A unified improvement of the AES algorithm

Abstract

Symmetric cryptography is widely used in information exchange and storage. The advanced encryption standard (AES) is one of the most important symmetric ciphers. Based on the AES algorithm, this paper designs a new symmetric cipher, called unified algorithm. In the unified algorithm, the secret key is 256-bit long and the plaintext and cipher-text are both 128-bit long. The unified algorithm is composed of the modules and their improved versions of AES and a sequence-flip module, and has the same encryption and decryption processes. The simulation results show that the unified algorithm has the same processing speed as AES, and its single-thread running speed in Mathematica can reach up to 1.6570Mbps. Meanwhile, the unified algorithm has the same encryption intensity as AES, and its relative errors of system sensitivity index are less than 0.5%. The unified algorithm can be applied to various secure communication occasions to replace the AES algorithm. In addition, due to the encryption and decryption sharing the same module, the unified algorithm can save the hardware resources and simplify the secure communication protocol effectively.

1 Introduction

Compared with the public key cryptography, symmetric key cryptography has the advantages of fast encryption speed and short key [13, 24]. At present, the widely used symmetric ciphers are divided into two types, stream cipher and block cipher. The representative of stream cipher is RC4 [11], which produces cipher-text by performing exclusive-OR operation between the plaintext and key streams, and is mainly used in computer network communication. The block ciphers have DES [8], AES [4], IDEA [2], BlowFish [23], SM4 [26] and etc. [16, 17], which are commonly applied to information exchange and storage. AES is the most frequently used symmetric cipher [14, 18, 25] due to its high security level and high-speed implementation in both hardware and software.

Before AES was confirmed as the text encryption standard by NIST (National Institute of Standards and Technology) in 2001, DES was the most popular block cipher. DES and BlowFish are both based on the Feistel network. A remarkable feature of the Feistel network is to make the encryption module and decryption module of DES exactly the same [10, 22]. Thus, DES can save half of the resources when implemented in hardware or software. However, the key arrangement algorithms of DES are different in the processes of encryption and decryption. So, a complete DES algorithm needs an encryption or decryption module and two reciprocal key arrangement modules. Furthermore, the key length of DES is only 56 bits, which cannot resist the exhaustive attack of current high-performance computers, and DES has been replaced by TDEA and AES [9, 20].

The AES algorithm is a block cipher proposed by J. Daemen and V. Rijmen [7]. The block size is 128 bits, and the key length is 128, 192 or 256 bits. As the text encryption standard of NIST, AES is widely used in Internet security standards, such as IPSec, TLS, and SSH, and WiFi wireless security standard of IEEE 802.11i to encrypt the sensitive and important information [5, 19, 29, 32]. The AES algorithm is based on 8-bit byte and 32-bit word processing, which is suitable for the microprocessor and ASIC chip hardware implementation. Meanwhile, it also can be implemented in computer software based on the look-up table method at high speed [15, 28]. Practice shows that AES can be used to encrypt documents of various secret levels.

AES was originally designed to encrypt text data, but now there are a variety of extended algorithms based on AES for encrypting a large quantity of data or image information [1, 6, 12]. In [6], the elliptic curve cryptography (ECC) is combined with AES to encrypt color images. ECC provides the key distribution, and AES is used to encrypt each channel of color images. In [1], an image encryption scheme based on AES is proposed. The pseudo-random sequence generated by chaotic system is used to replace the elements of S-box of AES for byte substitution operations, and then the chaotic state sequence is employed to scramble the outcome to enhance the security performance of cipher images. In [12], an image information security scheme combining watermark and compression is proposed. AES in cipher-chain mode (CBC) is used to encrypt the watermarked and compressed image. In addition, the substitution box (S-box) of AES, as the main nonlinear component, is frequently used in various image cryptosystems [3, 21, 34]. These systems realize the confusion of image information with the help of S-box.

Inspired by DES and AES, image cryptography based on chaotic system has been developed rapidly [27, 35]. In 2017, Zhang proposed an image encryption system with one module shared by encryption and decryption [30]. Due to the plaintext-related confusion, the image encryption system has strong plaintext sensitivity. However, similar to DES, this system used the reciprocal key arrangement in the encryption and decryption processes. Then, Zhang et al. improved the algorithm in [30] and proposed an image cryptosystem in which the encryption process and decryption process, including the key expansion module, are completely shared [33]. After that, on the basis of [33], Zhang proposed a fast image cryptosystem with one shared module based on the lifting transformation [31]. This system only used diffusion approach, which further improved the speed of image encryption.

Although AES was proposed as an alternative to DES, AES did not possess the advantage that the encryption module and decryption module of DES shared the same algorithm. The structures of encryption module and decryption module of AES are different, and they are reverse to each other. Inspired by the sharing method of encryption and decryption of DES and the sharing algorithm in image cryptography, this paper proposes a new fast symmetric cryptography based on AES. The main contributions of this paper are as follows: (i) propose a new sharing algorithm of encryption and decryption based on the modules of AES, called unified algorithm; (ii) generalize the “ShiftRows” module of AES; (iii) present the cipher-chain mode of unified algorithm to encrypt a large amount of data. Furthermore, this paper compares and analyzes the encryption speed and encryption intensity of unified algorithm and AES in detail. The remainder of this paper is arranged as follows: Section 2 reviews the AES algorithm; Section 3 describes the unified algorithm and its implementation; Section 4 compares the processing speed and security strength of unified algorithm and AES; Section 5 summarizes the full text.

2 The algorithm of AES

AES, also known as the Rijndael algorithm, has the structure as shown in Fig. 1. In AES, the secret key k is 128, 192 or 256 bits, and the corresponding rounds N_r are 10, 12 or 14. For the 256-bit AES, NIST pointed out that it can be used for data encryption in the case of top secret. To save space, this paper only discusses the AES algorithm with the key length of 256 bits, that is, N_r = 14 and k is 256-bit long in Fig. 1.

Fig. 1

The algorithm of AES. a Encryption algorithm; b Decryption algorithm

In Fig. 1, a 256-bit key k is the input for “Key expansion” module to be transformed into 15 pieces of sub-keys {k₀, k₁, …,k₁₄}, and each sub-key is 128-bit long. As shown in Fig. 1a, the encryption process of AES performs the following steps: (i) Carry out the bitwise exclusive-or operation between the plaintext x and the sub-key k₀; (ii) For the outcome of (i), perform the “SubBytes”, “ShiftRows”, “Mixcolumns” and “bitwise exclusive-or with sub-key k_i” operations in turn circularly for N_r-1 times, where i is the number of round; (iii) For the result of (ii), perform the “SubBytes”, “ShiftRows” and “bitwise exclusive-or with sub-key k_Nr” operations in turn to obtain the cipher-text y. The decryption process of AES is the inverse of the above encryption, as shown in Fig. 1b, where, “ShiftRows⁻¹” is the inverse of “ShiftRows”.

2.1 Key expansion module

In Fig. 1, the key expansion used in encryption process and decryption process of AES is the same, but the order of sub-keys is reverse. The key expansion module is shown in Fig. 2, where, “⊕” represents bitwise exclusive-or operation. The key expansion module first divides the key k into 8 pieces of 32-bit words, denoted by {w_i}, i = 0,1,…,7. Then, according to the algorithm shown in Fig. 2, this module produces the words {w_i}, i = 8,9,…,59. The sub-keys in Fig. 1 are k_i = {w_4i, w_4i + 1, w_4i + 2, w_4i + 3}, i = 0,1,…,14. The functions g and h in Fig. 2 are shown in Fig. 3.

Fig. 2

The key expansion module

Fig. 3

The structures of g and h. a The function g in the round i, where, rc_i = 1 < <(i-1), i = 1,2,…,7. b The function h

In Fig. 3, “S” stands for the substitution box (S-box), as shown in Fig. 4. For the function g in Fig. 3a, a 32-bit word is firstly divided into four 8-bit bytes. Secondly, each byte looks up the S-box in Fig. 4 to get a new 8-bit byte. Thirdly, the byte derived from v₁ and S-box does exclusive-or operation with rc_i. Finally, the resulted four bytes are combined by the index order {2,3,4,1} into a new 32-bit word. With respect to the look-up table operation of some byte v, the upper four bits of v are regarded as row number row of S-box in Fig. 4, and the lower four bits of v as column number col of S-box, then S-box(row,col) is the value of look-up S-box by v. For the function h in Fig. 3b, a 32-bit word is the input, and its four bytes separately look up S-box to get the new bytes which are combined into the resultant word in the original order.

Fig. 4

S-box

2.2 The processing algorithm of encryption round

Each round of processing algorithm in AES encryption includes four parts, “SubBytes”, “ShiftRows”, “MixColumns” and “bitwise exclusive-or operation with the round sub-key”, as shown in Fig. 5. In each round, the input is a 128-bit bit-sequence, which is divided into 16 bytes, denoted by {A_j}, j = 0,1,…,15. Then, each byte looks up S-box to get a new byte, and the outcome is denoted by {B_j}, j = 0,1,…,15. The above is called “SubBytes”. Next, the “ShiftRows” rearranges {B_j}, j = 0,1,…,15 into a new sequence {B_k}, k = 0,1,…,15, satisfying j = 5 k mod 16. After that, every four bytes of the sequence {B_k} are multiplied by a matrix M₁ in the “MixColumns” module. The matrix multiplication and addition operations are based on GF(2⁸) field with the irreducible polynomial P(x) = x⁸ + x⁴ + x³ + x + 1. The matrix M₁ is as follows:

$$ {M}_1=\left[\begin{array}{c}2\kern0.5em 3\kern0.5em \begin{array}{cc}1& 1\end{array}\\ {}\begin{array}{cc}1& \begin{array}{cc}2& \begin{array}{cc}3& 1\end{array}\end{array}\end{array}\\ {}\begin{array}{cc}1& \begin{array}{cc}1& \begin{array}{cc}2& 3\end{array}\end{array}\end{array}\\ {}\begin{array}{cc}3& \begin{array}{cc}1& \begin{array}{cc}1& 2\end{array}\end{array}\end{array}\end{array}\right] $$

(1)

Fig. 5

The round processing algorithm for the encryption module of AES

After the “MixColumns” operation, the resultant 16 bytes are combined into a new 128-bit bit-sequence, which is carried out the exclusive-or operation with the round sub-key k_i to get the output of this round. Here, k_i is the sub-key of the ith round.

2.3 The processing algorithm of decryption round

The round processing in AES decryption, as shown in Fig. 6, is the inverse of round processing in AES encryption, including four parts, the “exclusive-or operation with the round sub-key k_i”, “MixColumns⁻¹”, “ShiftRows⁻¹” and “SubBytes⁻¹”, where, “Module⁻¹” means the inverse of the “Module”. In the i-th round, the input is a 128-bit bit-sequence, which is executed the exclusive-or operation with the round sub-key k_i, to obtain a new bit-sequence. The new bit-sequence is divided into 16 bytes, denoted by {C_j}, j = 0,1,…,15. Then, in the “MixColumns⁻¹”, every four bytes of {C_j} are multiplied by a matrix M₂ to fulfill the column mixture. The matrix M₂ is as follows:

$$ {M}_2=\left[\begin{array}{c}\begin{array}{cc}14& 11\end{array}\kern0.5em \begin{array}{cc}13& \kern0.5em 9\end{array}\\ {}\begin{array}{cc}\begin{array}{cc}\kern0.75em 9& 14\end{array}& \begin{array}{cc}11& 13\end{array}\end{array}\\ {}\begin{array}{cc}\begin{array}{cc}13& \kern0.75em 9\end{array}& \begin{array}{cc}14& 11\end{array}\end{array}\\ {}\begin{array}{cc}\begin{array}{cc}11& 13\end{array}& \begin{array}{cc}\kern0.5em 9& 14\end{array}\end{array}\end{array}\right] $$

(2)

Fig. 6

The round processing algorithm for the decryption module of AES

The output of “MixColumns⁻¹” is denoted by {B_j}, j = 0,1,…,15. Then, the “ShiftRows⁻¹” module rearranges {B_j}, j = 0,1,…,15 into {B_k}, k = 0,1,…,15, satisfying j = 13 k mod 16. Next, the “SubBytes⁻¹” module carries out look-up table operation on the sequence {B_k} to get a new sequence, denoted by {A_k}, k = 0,1,…,15. The used look-up table is the inverse of S-box, as shown in Fig. 7.

Fig. 7

The inverse of S-box

3 Unified algorithm

On the basis of AES, the proposed unified algorithm, as shown in Fig. 8, is the cryptographic algorithm with the same encryption process and decryption process. The modules of “SubBytes”, “SubBytes⁻¹”, “MixColumns” and “MixColumns⁻¹” in Fig. 8 are the same as the modules with the same name in Fig. 1. However, the modules of “ShiftRows” and “ShiftRows⁻¹” in Fig. 8 are modified based on the modules with the same name in Fig. 1. The following subsections will introduce the implementation of unified algorithm in detail.

Fig. 8

The unified algorithm based on AES

Here, only the system with 256-bit key is considered, and in Fig. 8, N_r = 14.

3.1 Modified key expansion module

The modified key expansion module in Fig. 8 is based on the key expansion module in Fig. 2. First, generate the sub-keys {k_i}, i = 0,1,…,N_r by the key expansion in Fig. 2. Then, use these sub-keys to produce the sub-keys {key_i}, i = 0,1,…, N_r/2 in Fig. 8, such that key₀ = k₀, key_i = k_2i-1 XOR k_2i, i = 1,2,…,N_r/2, where, “XOR” means the exclusive-or operation. In this way, the modified key expansion module can be executed in parallel with the encryption/decryption process of unified algorithm.

3.2 Modified “ShiftRows” and its inverse algorithm

In the standard AES, “ShiftRows” realizes the cyclic shift of byte sequence. Denote the sequences before and after the “ShiftRows” module as {B_j}, j = 0,1,…,15 and {D_k}, k = 0,1,…,15, respectively. Then, the operation of “ShiftRows” is to put D_k = B_{5k mod 16}. And the operation of “ShiftRows⁻¹” is to put B_j = D_{13j mod 16}. Obviously, “ShiftRows” and “ShiftRows⁻¹” are reciprocal.

For any integer n and v ∈ {0, 1, …, 15}, one has (16n + 1)v mod 16 = v. Take the value of n as 2,3,4 and 5 to obtain the values of 16n + 1 and their factors (such that each factor is less than 16), as shown in Table 1.

Table 1 The value of n and the factorization of 16n + 1

In Table 1, when n = 4, the two factors are 5 and 13, which are used as the shift values of “ShiftRows” and “ShiftRows⁻¹” in AES, respectively. In the unified algorithm shown in Fig. 8, the shift values of the modified “ShiftRows” and “ShiftRows⁻¹” modules are listed in Table 1. The round “i” in the last column of Table 1 represents “i” in Fig. 8. Table 1 shows that (i) in the two rounds of i = 1 and 7 in Fig. 8, the “ShiftRows” and “ShiftRows⁻¹” modules will use 3 and 11 as the shift values, respectively; (ii) in the two rounds of i = 3 and 5, the two modules will both use 7; (iii) in the two rounds of i = 2 and 6, the two modules will use 5 and 13, respectively (i.e. the case of AES); (iv) in the round i = 4, the modules will both use 9.

3.3 The implementation process of unified algorithm

For the unified algorithm, the input is a secret key k and a 128-bit bit-sequence x, and the output is another 128-bit bit-sequence y. If the input bit-sequence x is a plaintext, the output y is its cipher-text. And if the input x is a cipher-text, the output y will be its recovered plaintext.

In Fig. 8, the secret key k is fed to the modified key expansion to obtain the sub-keys {key_i}, i = 0,1,…,N_r/2. Then, the input x is transformed into the output y using the sub-keys {key_i} with the following steps:

• Step 1. Perform the exclusive-or operation between x and key₀ to get a sequence, denoted by tp₀.

• Step 2. Repeat the following operation N_r/2 times. For the i-th round, the input is tp_i-1 and the output is tp_i, i = 1,2,…,N_r/2.

For the i-th round, tp_i-1 is fed to the “SubBytes” module, and then the outcome is executed the exclusive-or operation with the sub-key key_i. Next, the resultant sequence is handled by the “ShiftRows” and “MixColumns” modules in turn to produce the output sequence tp_i.

Note that the shift values in the “ShiftRows” module are 3, 5, 7, 9, 7, 5 and 3 in turn in this step.

• Step 3. Flip the sequence tp_Nr/2 to get a new sequence, denoted by tq_Nr/2, i.e. tq₇. When this step is implemented on the computer, the flip operation is in bytes; when this step is implemented on the microprocessor or ASIC chip, the flip operation is in bits. To save space, this paper only considers the sequence flip operation in bytes.

• Step 4. Repeat the following operation N_r/2 times. For the i-th round, the input is tq_i and the output is tq_i-1, i = N_r/2, N_r/2–1,…,1.

For the i-th round, tq_i is firstly handled by the “MixColumns⁻¹” and “ShiftRows⁻¹” modules in turn, and then the outcome is executed the exclusive-or operation with the sub-key key_i. Next, the resultant sequence is fed to the “SubBytes⁻¹” module to produce the output sequence tq_i-1.

Note that the shift values of the “ShiftRows⁻¹” module in this step are 11, 13, 7, 9, 7, 13 and 11 in turn.

• Step 5. Do the exclusive-or operation between tq₀ and key₀ to get the output y.

The above algorithm is inverse to itself, that is to say, the encryption process is identical to the decryption process. Thus, it is called unified algorithm.

Compared with the standard AES, the unified algorithm has the following characteristics:

1. (i)

   Due to the encryption and decryption share the same process, the unified algorithm has the same encryption speed and decryption speed in theory, while the encryption speed and decryption speed of AES are slightly different.

2. (ii)

   The unified algorithm uses both the encryption module and decryption module of AES.

3. (iii)

   The key expansion module of unified algorithm is mainly based on the key expansion module of AES, which can be paralleled with the encryption/decryption process. The processing speed of unified algorithm is equivalent to that of AES.

4. (iv)

   The unified algorithm has one more flip module than AES, and the flip module can be easily implemented by the computer software and ASIC hardware.

5. (v)

   The shift value of “ShiftRows” of each round in the unified algorithm is related to the number of round, while the shift value in AES is fixed. Thus, the unified algorithm increases the way of diffusion.

6. (vi)

   The unified algorithm includes seven rounds of encryption modules and seven rounds of decryption modules, i.e. with a total of 14 rounds of AES modules. The overall load is equivalent to that of AES.

7. (vii)

   The unified algorithm saves about half of the resources and simplifies the secure communication protocol by providing the same encryption and decryption processes.

The following section will further verify by simulation test that the unified algorithm based on AES has the same processing speed and security intensity as AES. To save space, only the cases of unified algorithm and AES both with the 256-bit key are compared and analyzed.

4 Simulation and comparative analysis

The computer is equipped with AMD Ryzen 93,950X@3.50GHz CPU, 64GB DDR4@3200 MHz memory, and 64-bit Windows 10 Home. The simulation is based on Mathematica 12.1.1 with the Wolfram language and its “Compile” modules under MinGW64 compiler. The objects of simulation include processing speed comparison analysis and system sensitivity comparison analysis.

4.1 Speed comparison analysis

The computer programs of the unified algorithm and AES are realized in the Wolfram language with MinGW64 compiler. Note that the programs are designed according to the modules in Figs. 1 and 8, without using the look-up table method to optimize the “ShiftRows” and “MixColumns” and their reverse modules so as to fairly compare the processing speed of the two algorithms.

For AES, the encryption speed and decryption speed are measured as follows:

1. (i)

   Randomly generate a key k of length 256 bits and a plaintext x of length 128 bits. Then, use AES to encrypt x with k to get the corresponding cipher-text y. Denote the encryption time consumed as t₁. Next, use AES to decrypt y with k to recover the plaintext x, and denote the decryption time as t₂.

2. (ii)

   (ii) Repeat the above process 10,000 times, and calculate the average encryption time and decryption time, separately denoted by t_e and t_d both with the unit μs. Then, label the encryption speed v_e = 128/t_e Mbps and the decryption speed v_d = 128/t_d Mbps.

For the unified algorithm, the encryption process is identical to its decryption process, so only one processing speed needs to be recorded as follows:

1. (i)

   Randomly produce a key k of length 256 bits and a plaintext x of length 128 bits. Then, use the unified algorithm to encrypt x with k to get the corresponding cipher-text y. Denote its encryption time as t₁. Next, use the unified algorithm to decrypt y with k to recover the plaintext x, and denote its decryption time as t₂. Now, calculate the average time of t_a = (t₁ + t₂)/2.

2. (ii)

   Repeat the above process 5000 times, and calculate the average value of all the t_a, denoted by t_u with the unit μs. Then, label the processing speed v_u = 128/t_u Mbps.

According to the above method, the processing speeds of the unified algorithm and AES are calculated and the results are listed in Table 2.

Table 2 The processing speeds of the unified algorithm and AES

From Table 2, it can be seen that (i) the encryption speed and decryption speed of AES are 1.7750Mbps and 1.7467Mbps, respectively; (ii) the processing speed of unified algorithm is 1.6570Mbps, which is about 6% slower than that of AES. Thus, the processing speeds of the unified algorithm and AES are at the same level.

4.2 Sensitivity comparison analysis

AES is a mature symmetric cryptography with good security intensity. This subsection will compare the security intensity of unified algorithm and AES, mainly in four aspects, encryption-key sensitivity, decryption-key sensitivity, plaintext sensitivity and cipher-text sensitivity. The comparative analysis will use the following difference index diff.

For two bit-sequences A and B of the same length n, the difference index diff is defined as

$$ diff=\frac{Count\left(A\oplus B,1\right)}{n}\times 100\% $$

(3)

where “⊕” is the bitwise exclusive-or operation, and Count(x,1) returns the number of bit 1 in the bit-sequence x. For two random bit-sequences, the theoretical value of their diff is 50%; for a given bit-sequence and a random bit-sequence, the theoretical value of their diff is also 50%.

4.2.1 Comparative analysis of encryption-key sensitivity

Any cryptosystem should avoid using special form of secret key. Here, five random keys and five random plaintexts are generated for analyzing the sensitivity of encryption key. The five keys are all of 256-bit length and in hexadecimal form, as follows:

• k₁ = {C564ECD2B638ACA4DB22EEA32BB4396981043F07145642DBE43C767B195D5D6}.

• k₂ = {170E37334A355B01567F523D2B67A06A3CAB0065DD65D5BF442232C96BD327B0}.

• k₃ = {886CECAD20D83EC388311FE614A7AA29A5DA775709A041FE1370942ADD347045}.

• k₄ = {5159B689F65710461AA84D9F0E96CF1D706964C871A3F92708887B0EE7D27D4F}.

• k₅ = {D814EF865655F589C57292BBA1C922E8A41E647313F142F122BECEA6FAD16782}.

And the five plaintexts are all of128-bit length and in hexadecimal form, as follows:

• x₁ = {7C1D93571A35B4366185CEFF22A8164F}.

• x₂ = {C0077BE6B566007275399E63F9F75E12}.

• x₃ = {37CB1D44997D112934A4BB86B897C127}.

• x₄ = {F9D6D827BF690C13A79F929C4174DA04}.

• x₅ = {643DC545A720EB59AADEACD514C760A9}.

The results of encryption-key sensitivity test using the above keys and plaintexts are listed in Table 3. In Table 3, “k_i(j)” represents the key k_i with only its j-th bit changed, where, i = 1,2,…,5, and j can take one of {0,1,…,255}, and all the cipher-texts are in hexadecimal form.

Table 3 Results of typical examples for encryption-key sensitivity comparison analysis

In Table 3, in each test, change one-bit of the given key to get a new key. Then, use AES or the unified algorithm to encrypt a plaintext with the two keys to get two corresponding cipher-texts. Next, calculate the diff between the two cipher-texts. It can be seen from Table 3 that the calculated values of diff of AES and the unified algorithm fluctuate about the theoretical value 50% with the maximum amplitude of 8%.

In order to make the analysis results have common significance, 10,000 trails are carried out for comparative analysis. In each trial, randomly generate a 256-bit key k₁ and a plaintext x at first. Secondly, randomly change one bit of k₁ to get a new key, denoted by k₂. Thirdly, Use AES with k₁ and k₂ to encrypt x to get two cipher-texts, denoted by y₁ and y₂, respectively. Fourthly, calculate the index diff between y₁ and y₂. Fifthly, repeat the above steps 10,000 times to record the maximum, average and minimum values of diff. Finally, use the unified algorithm to replace AES and then repeat the above process to obtain the maximum, average and minimum values of diff for the unified algorithm. The test results are listed in Table 4.

Table 4 The calculation results of diff in encryption-key sensitivity comparison analysis

The last column in Table 4 shows the relative error between the average value of diff and the theoretical value 50%. As can be seen from Table 4, the calculated values of diff of AES and the unified algorithm are similar, and the relative errors are both less than 0.5%, indicating that the unified algorithm has the same strong encryption-key sensitivity as AES.

4.2.2 Comparative analysis of decryption-key sensitivity

The steps of decryption-key sensitivity analysis are as follows:

1. (i)

   Randomly generate a 256-bit key k₁ and a plaintext x₁.

2. (ii)

   Use AES with k₁ to encrypt x₁ to get the corresponding cipher-text y.

3. (iii)

   Randomly change k₁ by one-bit to get a new key, denoted by k₂.

4. (iv)

   Use AES with k₂ to decrypt y to get the recovered sequence, denoted by x₂.

5. (v)

   Calculate the index diff between x₁ and x₂.

6. (vi)

   Repeat the above steps 10,000 times to record the maximum, average and minimum values of diff.

7. (vii)

   Repeat the above processing with the unified algorithm instead of AES to obtain the maximum, average and minimum values of diff for the unified algorithm.

The test results are listed in Table 5.

Table 5 The calculation results of diff in decryption-key sensitivity comparison analysis

The last column in Table 5 shows the relative error between the average value of diff and the theoretical value 50%. From Table 5, it can be seen that the calculated values of diff of the unified algorithm are close to those of AES, and the relative errors are both less than 0.5%. Thus, like AES the unified algorithm has strong decryption-key sensitivity.

4.2.3 Comparative analysis of plaintext sensitivity

To intuitively compare the plaintext sensitivity between AES and the unified algorithm, the following five plaintexts all of 128 bits in hexadecimal form are randomly selected,

• x₁ = {CAEE7121E4F10DD7E376261765C23994},

• x₂ = {6EE4E32EF9E98DCC6D6E385C1F8F72A5},

• x₃ = {ACC5070D9A0A9B232C4EDA1960B36E28},

• x₄ = {435B33B71C9F6C4B3AF6B40D3C54F854},

• x₅ = {19D33CBE05F1E36EB187728CFE481EE8}.

And then the following five keys all of 256 bits in hexadecimal form are randomly selected,

• k₁ = {E41A3DC6AF2B5A0A25797B295E936614C4B716F00EE027867F969AC5F0613DDC},

• k₂ = {CFFA75E2CD9692312F3331E7E113444534F11C42B671C2A9ACD2946613B6274C},

• k₃ = {748BE7776617B40F5939D3C307BD6EF4960650E1E744830601CD592D73FAE5D7},

• k₄ = {151608C7AFA085DDB5C253BCFE8AFE774F71715B8B5EBF825967998CF0E0BB75},

• k₅ = {10128FAA25793B10734C5911014429F6B98DC4A2C920C7DBEC6C89505BA8613}.

Next, the results of plaintext sensitivity analysis with the help of the above keys and plaintexts are listed in Table 6. In Table 6, “x_i(j)” represents the plaintext x_i with only its j-th bit changed, where, i = 1,2,…,5, and j can take one of {0,1,…,127}, and all the cipher-texts are in hexadecimal form.

Table 6 Results of typical examples for plaintext sensitivity comparison analysis

As can be seen from Table 6, the comparison results of five examples show that the calculated values of index diff of the unified algorithm are close to those of AES, both fluctuating about the theoretical value 50% with the maximum amplitude of 8%.

To make the comparison results have universal significance, 10,000 trials are carried out for the comparative analysis. In each trial, randomly generate a secret key k at first. Then, randomly generate a plaintext x₁. Next, randomly change x₁ by one bit to get a new plaintext, denoted by x₂. Now, use AES with k to encrypt x₁ and x₂ to get their corresponding cipher-texts, denoted by y₁ and y₂, respectively. After that, calculate the index diff between y₁ and y₂. Repeat the above steps 10,000 times to obtain the maximum, average and minimum values of diff. Finally, repeat the above process using the unified algorithm instead of AES to get the maximum, average and minimum values of diff for the unified algorithm. The test results are listed in Table 7.

Table 7 The calculation results of diff in plaintext sensitivity comparison analysis

The last column in Table 7 shows the relative error between the average value of diff and the theoretical value 50%. As can be seen from Table 7, the calculated values of diff of the unified algorithm are close to those of AES, and the relative errors are both less than 0.5%. Thus, the unified algorithm has the same strong plaintext sensitivity as AES.

4.2.4 Comparative analysis of cipher-text sensitivity

The process of cipher-text sensitivity analysis is as follows:

1. (i)

   Randomly produce a 256-bit key k and a plaintext x₁.

2. (ii)

   Use AES with k to encrypt x₁ to get the corresponding cipher-text y₁.

3. (iii)

   Randomly change y₁ by one-bit to get a new bit-sequence, denoted by y₂.

4. (iv)

   Use AES with k to decrypt y₂ to get the recovered bit-sequence, denoted by x₂.

5. (v)

   Calculate the index diff between x₁ and x₂.

6. (vi)

   Repeat the above steps 10,000 times to record the maximum, average and minimum values of diff.

7. (vii)

   Repeat the above processing with the unified algorithm instead of AES to obtain the maximum, average and minimum values of diff for the unified algorithm.

The test results according to the above method are listed in Table 8.

Table 8 The calculation results of diff in cipher-text sensitivity comparison analysis

The last column in Table 8 shows the relative error between the average value of diff and the theoretical value 50%. As shown in Table 8, the calculated values of diff of the unified algorithm are similar to those of AES, and the relative errors are both less than 0.5%. Thus, the unified algorithm has strong cipher-text sensitivity as AES.

From the above analysis results in subsections 4.2.1–4.2.4, it can be seen that the unified algorithm has the same system sensitivity as AES. Thus, the unified algorithm possesses the same level of security intensity as AES. However, the unified algorithm has the advantage that AES does not have, that is, the unified algorithm has the same encryption process and decryption process, which can effectively save hardware resources, and simplify the secure communication protocol.

4.3 Cascade application

The AES algorithm usually works in cipher-text block chain (CBC) mode in symmetric encryption applications. Similarly, the unified algorithm can also work in CBC mode. For example, to encrypt a text of n bits, one can divide the text into m blocks of 128-bit length (padding 0 s if the last block’s length is less than 128 bits), denoted by x₀, x₁,…,x_m-1, respectively, where m = Ceil(n/128), and Ceil(x) returns the smallest integer not less than x. Assume that the encryption key is denoted by k. The cascade system of unified algorithm is shown in Fig. 9. From Fig. 9, one can see that the cascade system is also unified, i.e. its encryption process and decryption process are the same.

Fig. 9

The unified algorithm in CBC mode

In Fig. 9, “UA” represents the unified algorithm, “Flip” module flips the bit-sequence in bit (in microcontroller) or in byte (in computer), and “⨁” means bitwise exclusive-or operation. As can be seen from Fig. 9, the input {x_i}, i = 0,1,…,m-1, will be transformed into the output as follows:

$$ y0=\mathrm{UA}(x0), yi=\mathrm{UA}\left( xi\oplus \mathrm{Flip}\left( yi-1\right)\right)\oplus \mathrm{Flip}\left( xi-1\right),i=1,2,\dots, m-1. $$

(4)

The system in Fig. 9 can be used to encrypt/decrypt a large amount of text data or image information. For example, it can be used to encrypt the image shown in Fig. 10a. The image Mandrill in Fig. 10a is an 8-bit grayscale image with the size of 256 × 256. At first, expand Mandrill row by row into a vector. Then, divide the vector into 4096 blocks of size 16 bytes (or 128 bits). That is, m = 4096 in Fig. 9. Then use the system in Fig. 9 with, for example, the k₁ in subsection 4.2.3, to encrypt the blocks to get the cipher blocks, named {y_i}, i = 0,1,…,4095. Now, convert each y_i into 16 bytes and then reshape all the bytes into a 256 × 256-sized matrix, as shown in Fig. 10b. Figure 10b shows that the cipher image is a noise-like one with no visual patterns. Also, use the system in Fig. 9 to decrypt the image in Fig. 10b to get a recovered image, as shown in Fig. 10c, which is identical to the original image in Fig. 10a.

Fig. 10

Result of image encryption based on the unified algorithm in CBC mode. a Mandrill; b The cipher image; c The decrypted image

5 Conclusion

Based on the AES algorithm with a 256-bit key, this paper studies the unified algorithm with the same encryption and decryption processes. The unified algorithm uses the modules of “SubBytes”, “MixColumns” and their inverse modules of AES, improves the module of “ShiftRows” and its inverse module of AES, adjusts the key expansion module of AES, and adds the flip module to the system. This paper employs the single-three program in Mathematica to compare and analyze the security performance of AES and the unified algorithm. The analysis results show that the unified algorithm possesses the processing speed of 1.6570Mbps, which is in the same level as the speed of AES. Like AES, the unified algorithm has strong sensitivity to the secret key, plaintext and cipher-text. Under the condition of comparable processing speed and security intensity with AES, the unified algorithm has the significant advantage of the same encryption process and decryption process, which can save the hardware resources of cryptographic system, and simplify the synchronous protocol in secure communications. The unified algorithm is an alternative for AES in various symmetric encryption applications.

This paper designs a unified algorithm based on AES with the 256-bit long key. In fact, the proposed unified algorithm is also applicable to AES with the 128-bit or 192-bit long key. When the key length is 128 bits and 192 bits, the AES algorithm will have 11 and 13 sub-keys, respectively. The corresponding unified algorithm will have 5 and 6 sub-keys, and the modified key expansion algorithm is still applicable. In the case of 128-bit long key, the unified algorithm will have five rounds with the shift values of “ShiftRows” being 3, 5, 7, 13 and 11 in turn. And in the case of 192-bit long key, the unified algorithm will have six rounds with the shift values of “ShiftRows” being 3, 5, 7, 9, 13 and 11 in turn. Thus, the unified algorithm can use 128-bit and 192-bit long keys.

Like AES, the unified algorithm can work in cipher-text block chain (CBC) mode to encrypt and decrypt long text or a large amount of data. This paper designs a system in CBC mode, which is composed of unified algorithm, exclusive-or operation, sequence flipping operation. In the system, the input and output of each level are fed to the next level, so that the system has the characteristics of unified algorithm, that is, the encryption process is exactly the same as the decryption process. Thus, the unified algorithm in CBC mode also saves half to the resources and simplifies the synchronous protocol in the network communications.