Cryptography Lab
AES Block Cipher Internals & Modes of Use
Objective
The objective of this lab is to explore the operation of the AES
encryption algorithm by tracing its execution, computing one round
by hand, and then exploring the various block cipher modes of use.
Resources - AES Calculator
To explore the operation of the AES block cipher, you will be
using the AES Calculator Applet.
This applet is used to encrypt or decrypt test data values using
the AES block cipher. It can optionally provide a trace of the
calculations performed, with varying degrees of detail.
For this lab, you will be assigned a Key Plain Cipher triple to use.
The triple is written as three values in hexadecimal being the key (128/192/256 bits),
plaintext (128 bits) and ciphertext (128 bits) values respectively;
and should look something like the following:
000102030405060708090a0b0c0d0e0f 00112233445566778899aabbccddeeff 69c4e0d86a7b0430d8cdb78070b4c55a
If you encrypt the specified plaintext with the key, you should get
the ciphertext value; if you decrypt the ciphertext value, you should
get the plaintext value. Depending on the trace level specified, you will
also be given details of the round calculations as they are computed.
You can run the AES Calculator
Applet in the following ways:
- install on your own system
- the AES Calculator
Applet page provides links for the files to download onto your system.
Then just open the AEScalc.html
page using either your favorite (Java enabled) web browser, or running
"
appletviewer AEScalc.html
" from the Java SDK distribution,
to run the applet.
- direct web access
- alternatively you can access the
AES Calculator
directly from this site to run the applet.
Please note that the applet has limited error handling, supplying an
incorrect input value is liable to generate nonsense results!
Lab Task - Part a - Block Cipher Internals
For this lab, you have been allocated a specific AES triple
from the list below (please make sure you use it). You will use the
key and plaintext values from this triple in the
AES Calculator.
With this triple, you are asked to do the following tasks:
- Encrypt the plaintext using the key given in your triple, with tracing
of the round values. Note how the value of the state (result of each
round) changes from round to round. What is the value of your state
after round 4?
- Change AES bit 12 of the PLAINTEXT in your triple (ie change the 0 to
1, or 1 to 0 as appropriate), assuming AES bit numbering from left (MSB) bit
0 to right (LSB) bit 127. Encrypt this new plaintext value using the AES Calculator. Using the trace
output, after each of the first four rounds list in a table how many
bits of state differ from the corresponding values in part i
(nb. you will have to convert between hexadecimal & binary and compare the
relevant bits to do this).
- Describe which characteristic(s) of a good block cipher design have been
illustrated by this exercise, and how they are demonstrated.
Assessment - Part a
As assessment for this part of the lab, you should create a file for this lab.
At the top of this file you should include
the name of this course, this lab, your name, and your student number.
Then include the heading: Part a: Block Cipher Internals, and
follow this with the trace logs of the round values for all the AES
encryptions you ran for each of the above tasks, your working, your
answers and discussions.
AES Triples:
The table below lists triples on the left with the login of the person they
are allocated to on the right (nb. you may need to scroll the window to see
the logins). These were randomly generated using the GenAES program, which is
also included in the JAR file, and which generates n random triples
when run as:
java -cp AEScalc.jar GenAES n
Triple (key plain cipher)in Hexadecimal Login
7fab598e7931dd744e9e0626994d07e6 f77312ea0d1367311e0f79802c04cc67 27da9045d7f3f47d0b2a59c6b16bec6f xxx
Lab Task - Part b - Block Cipher Round
For the second part of this lab, using your original plaintext
and key values, you should calculate the value of the initial AddRoundKey
stage, and all of the stages in round one (the 1st full round)
by hand.
Firstly you need to determine the subkeys used by these stages (ie the 1st 8
subkey words). Please provide full details of your working in doing
this (ie all S-box lookups, rotations, XOR's).
Then provide the details of the initial AddRoundKey stage, and all round
one stages. Again provide full details of your working in
doing this (ie all S-box lookups, rotations, multiplications including
modulo reductions, XOR's).
You can verify the results of your calculations by comparing them to
the state and sub-key values given by the
AES Calculator.
Assessment - Part b
As assessment for this part of the lab, edit your lab file to
include the heading: Part b: Block Cipher Round, and follow this
with the full details of how you computed each of the stages
specified.
Lab Task - Part c - Block Cipher Modes of Use
For this part of this lab, you will be encrypting by hand, the
same message using the same key, twice, once in CBC mode,
then in CFB-128 mode. Note - you are not asked to compute the AES
internal values by hand, you may use the
AES Calculator for this.
Rather you are showing how each of the above modes is implemented,
treating AES now as a "black box" en/decryption algorithm (ie something
that takes input & key and gives you some output).
Setup
To start with you need to create the key and message you'll use, and represent
them in hex (binary) as follows:
- key
- create a 16-byte (128-bit) key based on your full name
and other letters (if necessary) to make it 16 chars long,
eg my key might be: "
LawrieBrownXYZPQ
".
Then translate this from ASCII into hexadecimal (see below).
- message
- create a short message of between 35 and 45 bytes in length
which includes your name. eg I could use a message of:
This is a sample test message for Lawrie!
Please ensure it is at least 35 and no more than 45 characters,
that is it should incompletely span 3 input blocks of the cipher.
To convert from the ASCII text of your key/message to hexadecimal (and hence
binary), you can:
To show how you'd use these, I could for example implement the ECB mode
(which is not what you are asked to do) as follows:
given my key above, and the first 16 bytes of my message "This is a sample",
I'd create the following key and plaintext hex values:
4c617772696542726f776e58595a5051 5468697320697320612073616d706c65
and then encrypt this using the AES Calculator
which tells me (using trace level 1):
setKey(4c617772696542726f776e58595a5051)
encryptAES(5468697320697320612073616d706c65) = 077191dae654d4aab7870760ff7d6ffe
hence my first block of ciphertext in ECB mode would be:
077191dae654d4aab7870760ff7d6ffe
Illustrate Implementation of CBC Mode
Demonstrate how the CBC Mode can be used to first encrypt, and then
decrypt the above message, divided into blocks. You should use an
IV of all 0's. CBC mode is:
Ci = AESK1(Pi XOR Ci-1)
C-1 = IV
You should explicitly discuss how you handle the final, undersize block,
and how the receiver determines which decrypted bytes are valid. This
is part of the assessment for this item.
You will find it relatively simple to implement the XOR's for this mode if
you use a scientific calculator with the ability to enter and display
numbers in various bases and to perform logical operations (eg. the Windows
Calculator in Scientific Mode, or kcalc on Linux).
Illustrate Implementation of CFB-128 Mode
Demonstrate how the CFB-128 Mode can be used to first encrypt, and then
decrypt the above message, handling each character (byte) of the message separately
in a stream. Again use an IV of all 0's. CFB mode is:
Ci = Pi XOR AESK1 (Ci-1)
C-1 = IV
and you will be using 128-bit feedback (ie all 16 bytes of ciphertext),
which can be done only after you have processed 16 distinct bytes
of the message.
Discussion
You should conclude this section with a few sentences on how easy or
not each mode was to implement, and each's applicability to different
applications.
Assessment - Part c
As assessment for this part of the lab, edit your lab file to
include the heading: Part c: Block Cipher Modes of Use, and follow
this with full details of all your calculations showing how you
implemented the above modes. You should include all your AES Calculator
traces of key, data and resulting output values, but not internal
round values; as well as all your calculations and discussions.
Copyright ©
Lawrie Brown /
6 Jun 2005