信息安全导论(密码学)复习试卷资料题

Lecture12:Mid-termReviewSchoolofSoftwareEngineering,CQUFall,2021AnIntroductionto

InformationSecurity2

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceTheCategoriesofattacks:Generally,therearefourgeneralcategoriesofsecurityattacksInterruption阻断Interception窃听Modification修改Fabrication伪装1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesInformationsourceInformationdestinationAnassetofthesystemisdestroyedorbecomesunavailableorunusable.Thisisanattackonavailability.Examplesinclude:destructionofapieceofhardwarethecuttingofacommunicationlinethedisablingofthefilemanagementsystemDOS/DDOS(DenialofService)3

2025/4/2AnIntroductiontoInformationSecurityLecture1:Preface1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesTheCategoriesofattacks:Generally,therearefourgeneralcategoriesofsecurityattacksInterruption阻断Interception窃听Modification修改Fabrication伪装InformationsourceInformationdestinationThirdpartyAnunauthorizedpartygainsaccesstoanasset.Thisisanattackonconfidentiality(保密性).

egs:wiretapping(窃听)

tocapturedatainanetworktheillicit(非法)copyingoffilesorprograms……4

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceTheCategoriesofattacks:Generally,therearefourgeneralcategoriesofsecurityattacksInterruption阻断Interception窃听Modification修改Fabrication伪装1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesInformationsourceInformationdestinationThirdpartyAnunauthorizedpartynotonlygainsaccesstobuttampers(篡改)

withanasset.Thisisanattackondeniability/integrity(完整性).Examplesare:changingvaluesinadatafilealteringaprogrammodifyingthecontentofmessages

……5

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceTheCategoriesofattacks:Generally,therearefourgeneralcategoriesofsecurityattacksInterruption阻断Interception窃听Modification修改Fabrication伪装1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesInformationsourceInformationdestinationThirdpartyAnunauthorizedpartyinsertscounterfeit(假冒的)objectsintothesystem.Thisisanattackonauthenticity(真实性).Examplesare:insertionofspuriousmessagesinanetworkadditionofrecordstoafile……6

2025/4/2AnIntroductiontoInformationSecurityLecture1:Preface1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesTheseattacksinvolvessomemodificationofthedatastreamorthecreationofafalsestream,whichcanbesubdividedintofourcategories:masquerade(伪装)replay(重放)modificationofmessages(篡改)denialofservice(拒绝效劳)Activeattackspresenttheoppositecharacteristicsofpassiveattacks:Easytodetectbuthardtoprevent！ActiveAttackPassiveattackand7

2025/4/2AnIntroductiontoInformationSecurityLecture1:Preface1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesPassiveattacksareinthenatureofeavesdropping(偷听)on,ormonitoringof,transmissions.Thegoaloftheopponentistoobtaininformationthatisbeingtransmitted.Twotypesofpassiveattacksare:

releaseofmessagecontents(泄密)

trafficanalysis(流量分析)passiveattackspresenttheoppositecharacteristicsofactiveattacks:Easytopreventbuthardtodetect！ActiveAttackPassiveattackand8

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceSecurityServicesConfidentiality(保密性)Availability(可用性)Nonrepudiation(防抵赖)Authentication(真实性)Integrity(完整性)AccessControl(可控性)1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesEnsuresthattheinformationinanetworkandtransmittedinformationareaccessibleonlyforreadingbyauthorizedparties.AssetsAuthorizedPartyUnauthorized

Party9

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceSecurityServicesConfidentiality(保密性)Availability(可用性)Nonrepudiation(防抵赖)Authentication(真实性)Integrity(完整性)AccessControl(可控性)1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesRequiresthatcomputerassetsbeavailabletoauthorizedpartiesasneeded.AssetsAuthorizedParty10

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceSecurityServicesConfidentiality(保密性)Availability(可用性)Nonrepudiation(防抵赖)Authentication(真实性)Integrity(完整性)AccessControl(可控性)1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesRequiresthatneitherthesendernorthereceiverofamessagebeabletodenythetransmission.ReceiverSenderIdidn’tsendRthemessage!Ididn'treceivethemessagefromS!11

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceSecurityServicesConfidentiality(保密性)Availability(可用性)Nonrepudiation(防抵赖)Authentication(真实性)Integrity(完整性)AccessControl(可控性)1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesEnsuresthattheoriginofamessageorelectronicdocumentiscorrectlyidentified,withanassurancethattheidentityisnotfalse.AuthorityIdentityIchbinXiaofeng+CredentialVerifyUserandCredentialAuthorizedAssets12

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceSecurityServicesConfidentiality(保密性)Availability(可用性)Nonrepudiation(防抵赖)Authentication(真实性)Integrity(完整性)AccessControl(可控性)1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesEnsurethesystemwiththecapabilitytodenyanymodificationsandtransmissionsofassetsfromun-authorizedparties.Inotherwords,onlyauthorizepartiesareabletomodifyassetsandtransmittedinformation.sourcedestinationUn-authorizedparty13

2025/4/2AnIntroductiontoInformationSecurityLecture1:PrefaceSecurityServicesConfidentiality(保密性)Availability(可用性)Nonrepudiation(防抵赖)Authentication(真实性)Integrity(完整性)AccessControl(可控性)1.AboutIS2.WWWIS?3.S_Attacks4.S_ServicesRequiresthataccesstoinformationresourcesmaybecontrolled

byorforthetargetsystem.eg:UserAssetsReadWriteAccess14

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographyTerminology:homoionym(近义词)Cryptography密码编码学encrypt,decryptencryption,decryptioncode,codingencode,decodecipher,cipheringencipher,deciphermessagecodemessageencryptdecryptplaintextciphertext15

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographyTerminology:homoionym(近义词)Cryptography密码编码学encrypt,decryptencryption,decryptioncode,codingencode,decodecipher,cipheringencipher,deciphermessagecodemessageencryptdecryptplaintextciphertext16

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographyCryptographyClassicCryptography:〔byWWII〕typicallyforconfidentialusageAandBhavealreadysharedsecretinformation,toprotecttheircommunicationModernCryptography〔fromWWII〕relatedtomoresecurityservices,as:confidentiality,integrity,authentication,andnon-repudiation.SymmetricCryptographyAsymmetricCryptographyCryptographicHashFunctionModernCryptography17

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographySymmetricC-AsymmetricC-C-HashFunctionSymmetric-keycipher：encryptionanddecryptionwith

thesamesecretkeyGeneralideaofSymmetric-keycipherPlaintextPlaintextCiphertextCiphertextDecryption

AlgorithmEncryption

AlgorithmSecureKey-exchangeChannelInsecureChannelShared

Secret-KeyShared

Secret-KeyAliceBob18

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographySymmetricC-AsymmetricC-C-HashFunctionAsymmetric-keycipher:encryptionanddecryptionwithdifferentkeysPlaintextPlaintextCiphertextCiphertextDecryption

AlgorithmEncryption

AlgorithmInsecureChannelAliceBobGeneralideaofAsymmetric-keycipher(1)Alice’s

Private-KeyAlice’sPublicKey19

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographySymmetricC-AsymmetricC-C-HashFunctionAsymmetric-keycipher:encryptionanddecryptionwithdifferentkeysPlaintextPlaintextCiphertextCiphertextEncryption

AlgorithmDecryption

AlgorithmInsecureChannelAliceBobGeneralideaofAsymmetric-keycipher(2)Alice’s

Private-KeyAlice’sPublicKey20

2025/4/2AnIntroductiontoInformationSecurityLecture2:OverviewofCryptography1.

WWWCryptography2.ClassicCryptographySymmetricC-AsymmetricC-C-HashFunctionCryptographicHashFunction:密码散列函数withorwithoutsecretkeyGeneralideaofHashFunctionforMessageDigestHashFunctionHashFunctionInsecureChannelAliceBob×MdigestmessageMdigestMdigest’21

2025/4/2AnIntroductiontoInformationSecurityLecture3:OverviewofCryptography(II)1.1Kerckhoff’sPrinciplea.k.a.,Kerckhoffs'assumption,axiomorlawacryptosystemshouldbesecureevenifeverythingaboutthesystem,exceptthekey,ispublicknowledge.密码系统的平安性不在于算法的保密，而在于当对手获知了算法和密文后分析出密钥或明文的难度。1.MoreConceptsofCryptography3…

2…

AugusteKerckhoffs

1835-1903

What?“Theenemyknowsthesystem.〞——byClaudeShannonShannon'smaxim22

2025/4/2AnIntroductiontoInformationSecurityLecture3:OverviewofCryptography(II)1.2ConfusionandDiffusionConfusion:(混淆)makingtherelationshipbetweenthekeyandtheciphertextascomplexandinvolvedaspossible;Diffusion:(扩散)thepropertythattheredundancyinthestatisticsoftheplaintextis"dissipated"inthestatisticsoftheciphertext;1.MoreConceptsofCryptography3…

2…

ClaudeElwoodShannon(April30,1916–February24,2001),anAmericanelectronicengineerandmathematician,isknownas"thefatherofinformationtheory".23

2025/4/2AnIntroductiontoInformationSecurityLecture3:OverviewofCryptography(II)1.3AvalancheeffectIncryptography,theavalancheeffectreferstoadesirablepropertyofcryptographicalgorithms,typicallyblockciphersandcryptographichashfunctions.Theavalancheeffectisevidentif,whenaninputischangedslightly(forexample,flippingasinglebit)theoutputchangessignificantly(e.g.,halftheoutputbitsflip)Inthecaseofqualityblockciphers,suchasmallchangeineitherthekeyortheplaintextshouldcauseadrasticchangeintheciphertext;1.MoreConceptsofCryptography3…

2…

24

2025/4/2AnIntroductiontoInformationSecurityLecture3:OverviewofCryptography(II)1.4SubstitutionCipherAsubstitutioncipherreplacesonesymbolwithanother.Substitutioncipherscanbecategorizedaseithermonoalphabeticciphersorpolyalphabeticciphers.TranspositionCipherAtranspositioncipherdoesnotsubstituteonesymbolforanother,insteaditchangesthelocationofthesymbols.1.MoreConceptsofCryptography3…

2…

25

2025/4/2AnIntroductiontoInformationSecurityLecture3:OverviewofCryptography(II)1.5

Blockcipher

andStreamCipher1.MoreConceptsofCryptography3…

2…

Agroupofplaintextsymbolsofsizem(m>1)areencryptedtogethercreatingagroupofciphertextofthesamesize.Asinglekeyisusedtoencryptthewholeblockevenifthekeyismadeofmultiplevalues.plaintext{T,X,T}=EK{e,x,t}{H,E,R}=EK{i,n,t}{C,I,P}=EK{p,l,a}CIPHERTXTEncryptionalgorithmK26

2025/4/2AnIntroductiontoInformationSecurityLecture3:OverviewofCryptography(II)1.5

Blockcipher

andSteramCipher1.MoreConceptsofCryptography3…

2…

Inastreamciphertheplaintextdigitsareencryptedoneatatime,andthetransformationofsuccessivedigitsvariesduringtheencryption.plaintextP=EK3(a)I=EK2(l)C=EK1(p)CHERTXTEncryptionalgorithmK=(k1,k2,k2…)………..………..IP27

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciplesP-box

S-boxXORCircularShiftSwapSplit/Combine1.ProductCipher3…

2…

AP-box(permutationbox)parallelsthetraditionaltranspositioncipherforcharacters.Ittransposes(移动)bits.Astraight(直接的)P-boxisinvertible(可逆的),butcompressionandexpansionP-boxesarenot.e.g.StraightP-boxcompressionP-boxexpansionP-box28

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciplesP-boxS-box

XORCircularShiftSwapSplit/Combine1.ProductCipher3…

2…

AnS-box(substitution

box)canbethoughtofasaminiature(微小的)substitutioncipher.AnS-boxisanm×nsubstitutionunit,wheremandnarenotnecessarilythesame.110110100129

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciples

P-boxS-boxXORCircularShiftSwapSplit/Combine1.ProductCipher3…

2…

Theexclusive-oroperationisanimportantcomponentinmostblockciphers.XOR01001110+e.g.AxorBxorB=?30

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciples

P-boxS-boxXORCircularShiftSwapSplit/Combine1.ProductCipher3…

2…

Thecircularshiftoperationisanothercomponentfoundinsomemodernblockciphers.e.g.31

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciples

P-boxS-boxXORCircularShiftSwapSplit/Combine1.ProductCipher3…

2…

Theswapoperationisaspecialcaseofthecircularshiftoperationwherek=n/2.e.g.32

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciples

P-boxS-boxXORCircularShiftSwapSplit/Combine1.ProductCipher3…

2…

Twootheroperationsfoundinsomeblockciphersaresplitandcombine.e.g.SplitCombine33

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciplesProductCipher:asimpleexample1.ProductCipher3…

2…

8bitplaintextblock1block2……blocknkeymixerS-box3S-box1S-box2S-box412345678P-box8bitmiddletextk18bitmiddletextk28bitciphertextRound1Round2RoundKeyGeneratorK34

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciplesFeistelcipherisasymmetricstructureusedintheconstructionofblockciphersbasedonconceptofinvertibleproductcipher.implementsShannon’sS-Pnetconceptpartitionsinputblockintotwohalvesprocessthroughmultipleroundswhichbasedonroundfunctionofrighthalf&subkeythenhavepermutationswappinghalves2.TheFeistelCipher3…

1…

HorstFeistel

1915-1990LiRi+Li+1Ri+1FKiLi+1Ri+135

2025/4/2AnIntroductiontoInformationSecurityLecture4:BlockCipherPrinciplesFeistelCipher:PropertiesBlocksizeKeysizeNumberofroundsSubkeygenerationRoundfunctionFastsoftwareE/DEaseofanalysis2.TheFeistelCipher3…

1…

36

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:WholePictureTheencryptionprocessismadeof2permutations(P-boxes),whichwecallinitial(初始)andfinalpermutations,and16Feistelrounds.1.DataEncryptionStandard3…

2…

DES64bitplaintext64bitciphertextInitialpermutationRound1Round2Round16Finalpermutation.

...

..56bitkeyK1K2K16Round-keygenerator37

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:InitialandFinalPermutationsInitialPermutations:IPFinalPermutations:IP-1TheinitialandfinalpermutationsarestraightP-boxesthatareinverses(互逆的)ofeachother.Theyhavenomuchcryptographicsignificance(意义)inDES.1.DataEncryptionStandard3…

2…

38

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:RoundsDESuses16rounds.EachroundofDESisaFeistelcipher.1.DataEncryptionStandard3…

2…

AroundinDES(encryptionsite)Li=Ri-1Ri=Li-1f(Ri-1,Ki)+39

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)TheheartofDESistheDESfunction.TheDESfunctionappliesa48-bitround-

keytotherightmost32bitstoproduce

a32-bitoutput.1.DataEncryptionStandard3…

2…

DESfunction40

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

E-PboxSinceRi−1isa32-bitinputandKiisa48-bitkey,wefirstneedtoexpandRi−1to48bits.41

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

XOR：“Add〞RoundKeyAftertheexpansionpermutation,DESusestheXORoperationontheexpandedrightsectionandtheroundkey.Notethatboththerightsectionandthekeyare48-bitsinlength.Alsonotethat

theroundkeyisusedonlyinthisoperation.42

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

S-boxTheS-boxesdotherealmixing(confusion).

DESuses8S-boxes,eachwitha6-bitinputanda4-bitoutput.43

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

S-boxTheS-boxesdotherealmixing(confusion).

DESuses8S-boxes,eachwitha6-bitinputanda4-bitoutput.44

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

S-boxe.g.inputbits:110100Whataretheoutputbits:??TheS-boxesdotherealmixing(confusion).

DESuses8S-boxes,eachwitha6-bitinputanda4-bitoutput.45

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

S-box46

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.1DESEncryption:FeistelFunction(DESFunction)1.DataEncryptionStandard3…

2…

S-PboxThelastoperationis

StraightPermutation

withaP-boxasfollow.47

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.2DESDecryption:ThesamealgorithmasencryptionUseK1->K16asencryption,

butk16->K1asdecryption1.DataEncryptionStandard3…

2…

48

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandard2.3KeyGenerationandExpansion(扩展)64bitsRandomNumberDrop8bitsandpermutated

to

56bitsKeyTheround-keygeneratorcreates

sixteen48-bitkeysoutofa56-bit

cipherkey.Expand16sub-keyssplit56bitsto2halvesshifteachhalfcombinethemdocompresspermutationto

48bitsround-key1.DataEncryptionStandard3…

2…

49

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandardWhyMultipleEncryption?alternativestoDESexpandkeysize3.MultipleEncryptionand3-DES1…

2…

DESDESK1K2PlaintextMidtextCiphertext50

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandardDoubleDESC=EK2(EK1(P))P=DK1(DK2(C))C=DK2(EK1(P))P=DK1(EK2(C))Meet-in-the-middleattack:3.MultipleEncryptionand3-DES1…

2…

51

2025/4/2AnIntroductiontoInformationSecurityLecture5:DataEncryptionStandardTripleDESTripleDESwith2keysC=Ek1(Dk2(Ek1(P)))P=Dk1(Ek2(Dk1(C)))K1+K2:112bitsTripleDESwith3keysC=Ek3(Dk2(Ek1(P)))P=Dk1(Ek2(Dk3(C)))MoresecurethanDES,butwithmorecost3.MultipleEncryptionand3-DES1…

2…

52

2025/4/2AnIntroductiontoInformationSecurity2.1TheAESCipher:wholepicture2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕BasicDescription:1.Blocksize：128bits2.Keysize：128/192/256bits3.Rounds:10/12/144.Roundkeysize：128bits5.NotFeistelCipher

Notethat:Addroundkeybeforeround1;Nomix-columnsinlastround

53

2025/4/2AnIntroductiontoInformationSecurity2.1TheAESCipher:wholepicture2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕54

2025/4/2AnIntroductiontoInformationSecurity2.2TheAESCipher:importantconceptsfordataunitBit:1or0Byte:8bitsWord:32bitsBlock:128-bits，forinputplaintext

andoutputciphertextState:128-bits,datablockinmidstage2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕01010010010100101101011001111110110011115252D67ECFAC8723242612BAC79954D2B4177609DA55

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkey56

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkey57

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkey0123456789ABCDEF0123456789ABCDEFAC2612BA87C7995423D2B417247609DA91F7C9F417C6EE2026B58DF036380157FindthelocationsinS-boxtosubstituteinputbytes915758

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkeyAESEncryption：S-boxeg:S-box({AC})={91}AESDecryption：S-box-1eg:S-box-1({91})={AC}S-box、S-Box-1的构造过程：P11059

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkeyThisisatransposition/permutationoperationonrows.60

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkeyThemostcomplicatedoperationinAES61

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkey62

2025/4/2AnIntroductiontoInformationSecurity91F7C9F4C6EE20178DF026B53638015702030101010203010101020301010203×91C68D57={02}⊙{10010001}{03}⊙{11000110}{01}⊙{10001101}{01}⊙{01010111}⊕⊕⊕=00111001010100011000110101010111⊕⊕⊕10110010B2E5xxxxxxxxxxxxxxxxxxxxxxxx32xxn×n矩阵的乘法，继续…Example3MixColumnsLecture6:AdvancedEncryptionStandard〔AES〕63

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkeyAESencryption：CAESdecryption：C-164

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:roundtransformations2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕1)ByteSubstitution2)ShiftRows3)MixColumns4)AddRoundkeyAddRoundKeyproceedsonecolumnatatime.AddRoundKeyaddsaroundkeywordwitheachstatecolumnmatrix;theoperationinAddRoundKeyismatrixaddition.TheAddRoundKeytransformationistheinverseofitself65

2025/4/2AnIntroductiontoInformationSecurity2.3TheAESCipher:DecryptionDecryptionisthereverseprocess

ofencryptionRemarks:Sub-BytesS-boxforencryptionS-box-1fordecryptionMix-columnmatrixCfordecryptionmatrixC-1fordecryptionReverseroundkeys2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕66

2025/4/2AnIntroductiontoInformationSecurity2.4AESKeyExpansionTocreateroundkeysforeachround,AESusesakey-expansionprocess.IfthenumberofroundsisNr,thekey-expansionroutinecreatesNr+1128-bitroundkeysfromonesingle128-bitcipherkey.2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕67

2025/4/2AnIntroductiontoInformationSecurity2.4AESKey

Expansion2.AESAlgorithm3…

1…

Lecture6:AdvancedEncryptionStandard〔AES〕68

2025/4/2AnIntroductiontoInformationSecurityLecture7:BlockCipherModesofOperation2.1ECB2.2CBC2.3CFB2.4OFB2.5CTR2.BlockCipherModesofOperation1…

TheElectronicCodeBook(电子密码本模式):simplestmodeEachblockofplaintextisencodedindependently(独立地)usingthesamekeyPencryptKThefirstm-bitofPTime=1Thesecondm-bitofPTime=2Thesecondm-bitofCencryptKThenthm-bitofPTime=NThenthm-bitofCencryptKThefirstm-bitofCCAnyProblem?69

2025/4/2AnIntroductiontoInformationSecurityLecture7:BlockCipherModesofOperation2.1ECB2.2CBC2.3CFB2.4OFB2.5CTR2.BlockCipherModesofOperation1…

TheElectronicCodeBookCommentstoECBthesameblockofplaintext,ifitappearsmorethanonceinthemessage,alwaysproducesthesameciphertext.Cannotprev