Advanced Encryption Standard (AES)

Introduction

The Advanced Encryption Standard (AES) is a symmetric key block cipher algorithm developed to secure

sensitive information. It was established by the National Institute of Standards and Technology (NIST) in

2001, replacing the older Data Encryption Standard (DES) due to its vulnerabilities. AES is widely used

across the world for securing data in applications like wireless communication, banking, and data storage.

Features of AES

- Symmetric key algorithm (Same key for encryption and decryption)

- Block cipher (Fixed-size data blocks)

- Block size: 128 bits

- Key sizes: 128, 192, or 256 bits

- Number of Rounds:

- 10 Rounds for 128-bit key

- 12 Rounds for 192-bit key

- 14 Rounds for 256-bit key

- Faster and more secure than DES

- Resistant to all known cryptanalysis attacks

AES Structure

1. AES Encryption Process

AES operates on a 4x4 matrix of bytes called the State. The input plaintext is converted into this state matrix

and processed through multiple rounds of transformations.

Main steps of AES encryption:

a) Initial Round:

- AddRoundKey -> XOR the state with the first round key.

b) Main Rounds (Repeated 9, 11, or 13 times):

 Advanced Encryption Standard (AES)

- SubBytes -> Byte substitution using S-Box (non-linear substitution).

- ShiftRows -> Shifting rows of the state matrix cyclically.

- MixColumns -> Mixing bytes of each column to provide diffusion.

- AddRoundKey -> XOR the state with the round key.

c) Final Round:

- SubBytes

- ShiftRows

- AddRoundKey (No MixColumns)

2. AES Decryption Process

Decryption is the reverse of encryption with the following steps:

- InvSubBytes

- InvShiftRows

- InvMixColumns

- AddRoundKey

AES Transformations in Detail

a) SubBytes Transformation

Each byte in the state matrix is replaced with its corresponding value from the S-Box.

Provides non-linearity and confusion.

b) ShiftRows Transformation

Rows of the state matrix are shifted left by 0, 1, 2, and 3 bytes respectively.

Provides inter-byte diffusion.

c) MixColumns Transformation

Each column of the state is transformed using a fixed polynomial.

 Advanced Encryption Standard (AES)

Provides diffusion across the column.

d) AddRoundKey Transformation

Each byte of the state is XORed with the corresponding byte of the round key.

AES Key Expansion

AES uses a key schedule to generate a series of round keys from the original cipher key.

Uses processes like RotWord, SubWord, and Rcon operations to expand the key.

Advantages of AES

- Strong Security with variable key lengths.

- Fast performance in both hardware and software.

- Resistant to brute force and cryptanalysis attacks.

- Widely adopted and standardized.

Applications of AES

- Secure communication (SSL/TLS)

- Wireless Security (WPA2, WPA3)

- VPNs

- Disk Encryption

- Banking and Finance Security

- Military and Government Communication

Conclusion

AES is a highly secure and efficient encryption standard that provides excellent confidentiality and integrity

for sensitive data. Its strength, flexibility, and resistance to known attacks have made it the most widely used

symmetric encryption technique in the modern world.

 DES Algorithm: Simplified Comprehensive Explanation

Background & History

DES (Data Encryption Standard) is a symmetric block cipher developed by IBM in the early 1970s.

NIST adopted it as a federal encryption standard in 1977.

It became the most widely used symmetric key cryptographic algorithm.

Conceptual Overview

DES encrypts 64-bit plaintext blocks into 64-bit ciphertext using a 56-bit key.

The plaintext is split into 64-bit blocks, each encrypted independently.

Figure 3.3.1 illustrates the conceptual flow, with all blocks using the same 56-bit key.

Step-by-Step Process

1. Initial Permutation (IP): Rearranges the 64-bit plaintext using a fixed permutation table. Output is divided

into two 32-bit halves: Left (LPT) and Right (RPT).

2. Key Discarding & Subkey Generation: A 64-bit key is reduced to 56 bits by dropping every 8th bit. Sixteen

48-bit round subkeys are generated.

3. Expansion Permutation: RPT is expanded to 48 bits and XORed with the round's 48-bit subkey.

4. S-box Substitution: The 48-bit result is divided into eight 6-bit parts. Each goes through an S-box to get a

4-bit output, forming a 32-bit result.

5. P-box Permutation: The 32-bit result is permuted to enhance diffusion.

6. XOR & Swapping: The permuted result is XORed with LPT. LPT and RPT are then swapped for the next

round.

7. 16 Rounds: Steps 3-6 repeat 16 times with different subkeys. LPT and RPT are recombined at the end.

8. Final Permutation: The combined block undergoes a final permutation (inverse of IP), producing the

ciphertext.

Conclusion

DES uses 16 rounds of substitution, permutation, and XOR operations to securely transform plaintext into

ciphertext, providing strong data encryption through key-based block processing.

1. Why are Digital Certificates and Digital Signatures Required?

Digital Certificates:

A digital certificate is an electronic document used to prove the ownership of a public key. It is

issued by a Certificate Authority (CA) and includes information such as:

- The public key

- The identity of the key owner (name, email, organization)

- The certificate's expiration date

- The CA's digital signature

Purpose of Digital Certificates:

1. Authentication: Digital certificates verify the identity of the certificate holder.

2. Secure Communication: By verifying the public key, digital certificates enable secure encrypted

communication.

3. Trust Establishment: Certificates are trusted because they are signed by trusted Certificate

Authorities (CAs).

Digital Signatures:

A digital signature is a cryptographic method used to verify the authenticity and integrity of a digital

message or document. It uses asymmetric key cryptography.

Why Digital Signatures are Needed:

1. Authentication: The sender's identity is verified.

2. Integrity: Ensures the message/document has not been altered.

3. Non-repudiation: The sender cannot deny having signed the message.

2. Role of Digital Signature in Digital Certificates

In a digital certificate, the Certificate Authority (CA) digitally signs the certificate using its private key.

This signature performs several functions:

1. Validates the Certificate's Authenticity:

- Verifies the CA's digital signature using its public key.

2. Ensures Integrity:

- Any change in certificate content causes signature verification to fail.

3. Establishes Trust:

- Confirms the public key belongs to the named entity.

3. Digital Signature Algorithm: RSA Digital Signature

RSA (Rivest-Shamir-Adleman) is a widely used digital signature algorithm.

Key Generation:

1. Choose two large prime numbers: p and q.

2. Compute n = p * q.

3. Calculate phi(n) = (p - 1)(q - 1).

4. Choose e such that 1 < e < phi(n) and gcd(e, phi(n)) = 1.

5. Compute d such that (d * e) mod phi(n) = 1.

Public key: (e, n)

Private key: (d, n)

Signing Process:
1. Hash the message using a hash function like SHA-256: H(m)

2. Encrypt the hash using the private key: Signature = (H(m))^d mod n

3. Send message with signature.

Verification Process:

1. Receiver computes hash H'(m).

2. Decrypt signature using public key: DecryptedHash = (Signature)^e mod n

3. Compare with H'(m): If match, signature is valid.

Example:

Message = "Hello", H(m) = 123

Private key (d, n) = (7, 33), Signature = 123^7 mod 33 = 12

Public key (e, n) = (3, 33), Verification: 12^3 mod 33 = 123

Conclusion:

Digital certificates and signatures are critical for secure communication. Certificates bind identities to

public keys, and signatures ensure authenticity and integrity. RSA is a classical and reliable digital

signature algorithm.