Advanced Encryption Standard

• The more popular and widely adopted symmetric encryption algorithm

likely to be encountered nowadays is the Advanced Encryption
Standard (AES).
• It is found at least six time faster than triple DES.
• A replacement for DES was needed as its key size was too small.
• With increasing computing power, it was considered vulnerable
against exhaustive key search attack.
• Triple DES was designed to overcome this drawback but it was found
slow.
The features of AES are as follows −
• Symmetric key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger and faster than Triple-DES
• Provide full specification and design details
• Software implementable in C and Java
Operation of AES

• AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation

network’.
• It comprises of a series of linked operations, some of which involve replacing inputs
by specific outputs (substitutions) and others involve shuffling bits around
(permutations).
• Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES
treats the 128 bits of a plaintext block as 16 bytes.
• These 16 bytes are arranged in four columns and four rows for processing as a matrix.
• Unlike DES, the number of rounds in AES is variable and depends on the length of
the key.
• AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for
256-bit keys.
• Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.
AES structure
• Here, we restrict to description of a typical
round of AES encryption.
• Each round comprise of four sub-
processes.
 SubBytes
 ShiftRows
 MixColumns
 Add Round Key
• The last round doesn’t have the
MixColumns round.
• The SubBytes does the substitution and
ShiftRows and MixColumns performs the
permutation in the algorithm.
• The first round process is depicted below −
Byte Substitution (Sub Bytes)

• This step implements the substitution.

• In this step each byte is substituted by another byte. Its performed
using a lookup table also called the S-box.
• This substitution is done in a way that a byte is never substituted by
itself and also not substituted by another byte which is a compliment
of the current byte.
• The result of this step is a 16 byte (4 x 4 ) matrix like before.
• The next two steps implement the permutation.
 Shift Rows
This step is just as it sounds. Each row is shifted a particular number of times.
• The first row is not shifted
• The second row is shifted once to the left.
• The third row is shifted twice to the left.
• The fourth row is shifted thrice to the left.
• (A left circular shift is performed.)
Mix Columns
• Each column of four bytes is now transformed using a special
mathematical function.
• This function takes as input the four bytes of one column and outputs
four completely new bytes, which replace the original column.
• The result is another new matrix consisting of 16 new bytes.
• It should be noted that this step is not performed in the last round.
Add round key
• The 16 bytes of the matrix
are now considered as 128
bits and are XORed to the
128 bits of the round key.
• If this is the last round then
the output is the ciphertext.
• Otherwise, the resulting 128
bits are interpreted as 16
bytes and we begin another
similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the
encryption process in the reverse order. Each round consists of the four
processes conducted in the reverse order −
• Add round key
• Mix columns
• Shift rows
• Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a
Feistel Cipher, the encryption and decryption algorithms needs to be
separately implemented, although they are very closely related.
AES Analysis
• In present day cryptography, AES is widely adopted and supported in
both hardware and software.
• Till date, no practical cryptanalytic attacks against AES has been
discovered.
• Additionally, AES has built-in flexibility of key length, which allows a
degree of ‘future-proofing’ against progress in the ability to perform
exhaustive key searches.
• However, just as for DES, the AES security is assured only if it is
correctly implemented and good key management is employed