5.1 What was the original set of criteria used by NIST to evaluate candidate AES ciphers?
Get 5.1 exercise solution
5.2 What was the final set of criteria used by NIST to evaluate candidate AES ciphers?
Get 5.2 exercise solution
5.3 What is the difference between Rijndael and AES?
Get 5.3 exercise solution
5.4 What is the purpose of the State array?
Get 5.4 exercise solution
5.5 How is the S-box constructed?
Get 5.5 exercise solution
5.6 Briefly describe SubBytes.
Get 5.6 exercise solution
5.7 Briefly describe ShiftRows.
Get 5.7 exercise solution
5.8 How many bytes in State are affected by ShiftRows?
Get 5.8 exercise solution
5.9 Briefly describe MixColumns.
Get 5.9 exercise solution
5.10 Briefly describe AddRoundKey.
Get 5.10 exercise solution
5.11 Briefly describe the key expansion algorithm.
Get 5.11 exercise solution
5.12 What is the difference between SubBytes and SubWord?
Get 5.12 exercise solution
5.13 What is the difference between ShiftRows and RotWord?
Get 5.13 exercise solution
5.14 What is the difference between the AES decryption algorithm and the equivalent inverse cipher?
Get 5.14 exercise solution
Problems
5.1 In the discussion of MixColumns and InvMixColumns, it was stated that b(x) = a-1(x)mod (x4 + 1) where a(x) = {03}x3 + {01}x2 + {01}x + {02} and b(x) = {0B}x3 + {0D}x2 + {09}x + {0E}. Show that this is true.
Get 5.1 exercise solution
5.2
a.What is {01}-1 in GF(28)?
b.Verify the entry for {01} in the S-box.
Get 5.2 exercise solution
5.3 Show the first eight words of the key expansion for a 128-bit key of all zeros.
Get 5.3 exercise solution
5.4 Given the plaintext {000102030405060708090A0B0C0D0E0F} and the key {01010101010101010101010101010101}:
a.Show the original contents of State, displayed as a 4 * 4 matrix.
b.Show the value of State after initial AddRoundKey.
c.Show the value of State after SubBytes.
d.Show the value of State after ShiftRows.
e.Show the value of State after MixColumns.
Get 5.4 exercise solution
5.5 Verify Equation (5.11). That is, show that xi mod (x4 + 1) = xi mod 4.
Get 5.5 exercise solution
5.6 Compare AES to DES. For each of the following elements of DES, indicate the comparable element in AES or explain why it is not needed in AES.
a.XOR of subkey material with the input to the f function
b.XOR of the f function output with the left half of the block
c.f function
d.permutation P
e.swapping of halves of the block
Get 5.6 exercise solution
5.7 In the subsection on implementation aspects, it is mentioned that the use of tables helps thwart timing attacks. Suggest an alternative technique.
Get 5.7 exercise solution
5.8 In the subsection on implementation aspects, a single algebraic equation is developed that describes the four stages of a typical round of the encryption algorithm. Provide the equivalent equation for the tenth round.
Get 5.8 exercise solution
5.9 Compute the output of the MixColumns transformation for the following sequence of input bytes “67 89 AB CD.” Apply the InvMixColumns transformation to the obtained result to verify your calculations. Change the first byte of the input from “67” to “77” perform the MixColumns transformation again for the new input, and determine how many bits have changed in the output. Note: You can perform all calculations by hand or write a program supporting these computations. If you choose to write a program, it should be written entirely by you; no use of libraries or public domain source code is allowed in this assignment.
Get 5.9 exercise solution
5.10 Use the key 1010 0111 0011 1011 to encrypt the plaintext “ok” as expressed in ASCII as 0110 1111 0110 1011. The designers of S-AES got the ciphertext 0000 0111 0011 1000. Do you?
Get 5.10 exercise solution
5.11 Show that the matrix given here, with entries in GF(24), is the inverse of the matrix used in the MixColumns step of S-AES.
Get 5.11 exercise solution
5.12 Carefully write up a complete decryption of the ciphertext 0000 0111 0011 1000 using the key 1010 0111 0011 1011 and the S-AES algorithm. You should get the plaintext we started with in Problem 5.10. Note that the inverse of the S-boxes can be done with a reverse table lookup. The inverse of the MixColumns step is given by the matrix in the previous problem.
Get 5.12 exercise solution
5.13 Demonstrate that Equation (5.9) is equivalent to Equation (5.4). Get 5.13 exercise solution
