(AES)
199712(NIST)DES(AES)DESAES1997912
AES (1) (2) 128128192256DESDES (3) (4)
1998820NIST15AES15()1999415NIST155
5AESMARS(IBM)RC6(RSA Laboratories) Rijndael(Joan DaemenVincent Rijmen)Serpent(Ross Anderson Eli BihamLars Knudsen)Twofish(Bruce SchneierJohn KelseyDoug WhitingDavid WagnerChris HallNiels Ferguson)()
AES2000515NIST2000102NIST RijndaelAES
GF(pn) AES (MAC)
1 GF(pn)
1.1 GF(pn)
1.2
1.3 GF(28)
2 128128100128128128
(layers) (1) (The ByteSub Transformation) (2) (The ShiftRow Transformation) (3) (The MixColumn Transformation) (4) (AddRoundKey)
# (MC)
3
3.1
3.1 ()
3.2
3.3
3.4
3.5
3.6 S-
3.6 S-()
4 (1)(IBS) (2) (ISR)
(3) (IMC)
(4)
# MC
5 (1) DES(1)AES (2) FeistelAES128128 (3) AESS-DESS- AESS-
(4) (5) 14 (6) S-(10)(i-4)/4
(7) 106200474
6 RijndaelRijndaelSB/ISBMC/IMC
(1) SB/ISBS-28=256()01
(2) MCGF(28)z = xy()x{011011}yGF(28)0101y=y2256=512
(3) IMCMCIMC44MCIMCMC30%
7 AES (1) DESAES128192256
(2) AESHashHashHashUNIXUNIXDESHash2128192256AES256384512Hash
(3) DESAES
8 ()()
8.1 (ECB)
8.1(ECB) ()
8.2 (CBC)
8.2 (CBC) ()
8.3 (CFB)
8.3 (CFB) ()
8.3 (CFB) ()
9 (MAC) 1 (MAC)k hk (1) hkkxhk(x)MAC-MAC
(2) hkxnhk() (3) 0-MAC(xihk(xi))-MAC(xhk(x))xxi(ihk(x)=hk(xi))
9.1 MAC k-MAC(xihk(xi))-MAC(xhk(x))xxi (1) (2) xi-MAC (xihk(xi)) (3)
9.2 xMAC (1) -MAC() (2) -MAC
9.3 CBCMAC
9.3 CBCMAC ()
9.3 CBCMAC () . (1) CBC-MAC(CBCMAC)(CBC-MAC) CBC-MAC (2) (MACMAC)
(3) CBC-MACkkMACMAC
!