Advanced Encryption Standard(AES)

• AES is symmetric block cipher intended to

replace DES for commercial applications.
• It uses a 128-bit block size and a key size of
128, 192, or 256 bits.
• AES does not use a Feistel structure. Instead,
each full round consists of four separate
functions: byte substitution, permutation,
arithmetic operations over a finite field, and
XOR with a key.
AES STRUCTURE
• The cipher takes a plaintext block size of 128
bits, or 16 bytes.
• The key length can be 16, 24, or 32bytes (128,
192, or 256 bits).
• The algorithm is referred to as AES-128, AES-
192, or AES-256, depending on the key length.
• The input to the encryption and decryption
algorithms is a single 128-bit block.
• This block is copied into the State array, which
is modified at each stage of encryption or
decryption.
• After the final stage, State is copied to an
output matrix.
• The key is depicted as a square matrix of
bytes.
• This key is then expanded into an array of key
schedule words.
• The first four bytes of a 128-bit plaintext input to
the encryption cipher occupy the first column of
the in matrix, the second four bytes occupy the
second column, and so on.
• Similarly, the first four bytes of the expanded key,
which form a word, occupy the first column of
the w matrix.
• The cipher consists of N rounds, where the
number of rounds depends on the key length: 10
rounds for a 16-byte key, 12 rounds for a 24-byte
key, and 14 rounds for a 32-byte key.
• The first N-1 rounds consist of four distinct
transformation functions: SubBytes, ShiftRows,
MixColumns, and AddRoundKey.
• The final round contains only three
transformations, and there is a initial single
transformation (AddRoundKey) before the first
round, which can be considered Round 0.
• Each transformation takes one or more
4 x 4 matrices as input and produces a
4 x 4 matrix as output.
• The key expansion function generates N + 1
round keys, each of which is a distinct 4 x 4
matrix.
• Each round key serve as one of the inputs to
the AddRoundKey transformation in each
round.
Detailed Structure
1. THE AES structure is not a Feistel structure.In
classic Feistel structure, half of the data block is
used to modify the other half of the data block
and then the halves are swapped.AES instead
processes the entire data block as a single
matrix during each round using substitutions
and permutation.
2. The key that is provided as input is expanded
into an array of forty-four 32-bit words, w[i].
Four distinct words (128 bits) serve as a round
key for each round.
3. Four different stages are used, one of
permutation and three of substitution:
• Substitute bytes: Uses an S-box to perform a
byte-by-byte substitution of the block
• ShiftRows: A simple permutation
• MixColumns: A substitution that makes use of
arithmetic over GF(28)
• AddRoundKey: A simple bitwise XOR of the
current block with a portion of the expanded key
4. The structure is quite simple. For both encryption
and decryption, the cipher begins with an
AddRoundKey stage, followed by nine rounds that
each includes all four stages, followed by a tenth
round of three stages.
5. Only the AddRoundKey stage makes use of the
key. For this reason, the cipher begins and ends
with an AddRoundKey stage. Any other stage,
applied at the beginning or end, is reversible
without knowledge of the key and so would add
no security.
6. The cipher consists of alternating operations
of XOR encryption (AddRoundKey) of a block,
followed by scrambling of the block (the other
three stages), followed by XOR encryption,
and so on.
This scheme is both efficient and highly
secure.
 AES TRANSFORMATION FUNCTIONS
• Four transformations are used in AES.
1. Substitute Bytes Transformation
2. ShiftRows Transformation
3. MixColumns Transformation
4. AddRoundKey Transformation
 Substitute Bytes Transformation

FORWARD AND INVERSE TRANSFORMATIONS

• The forward substitute byte transformation, called
SubBytes, is a simple table lookup.
• AES defines a 16 x 16 matrix of byte values, called an S-
box , that contains a permutation of all possible 256 8-
bit values.
• Each individual byte of State is mapped into a new
byte in the following way: The leftmost 4 bits of the
byte are used as a row value and the rightmost 4 bits
are used as a column value.
• These row and column values serve as indexes into the
S-box to select a unique 8-bit output value.
Construction of S box
1. Initialize the S-box with the byte values in
ascending sequence row by row. The first row
contains {00},{01},{02},….{0F}; the second
row contains {10},{11},{12},….{1F} etc.; and
so on. Thus, the value of the byte at row y ,
column x is {yx}.
2. Map each byte in the S-box to its
multiplicative inverse in the finite field GF
(28) ;the value {00} is mapped to itself.
3. Consider that each byte in the S-box consists
of 8 bits labeled (b7, b6, b5,….b0). Apply the
following transformation to each bit of each
byte in the S-box:
• ci is the ith bit of c byte with the value [63] ;
that is, (c7 c6 c5 c4 c3 c2 c1 c0) = 01100011
• .
• In ordinary matrix multiplication, each
element in the product matrix is the sum of
products of the elements of one row and one
column.
• In this case, each element in the product
matrix is the bitwise XOR of products of
elements of one row and one column.
• The final addition is a bitwise XOR. The bitwise
XOR is addition in GF(28) .
• The inverse substitute byte transformation,
called InvSubBytes, makes use of the inverse
S-box.
• The inverse transformation is
• where byte , d={05} or 00000101.
 ShiftRows Transformation
FORWARD AND INVERSE TRANSFORMATIONS
• The forward shift row transformation, called
ShiftRows.
• The first row of State is not altered. For the
second row, a 1-byte circular left shift is
performed.
• For the third row, a 2-byte circular left shift is
performed.
• For the fourth row, a 3-byte circular left shift is
performed.
Example
• The inverse shift row transformation, called
InvShiftRows, performs the circular shifts in
the opposite direction for each of the last
three rows, with a 1-byte circular right shift
for the second row, and so on.
 MixColumns Transformation
FORWARD AND INVERSE TRANSFORMATIONS
• The forward mix column transformation,
called MixColumns, operates on each column
individually.
• Each byte of a column is mapped into a new
value that is a function of all four bytes in that
column.
• The transformation can be defined by the
following matrix multiplication on State.
• Each element in the product matrix is the sum
of products of elements of one row and one
column.
• In this case, the individual additions and
multiplications are performed in GF (28).
• The MixColumns transformation on a single
column of State can be expressed as
• In particular, multiplication of a value by {02})
can be implemented as a 1-bit left shift
followed by a conditional bitwise XOR with
(0001 1011) if the leftmost bit of the original
value (prior to the shift) is 1.
• If the left most bit is 0, perform 1 bit left shift
only.
example
 AddRoundKey Transformation
FORWARD AND INVERSE TRANSFORMATIONS
• In the forward add round key transformation,
called AddRoundKey, the 128 bits of State are
bitwise XORed with the 128 bits of the round
key.
• The operation is viewed as a column wise
operation between the 4 bytes of a State
column and one word of the round key.
Example
Single AES round
 AES KEY EXPANSION
• The AES key expansion algorithm takes as
input a four-word (16-byte) key and produces
a linear array of 44 words (176 bytes).
• The key is copied into the first four words of
the expanded key.
• The remainder of the expanded key is filled in
four words at a time.
• Rcon[j] = (RC[j], 0, 0, 0)
• Plaintext:
0123456789abcdeffedcba9876543210
• Key:
0f1571c947d9e8590cb7add6af7f6798