EAES: Extended Advanced Encryption Standard with Extended Security

A R T I C L E I N F O A B S T R A C T Article history: Received: 29 March, 2018 Accepted: 24 April, 2018 Online :20 May, 2018 Though AES is the highest secure symmetric cipher at present, many attacks are now effective against AES too which is seen from the review of recent attacks of AES. This paper describes an extended AES algorithm with key sizes of 256, 384 and 512 bits with round numbers of 10, 12 and 14 respectively. Data block length is 128 bits, same as AES. But unlike AES each round of encryption and decryption of this proposed algorithm consists of five stages except the last one which consists of four stages. Unlike AES, this algorithm uses two different key expansion algorithms with two different round constants that ensure higher security than AES. Basically, this algorithm takes one cipher key and divides the selected key of two separate sub-keys: FirstKey and SecondKey. Then expand them through two different key expansion schedules. Performance analysis shows that the proposed extended AES algorithm takes almost same amount of time to encrypt and decrypt the same amount of data as AES but with higher security than AES.


Introduction
Communications among individual or organizations are increasing day by day. Everyone wants to keep their private information secure from any type of threats or being lost. Cryptography achieves this goal to secure private information. Schemes are being developed rapidly and frequently for cryptography and attacks on those schemes are being developed often too. New attacks are being strong, effective and attenuating the security of existing cryptographic schemes.
Rijndael block cipher was proposed as AES by September 03, 1999 [1]. National Institute of Standards and Technology (NIST) announced Rijndael block cipher as AES by Federal Information Processing Standards Publication 197 (FIPS 197) by November 26, 2001. Several attacks were developed after the publication of AES that are threatening for AES but not practically successful on full AES. Until 2006, the best-known attacks were on 7 rounds, 8 rounds, and 9 rounds for 128-bit keys, 192-bit keys, and 256-bit keys respectively [2]. However, in the recent time, many attacks are close to successful on AES. For the reduced 8-round version of AES-128, the first known-key distinguishing attack was released as a preprint in November 2009 [3]. It works with a memory complexity of 2 32 , and a time complexity of 2 48 . In 2011 [4], the first key-recovery attack on full AES was developed. This biclique attack is four times faster than the brute force attack. It requires 2 126.2 , 2 190.2 and 2 254.6 operations to recover an AES-128, AES-192 and AES-256 key respectively. This result has been further improved to 2 126.0 , 2 189.9 and 2 254.3 operations for AES-128, AES-192 and AES-256 key respectively [5], which are the current best results in key recovery attack against AES.
As intended to develop AES with extended key sizes for more security against recently developed attacks by keeping the performance almost similar to that of AES. Thus proposed algorithm becomes more complex for Interpolation attack, Basic attack, and Square attack. Differential and Linear cryptanalysis will be inefficient for this algorithm too. Since this algorithm uses two different keys derived from one key, it will be more complex and impossible to crack in spite of having known plaintextciphertext pairs available. The throughput of the proposed algorithm is nearly similar to that of AES. It is shown that for a 100KB text file, encryption time taken by AES-128 is 0.100s where for EAES-256 it is the same amount of time. Performances of other versions of EAES are evaluated and they are effective too.
The rest of the paper is organized as follows: Section 2 briefly explain related research works, Section 3 describes the proposed EAES algorithm, Section 4 shows the performance analysis of ASTESJ ISSN: 2415-6698 EAES, Section 5 describes the strength of EAES against different types of attacks and Finally, Section 6 concludes the paper.

Background
After the proposal of AES encryption by Rijndael, a large number of research works has been done on it. An FPGA based architecture for a new version of 512-Bit Advanced Encryption Standard algorithm design and evaluation was proposed in [6]. It (AES-512) uses both input and key block size of 512-bits which makes it more resistant to cryptanalysis against the break of its security. Throughput increased by 230% when compared with the implementation of the original AES-128. But requires more control logic blocks (CLBs) in implementation prospect than existing AES.
An efficient parallel implementation and optimization of the Advanced Encryption Standard (AES) algorithm based on the Sunway TaihuLight was proposed in [7]. The Sunway TaihuLight is a China's independently developed heterogeneous supercomputer [8] with peak performance over 100 Petaflops. Specifically, they expanded the scale to 1024 nodes and achieved the throughput of about 63.91 GB/s (511.28 Gbits/s). But with the increase of input data the throughput grows from quick to slow pattern.
A new efficient and novel approach to protect AES against differential power analysis was proposed in 2015 [9]. The implementation of this approach provides a significant improvement in strength against differential power analysis with a minimal additional hardware overhead. The efficiency of their proposed technique was verified by practical results obtained from real implementation on a Xilinx Spartan-II FPGA.
In 2016, an implementation of AES algorithm to overt fake keys against counter attacks was proposed [10]. An approach to overt the cryptographic key, when there is any counter attacks socalled side-channel attacks (SCAs) are applied in order to break the security of AES-128. Experimental results make sure the strength of the proposed approach to successfully hide the true cryptographic key. But it is more time consumptive than existing AES.
Constructing key dependent dynamic S-box for AES block cipher system was proposed in 2016 [11]. A new approach to generating dynamic S-box which was constructed centered on round key. Predefined static S-boxes pose a weak point for the attackers to analyze certain ciphertext pairs. The new S-boxes created were additionally dynamic, random and key dependent which attempts to escalate the complexity of the algorithm and furthermore mark the cryptanalysis more challenging. However, the performance in terms of time and power consumption is not examined and showed in this paper.
An implementation of AES-128 and AES-512 on Apple mobile processor [12] was proposed in 2017 that uses 512 bits of data block size using key sizes of 128, 192, 256, 512 and 1024 bits. However, again the performance degrades with the extension of key lengths.

Proposed Extended AES (EAES)
Advanced Encryption Standard (AES) is the most used and most secure algorithm at present among other symmetric cipher algorithms. But recently some sorts of attack such as biclique attack are threatening for AES. AES uses key sizes of 128 bits, 192 bits and 256 bits [13]. The authors have developed an algorithm almost similar to AES with some exceptions and double in key sizes (i.e., key sizes of 256, 384 and 512 bits) and highly secure than AES.
The proposed EAES algorithm has four parts: encryption, decryption, key division and key expansion. It takes plaintext block length of 128 bits as the existing AES. Every encryption and decryption process goes through several numbers of rounds according to their key sizes. This algorithm is named depending on its key lengths as EAES-256, EAES-384, and EAES-512. Key sizes with corresponding round numbers are given in Table 1.

Key Division
This part of the algorithm takes a cipher key and divides it into two equal sub-keys in a simple way. The resulting two sub-keys are named FirstKey and SecondKey. Size of both sub-keys can be 128, 192 and 256 bits since the cipher key can be 256, 384 and 512 bits. FirstKey has byte values that are in odd positions in the cipher key and SecondKey has byte values that are in even positions in the cipher key. Figure 1 shows an example of this key division process where each letter is identified as a byte and the cipher key is 256 bits or 32 bytes. Two different key expansions are used for two sub-keys. Since sub-key sizes are 128, 192 and 256 bits for cipher key sizes of 256, 384 and 512 bits respectively, the values of for both sub-keys will be same as defined in AES. Sub-key expansions can be described as follows: 1.
At first, the sub-key is copied into the first words of the array of expanded sub-key. In other words, the first words of the expanded sub-key are filled with the sub-key which is also words long. Two different complex functions used in the expansions of FirstKey and SecondKey are shown in Figure 2. After successful expansion of the FirstKey and SecondKey, each of the expanded FirstKey and SecondKey has a total of ( + 1) words. From these, every four words were used for each round. The expanded FirstKey and SecondKey of ( + 1) words are shown in Figure 3.

Encryption or Cipher
The encryption process takes the plaintext input into the state and passes it through a single stage at the beginning of the cipher named AddFirstRoundKey. Then the state passed through rounds to get the expected ciphertext as output. Each of first − 1 rounds has five consecutive stages that are: SubBytes, AddSecondRoundKey, ShiftRows, MixColumns, and AddFirstRoundKey. The last round that means th round has all four stages except the MixColumns stage. Figure 6 shows full encryption process with all rounds.

SubBytes, ShiftRows and MixColumns Transformation
These stages do the exact similar transformations as AES.

AddFirstRoundKey Transformation
In this stage, an -word FirstRoundKey is added to the state by simple bitwise XOR operation. A FirstRoundKey is words length as the state. The FirstRoundKey is provided from the FirstKey expansion function that expands the words FirstKey into ( + 1) words expanded FirstKey. This addition could be described as a column-wise addition of the state matrix and the FirstRoundKey. The following figure shows the addition of a column of four bytes of the state and a word of the FirstRoundKey, where i indicates the value = ( × ). The lowest value of is zero which indicates the first AddRoundKey stage without round and the highest value is the last round number. Figure 4 shows the AddFirstRoundKey transformation.

AddSecondRoundKey Transformation
In this stage, a -word SecondRoundKey is added to the state by simple bitwise XOR operation as like AddFirstRoundKey stage but the only exception is that first words of the expanded SecondKey are not added to the state. Figure 5 shows the AddSecondRoundKey transformation.

Decryption or Inverse Cipher
Decryption process takes the ciphertext input into the state and passes it through a single stage at the beginning of the inverse cipher named AddFirstRoundKey. Then the state passed through rounds to get the expected plaintext as output. Each of first − 1 rounds has five consecutive stages that are: InvShiftRows, AddSecondRoundKey, InvSubBytes, AddFirstRoundKey and InvMixColumns. The last round that means th round contains all four stages except the InvMixColumns stage. Figure 6 shows the total decryption process.

InvShiftRows, InvSubBytes and InvMixColumns Transformation
These stages do the same transformations as AES.

AddFirstRoundKey and AddSecondRoundKey Transformation
These two stages perform the similar operation as described for encryption process except that they add the expanded round keys to the state from the end of the expanded key.

Performance Analysis
Before the performance comparison of the proposed EAES and original AES, AES algorithms were tested with the inputoutput vector combination provided by National Institute of Standards and Technology (NIST) [14]. Then times taken by AES and the proposed algorithm for encryption and decryption of different fixed plaintext sizes with their different key lengths were measured. The authors used a system of the configurations listed in Table 3 to test both of AES and proposed EAES algorithm. Two plaintext files (i.e., .txt) were taken for performance measurements. Sizes of chosen files are 100KB and 200KB. The encryption and decryption process was done for three times and then the time averaged. Table 4 shows the time taken for AES and the proposed EAES algorithm with different key size to encrypt and decrypt 100KB text file.
The time comparison between AES-128 and EAES-256; AES-192 and EAES-384; AES-256 and EAES-512 shows that encryption and decryption times are almost same between AES and EAES for 100KB text file. However, EAES versions are nearly some milliseconds slower than existing AES.   Table 5 compares the time taken between AES-128 and EAES-256; AES-192 and EAES-384; AES-256 and EAES-512; and again shows that encryption and decryption times are almost same between AES and EAES for 200KB text file while EAES versions are some milliseconds slower than AES. Moreover, for a 200KB text file, the encryption and decryption time is clearly greater than the time taken for 100KB text file for all versions of AES and EAES as expected. Parallel Execution of AES-CTR Algorithm Using Extended Block Size [15] was proposed in 2011 that can be used to increase the performance of real-time uses of proposed EAES.

Strength of Proposed EAES Algorithm
The number of alternative keys and times taken by the bruteforce attack to get the original cipher key are listed in Table 6. The authors have proposed an approach [16] that uses genetic algorithm and neural network in S-box. This feature can also be used to increase the security of proposed EAES.

Strength Against Different Attacks
Several cryptanalysis attacks such as linear attack, algebraic attack, SAT-solver and hybrid attack, Side channel attack, distinguishing and related-keys attack revised in [17] and are very important for AES. EAES increases algorithm complexity and security against those attacks.

Biclique Attack
Still now, the best publicly known single-key attack on AES is biclique attack. It uses a computational complexity of 2 126.1 , 2 189.7 and 2 254.4 for AES-128, AES-192, and AES-256 respectively. It is the only publicly known single-key attack on AES that attacks the full number of rounds. Previous attacks have attacked round reduced variants (typically variants reduced to 7 or 8 rounds). This attack is only theoretical but not practical because it's high complexity as mentioned above. But it describes many safety margins of AES such as round numbers and key sizes. The proposed algorithm uses higher key sizes that are two times larger than AES which ensures more security for this type attack.

The Basic Attack
The authors placed a new stage between SubBytes and ShiftRows so that the algorithm becomes obsolete to basic attack. The scheme used for the basic attack will not be applicable for this algorithm. This extra stage of key addition ensures the nonlinearity of this algorithm.

The Square Attack
The "Square" attack utilizes the byte-oriented structure of Square cipher and is a dedicated attack on Square. This attack is also valid for AES, as AES inherits many properties from Square. The attack is independent of the multiplication polynomial of MixColumns, the key schedule and the specific choice of SubBytes and is also known as a chosen plaintext attack. It is faster than an exhaustive key search for AES versions of up to 6 rounds. However, no attacks faster than exhaustive key search have been found for 7 rounds or more. The proposed algorithm uses two different key schedules and two addition of cipher key that ensures high diffusion. So it ensures extra security to this algorithm.

Related-key Attacks
In this type of attacks, using a chosen relation, the cryptanalyst can do cipher operations with different unknown or partly unknown keys. The high diffusion and non-linearity key schedule of AES makes it very inviolable for this attack. The proposed algorithm uses two different key schedules with the same complexity as AES that ensures higher security than AES for this type of attack.

Conclusion
Security of this algorithm is higher than any other symmetric ciphers at present. In real life this algorithm can be implemented and used in applications like smart phone apps, real-time multimedia communication, and private network communications, SSL communications, ATMs etc with increased security than existing AES. The proposed algorithm is implemented using C programming language and then tested it with some plaintext blocks. It can also be easily implemented by other high level languages like C++, JAVA, C#, Python etc. The performance results are shown and compared with AES. Time consumptions were approximately same as AES but the security was higher than AES. This algorithm has just been developed, implemented and tested for performance analysis. The complexity and security of this algorithm have been evaluated theoretically. It is found that this algorithm is more secure than AES. But it is essential to analyze the result of the algorithm for various practical attacks. That defines the future works of the proposed algorithm.