Cryptography Lab

AES Block Cipher Internals & Modes of Use

Objective

The objective of this lab is to explore the operation of the AES encryption algorithm by tracing its execution, computing one round by hand, and then exploring the various block cipher modes of use.

Resources - AES Calculator

To explore the operation of the AES block cipher, you will be using the AES Calculator Applet. This applet is used to encrypt or decrypt test data values using the AES block cipher. It can optionally provide a trace of the calculations performed, with varying degrees of detail.

For this lab, you will be assigned a Key Plain Cipher triple to use. The triple is written as three values in hexadecimal being the key (128/192/256 bits), plaintext (128 bits) and ciphertext (128 bits) values respectively; and should look something like the following:

    000102030405060708090a0b0c0d0e0f 00112233445566778899aabbccddeeff 69c4e0d86a7b0430d8cdb78070b4c55a
If you encrypt the specified plaintext with the key, you should get the ciphertext value; if you decrypt the ciphertext value, you should get the plaintext value. Depending on the trace level specified, you will also be given details of the round calculations as they are computed.

You can run the AES Calculator Applet in the following ways:

install on your own system
the AES Calculator Applet page provides links for the files to download onto your system. Then just open the AEScalc.html page using either your favorite (Java enabled) web browser, or running "appletviewer AEScalc.html" from the Java SDK distribution, to run the applet.You may need to install a suitable Java v1.4 plugin for your browser - this is available from the J2SE Java distributions. You will need to copy/link the appropriate browser plugin file from the J2SE installation area to the plugin directory for your browser and restart it.
direct web access
alternatively you can access the AES Calculator directly from this site to run the applet.

Please note that the applet has limited error handling, supplying an incorrect input value is liable to generate nonsense results!


Lab Task - Part a - Block Cipher Internals

For this lab, you will be allocated a specific AES triple (please make sure you use it). You will use the key and plaintext values from this triple in the AES Calculator. With this triple, you are asked to do the following tasks:
  1. Encrypt the plaintext using the key given in your triple, with tracing of the round values. Note how the value of the state (result of each round) changes from round to round. What is the value of your state after round 4?
  2. Change AES bit 12 of the PLAINTEXT in your triple (ie change the 0 to 1, or 1 to 0 as appropriate), assuming AES bit numbering from left (MSB) bit 0 to right (LSB) bit 127. Encrypt this new plaintext value using the AES Calculator. Using the trace output, after each of the first four rounds list in a table how many bits of state differ from the corresponding values in part i (nb. you will have to convert between hexadecimal & binary and compare the relevant bits to do this).
  3. Describe which characteristic(s) of a good block cipher design have been illustrated by this exercise, and how they are demonstrated.

Assessment - Part a

As assessment for this part of the lab, you should create a file for this lab. At the top of this file you should include the name of this course, this lab, your name, and your student number. Then include the heading: Part a: Block Cipher Internals, and follow this with the trace logs of the round values for all the AES encryptions you ran for each of the above tasks, your working, your answers and discussions.


Lab Task - Part b - Block Cipher Round

For the second part of this lab, using your original plaintext and key values, you should calculate the value of the initial AddRoundKey stage, and all of the stages in round one (the 1st full round) by hand.

Firstly you need to determine the subkeys used by these stages (ie the 1st 8 subkey words). Please provide full details of your working in doing this (ie all S-box lookups, rotations, XOR's).

Then provide the details of the initial AddRoundKey stage, and all round one stages. Again provide full details of your working in doing this (ie all S-box lookups, rotations, multiplications including modulo reductions, XOR's).

You can verify the results of your calculations by comparing them to the state and sub-key values given by the AES Calculator.

Assessment - Part b

As assessment for this part of the lab, edit your lab file to include the heading: Part b: Block Cipher Round, and follow this with the full details of how you computed each of the stages specified.


Lab Task - Part c - Block Cipher Modes of Use

For this part of this lab, you will be encrypting by hand, the same message using the same key, twice, once in CBC mode, then in CFB-128 mode. Note - you are not asked to compute the AES internal values by hand, you may use the AES Calculator for this. Rather you are showing how each of the above modes is implemented, treating AES now as a "black box" en/decryption algorithm (ie something that takes input & key and gives you some output).

Setup

To start with you need to create the key and message you'll use, and represent them in hex (binary) as follows:
key
create a 16-byte (128-bit) key based on your full name and other letters (if necessary) to make it 16 chars long, eg my key might be: "LawrieBrownXYZPQ". Then translate this from ASCII into hexadecimal (see below).
message
create a short message of between 35 and 45 bytes in length which includes your name. eg I could use a message of:
This is a sample test message for Lawrie!
Please ensure it is at least 35 and no more than 45 characters, that is it should incompletely span 3 input blocks of the cipher.

To convert from the ASCII text of your key/message to hexadecimal (and hence binary), you can:

To show how you'd use these, I could for example implement the ECB mode (which is not what you are asked to do) as follows: given my key above, and the first 16 bytes of my message "This is a sample", I'd create the following key and plaintext hex values:

    4c617772696542726f776e58595a5051 5468697320697320612073616d706c65
and then encrypt this using the AES Calculator which tells me (using trace level 1):
    setKey(4c617772696542726f776e58595a5051)
    encryptAES(5468697320697320612073616d706c65) = 077191dae654d4aab7870760ff7d6ffe
hence my first block of ciphertext in ECB mode would be:
    077191dae654d4aab7870760ff7d6ffe

Illustrate Implementation of CBC Mode

Demonstrate how the CBC Mode can be used to first encrypt, and then decrypt the above message, divided into blocks. You should use an IV of all 0's. CBC mode is:
    Ci = AESK1(Pi XOR Ci-1)
    C-1 = IV
You should explicitly discuss how you handle the final, undersize block, and how the receiver determines which decrypted bytes are valid. This is part of the assessment for this item.

You will find it relatively simple to implement the XOR's for this mode if you use a scientific calculator with the ability to enter and display numbers in various bases and to perform logical operations (eg. the Windows Calculator in Scientific Mode, or kcalc on Linux).

Illustrate Implementation of CFB-128 Mode

Demonstrate how the CFB-128 Mode can be used to first encrypt, and then decrypt the above message, handling each character (byte) of the message separately in a stream. Again use an IV of all 0's. CFB mode is:
    Ci = Pi XOR AESK1 (Ci-1)
    C-1 = IV
and you will be using 128-bit feedback (ie all 16 bytes of ciphertext), which can be done only after you have processed 16 distinct bytes of the message.

Discussion

You should conclude this section with a few sentences on how easy or not each mode was to implement, and each's applicability to different applications.

Assessment - Part c

As assessment for this part of the lab, edit your lab file to include the heading: Part c: Block Cipher Modes of Use, and follow this with full details of all your calculations showing how you implemented the above modes. You should include all your AES Calculator traces of key, data and resulting output values, but not internal round values; as well as all your calculations and discussions.
Copyright © Lawrie Brown / 6 Jun 2005