Jump to content
  • Advertisement
Sign in to follow this  
myvraccount

Implementing Rijndael Encryption

This topic is 547 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Could someone PLEASE either explain to me how, or point me to a tutorial that will tell me the simplest possible way to write the Rijndael (AES or very similar) algorithm into C#?  Specifically 256-bit key size.  I just want to make a function that takes an array of bytes or data (will be divisible by 256), and a 256-bit key also as an array of bytes, and outputs a new array of bytes that is encrypted.

 

I've been looking on Wikipedia, and it explains the steps of the algorithm, but then redirects to all sorts of number theory and abstract algebra crap that I have to wade through endlessly just to get anything done at all!  I'm rusty on all that convoluted nonsense.  I studied it some years ago, but it's so absurdly esoteric and covered with so many weird rules and red tape that it's almost impossible to make any sense of it.

 

I'm very good at math in general (calculus, etc.), but is it really necessary to get into all the details about finite fields and all that, just to build the sub bytes matrix?

 

The shift rows is easy, fortunately.

 

I'm not sure I fully understand the mix columns step either.  And the example they give on Wikipedia is 16 bytes (128 bits), but I need 256 bits anyway.

 

The add round key step should be easy enough, but only after I figure out what the current round key is, and I'm not sure if I understand the key scheduling either, but I haven't looked into it as much yet.

 

Any info you could provide would be much appreciated, thanks!

Share this post


Link to post
Share on other sites
Advertisement

Also, you should not implement your own encryption algorithm, even experts working from the technical papers tend to get it wrong. They need quite a lot of verification.

If, as I suspect, this is for learning purposes more than active use, then it's not such a bad thing. Indeed it's an excellent time and place to practice building tests. The thing to do is to find a reference implementation of Rijndael, then make sure that it outputs the same bytes as your own implementation for a bunch of different inputs both known and random. 

Share this post


Link to post
Share on other sites

Actually, I do intend to use it, but I prefer to implement it myself, because I'm putting it into my own C# project and I hate dealing with DLLs, and this needs to be very portable.

But I wouldn't use it until I'm certain it works.

Part of the problem is that if I use someone else's implementation, how can I be sure it's correct, and that it hasn't been deliberately sabotaged, or contain any kind of spyware that would defeat the purpose of the encryption?

Share this post


Link to post
Share on other sites

Oh, I just checked the link.  That's from Microsoft?  I didn't know they had it included.

But I believe my concerns could still possibly be valid.  And you haven't answered my question about how to implement the algorithm, you've just provided a function that already does it.

Anyway, is it really that hard to implement?  Every other cryptographic algorithm I've ever seen before has been relatively simple, compared to this, and that includes lots of public-key stuff as well.  Is this just the most convoluted thing ever, or what?

Edited by myvraccount

Share this post


Link to post
Share on other sites

Part of the problem is that if I use someone else's implementation, how can I be sure it's correct

Those results are easy to verify by comparing it to another trusted implementation.  Either it produces the correct encryption or it does not. If there are backdoors it happens before the encryption. 

that it hasn't been deliberately sabotaged, or contain any kind of spyware

That's always true, but your own implementation is subject to the same concerns.  If someone can slip into your system and replace the cryptography libraries, they can slip anything in to the system. Key loggers, disk mirroring, or just replace your program with one that has bad encryption.

you haven't answered my question about how to implement the algorithm, you've just provided a function that already does it. Anyway, is it really that hard to implement?

As mentioned above, you really should be searching for this yourself. A Google search for "aes rijndael source code" brings up versions in C, C++, Java, Pascal, Python, and C# all on the first page. 

They look like they're around 600-1000 lines long, 

Whether that is difficult to implement or not is up to you and your skill level.  There's also the issue of bugs in the code, some will be better than others.

Share this post


Link to post
Share on other sites
What threat / attacker are you trying to mitigate against?

If you don't trust the platform / device, just be aware that you can't trust "your" code either - how do you know it will run that code and not something else?

Share this post


Link to post
Share on other sites

Regarding code quality, correct encryption and decryption is only the beginning. You can get in trouble with uninitialized buffers, malicious input etc. and you have to worry about side channels through which an attacker could learn something about secret plaintext and keys.

Among side channels, timing attacks (deducting what you are computing from how long you take to answer) are particularly difficult to address: how well do you know x86 microcode revisions?

It can be safely assumed that writing a high quality AES implementation requires far more effort and skill than managing dependencies and portability.

Share this post


Link to post
Share on other sites

Don't forget to pad your plaintext with (pseudo-)random bytes before encryption, otherwise you're just doing a fancy Caesar cipher!!

Edited by sjhalayka

Share this post


Link to post
Share on other sites

What threat / attacker are you trying to mitigate against?

If you don't trust the platform / device, just be aware that you can't trust "your" code either - how do you know it will run that code and not something else?

 

Why wouldn't I be able to trust my own code not to be running spyware?

 

Also, does anyone know if it's been proven that the Microsoft implementation does not contain spyware or other malware or any problems?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!