UNIT–II: SYMMETRIC CRYPTOGRAPHY

A symmetric cipher, also known as a secret-key or private-key cipher, is a cryptographic algorithm

that uses the same key for both encryption and decryption of the data. In other words, the sender
and receiver must both have access to the same secret key.

Symmetric ciphers are widely used in cryptography due to their efficiency and speed, making them
suitable for encrypting large amounts of data. They are used to ensure confidentiality and integrity
of data during transmission or storage.

Some common symmetric ciphers include:

1. Advanced Encryption Standard (AES): AES is a widely used symmetric cipher that has
been adopted by the U.S. government and is considered secure for a wide range of
applications. It supports key lengths of 128, 192, or 256 bits.
2. Data Encryption Standard (DES): DES was one of the earliest symmetric ciphers widely
used for encryption. However, due to its small key size (56 bits) and vulnerabilities to
modern cryptanalysis techniques, it has largely been replaced by AES.
3. Triple DES (3DES): 3DES is a variant of DES that applies the DES algorithm three times
using different keys for increased security. It provides a higher level of security compared to
DES but is less efficient due to its multiple encryption rounds.
4. Blowfish and Twofish: These are symmetric block ciphers designed to be fast and secure.
Blowfish operates on 64-bit blocks and supports key sizes ranging from 32 bits to 448 bits,
while Twofish operates on 128-bit blocks and supports key sizes of 128, 192, or 256 bits.

Symmetric ciphers are often used in combination with other cryptographic techniques such as
message authentication codes (MACs) and digital signatures to provide additional security features
such as data integrity and authenticity. However, a key challenge with symmetric ciphers is key
management, as the secure distribution of keys to authorized parties is essential to maintaining the
confidentiality of the encrypted data.
Classical Encryption Technique

Classical encryption techniques refer to the historical methods of encrypting messages before the
advent of modern cryptographic algorithms. These techniques were primarily used in ancient and
medieval times to protect sensitive information during communication. Some classical encryption
techniques include:

1. Caesar Cipher: Named after Julius Caesar, this technique involves shifting each letter of the
plaintext by a fixed number of positions down or up the alphabet. For example, with a shift of 3,
'A' would become 'D', 'B' would become 'E', and so on.
2. Substitution Cipher: Substitution ciphers involve replacing each letter in the plaintext with
another letter according to a fixed system. Examples include the Atbash cipher, where each
letter is replaced with its reverse in the alphabet, and the simple substitution cipher, where
each letter is replaced with a different letter according to a predetermined mapping.
3. Vigenère Cipher: Developed by Blaise de Vigenère in the 16th century, the Vigenère cipher is a
polyalphabetic substitution cipher. It uses a keyword to determine the shift for each letter in the
plaintext, making it more secure than simple substitution ciphers.
4. Transposition Cipher: Transposition ciphers involve rearranging the letters in the plaintext
without changing their identities. One example is the Rail Fence cipher, where the plaintext is
written diagonally on successive "rails" of an imaginary fence, and the ciphertext is read off row
by row.
5. Playfair Cipher: Invented by Charles Wheatstone in the 19th century but popularized by Lyon
Playfair, this technique uses a 5x5 grid of letters (usually excluding 'J') to encrypt pairs of letters
in the plaintext.

Classical encryption techniques, while historically significant, are generally considered to be insecure by
modern standards due to their simplicity and vulnerability to cryptanalysis. However, they provide
valuable insights into the principles of cryptography and serve as the foundation for the development of
more sophisticated cryptographic algorithms.
Symmetric Cipher Model

In cryptography, the symmetric cipher model refers to a class of cryptographic algorithms where the
same secret key is used for both encryption and decryption of data. This model is also known as the
private-key or secret-key encryption.

Here are the key components of the symmetric cipher model:

 1. Key: A symmetric cipher requires a secret key, which is shared between the sender and the
receiver. This key is used to both encrypt plaintext into ciphertext and decrypt ciphertext back
into plaintext. The security of the encrypted data relies on keeping this key secret.
2. Encryption Algorithm: The encryption algorithm takes the plaintext and the secret key as inputs
and produces ciphertext as output. The encryption process scrambles the plaintext according to
the key, making it unintelligible to anyone who does not possess the key.
3. Decryption Algorithm: The decryption algorithm takes the ciphertext and the secret key as
inputs and produces the original plaintext as output. The decryption process reverses the
encryption process, transforming the ciphertext back into plaintext using the same key.
4. Symmetric Nature: Symmetric ciphers are symmetric because the same key is used for both
encryption and decryption. This means that both the sender and the receiver must have access
to the same secret key. While this simplifies the encryption and decryption processes, it also
requires secure key distribution to ensure that only authorized parties can access the key.
5. Performance and Efficiency: Symmetric ciphers are generally fast and efficient, making them
suitable for encrypting large amounts of data. They are commonly used in scenarios where
speed and performance are critical, such as securing network communication and encrypting
files.

Examples of symmetric ciphers include Advanced Encryption Standard (AES), Data Encryption Standard
(DES), Triple DES (3DES), Blowfish, and Twofish.

While symmetric ciphers offer advantages in terms of performance and efficiency, they also pose
challenges in terms of key management and distribution. Additionally, symmetric encryption does not
provide features such as digital signatures or non-repudiation, which are often required in secure
communication protocols. As a result, symmetric ciphers are often used in combination with other
cryptographic techniques to achieve a higher level of security.

Substitution Techniques

Substitution techniques in cryptography involve replacing plaintext elements (such as letters or bits)
with other elements according to a predefined rule or algorithm. These techniques are often used to
obfuscate the original message and thereby achieve confidentiality. There are several types of
substitution techniques:
 1. Monoalphabetic Substitution: In monoalphabetic substitution, each letter in the plaintext is
replaced by a fixed letter in the ciphertext. This replacement remains consistent throughout the
entire message. The simplest example of monoalphabetic substitution is the Caesar cipher,
where each letter is shifted by a fixed number of positions in the alphabet.
2. Polyalphabetic Substitution: Polyalphabetic substitution techniques use multiple substitution
alphabets to encode the plaintext. This means that different letters in the plaintext may be
replaced by different ciphertext letters based on the position within the message or another
predetermined pattern. The Vigenère cipher is a classic example of a polyalphabetic substitution
cipher.
3. Homophonic Substitution: In homophonic substitution, each letter in the plaintext can be
replaced by one of several ciphertext symbols. This increases the complexity of cryptanalysis by
introducing ambiguity. For example, in a homophonic substitution cipher, the letter 'E' might be
replaced by '7', '8', or '9', each with a certain probability.
4. Polygraphic Substitution: Polygraphic substitution involves replacing groups of letters (digraphs
or trigraphs) in the plaintext with other groups of letters in the ciphertext. This technique
increases the complexity of the cipher but also requires a larger ciphertext alphabet.
5. Fractional Substitution: Fractional substitution techniques involve replacing plaintext elements
with fractions of different elements. For example, in a fractional substitution cipher, a letter
might be replaced by a fraction of two other letters.
6. Transposition-Substitution Ciphers: These ciphers combine substitution with transposition
techniques. First, the plaintext is encrypted using a substitution cipher, and then the resulting
ciphertext is further scrambled using a transposition cipher.

Substitution techniques are relatively simple to implement but can be vulnerable to cryptanalysis,
especially when applied to natural language plaintexts with predictable patterns. However, with proper
key management and additional complexity, such as in polyalphabetic ciphers, substitution techniques
can offer a higher level of security. They are often used as building blocks in more complex
cryptographic systems or as introductory examples in cryptography education.

Transposition Technique
Transposition techniques in cryptography involve rearranging the order of characters in the plaintext
without altering their identities. Unlike substitution techniques, which replace characters with other
characters, transposition techniques only change the order of characters. This rearrangement can help
obscure the original message and enhance confidentiality. Here are some common transposition
techniques:

1. Columnar Transposition: In columnar transposition, the characters of the plaintext are written
into a grid row by row. The ciphertext is then read out column by column according to a
predefined key. This key specifies the order in which columns are read to obtain the ciphertext.
The exact method of reading the columns can vary, such as reading them in alphabetical order
of the column headers or following a predetermined permutation.
2. Rail Fence Cipher: The rail fence cipher is a simple transposition technique that involves writing
the plaintext diagonally over a certain number of "rails" or lines, then reading off the ciphertext
by retracing the diagonals. The number of rails determines the level of transposition.
3. Route Cipher: Route ciphers involve writing the plaintext into a grid or matrix and then
following a specific route or path to read the characters in a different order to obtain the
ciphertext. The path could be a spiral, zigzag, or any other predefined pattern.
4. Scytale: Scytale is an ancient transposition technique used by the Spartans. It involves wrapping
a strip of parchment around a rod of a particular diameter and writing the plaintext along the
length of the rod. The ciphertext is obtained by unwrapping the parchment from the rod.
5. Permutation Cipher: Permutation ciphers involve rearranging the order of characters in the
plaintext according to a specific permutation or rearrangement rule. The permutation can be
determined by a keyword, a predetermined pattern, or some other method.

Transposition techniques are generally simpler than substitution techniques and can be relatively easy
to implement. However, they may not provide as much security against certain types of cryptanalysis,
particularly when applied to plaintext with predictable patterns. They are often used in combination
with other cryptographic techniques to enhance security. Additionally, modern encryption algorithms
tend to be more complex and use a combination of transposition and substitution techniques along with
other cryptographic methods to achieve higher security levels.
Steganography is the practice of concealing secret information within a seemingly innocuous carrier
medium in such a way that the existence of the hidden message is hidden. Unlike cryptography, which
focuses on making the content of a message unreadable to unauthorized parties, steganography aims to
hide the existence of the message itself.

In steganography, the carrier medium can be any digital or physical object, such as images, audio files,
video files, text, or even physical objects like microdots or invisible ink. The hidden message, known as
the "payload," is embedded into the carrier medium using various techniques.

Digital steganography, which is more prevalent in modern contexts, typically involves manipulating the
bits of digital files to embed the hidden message. Some common techniques used in digital
steganography include:

1. Least Significant Bit (LSB) Insertion: This technique involves replacing the least significant bits of
pixels in an image or samples in audio files with the bits of the hidden message. Since small
changes in the LSBs are imperceptible to the human eye or ear, the modifications remain
unnoticed.
2. Spread Spectrum Technique: This method involves spreading the bits of the hidden message
across the carrier medium using a pseudorandom sequence. By spreading the bits, the changes
made to the carrier medium are less noticeable.
3. Whitespace Steganography: In text-based steganography, hidden messages can be embedded
within the whitespace (spaces, tabs, line breaks) of a document or webpage, making them
invisible to the naked eye.
4. Digital Watermarking: While often used for copyright protection or authentication, digital
watermarking can also be used for steganographic purposes by embedding hidden information
into digital media.
5. File Format Manipulation: Some steganographic techniques involve exploiting the structure of
digital file formats to hide information. For example, appending data at the end of a file, using
unused or non-standard fields within a file format, or encoding data in metadata.
Steganography can be used for various purposes, including covert communication, digital watermarking,
authentication, and copyright protection. However, like cryptography, it can also be misused for
malicious purposes, such as hiding malware or covert communication for illegal activities.

Combining steganography with cryptography can further enhance security by encrypting the hidden
message before embedding it into the carrier medium. This ensures that even if the carrier medium is
intercepted, the hidden message remains unreadable without the decryption key.

Block Cipher and the Data Encryption Standard

A block cipher is a type of symmetric key encryption algorithm that operates on fixed-length blocks of
data, often subdividing the plaintext into blocks of equal size, and then encrypting each block
separately. The same key is used for both encryption and decryption.

The Data Encryption Standard (DES) is one of the most well-known and widely used block ciphers. It was
developed in the 1970s by IBM and adopted by the U.S. government as a federal standard for securing
sensitive but unclassified information. However, due to advances in computing power and cryptanalysis
techniques, DES is no longer considered secure for modern cryptographic purposes.

Here are the key features of block ciphers, including DES:

1. Block Size: A block cipher operates on fixed-size blocks of data. DES uses a block size of 64 bits,
meaning it processes 64 bits of plaintext at a time.
2. Key Size: The key size of a block cipher refers to the length of the secret key used for encryption
and decryption. DES uses a 56-bit key, which means there are 2^56 possible keys.
3. Key Expansion: Before encryption or decryption, the original key undergoes a key expansion
process to generate a set of round keys. These round keys are used in the iterative encryption or
decryption process.
4. Iterations (Rounds): Block ciphers typically consist of multiple rounds of processing. In each
round, the plaintext block is mixed with the round key using various cryptographic operations,
such as substitution, permutation, and XOR (exclusive OR).
5. Feistel Structure: Many block ciphers, including DES, use a Feistel structure, where the plaintext
block is divided into two halves and undergoes multiple rounds of processing. In each round,
one half is processed and combined with the other half using various operations.

DES has been widely used in various applications, including electronic payments, secure
communications, and data encryption. However, its 56-bit key size became a significant limitation as
computing power increased, and it became susceptible to brute-force attacks. As a result, DES has been
largely replaced by more secure block ciphers such as the Advanced Encryption Standard (AES), which
supports key sizes of 128, 192, or 256 bits.
Despite its obsolescence, DES remains an important part of cryptographic history and paved the way for
the development of modern block ciphers.

The Data Encryption Standard

The Data Encryption Standard (DES) is a symmetric-key block cipher that was widely used as a standard
encryption algorithm for securing sensitive but unclassified information. Developed by IBM in the early
1970s, DES was adopted by the U.S. government as a federal standard for encryption and became one of
the most widely used encryption algorithms worldwide.

Here are some key aspects of the Data Encryption Standard (DES):

1. Block Size: DES operates on 64-bit blocks of plaintext. Each 64-bit block is processed
independently during encryption or decryption.
2. Key Size: The key size for DES is 56 bits. However, the actual key length used in DES is 64 bits,
with 8 of these bits being used for parity checking, leaving 56 bits for the actual key. This
relatively small key size made DES vulnerable to brute-force attacks as computational power
increased.
3. Key Expansion: The 56-bit key undergoes a key expansion process to generate 16 round keys,
each 48 bits long. These round keys are used in the iterative encryption and decryption process.
4. Feistel Structure: DES uses a Feistel structure, a symmetric structure used in the construction of
block ciphers. In this structure, the plaintext block is divided into two halves, and each half
undergoes a series of iterations (16 rounds in the case of DES) with different subkeys derived
from the original key.
5. Substitution-Permutation Network: Within each round, DES uses a combination of substitution
and permutation operations. The plaintext half is expanded to 48 bits and then combined with
the round key using XOR (exclusive OR) operations. The result is then passed through S-boxes
(substitution boxes) for nonlinear substitution, followed by permutation using a fixed table
known as the P-box.
6. Cryptanalysis and Security: DES was widely used for several decades, but its 56-bit key length
became a significant limitation as computing power increased. In 1999, a brute-force attack
demonstrated that DES could be broken within a reasonable timeframe using modern hardware.
 As a result, DES was gradually phased out in favor of more secure encryption algorithms such as
the Advanced Encryption Standard (AES).

While DES is no longer considered secure for modern cryptographic purposes, it remains historically
significant and played a crucial role in the development of modern cryptography. It served as a
foundation for subsequent encryption algorithms and protocols, contributing to the advancement of
information security.

Differential and Linear Cryptanalysis

Differential and linear cryptanalysis are two fundamental techniques used in cryptanalysis to break
encryption algorithms, particularly block ciphers. Both techniques exploit certain statistical properties of
the encryption algorithm to recover the secret key or plaintext.

1. Differential Cryptanalysis:
• Differential cryptanalysis was first introduced by Biham and Shamir in the late 1980s. It's
a chosen plaintext attack where the attacker observes how differences in the plaintext
affect the differences in the ciphertext.
• The attacker collects pairs of plaintexts that differ by a certain input difference (known
as a differential), encrypts them, and observes the resulting ciphertext differences.
• By analyzing these differences statistically, the attacker can derive information about
the encryption algorithm and potentially recover the secret key.
• Differential cryptanalysis is particularly effective against block ciphers with a high degree
of diffusion, where small changes in the plaintext result in significant changes in the
ciphertext.
2. Linear Cryptanalysis:
• Linear cryptanalysis, developed by Matsui in the early 1990s, is another chosen plaintext
attack that exploits linear approximations between plaintext, ciphertext, and the key.
• Instead of focusing on differences as in differential cryptanalysis, linear cryptanalysis
exploits linear relationships between bits in the plaintext, ciphertext, and key.
• The attacker collects pairs of plaintext and ciphertext that satisfy certain linear
approximations with a known probability bias.
 • By analyzing these linear approximations statistically, the attacker can derive
information about the encryption algorithm and potentially recover the secret key.
• Linear cryptanalysis is particularly effective against block ciphers with linear
components, such as substitution-permutation networks (SPNs).

Both differential and linear cryptanalysis require access to a large number of plaintext-ciphertext pairs
and are therefore considered chosen plaintext attacks. These attacks can be mitigated by using
encryption algorithms with strong diffusion and confusion properties, such as the Advanced Encryption
Standard (AES). Additionally, increasing the key size and using secure key management practices can
further enhance resistance against these attacks.

Block Cipher Principles

Block ciphers are a fundamental component of modern cryptography, widely used for encrypting large
amounts of data securely. Here are the key principles of block ciphers:

1. Block Size: Block ciphers operate on fixed-size blocks of data. The block size defines the amount
of data processed in each encryption or decryption operation. Common block sizes include 64
bits (as in the Data Encryption Standard, DES) and 128 bits (as in the Advanced Encryption
Standard, AES).
2. Key Size: Block ciphers use a secret key to encrypt and decrypt data. The key size determines
the security level of the cipher. Longer key lengths typically offer stronger protection against
brute-force attacks. For example, AES supports key lengths of 128, 192, or 256 bits.
3. Substitution-Permutation Network (SPN): Many block ciphers, including AES, use the
substitution-permutation network (SPN) structure. This structure consists of multiple rounds of
substitution and permutation operations applied to the plaintext block using round keys derived
from the main key. Substitution operations typically involve replacing parts of the plaintext with
other values, while permutation operations rearrange the order of bits.
4. Feistel Structure: Another common structure used in block ciphers is the Feistel structure,
named after Horst Feistel who invented it. In the Feistel structure, the plaintext block is divided
into two halves, and each half undergoes multiple rounds of processing with different round
keys. The two halves are combined or swapped after each round. DES is a famous example of a
block cipher that uses the Feistel structure.
 5. Key Expansion: Before encryption or decryption, the original key undergoes a key expansion
process to generate round keys used in each round of the cipher. These round keys are derived
from the original key using key schedule algorithms.
6. Iterative Rounds: Block ciphers typically consist of multiple rounds of processing. Each round
applies a sequence of operations to the plaintext block using the round key. The number of
rounds determines the security and complexity of the cipher.
7. Confusion and Diffusion: Block ciphers aim to achieve both confusion and diffusion to ensure
the security of encrypted data. Confusion refers to making the relationship between the
plaintext and the ciphertext complex and nonlinear, while diffusion refers to spreading the
influence of each plaintext bit over many ciphertext bits.

By combining these principles, block ciphers provide a robust and efficient means of encrypting data,
ensuring its confidentiality and integrity. However, it's crucial to use secure key management practices
and regularly update encryption algorithms to withstand evolving security threats.

Advanced Encryption Standard

The Advanced Encryption Standard (AES) is a symmetric-key encryption algorithm widely used for
securing sensitive data. It was established by the National Institute of Standards and Technology (NIST)
in 2001 to replace the aging Data Encryption Standard (DES) due to its vulnerability to brute-force
attacks.

Here are the key aspects of the Advanced Encryption Standard (AES):

1. Block Cipher: AES is a block cipher, meaning it encrypts and decrypts data in fixed-size blocks.
The standard specifies three key sizes: 128 bits, 192 bits, and 256 bits, corresponding to AES-
128, AES-192, and AES-256, respectively. Each block size is 128 bits.
2. Substitution-Permutation Network (SPN): AES uses a substitution-permutation network (SPN)
structure, which consists of multiple rounds of substitution and permutation operations applied
to the plaintext block using round keys derived from the main encryption key. The SPN structure
provides confusion and diffusion properties, ensuring the security of the cipher.
3. Key Expansion: Before encryption or decryption, the original key undergoes a key expansion
process to generate a set of round keys. These round keys are derived from the original key
 using the key schedule algorithm, and each round key is used in the respective round of the
encryption or decryption process.
4. Iterative Rounds: AES operates through multiple rounds of processing, with the number of
rounds depending on the key size. AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-
256 uses 14 rounds. Each round consists of a sequence of operations including substitution,
permutation, and key mixing.
5. S-Box: The substitution step in AES involves the use of a substitution box (S-box), which is a fixed
table of bytes used to substitute each byte of the input block. The S-box provides non-linearity
and confusion in the encryption process.
6. Pseudo-Randomness: AES relies on the use of pseudo-random round keys generated from the
original key. The use of pseudo-randomness ensures that even small changes in the original key
result in drastically different round keys, enhancing the security of the cipher.

AES has become the de facto standard for symmetric-key encryption and is widely used in various
applications, including securing network communication, protecting sensitive data in storage, and
ensuring the confidentiality of information in transit. Its widespread adoption, strong security
properties, and efficiency make it one of the most trusted encryption algorithms in modern
cryptography.

AES Structure

The structure of the Advanced Encryption Standard (AES) in cryptography is based on a substitution-
permutation network (SPN), which is a type of block cipher structure. AES operates on fixed-size blocks
of data, with each block being 128 bits long. The AES algorithm consists of several key components and
processes, including:

1. Key Expansion: Before encryption or decryption, the original key undergoes a key expansion
process to generate a set of round keys. These round keys are derived from the original key
using the key schedule algorithm. The key expansion process generates a specific number of
round keys, depending on the key size: 10 round keys for AES-128, 12 round keys for AES-192,
and 14 round keys for AES-256.
2. Initial Round: The encryption process begins with an initial round where the plaintext block is
combined with the first round key using bitwise XOR (exclusive OR) operations.
 3. Main Rounds: After the initial round, AES performs multiple rounds of processing, each
consisting of several operations applied to the plaintext block using round keys. The number of
rounds depends on the key size: 10 rounds for AES-128, 12 rounds for AES-192, and 14 rounds
for AES-256.
4. SubBytes: In each round, the SubBytes operation is applied to the plaintext block. This
operation involves substituting each byte of the block with another byte from a fixed table
called the substitution box (S-box). The S-box provides non-linearity and confusion in the
encryption process.
5. ShiftRows: After SubBytes, the ShiftRows operation is applied to the state matrix representing
the block. This operation cyclically shifts the rows of the state matrix by different offsets,
providing diffusion in the encryption process.
6. MixColumns: In AES-128, AES-192, and AES-256, except for the last round, the MixColumns
operation is applied to the state matrix. This operation involves performing a matrix
multiplication on each column of the state matrix with a fixed matrix, providing further
diffusion.
7. AddRoundKey: In each round, the round key is combined with the state matrix using bitwise
XOR operations. This operation ensures that each round key contributes to the encryption
process.
8. Final Round: After the main rounds, the final round is performed, which consists of the
SubBytes, ShiftRows, and AddRoundKey operations but without the MixColumns operation.

By iteratively applying these operations in multiple rounds, AES achieves strong security properties,
including confusion and diffusion, ensuring the confidentiality and integrity of encrypted data. The
structure of AES provides a balance between security, efficiency, and simplicity, making it widely used in
various cryptographic applications.

AES Transformation Function

The AES (Advanced Encryption Standard) transformation function is the core operation used in the AES
encryption and decryption processes. It operates on a 128-bit block of data and is composed of several
steps, including SubBytes, ShiftRows, MixColumns, and AddRoundKey. These steps are performed
iteratively for multiple rounds, with the number of rounds depending on the key size (10 rounds for AES-
128, 12 rounds for AES-192, and 14 rounds for AES-256).
Here is a detailed explanation of each step in the AES transformation function:

1. SubBytes:
• In the SubBytes step, each byte of the input block is substituted with a corresponding
byte from a fixed substitution box (S-box).
• The S-box provides non-linearity and confusion in the encryption process, helping to
obscure the relationship between the input and output data.
• Each byte of the input block is replaced by the value in the S-box corresponding to the
byte's value.
2. ShiftRows:
• In the ShiftRows step, the bytes in each row of the input block are shifted cyclically to
the left by a varying number of positions.
• The first row remains unchanged, the second row is shifted one position to the left, the
third row is shifted two positions to the left, and the fourth row is shifted three
positions to the left.
• This step provides diffusion in the encryption process, ensuring that the effect of a
change in one byte of the input block propagates throughout the entire block.
3. MixColumns (except for the last round):
• In the MixColumns step, each column of the input block is transformed using a linear
transformation.
• This transformation involves multiplying each column by a fixed matrix over the finite
field, followed by modular arithmetic.
• The MixColumns step provides further diffusion in the encryption process and adds
confusion to the relationship between input and output data.
4. AddRoundKey:
• In the AddRoundKey step, the current state of the input block is combined with the
round key for the current round using bitwise XOR (exclusive OR) operations.
• Each byte of the input block is XORed with the corresponding byte of the round key.
• The round key is derived from the original encryption key using the key expansion
process.
These steps are repeated for each round of encryption (and decryption), with the specific number of
rounds determined by the key size. After the final round, the resulting block is the ciphertext (or
plaintext in the case of decryption). The AES transformation function provides strong security
properties, including confusion and diffusion, ensuring the confidentiality and integrity of encrypted
data.