Symmetric Key Encryption Algorithms

1. AES (Advanced Encryption Standard)

Core Principles

• 128-bit key: 10 rounds

• 192-bit key: 12 rounds

• 256-bit key: 14 rounds

• Block Cipher: The plaintext is divided into fixed-length blocks (blocks) for encryption. The block length of AES is fixed at 128 bits (16 bytes)

• Key Length: Supports128-bit, 192-bit, and 256-bit key lengths, corresponding toAES-128, AES-192, AES-256. The key length determines the security strength and number of rounds of the algorithm.

• Number of Rounds: The encryption process consists of multiple rounds (Round) of operations. Each round includes a series of reversible transformation operations. The number of rounds depends on the key length:

Round Function Each round (except for the last round, which is slightly different) performs the following 4 steps on a 4×4 byte matrix called “state”:

1. SubBytes:

• Each byte in the state matrix is independently replaced using a fixed, nonlinear lookup table (called the S-box).

2. ShiftRows:

• Each row of the state matrix is cyclically shifted to the left.

• The 0th row does not shift, the 1st row shifts left by 1 byte, the 2nd row shifts left by 2 bytes, and the 3rd row shifts left by 3 bytes.

3. MixColumns:

• Each column of the state matrix is treated as a polynomial over the GF(2^8) field.

• A fixed, reversible matrix is multiplied with that column (modulo an irreducible polynomial).

4. AddRoundKey:

• The current state matrix is XORed with around key.

Key Expansion

• Based on the initial 128/192/256-bit master key, a key schedule is generated.

• The key schedule contains (number of rounds + 1) 128-bit round key blocks (for example, AES-128 requires 11 round keys: 1 for the initial round key addition and 10 for the 10 rounds of operations).

• The expansion process uses S-box substitution, round constants (Rcon) XOR, and word rotation (RotWord) operations to ensure sufficient nonlinearity between round keys.

Complete Encryption Process:

1. Input plaintext (128 bits) -> Initial state matrix

2. AddRoundKey: XOR with the 0th round key (initial round key).

3. For rounds 1 to Nr-1 (where Nr is the total number of rounds):

• SubBytes

• ShiftRows

• MixColumns

• AddRoundKey (using the current round’s round key)

Last round (Nr round):

• SubBytes

• ShiftRows

• AddRoundKey (using the last round key) // Note: The last round omits MixColumns.

Output state matrix -> Ciphertext (128 bits)

Decryption Process

• Decryption is the inverse process of encryption.

• Perform inverse operations: InvSubBytes, InvShiftRows, InvMixColumns, AddRoundKey.

• The order of round keys used is the reverse of that in encryption.

2. SM4 (Commercial Encryption Algorithm by the State Cryptography Administration)

Core Principles

• Block Cipher: The block length is fixed at128 bits (16 bytes).

• Key Length: The key length is fixed at128 bits.

• Number of Rounds: 32 rounds. The number of rounds is fixed and does not change with key length.

• Structure: Uses anon-balanced Feistel network structure. It divides the 128-bit input into 4 32-bit words (X0, X1, X2, X3) and iteratively processes these words over 32 rounds.

Round Function

• Each round <span>i</span> computes the input words <span>(X_i, X_{i+1}, X_{i+2}, X_{i+3})</span> as follows:<span>X_{i+4} = F(X_i, X_{i+1}, X_{i+2}, X_{i+3}, rk_i) = X_i ⊕ T(X_{i+1} ⊕ X_{i+2} ⊕ X_{i+3} ⊕ rk_i)</span>

• T Transformation: The core of the round function, consisting of two sub-transformations:

• τ Transformation: Nonlinear layer. The 32-bit input is split into 4 8-bit bytes, each byte is independently replaced by a fixed nonlinear S-box (similar to AES’s SubBytes, but with a different S-box), and then the replaced 4 bytes are combined back into 32 bits.

• L Transformation: Linear diffusion layer. A linear transformation is applied to the 32-bit result of the τ transformation:<span>L(B) = B ⊕ (B <<< 2) ⊕ (B <<< 10) ⊕ (B <<< 18) ⊕ (B <<< 24)</span>

• Round Key (rk_i): Each round uses a 32-bit round key <span>rk_i</span>, generated from the 128-bit master key through the key expansion algorithm.

Key Expansion

• <span>T'</span> transformation has the same structure as the <span>T</span> transformation in the encryption round function (also τ transformation + L transformation), butL transformation is different:<span>L'(B) = B ⊕ (B <<< 13) ⊕ (B <<< 23)</span>

• <span>i</span> ranges from 0 to 31.

• Input 128-bit encryption key <span>MK = (MK0, MK1, MK2, MK3)</span> (each MKi is 32 bits).

• Using afixed key FK = (FK0, FK1, FK2, FK3) for the initial transformation:<span>(K0, K1, K2, K3) = (MK0 ⊕ FK0, MK1 ⊕ FK1, MK2 ⊕ FK2, MK3 ⊕ FK3)</span>

• Using afixed parameter CK (an array containing 32 constants of 32 bits).

• Generate round keys through a transformation similar to the round function <span>F</span> (called <span>F'</span>):<span>rk_i = K_{i+4} = K_i ⊕ T'(K_{i+1} ⊕ K_{i+2} ⊕ K_{i+3} ⊕ CK_i)</span>

• Output 32 round keys <span>rk_0</span> to <span>rk_31</span>

Complete Encryption Process

1. Input plaintext 128 bits -> Split into 4 32-bit words:<span>(X0, X1, X2, X3)</span>.

2. Perform 32 rounds of iterative calculations:<span>X_{i+4} = F(X_i, X_{i+1}, X_{i+2}, X_{i+3}, rk_i) = X_i ⊕ T(X_{i+1} ⊕ X_{i+2} ⊕ X_{i+3} ⊕ rk_i)</span><span>i = 0, 1, ..., 31</span>

3. The final output ciphertext is:<span>(Y0, Y1, Y2, Y3) = (X35, X34, X33, X32)</span> // Note the order is reversed!

Decryption Process

• A notable feature of SM4 is that the encryption and decryption algorithm structures are completely identical.

• The only difference is that the round keys used in decryption are in the reverse order of the encryption round keys.

• Input ciphertext 128 bits -> Split into 4 32-bit words:<span>(Y0, Y1, Y2, Y3) = (X35, X34, X33, X32)</span>.

• Perform 32 rounds of iterative calculations (using round keys <span>rk_{31}</span> to <span>rk_0</span>):<span>Z_{i+4} = F(Z_i, Z_{i+1}, Z_{i+2}, Z_{i+3}, rk_{31-i}) = Z_i ⊕ T(Z_{i+1} ⊕ Z_{i+2} ⊕ Z_{i+3} ⊕ rk_{31-i})</span><span>i = 0, 1, ..., 31</span>

• The final output plaintext is:<span>(Z35, Z34, Z33, Z32)</span> // Also output in reverse order..