用新的高级加密标准（AES）保持你的数据安全毕业论文外文翻译

1、keep your data secure with the new advanced encryption standardjames mccaffreysummarythe advanced encryption standard (aes) is a national institute of standards and technology specification for the encryption of electronic data. it is expected to become the accepted means of encrypting digital infor

2、mation, including financial, telecommunications, and government data. this article presents an overview of aes and explains the algorithms it uses.after reading this article you will be able to encrypt data using aes, test aes-based software, and use aes encryption in your systems.note that the code

3、 presented in this article and any other implementation based on this article is subject to applicable federal cryptographic module export controls (see commercial encryption export controls for the exact regulations).aes is a new cryptographic algorithm that can be used to protect electronic data.

4、specifically, aes is an iterative, symmetric-key block cipher that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes). unlike public-key ciphers, which use a pair of keys, symmetric-key ciphers use the same key to encrypt and decrypt data. encrypt

5、ed data returned by block ciphers have the same number of bits that the input data had. iterative ciphers use a loop structure that repeatedly performs permutations and substitutions of the input data. figure 1 shows aes in action encrypting and then decrypting a 16-byte block of data using a 192-bi

6、t key.figure 1 some dataaes is the successor to the older data encryption standard (des). des was approved as a federal standard in 1977 and remained viable until 1998 when a combination of advances in hardware, software, and cryptanalysis theory allowed a des-encrypted message to be decrypted in 56

7、 hours. since that time numerous other successful attacks on des-encrypted data have been made and des is now considered past its useful lifetime.in late 1999, the rijndael (pronounced rain doll) algorithm, created by researchers joan daemen and vincent rijmen, was selected by the nist as the propos

8、al that best met the design criteria of security, implementation efficiency, versatility, and simplicity. although the terms aes and rijndael are sometimes used interchangeably, they are distinct. aes is widely expected to become the de facto standard for encrypting all forms of electronic data incl

9、uding data used in commercial applications such as banking and financial transactions, telecommunications, and private and federal information.overview of the aes algorithmthe aes algorithm is based on permutations and substitutions. permutations are rearrangements of data, and substitutions replace

10、 one unit of data with another. aes performs permutations and substitutions using several different techniques. to illustrate these techniques, lets walk through a concrete example of aes encryption using the data shown in figure 1.the following is the 128-bit value that you will encrypt with the in

11、dexes array:00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15the 192-bit key value is:00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 170 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23figure 2 sboxwhen the aes constructor is called

12、, two tables that will be used by the encryption method are initialized. the first table is a substitution box named sbox. it is a 16 16 matrix. the first five rows and columns of sbox are shown in figure 2. behind the scenes, the encryption routine takes the key array and uses it to generate a key

13、schedule table named w, shown in figure 3.figure 3 key sched.the first nk (6) rows of w are seeded with the original key value (0x00 through 0x17) and the remaining rows are generated from the seed key. the variable nk represents the size of the seed key in 32-bit words. youll see exactly how w is g

14、enerated later when i examine the aes implementation. the point is that there are now many keys to use instead of just one. these new keys are called the round keys to distinguish them from the original seed key.figure 4 statethe aes encryption routine begins by copying the 16-byte input array into

15、a 44 byte matrix named state (see figure 4). the aes encryption algorithm is named cipher and operates on state and can be described in pseudocode (see figure 5).the encryption algorithm performs a preliminary processing step thats called addroundkey in the specification. addroundkey performs a byte

16、-by-byte xor operation on the state matrix using the first four rows of the key schedule, and xors input stater,c with round keys table wc,r.for example, if the first row of the state matrix holds the bytes 00, 44, 88, cc , and the first column of the key schedule is 00, 04, 08, 0c , then the new va

17、lue of state0,2 is the result of xoring state0,2 (0x88) with w2,0 (0x08), or 0x80:1 0 0 0 1 0 0 00 0 0 0 1 0 0 0 xor1 0 0 0 0 0 0 0the main loop of the aes encryption algorithm performs four different operations on the state matrix, called subbytes, shiftrows, mixcolumns, and addroundkey in the spec

18、ification. the addroundkey operation is the same as the preliminary addroundkey except that each time addroundkey is called, the next four rows of the key schedule are used. the subbytes routine is a substitution operation that takes each byte in the state matrix and substitutes a new byte determine

19、d by the sbox table. for example, if the value of state0,1 is 0x40 and you want to find its substitute, you take the value at state0,1 (0x40) and let x equal the left digit (4) and y equal the right digit (0). then you use x and y as indexes into the sbox table to find the substitution value, as sho

20、wn in figure 2.shiftrows is a permutation operation that rotates bytes in the state matrix to the left. figure 6 shows how shiftrows works on state. row 0 of state is rotated 0 positions to the left, row 1 is rotated 1 position left, row 2 is rotated 2 positions left, and row 3 is rotated 3 position

21、s left.figure 6 running shiftrows on statethe mixcolumns operation is a substitution operation that is the trickiest part of the aes algorithm to understand. it replaces each byte with the result of mathematical field additions and multiplications of values in the bytes column. i will explain the de

22、tails of special field addition and multiplication in the next section.suppose the value at state0,1 is 0x09, and the other values in column 1 are 0x60, 0xe1, and 0x04; then the new value for state0,1 is shown in the following:state0,1 = (state0,1 * 0x01) + (state1,1 * 0x02) +(state2,1 * 0x03) +(sta

23、te3,1 * 0x01) = (0x09 * 0x01) + (0x60 * 0x02) + (0xe1 * 0x03) +(0x04 * 0x01) = 0x57the addition and multiplication are special mathematical field operations, not the usual addition and multiplication on integers.the four operations subbytes, shiftrows, mixcolumns, and addroundkey are called inside a

24、 loop that executes nr timesthe number of rounds for a given key size, less 1. the number of rounds that the encryption algorithm uses is either 10, 12, or 14 and depends on whether the seed key size is 128, 192, or 256 bits. in this example, because nr equals 12, the four operations are called 11 t

25、imes. after this iteration completes, the encryption algorithm finishes by calling subbytes, shiftrows, and addroundkey before copying the state matrix to the output parameter.in summary, there are four operations that are at the heart of the aes encryption algorithm. addroundkey substitutes groups

26、of 4 bytes using round keys generated from the seed key value. subbytes substitutes individual bytes using a substitution table. shiftrows permutes groups of 4 bytes by rotating 4-byte rows. mixcolumns substitutes bytes using a combination of both field addition and multiplication.field addition and

27、 multiplication in gf(28)as youve seen, the aes encryption algorithm uses fairly straightforward techniques for substitution and permutation, except for the mixcolumns routine. the mixcolumns routine uses special addition and multiplication. the addition and multiplication used by aes are based on m

28、athematical field theory. in particular, aes is based on a field called gf(28).the gf(28) field consists of a set of 256 values from 0x00 to 0xff, plus addition and multiplication, hence the (28). gf stands for galois field, named after the mathematician who founded field theory. one of the characte

29、ristics of gf(28) is that the result of an addition or multiplication operation must be in the set 0x00 . 0xff. although the theory of fields is rather deep, the net result for gf(28) addition is simple: gf(28) addition is just the xor operation.multiplication in gf(28) is trickier, however. as youl

30、l see later in the c# implementation, the aes encryption and decryption routines need to know how to multiply by only the seven constants 0x01, 0x02, 0x03, 0x09, 0x0b, 0x0d, and 0x0e. so instead of explaining gf(28) multiplication theory in general, i will explain it just for these seven specific ca

31、ses.multiplication by 0x01 in gf(28) is special; it corresponds to multiplication by 1 in normal arithmetic and works the same wayany value times 0x01 equals itself.now lets look at multiplication by 0x02. as in the case of addition, the theory is deep, but the net result is fairly simple. if the va

32、lue being multiplied is less than 0x80, then the result of multiplication is just the value left-shifted 1 bit position. if the value being multiplied is greater than or equal to 0x80, then the result of multiplication is the value left-shifted 1 bit position xored with the value 0x1b. this prevents

33、 field overflow and keeps the product of the multiplication in range.once youve established addition and multiplication by 0x02 in gf(28), you can use them to define multiplication by any constant. to multiply by 0x03 in gf(28), you can decompose 0x03 as powers of 2 and additions. to multiply an arb

34、itrary byte b by 0x03, observe that 0x03 = 0x02 + 0x01. thus:b * 0x03 = b * (0x02 + 0x01) = (b * 0x02) + (b * 0x01)this can be done because you know how to multiply by 0x02 and 0x01 and how to perform addition. similarly, to multiply an arbitrary byte b by 0x0d, you do this:b * 0x0d = b * (0x08 + 0x

35、04 + 0x01) = (b * 0x08) + (b * 0x04) + (b * 0x01) = (b * 0x02 * 0x02 * 0x02) + (b * 0x02 * 0x02) + (b * 0x01)the other multiplications needed for the aes mixcolumns routine in the encryption and decryption algorithm follow the same general pattern, as shown here:b * 0x09 = b * (0x08 + 0x01) = (b * 0

36、x02 * 0x02 * 0x02) + (b * 0x01)b * 0x0b = b * (0x08 + 0x02 + 0x01) = (b * 0x02 * 0x02 * 0x02) + (b * 0x02) + (b * 0x01)b * 0x0e = b * (0x08 + 0x04 + 0x02) = (b * 0x02 * 0x02 * 0x02) + (b * 0x02 * 0x02) + (b * 0x02)to summarize, addition in gf(28) is the xor operation. multiplication in gf(28) reduce

37、s to additions and multiplications by 0x02, where multiplication by 0x02 is a conditional 1-bit left shift. the aes specification contains a lot of additional information about operations in gf(28).key expansionthe aes encryption and decryption algorithms use a key schedule generated from the seed k

38、ey array of bytes. the aes specification refers to this as the keyexpansion routine. generating, in essence, multiple keys from an initial key instead of using a single key greatly increases the diffusion of bits. although not overwhelmingly difficult, understanding keyexpansion is one of the tricki

39、er parts of the aes algorithm. in high-level pseudocode, the keyexpansion routine looks like the following:keyexpansion(byte key, byte4 w) copy the seed key into the first rows of w for each remaining row of w use two of the previous rows to create a new row the use two of the previous rows to creat

40、e a new row routine makes use of two subroutines, rotword and subword, and a table of constants named rcon (for round constants). lets look at each of these three items and then come back to the keyexpansion routine as a whole.the rotword routine is simple. it accepts an array of 4 bytes and rotates

41、 them 1 position left. because the round schedule table w has four columns, rotword rotates a row of w to the left. notice that the rotword function used by keyexpansion is very similar to the shiftrows routine used by the encryption algorithm except that it works on a single row of the key schedule

42、 w instead of the entire encryption state table state.the subword routine performs a byte-by-byte substitution on a given row of the key schedule table w using the substitution table sbox. the substitutions in keyexpansion operate exactly like those in the encryption algorithm. the input byte to be

43、substituted is separated into an (x,y) pair which are used as indexes into the substitution table sbox. for example, substitution for 0x27 results in x = 2 and y = 7, and sbox2,7 returns 0xcc.the keyexpansion routine uses an array rcon, called the round constant table. these constants are 4 bytes ea

44、ch to match with a row of the key schedule table. the aes keyexpansion routine requires 11 round constants. you can see these constants listed in figure 7.figure 7 initializing rconthe leftmost byte of each round constant is a power of 2 in the gf(28) field. another way of looking at it is to observ

45、e that each value is the previous value times 0x02, as described in the previous section discussing multiplication in gf(28). notice that 0x80 0x02 = 0x1b is 0x80 left-shifted 1 bit followed by an xor with 0x1b, as described earlier.now lets take a closer look at the loop inside keyexpansion. in mor

46、e detailed pseudocode than before, the loop is:for (row = nk; row (4 * nr+1); +row) temp = wrow-1 if (row % nk = 0) temp = subword(rotword(temp) xor rconrow/nk else if (nk = 8 and row % nk = 4) temp = subword(temp) wrow = wrow-nk xor tempignoring the if clause for a moment, youll see that each row o

47、f the key schedule table w is the result of xoring the previous row with the row nk (4, 6, or 8 depending on the key size) rows before. the first part of the if conditional modifies every fourth, sixth, or eighth row of the key schedule with subword, rotword, and xoring with a round constant, depend

48、ing on whether the key size is 128, 192, or 256 bits. the second part of the conditional will modify rows 12, 20, 28 and so onevery eighth rowfor a 256-bit key to add additional variability to the key schedule.lets see how keyexpansion gets started with the example presented at the beginning of this

49、 article. the seed key is the 192-bit / 6-word value:00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17the key schedule byte table w has the dimensions 4 columns and nb (nr + 1) equals 4 (12 + 1), or 52 rows. the keyexpansion routine copies the values in the seed key into the fi

50、rst rows of the key schedule byte table w. because my seed key is 192 bits (24 bytes), and the w table always has 4 columns, in this case keyexapansion copies the seed key into the first 6 rows of w. now lets see how the keyexpansion routine fills the rest of the key schedule table. in my example, t

51、he first calculated row is row 6 because rows 0 to 5 were filled with the seed key values:temp = wrow-1 = 14 15 16 17the condition (row % nk = 0) is true, so first the rotword subroutine is applied:temp = 15 16 17 14then subword is applied:temp = 59 47 f0 fathen xored with rconrow / nk = rcon6 / 6 =

52、 01 00 00 00:temp = 58 47 f0 fathis is then xored with wrow-nk = w6-6 = 00 01 02 03, yielding the following result:w6 = 58 46 f2 f9the process repeats itself for all of the remaining rows in key schedule table w.to summarize, an important part of aes encryption and decryption is the generation of mu

53、ltiple round keys from the initial seed key. this keyexpansion algorithm generates a key schedule and uses substitution and permutation in a way that is similar in most respects to the encryption and decryption algorithms.conclusionthe new aes will certainly become the de facto standard for encrypti

54、ng all forms of electronic information, replacing des. aes-encrypted data is unbreakable in the sense that no known cryptanalysis attack can decrypt the aes cipher text without using a brute-force search through all possible 256-bit keys.aes is an important advance and using and understanding it wil

55、l greatly increase the reliability and safety of your software systems. 用新的高级加密标准（aes）保持你的数据安全james mccaffrey 摘要 aes（the advanced encryption standard）是美国国家标准与技术研究所用于加密电子数据的规范。它被预期能成为人们公认的加密包括金融、电信和政府数字信息的方法。本文展示了aes的概貌并解析了它使用的算法。在读完本文后你将能用aes加密、测试 基于aes的软件并能在你的系统中使用aes加密。aes 是一个新的可以用于保护电子数据的加密算法。明确地

56、说，aes 是一个迭代的、对称密钥分组的密码，它可以使用128、192 和 256 位密钥，并且用 128 位（16字节）分组加密和解密数据。与公共密钥密码使用密钥对不同，对称密钥密码使用相同的密钥加密和解密数据。通过分组密码返回的加密数据 的位数与输入数据相同。迭代加密使用一个循环结构，在该循环中重复置换（permutations ）和替换(substitutions）输入数据。figure 1 显示了 aes 用192位密钥对一个16位字节数据块进行加密和解密的情形。aes算法概述 aes 算法是基于置换和代替的。置换是数据的重新排列，而代替是用一个单元数据替换另一个。aes 使用了几种不

57、同的技术来实现置换和替换。为了阐明这些技术，让我们用 figure 1 所示的数据讨论一个具体的 aes 加密例子。下面是你要加密的128位值以及它们对应的索引数组：00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15192位密钥的值是：00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 170 1 2 3 4 5 6 7 8 9 10 1112 13 14 15 16 17 18 19 20

58、21 22 23figure 2 s-盒（ sbox ）当 aes 的构造函数（constructor）被调用时，用于加密方法的两个表被初始化。第一个表是代替盒称为s-盒。它是一个1616的矩阵。s-盒的前五行和前五列如 figure 2 所示。在幕后，加密例程获取该密钥数组并用它来生成一个名为w的密钥调度表，figure 3 所示。figure 3 密钥调度表（key sched）w 最初的 nk (6) 行被作为种子，用原始密钥值（0x00 到0x17）。剩余行从种子密钥来产生。变量 nk 代表以 32 位字为单位的种子密钥长度。稍后我分析 aes 实现时你将清楚地看到 w 是怎样产生的。 关键是这里现在有许多密钥使用而不只是一个。这些