AES is a block key, and the algorithm inputs 128 bits of data, and the key length is also 128 bits. Nr is used to indicate the number of rounds of encrypting a data packet (the relationship between the number of encryption rounds and the key length is listed in table 1). Each round needs the participation of Expandedkey(i) with the same length as the input packet. Because the length of the externally input encryption key K is limited, a key expansion program should be used in the algorithm to expand the external key K into a longer bit string to generate encryption and decryption keys for each round.

1. 1 periodic change

Each cyclic conversion of AES consists of the following three layers:

Nonlinear layer-sub-byte transformation;

Row-row mixed layer-performs ShiftRow and MixColumn operations;

Key encryption-addoundkey operation.

① Subbyte transformation is a nonlinear byte transformation acting on each byte in the state, which can be mapped through the calculated S-box.

Change:

ldi zh，$ 0 1； Point the pointer to the first address of the S box.

mov zl，R2； Take the data to be searched as the low address of the pointer.

ldtemp，z+； Take out this corresponding data

Mov r2, temperature; Exchange data to complete table lookup

.

.

.

Soak in water to soften

② ShiftRow is byte transpose. It cyclically shifts the rows in the state according to different offsets, and this offset is also selected according to the difference of Nb. Where x is (02), as shown in the figure below.

rcon[ 1]=[0 1000000]； rcon[2]=[02000000]； Rcon[3]=[04000000]……

Generation of extended key: the first Nk words of extended key are external key K; The word W[[i]] at the back is equal to the exclusive or of the word W[[i- 1]] before it and the word w [[I-Nk]] before it, that is, W[[i]]=W[[i- 1]]? W[[i- Nk]]. But if I is a multiple of Nk, then W[i]=W[i-Nk]? Subword (Rotword(W[[i- 1]])? Rcon[i/Nk].

When the program is executed, the above subroutines are mainly called, and the specific implementation is as follows:

Key extension:

rcall rotwoed

Call sub-word

rcall Rcon

.

.

.

Optimization of 2 AES encryption and decryption algorithm

It can be clearly seen from the flow of the above algorithm that periodic change is the most time-consuming part of the whole algorithm, so the optimization of the algorithm is here; And the changing part of the circle can be optimized, that is, the change of the column. Because changing columns is the law of modular multiplication and congruence. Because AES encryption and decryption are asymmetric, if it is not optimized, the decryption speed of the algorithm will be much faster than encryption [1].

(1) encryption operation. You can optimize Mixcolumn by calling the xtime subroutine.

Another effective optimization method is to construct a table offline, that is, the column change table. In this way, the encryption speed can be improved by looking up the table.

② Optimization of decryption algorithm. Because the coefficients of decryption column transformation are 09, 0E, 0B and 0D, respectively. It obviously takes a lot of time to realize the above multiplication on AVR single chip microcomputer, which leads to the decline of decryption performance.

Optimization method 1: decompose column changes and reduce multiplication times.

By carefully studying the coefficients of the decryption matrix, it is not difficult to find that there is a certain relationship between the decryption matrix and the encryption matrix, that is, the decryption matrix is equal to the multiplication of the encryption matrix and a matrix. Through this connection, the algorithm can be optimized:

In this way, only a few simple XORs can be used to realize column transformation, which reduces the multiplication times and improves the decryption speed.

Optimization method 2: construct a table.

Like the encryption construction method, four tables t [ea] = e× a can be constructed; t[9a]= 9×a； t[9a]= 9×a； T [ba] = b× a. In this way, only table lookup and simple XOR are needed to complete the decryption task. Although this method will increase the extra cost, it is an effective method.

Experimental simulation of 3 AES encryption and decryption

According to the above experimental steps and optimization methods, the experimental results listed in Table 2 and Table 3 are obtained.

Set the master key as: 000102030405060708090a0b0c0d0e0f (128bit).

Encrypted plaintext: 00112233455678899 aabbccddeeff.

Ciphertext: 69c4e0d86a7b0430d8cdb 78070b4c55a.

Decrypted ciphertext: 69C4E0D86A7B0430D8CDB 78070B4 C55A.

Clear text: 0011223345678899 aabbccddeeff.

In a word, AES cipher is an asymmetric cipher system, and its decryption is more complicated and time-consuming than encryption. The decryption optimization algorithm does not increase the storage space, but processes it on the basis of column changes. This program is smaller than the original one and saves time. Decryption optimization method is the fastest and most efficient, but it needs to increase the storage space of the system, so its program is also the largest.

Omit the reference of friends in the flowchart.