Information security is the general practice of defending information from unauthorized access, disclosure, modification, or other related activities. In the computer security realm, this can include tasks such as data encryption, including file encryption for individual files, folders, or volumes, up to and including whole disk encryption. Additionally, access to computer systems, electronic data, or user accounts can be gated by an account authorization process, which can involve several levels of information security. Additionally, copyright holders can use digital rights management (DRM) technologies to limit the use of digital content to usages that are authorized by the rights holders. Each of these technologies employs data encryption technologies as an information security measure.
A specific type of data encryption works on finite blocks of data. These block ciphers are designed to encrypt a specific amount of data in one pass of the cipher. Unencrypted data, referred to as “cleartext” or “plaintext,” is divided into data blocks according to the pre-defined block size of the block cipher, and each block is processed. The Advanced Encryption Standard is one example of a block cipher. The specification for the Advanced Encryption Standard (AES) can be found in Announcing the Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, Nov. 26, 2001, which is incorporated herein by reference.
AES is an iterated block cipher based on a substitution-permutation network. Electronic data is processed 16 bytes (128 bits) at a time using a 128, 192, or 256-bit cipher key. The AES algorithm iterates upon a state buffer, which can be represented as a 4×4 column-major order matrix of bytes. First, a block of unencrypted data is loaded into the state buffer. In the initial round of AES, the data in the state buffer is combined with the first “round key,” which is a sub-key derived from the cipher key using a key schedule algorithm. Subsequently, multiple “rounds” of substitution and permutation are performed on the AES State, and during each round, an additional sub-key derivation of the encryption key is added to the AES State. Decryption of encrypted data is performed using the inverse of the encryption operations.
FIG. 1 is an illustration of a state buffer transition through the various operations of the AES algorithm. The basic AES operations are AddRoundKey, SubBytes, ShiftRows, and MixColumns. In the exemplary illustration, 11 rounds of operations are performed using an 128 bit cipher key. In the initial round, a buffer containing the AES state 102 is loaded with unencrypted data, and an initial AddRoundKey operation (e.g., AddRoundKey—0 106) is performed. In an AddRoundKey operation, each byte of the state buffer 102 is combined with a subkey (e.g., Subkey—0 108), which is derived from the secret cipher key. The subkey for each round is the same size as the state (16-bytes), and is generated from the secret cipher key using a key-scheduling algorithm. The subkey is combined with the state once each round using an exclusive or (XOR) operation.
In round 1 through round 9, each of the AES operations is performed once. The Substitute Bytes (SubBytes) operation performs non-linear substitutions in which each byte is replaced with another byte according to a lookup table. The ShiftRows operation performs a transposition in which each row of the state buffer is shifted cyclically a certain number of steps. The MixColumns operation is a mixing operation in which the four bytes of each column of the state buffer are combined using a linear transformation, where each column is treated as a four-term polynomial. Accordingly, for each iteration “i,” a SubBytes_i 110, a ShiftRows_i 112, a MixColumns_i 114, and an additional AddRoundKey_i 116 is performed on the block cipher. During the AddRoundKey_i 116 operation, a round specific Subkey_i 118 is combined with the State 102 with an XOR operation.
In the final round, the MixColumns operation is omitted, and a SubBytes—10 120, ShiftRows—10 122, and a final AddRoundKey—11 126 operation is performed, in which the 11th Subkey (e.g., Subkey—10 126) is XORed with the AES state buffer 102. The decryption of AES encrypted data is performed by performing the inverse of each encryption operation in the inverse order of the encryption operation. The inverse operation of AddRoundKey is an additional AddRoundKey operation. The InverseSubBytes operation performs table lookup to perform the inverse of the byte substitution, as does the InverseMixColumn operation. The InverseShiftRows operation inverts the ShiftRows operation performed during the data encryption.