitution RCi | 32 bit output word 32 bit

Fig: h() function

K 32 bit 32 bit input word Byte wise Substitution 32 bit output word

K 32 bit 32 bit input word Byte wise Substitution 32 bit output word

Fig: t() function

Fig:  y() function

32 bit | 32 bit input word Byte wise Substitution 32 bit output word

3. All these above functions are used in calculating the other 8 words i.e. from W[8] to W[15].

4. For calculating other elements of array W the following process is followed:
The left-most word of the key of iteration 1 to 3 are W[16 * i] where i = 1 to 3

a. W [16 * i] = W[16 * i] + g(W[16 * i – 1]) b. W[16 * i + j] = W[16 * i + j - 1] + W[16(i – 1) +j] where i = 1 to 4and j = 1,2,3 c. W[16 * i + j] = h(W[16 * i + j - 1]) + W[16(i – 1) +j] for i = 1to 4 and j = 4 d. W[16 * i + j] = h(W[16 * i + j - 1]) + W[16(i – 1) +j] for i =


1to 4 and j = 5,6,7 e. W[16 * i +j] = t(W[16 *i +j – 1]) + W[16(i – 1) +j] for i = 1to 4 and j = 8 f. W[16 * i + j] = W[16 * i + j - 1] + W[16(i – 1) +j] for i = 1to 4 and j = 9,10,11 g. W[16 * i + j] = y(W[16 * i + j - 1]) + W[16(i – 1) + j] for i = 1to 4 and j = 12) h. W[16 * i +j] = W[16 * i + j - 1]) + W[16(i – 1) +j] for i = 1to 4 and j = 13,14,15)

5. After computing all words from W[0] to W[59] we calculate the 15 round subkeys using these words

K0 = [W0, W1, W2, W3] , K1 = [W4, W5, W6, W7] to K15 = [W56, W57, W58, W59].

The below figure shows the 256-bit key generation of AES.

  
0x100 KAKS: 6,0 (22.03.04/15 (16.07.2019 20.01.22123 04/050617 (20/09/2010 WOW1 W2 W3 W4 W5V > W8W9W10w11 W13 W14 W15


W48 W49 50 51 52 53 54 55 W56 w57 | W58 W59

Fig: 256-bit Key Generation