Module 2

Symmetric Encryption Algorithms

Topic
Advanced Encryption Standard (AES)
• Introduction - Advanced Encryption Standard
• AES is a block cipher algorithm that can process a 128-bit block
of plaintext at a time.
• AES uses a large 128-bit key size to perform encryption and
decryption process. AES increases the key size to 128 bits, 192
bits and 256 bits.
• AES cipher uses 10 rounds of operation for performing
encryption and decryption processes.
• The number of rounds used in three versions of AES can differ.
EX: AES-128 - 10 rounds
AES-192 - 12 rounds
AES-256 - 14 rounds
• In each round, AES performs substitution and permutation
operations.
• AES is not using Feistel structure and hence entire data block is
processed in a parallel way during each round.
 AES Encryption
• To generate a ciphertext, the AES perform number of rounds of
operation on the plaintext based on the key size.
• In each round, it performs 4 transformations
– SubBytes
– ShiftRows
– MixColumns
– AddRoundKey
• SubBytes and MixColumns are used to perform simple
substitution operation.
• ShiftRows is used to perform the permutation operation.
• AddRoundKey is used to perform the XOR operation in the
encryption and decryption process.
 AES Decryption
• Similar to the substitution and transposition
performed in the encryption process, there are
inverse transformations in the decryption
process.
• The inverse transformations are
• InvSubBytes
• InvShiftRows
• InvMixColumns
• AddRoundKey
 SubBytes
• The first transformation used at the encryption side is called
subBytes.
• The given 128 bit block is represented as a (4 × 4) square matrix that
consists of 16 cells.
• In each cell, one byte of the plaintext is placed.
• The first four bytes are placed in the first column and the second four
bytes are placed in the second column and so on.
• Each element of the matrix is replaced by the an element of s-box
matrix.
 For example: if the input
to the S-box is 75, then it
will select the value
which is located in the
7th row and 5th column
which contains the value
9D.
S-box

S-Box
InvSubBytes

Inverse S-box

InvSubBytes is the inverse of SubBytes.

For example: During the decryption process, the hexadecimal
value 9D is used to select the value 75 from the inverse S-box
defined for decryption process.
 ShiftRows
• The first row of input/State is not altered.
• For the second row, a 1-byte circular left shift is performed.
• For the third row, a 2-byte circular left shift is performed.
• For the fourth row, a 3-byte circular left shift is performed.
 InverseShiftRows
• The first row of input/State is not altered.
• For the second row, a 1-byte circular right shift is
performed.
• For the third row, a 2-byte circular right shift is
performed.
• For the fourth row, a 3-byte circular right shift is
performed.
 MixColumns
• Each column is operated on individually in the Mixcolumns()
transformation.
• The transformation can be determined by performing a
matrix multiplication based on GF(28) with respect to a
matrix defined for Mixcolumns() transformation.
Mix Columns

Inverse Mix Columns

Example of Mix columns
 Calculation of 02 X 4A

• GF (28) = x7+x6+x5+x4+x3+x2+x+1
• 02 X 4A
• 0000 0010 X 0100 1010
• x (x6+x3+x)
• x7+x4+x2
• 1001 0100
• 94
Example for X8
 AddRoundKey
• In Addroundkey() transformation, the output produced by
the mixcolumn() transformation is XOR-ed with the
subkey value produced by the key expansion algorithm.
 Key Expansion
• A 128-bit key, the key is arranged in the form of
an array of 4 × 4 bytes.
• Each column of 4 bytes represented as one
word. Similarly, 4 word forms one round key.
• For a 128-bit encryption algorithm, the total
number of keys required is 11.
• Each key should have the key length of 128 bits
(4 words).
W0 W1 W2 W3 – Master Key
W4 W5 W6 W7 – Round 1 Key

W4=w0⊕g(w3)
W5=w1⊕w4
W6=w2⊕w5
W7=w3⊕w6
 Function g consists:
• RotWord performs a one-byte circular left shift on a
word.
• SubWord performs a byte substitution on each byte
of its input word, using the S-box.
• The result of steps 1 and 2 is XORed with a round
constant, Rcon[j].
– The round constant is a word in which the three rightmost
bytes are always 0.

Rcon [1] = 01 00 00 00
Example
The main key also act as key K0 for
encryption and will be directly used for
pre-round computation.
Key for Round1:
W4=w0⊕g(w3)
W5=w1⊕w4
W6=w2⊕w5
W7=w3⊕w6

Main key K

Before perform XoR operation we need to find g(w3)

 g(w3) = g(af 7f 67 98)
1.RotWord:
af 7f 67 98 = 7f 67 98 af
2.SubWord:
7f 67 98 af = d2 85 46 79
3.Rcon(1) = 01 00 00 00 (we are finding a subkey for round 1)

g(w3) = SubWord XOR Rcon(1)

= (d2 85 46 79) XOR (01 00 00 00)
g(w3)= d3 85 46 79

W4=w0⊕g(w3)
= (0f 15 71 c9) ⊕ (d3 85 46 79) = dc 90 37 b0

W5=w1⊕w4
= (47 d9 e8 59) ⊕ (dc 90 37 b0) = 9b 49 df e9

W6=w2⊕w5
= (0c b7 ad d6) ⊕ (9b 49 df e9) = 97 fe 72 3f

W7=w3⊕w6
= (af 7f 67 98) ⊕ (97 fe 72 3f) = 38 81 15 a7