(AES)

199712(NIST)DES(AES)DESAES1997912

AES (1) (2) 128128192256DESDES (3) (4)

1998820NIST15AES15()1999415NIST155

5AESMARS(IBM)RC6(RSA Laboratories) Rijndael(Joan DaemenVincent Rijmen)Serpent(Ross Anderson Eli BihamLars Knudsen)Twofish(Bruce SchneierJohn KelseyDoug WhitingDavid WagnerChris HallNiels Ferguson)()

AES2000515NIST2000102NIST RijndaelAES

GF(pn) AES (MAC)

1 GF(pn)

1.1 GF(pn)

1.2

1.3 GF(28)

2 128128100128128128

(layers) (1) (The ByteSub Transformation) (2) (The ShiftRow Transformation) (3) (The MixColumn Transformation) (4) (AddRoundKey)

# (MC)

3

3.1

3.1 ()

3.2

3.3

3.4

3.5

3.6 S-

3.6 S-()

4 (1)(IBS) (2) (ISR)

(3) (IMC)

(4)

# MC

5 (1) DES(1)AES (2) FeistelAES128128 (3) AESS-DESS- AESS-

(4) (5) 14 (6) S-(10)(i-4)/4

(7) 106200474

6 RijndaelRijndaelSB/ISBMC/IMC

(1) SB/ISBS-28=256()01

(2) MCGF(28)z = xy()x{011011}yGF(28)0101y=y2256=512

(3) IMCMCIMC44MCIMCMC30%

7 AES (1) DESAES128192256

(2) AESHashHashHashUNIXUNIXDESHash2128192256AES256384512Hash

(3) DESAES

8 ()()

8.1 (ECB)

8.1(ECB) ()

8.2 (CBC)

8.2 (CBC) ()

8.3 (CFB)

8.3 (CFB) ()

8.3 (CFB) ()

9 (MAC) 1 (MAC)k hk (1) hkkxhk(x)MAC-MAC

(2) hkxnhk() (3) 0-MAC(xihk(xi))-MAC(xhk(x))xxi(ihk(x)=hk(xi))

9.1 MAC k-MAC(xihk(xi))-MAC(xhk(x))xxi (1) (2) xi-MAC (xihk(xi)) (3)

9.2 xMAC (1) -MAC() (2) -MAC

9.3 CBCMAC

9.3 CBCMAC ()

9.3 CBCMAC () . (1) CBC-MAC(CBCMAC)(CBC-MAC) CBC-MAC (2) (MACMAC)

(3) CBC-MACkkMACMAC

!