New Encryption Algorithm Based on Network RFWKIDEA8-1 Using Transformation of AES Encryption Algorithm

(1)

Available online at: www.ijcncs.org

E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print)

New Encryption Algorithm Based on Network RFWKIDEA8-1

Using Transformation of AES Encryption Algorithm

GULOM TUYCHIEV

National University of Uzbekistan, Republic of Uzbekistan, Tashkent

E-mail: [email protected]

ABSTRACT

In this article we developed a new block encryption algorithm based on network RFWKIDEA8-1 using of the transformations of the encryption algorithm AES, which is called AES- RFWKIDEA8-1. The block’s length of this encryption algorithm is 256 bits; the numbers of rounds are 10, 12 and 14. The advantages of the encryption algorithm AES- RFWKIDEA8-1 are that, when encryption and decryption process used the same algorithm. In addition, the AES-RFWKIDEA8-1 encryption algorithm encrypts faster than AES.

Keywords:Advanced Encryption Standard, Feystel Network, Lai–Massey Scheme, Round Function, Round keys, Output Transformation, Multiplicative Inverse, Additive Inverse.

1 INTRODUCTION

In September 1997 the National Institute of Standards and Technology (NIST) issued a public call for proposals for a new block cipher to succeed the Data Encryption Standard (DES) [4]. Out of 15 submitted algorithms the Rijndael cipher by Daemen and Rijmen [1] was chosen to become the new Advanced Encryption Standard (AES) in November 2001 [2]. The Advanced Encryption Standard is a block cipher with a fixed block length of 128 bits. It supports three different key lengths: 128 bits, 192 bits, and 256 bits. Encrypting a 128-bit block means transforming it in n rounds into a 128-bit output block. The number of rounds n

depends on the key length: n = 10 for 128-bit keys,

n = 12 for 192-bit keys, and n = 14 for 256-bit keys. The 16-byte input block (t0, t1, …, t15) which is

transformed during encryption is usually written as a 4x4 byte matrix, the called AES State.

0

t t4 t8 t12 1

t t5 t9 t13 2

t t6 t10 t14 3

t t7 t11 t15

The structure of each round of AES can be reduced to four basic transformations occurring to

the elements of the State. Each round consists in applying successively to the State the SubBytes(), ShiftRows(), MixColumns() and AddRoundKey() transformations. The first round does the same with an extra AddRoundKey() at the beginning whereas the last round excludes the MixColumns() transformation.

The SubBytes() transformation is a nonlinear byte substitution that operates independently on each byte of the State using a substitution table (S-box). Figure 1 illustrates the SubBytes() transformation on the State.

0

t t4 t8 t12 s0 s4 s8 s12 1

t t5 t9 t13 s1 s5 s9 s13 2

t t6 t10 t14 s2 s6 s10 s14 3

t t7 t11 t15 s3 s7 s11 s15

Fig. 1. SubBytes()transformation

In the ShiftRows() transformation operates on the rows of the State; it cyclically shifts the bytes in each row by a certain offset. For AES, the first row is left unchanged. Each byte of the second row is shifted one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three respectively. Figure 2 illustrates the ShiftRows() transformation.

(2)

0

s s4 s8 s12 s'0 s'4 s'8 s'12

1

s s5 s9 s13 cyclically shifts s'1 s'5 s'9 s'13

2

3

Fig. 2. ShiftRows() transformation.

The MixColumns() transformation operates on the State column-by-column, treating each column as a four-term polynomial. The columns are considered as polynomials over GF(₂8

) and multiplied modulo 4 1



x with a fixed polynomial

) (x

a , given by ( ) 3 2 2 2

    x x x x

a . Let

' )

(x s

a

p  :

3 ... 0 ,

' ' ' '

02 01 01 03

03 02 01 01

01 03 02 01

01 01 03 02

3 4

2 4

1 4 4

3 4

2 4

1 4 4



    

 

    

 

   

 

   

 



    

 

    

 

  

i s s s s

p p p p

i i i i

As a result of this multiplication, the four bytes in a column are replaced by the following:

3 4 2 4 1 4 4

4i ({02}s'i)({03}s'i )s'i s'i y

3 4 2 4 1

4 4

1

4i s'i({02}s'i )({03}s'i )s'i y

) ' } 03 ({ ) ' } 02 ({ '

'4 4 1 4 2 4 3

2

4i s is i s i  s i

y

) ' } 02 ({ ' ' ) ' } 03

({ 4 4 1 4 2 4 3

4

4i  s i s is i  s i

y .

Figure 3 illustrates the MixColumns() transformation.

0

'

s s'4 s'8 s'12 p0 p4 p8 p12 1

'

s s'5 s'9 s'13 p1 p5 p9 p13 2

'

s s'6 s'10 s'14 p2 p6 p10 p14 3

'

s s'7 s'11 s'15 p3 p7 p11 p15

Fig. 3. MixColumns() transformation.

Description network RFWKIDEA8-1 given in [3] and, similarly as in the Feistel network, when it encryption and decryption using the same algorithm. In the network used one round function having four input and output blocks and as the round function can use any transformation.

In this paper developed block encryption algorithm AES-RFWKIDEA8-1 based network RFWKIDEA8-1 using transformation of the encryption algorithm AES. The length of block of

the encryption algorithm AES-RFWKIDEA8-1 is 256 bits, the number of rounds

n

equal to 10, 12, 14 and the length of key is variable from 256 bits to 1024 bits in steps 128 bits, i.e. key length is equal to 256, 384, 512, 640, 768, 896 and 1024 bits.

2 THE STRUCTURE OF THE ENCRYPTION ALGORITHM AES-RFWKIDEA8-1

In the encryption algorithm AES-RFWKIDEA8-1 as the round function used SubBytes(), ShiftRows(), MixColumns() transformation of the encryption algorithm AES. The scheme

n

-rounded encryption algorithm AES-RFWKIDEA8-1 shown in Figure 4, and the length of subblocks 0

X , 1

X , ..., 7

X , length of round keys K8(i1), K8(i1)1,...,

7 ) 1 ( 8i 

K , i1...n1 and K8n8, K8n9, ..., K8n23 are

equal to 32 bits.

Fig. 4. The scheme n-rounded encryption algorithm AES-RFWKIDEA8-1

Consider the round function of the encryption algorithm AES-RFWKIDEA8-1. Initially 32-bit

(3)

subblocks

T

0,

T

1,

T

2,

T

3, are partitioned into 8-bit subblocks, i.e., on bytes:

)

(

0

sb

T

t



,

(

0

)

1

sb

T

t



,

(

0

)

2

sb

T

t



,

)

(

0

3

sb

T

t



,

(

1

)

0

4

sb

T

t



,

(

1

)

1

5

sb

T

t



,

)

(

1

2

6

sb

T

t



,

(

1

)

3

7

sb

T

t



,

(

2

)

0

8

sb

T

t



,

)

(

2

1

9

sb

T

t



,

(

2

)

2

10

sb

T

t



,

(

2

)

3

11

sb

T

t



,

)

(

3

0

12

sb

T

t



,

(

3

)

1

13

sb

T

t



,

(

3

)

2

14

sb

T

t



,

)

(

3

15

sb

T

t



, here

sb

0

(

X

)



x

0

x

1

...

x

7,

15 9 8 1

(

X

)

x

...

x

sb



,

sb

2

(

X

)



x

16

x

17

...

x

23,

31 25 24 0

(

X

)

x

...

x

sb



and

X



x

0

x

1

...

x

31. After which the 8-bit subblocks t0, t1, ..., t15 are written

into the array State and are executed the above transformations SubBytes(), ShiftRows(), MixColumns().

After the MixColumns() transformation we obtain 8-bits subblocks p0, p1, ..., p15. The

resulting 8-bit subblocks are writes on a 32-bit subblocks

Y

0,

Y

1,

Y

2,

Y

3 as follows:

3 2 1 0

0

_p

_||

_p

_||

_p

_||

_p

Y



, 4 5 6 7

1

_p

_||

_p

_||

_p

_||

_p

Y



11 10 9 8 2

||

p

Y



, 12 13 14 15

3

|| ||

|| p p p

p

Y  .

The S-box SubBytes() transformation shown in Table 1 and is the only nonlinear transformation. The length of the input and output blocks S-box is eight bits. For example, if the input value the S-box is equal to 0xE7, then the output value is equal 0xFA, i.e. selected elements of intersection row 0xE and column 0x7.

Table 1: The S-box of encryption algorithm AES-RFWKIDEA8-1 0x 0 0x 1 0x 2 0x 3 0x 4 0x 5 0x 6 0x 7 0x 8 0x 9 0x A 0x B 0x C 0x D 0x E 0x F 0x 0 0x 7F 0x F6 0x B6 0x 38 0x 36 0x 05 0x F1 0x 5B 0x 37 0x 47 0x 8B 0x 4A 0x B8 0x 8F 0x ED 0x 65 0x 1 0x EF 0x DA 0x D5 0x 25 0x 4C 0x 4F 0x 15 0x DF 0x F0 0x B5 0x 44 0x 19 0x 80 0x 59 0x 91 0x 7C 0x 2 0x 5E 0x 82 0x 34 0x 17 0x 2A 0x 83 0x 11 0x F2 0x C3 0x 8A 0x C5 0x 0C 0x AB 0x 3B 0x E4 0x 8E 0x 3 0x 60 0x B2 0x 30 0x 46 0x D3 0x 13 0x B3 0x 9D 0x 5A 0x 40 0x 33 0x 0B 0x A2 0x C4 0x 79 0x 5F 0x 4 0x 3D 0x 09 0x 84 0x 3A 0x E9 0x 22 0x 75 0x AD 0x 0F 0x 77 0x 5C 0x AA 0x A3 0x D8 0x BE 0x C7 0x 5 0x DC 0x 92 0x 94 0x BF 0x 0A 0x 51 0x 43 0x A6 0x D6 0x 3C 0x F7 0x 9E 0x 48 0x 55 0x 9C 0x C8 0x 6 0x 41 0x 56 0x 3E 0x 9F 0x E1 0x 86 0x 0D 0x 14 0x FC 0x 76 0x 7D 0x CC 0x E6 0x B9 0x BA 0x D7 0x 7 0x 35 0x 97 0x DB 0x 87 0x E7 0x 53 0x 4D 0x F8 0x 1E 0x 8D 0x D2 0x D9 0x A9 0x 6B 0x E5 0x A8 0x 8 0x 21 0x 1A 0x 93 0x 6C 0x 52 0x C0 0x 2F 0x 67 0x 88 0x 63 0x 1F 0x 6A 0x B1 0x BB 0x 00 0x 42 0x 9 0x 45 0x E0 0x 6F 0x CF 0x E3 0x 99 0x 0E 0x 49 0x C6 0x 85 0x EA 0x 5D 0x 26 0x 81 0x D4 0x 01 0x A 0x E2 0x DE 0x A4 0x 07 0x 72 0x 89 0x FE 0x 68 0x 95 0x 7B 0x 23 0x AC 0x DD 0x 29 0x 16 0x D1 0x B 0x 2C 0x 06 0x F9 0x 18 0x 6E 0x 66 0x BC 0x 04 0x CB 0x FB 0x 2B 0x 71 0x 62 0x EB 0x CA 0x EE 0x C 0x 03 0x 02 0x 2D 0x 6D 0x 27 0x B0 0x 64 0x 61 0x 98 0x 1C 0x 8C 0x 1D 0x 9B 0x CD 0x 73 0x A0 0x D 0x 78 0x 50 0x B7 0x 58 0x A1 0x AE 0x C2 0x F3 0x 96 0x 10 0x 28 0x 39 0x 2E 0x AF 0x F4 0x 69 0x E 0x 31 0x A5 0x 74 0x 7A 0x EC 0x E8 0x 54 0x FA 0x 4E 0x CE 0x FD 0x 4B 0x 1B 0x C1 0x 70 0x F5 0x F 0x BD 0x 7E 0x 9A 0x C9 0x 24 0x FF 0x 32 0x 3F 0x 08 0x A7 0x 57 0x 20 0x 90 0x 12 0x D0 0x B4

Consider the encryption process of encryption algorithm AES-RFWKIDEA8-1. Initially the 256-bit plaintext

X

partitioned into subblocks of 32-bits 0

0

X , 1 0

X , …, 7 0

X , and performs the following steps:

1) subblocks 0 0

X , 1 0

X , …, 7 0

X summed by XOR respectively with round key K8n8, K8n9, …,

15 8n

K : n j

j j

K X

X0  0 88 , i0...7

2) subblocks 0 0

X , 1 0

X , …, 7 0

X multiplied and summed respectively with the round key K8(i1),

1 ) 1 ( 8i 

K , …, K8(i1)7 and calculated 32-bit subblocks 0

T

,

T

1,

T

2,

T

3. This step can be represented as follows:

)

(

)

(

4 ₈₍ ₁₎₄

1 ) 1 ( 8 0 1 0     









X

_i

K

_i

X

_i

K

_i

T

,

)

(

)

(

8( 1)5

5 1 1 ) 1 ( 8 1 1 1      









X

i

K

i

X

i

K

i

T

,

) (

)

( 8( 1)6

6 1 2 ) 1 ( 8 2 1 2         

 Xi K i Xi K i

T ,

)

(

)

(

8( 1)7

7 1 3 ) 1 ( 8 3 1 3      









X

i

K

i

X

i

K

i

T

,

i



1

.

3) subblocks

T

0,

T

1,

T

2,

T

3 is split into

8-bit subblocks

t

0,

t

1, …,

t

15 and performed SubBytes(), ShiftRows(), MixColumns(), AddRoundKey() transformations. Output subblocks of the round function of the encryption algorithm are

Y

0,

Y

1,

Y

2,

Y

3.

4) subblocks

Y

0,

Y

1,

Y

2,

Y

3 are summed to

XOR with subblocks 0 1

 i X , 1

1

 i

X , …, 7 1

 i X , i.е.

j j i j

i X Y

X1 1 3 , j j i j

i X Y

X 

  

   3 4 1 4

1 , j0...3,

5) at the end of the round subblocks 1 1

 i X and

6 1

 i X , 2

1

 i

X and

X

_i5_₁,

X

_i3_₁ and

X

_i4_₁ swapped,

0

i

X and 7 1

 i

(4)

6) repeating steps 2-5 n times, i.e.,

i



2 ...

n

we obtain subblocks 0

n X , 1

n

X , …, 7

n X .

7) in output transformation round keys are multiplied and summed into subblocks, i.e.

n n

n X K

X 8

0 0

1 

 , 8 1

6 1

1 

  n n

n X K

X , 2 8 5 2 1 

  n n

n X K

X , 8 3

4 3

1 

  n n

n X K

X , 4 8 3 4 1 

  n n

n X K

X , 8 5

2 5

1 

  n n

n X K

X , 6 8 1 6 1 

  n n

n X K

X , 8 7

7 7

1 

  n n

n X K

X .

8) subblocks 0 1

 n X , 1

1

 n

X , …, 7 1

 n

X are summed to XOR with the round key K8n16, K8n17, …,

23 8n

K : n j

j n j

n X K

X 1 1 916 , j0...7. As cipher

text plaintext X receives the combined 32-bit

subblocks 7

1 1

1 0

1||  ||...|| 

 n n

n X X

X

3 KEY GENERATION OF THE ENCRYPTION ALGORITHM AES-RFWKIDEA8-1

In the n-round encryption algorithm AES-RFWKIDEA8-1 in each round applied of eight round keys to 32 bits and output conversion eight round keys of 32 bits. In addition, before to the first round and after the output transformations is used eight round keys of 32 bits. Total number of 32-bit round key is equal to 8n24. When encoding in Figure 4 is used instead of Ki encryption round

keys c i

K , while decryption round decryption key

d i K .

When generating round keys like the AES encryption algorithm uses an array Rcon:

Rcon=[0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x00000100, 0x00000200, 0x00000400, 0x00000800, 0x00001000, 0x00002000, 0x00004000, 0x00008000, 0x00010000, 0x00020000, 0x00040000, 0x00080000, 0x00100000, 0x00200000, 0x00400000, 0x00800000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000].

The key encryption algorithm K of length l (

1024

256l ) bits is divided into 32-bit round keys c

K0,

c K1,...,

c Lenght

K 1, Lenghtl/32, here

} ,..., ,

{ 0 1 1

 k k kl

K , K0 {k0,k1,...,k31}

c

 ,

} ,..., ,

{ 32 33 63

1 k k k

Kc

 , ..., 1{ l32, l31,..., l1} c

Lenght k k k

K

and c

Lenght c c K K K

K 0|| 1 ||...|| 1. After which

calculated c

Lenght c

c

L K K K

K  0  1 ... 1. If KL 0

then KL is chosen as 0xC5C31537, i.e. 0xC5C31537

 L

K . When generating a round key

c i

K , iLenght...8n23, we used transformation

SubBytes32() and RotWord32(), here

SubBytes32()-is transformation 32-bit subblock into S-box and

|| )) ( ( || )) ( ( ) (

32 X S sb0 X S sb1 X

SubBytes  )) ( ( || )) (

(sb2 X S sb3 X

S , RotWord32()-cyclic shift

to the left of 1 bit of the 32 bit subblock. When the condition imod31 is true, then the round keys

are computed as

( 32 )^

(

32K 1 SubBytes

SubBytes

K c

Lenght i c

i   

L c

Lenght

i Rconi K

K

RotWord32(  ))^ [ mod32]^ ,

otherwise 32( c )^

Lenght i c

i SubBytes K

K  

L c

Lenght

i K

K

SubBytes32(  1)^ . After each round key

generation the value KL is cyclic shift to the left

by 1 bit.

Decryption round keys are computed on the basis of encryption round keys and decryption round key the first round associated with of encryption round keys as follows:

). , ) ( , , ) ( , ) ( , , ) ( , ( ) , , , , , , , ( 7 8 1 6 8 5 8 1 4 8 1 3 8 2 8 1 1 8 8 7 6 5 4 3 2 1 0 c n c n c n c n c n c n c n c n d d d d d d d d K K K K K K K K K K K K K K K K                

A decryption keys the output transformation associated with of encryption round keys as follows: ). , ) ( , , ) ( , ) ( , , ) ( , ( ) , , , , , , , ( 7 1 6 5 1 4 1 3 2 1 1 0 7 8 6 8 5 8 4 8 3 8 2 8 1 8 8 c c c c c c c c d n d n d n d n d n d n d n d n K K K K K K K K K K K K K K K K                

Likewise, the decryption key of the second, third, and n–round associated encryption round keys with the following: . ... 2 ), , ) ( , , ) ( , ) ( , , ) ( , ( ) , , , , , , , ( 7 ) 1 ( 8 1 1 ) 1 ( 8 2 ) 1 ( 8 1 3 ) 1 ( 8 1 4 ) 1 ( 8 5 ) 1 ( 8 1 6 ) 1 ( 8 ) 1 ( 8 7 ) 1 ( 8 6 ) 1 ( 8 5 ) 1 ( 8 4 ) 1 ( 8 3 ) 1 ( 8 2 ) 1 ( 8 1 ) 1 ( 8 ) 1 ( 8 n i K K K K K K K K K K K K K K K K c i n c i n c i n c i n c i n c i n c i n c i n d i d i d i d i d i d i d i d i                                                

Decryption round keys applied to the first round and after the output transformation associated with the encryption round keys as follows:

c j n d j n K

K88  816 ,

c j n d j n K

K816  88 , j0...7.

4 RESULTS

(5)

RFWKIDEA8-1 we developed block cipher algorithm AES-RFWKPES8-1. In the algorithm, the number of rounds of encryption and key’s length is variable and the user can select the number of rounds and the key’s length in dependence of the degree of secrecy of information and speed encryption.

As in the encryption algorithms based on the Feistel network, the advantages of the encryption algorithm RFWKIDEA8-1 are that, when encryption and decryption process used the same algorithm. In the encryption algorithm RFWKIDEA8-1 in decryption process encryption round keys are used in reverse order, thus on the basis of operations necessary to compute the inverse. For example, if the round key is multiplied by the subblock, while decryption is is necessary to calculate the multiplicative inverse, if summarized, it is necessary to calculate the additive inverse.

It is known that the resistance of AES encryption algorithm is closely associated with resistance S-box, applied in the algorithm. In the S-box’s encryption algorithm AES algebraic degree of nonlinearity deg7, nonlinearity NL112, resistance to linear cryptanalysis



32/256, resistance to differential cryptanalysis  4/256, strict avalanche criterion SAC= 8, bit independence criterion BIC = 8.

In the encryption algorithm AES-RFWKIDEA8-1 resistance S-box is equal to resistance S-box’s encryption algorithm AES, i.e., deg7,

112 

NL ,



32/256,  4/256, SAC= BIC=8.

Research indicates that the speed of the encryption algorithm AES-RFWKIDEA8-1 is faster than AES. The encryption speed of the 14 rounds encryption algorithm AES- RFWKIDEA8-1 1.25 times faster than the 14 rounds encryption algorithm AES.

5 CONCLUSIONS

It is known that as a network-based algorithms Feystel the resistance algorithm based on network RFWKIDEA8-1 closely associated with resistance round function. Therefore, selecting the transformations SubBytes(), ShiftRows(), MixColumns() of the encryption algorithm AES, based on round function network RFWKIDEA8-1 we developed relatively resistant encryption algorithm.

7 REFERENCES

[1] Daeman J., Rijmen V. AES proposal: Rijndael, version 2, 1999.

http://csrc.nist.gov/archive/

aes/rijndael/Rijndael-ammended.pdf [2] National Institute of Standards and

Technology. Announcing the Advanced Encryption Standard (AES), 2001. Federal Information Processing Standards Publication 197,

http://csrc.nist.gov/publications/fips/fips197/fip s-197.pdf.

[3] Tuychiev G. About networks IDEA8-2, RFWKIDEA8-1 and RFWKIDEA8-4, RFWKIDEA8-2, RFWKRFWKIDEA8-1 developed on the basis of network IDEA8-4 // Uzbek mathematical journal, Tashkent, -2014, №3, pp. 104-118

[4] U.S. DEPARTMENT OF

COMMERCE/National Institute of Standards and Technology. Data Encryption Standard (DES), 1979. Federal Information Processing Standards Publication 46-3,

http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf.

AUTHOR PROFILES: