AES

Dr. Renu Mary Daniel

Assistant Professor
Department of Cyber-Security
IIIT Kottayam
Motivation
128 128
bits bits
X AES

128/192
K /256
bits

• All internal operations on AES are based on finite fields.

• The number of rounds depend on the key length.
 Groups
• A group , sometimes denoted by , is a set of elements with a binary operation
denoted by (*) that associates to each ordered pair (a, b) of elements inan element in
G, such that the following axioms are obeyed:
• Closure:
• For any two elements , .
• Associativity:
• For any , the operation .
• Identity Element:
• There exists an element in G such that for any I ∈G, such that
• Inverse Element:
• For every G,
∈ there exists an element ∈G such that.
• Additionally, if the group also satisfies commutative property, it is an abelian group.
 Group

• An abelian group is a set 𝐺 combined with an operation (say, (G,+)) that satisfies four conditions:
• The set of integers Z = {….,-2,-1,0,1,2,….} forms a group under addition.

• Closure:
• For any two elements , their sum .
• Associativity:
• For any , the operation .
• Commutative:
• For any , the operation .
• Identity Element:
• There exists an element in 𝑍 such that for any 𝑎∈𝑍, adding this element leaves 𝑎 unchanged.
• In this case, the identity element is 0, because .
• Inverse Element:
• For every 𝑎∈𝑍, there exists an element 𝑏∈𝑍 such that .
• The inverse of 𝑎 under addition is −𝑎.
 Ring
• A ring , sometimes denoted by , is a set of elements with two binary
operations, called addition and multiplication, such that for all ,in the the
following axioms are obeyed.
1. R is an abelian group under addition.
• For the case of an additive group, we denote the identity element as 0 and the inverse of a as –
a.
2. Closure under multiplication: If and belong to , then
3. Associativity of multiplication:
• for all .
4. Distributive laws:
• for all .
• for all .
5. Not necessary to have multiplicative inverse.
 Ring Example
• A 2x3 matrix is an abelian group under addition but not a ring.
• You cannot multiply two 2 x 3 matrices.
• Set of all integers, real numbers and complex numbers forms rings.
 Commutative Ring
• A ring is said to be commutative if it satisfies the following additional
condition for all .
• Let S be the set of even integers (positive, negative, and 0) under the usual operations
of addition and multiplication.
• S is a commutative ring.
• The set of integers , together with the arithmetic operations , is a commutative ring.
• Integral Domain:
• A commutative ring with:
• Multiplicative Identity: for all
• No Zero divisors: implies a=0 or b=0.
• Let S be the set of integers (positive, negative, and 0), under the usual operations of
addition and multiplication.
• S is an integral domain.
 Examples
• Set of Integers (𝑍):
• The set of integers 𝑍 under the usual operations of addition and

• Addition: 𝑍 is closed under addition, and it has an additive identity (0) and
multiplication forms a commutative ring.

additive inverses (for any integer 𝑎, −𝑎 is also an integer).

• Multiplication: 𝑍 is closed under multiplication and has a multiplicative

• It also satisfies the commutative property of multiplication (i.e., 𝑎𝑏=𝑏𝑎).

identity (1).

• Thus, 𝑍 forms a commutative ring but not a field (since most integers don’t
have multiplicative inverses).
 Fields
• A filed , sometimes denoted by , is a set of elements with two binary
operations, called addition and multiplication, such that for all ,in the
the following axioms are obeyed.
• is an integral domain.
• For each in, except 0 there is an element in F such that
• In essence, a field is a set in which we can do addition, subtraction,
multiplication, and division without leaving the set.
• Division is defined with the following rule:
Summary

• The abelian group laws for

both addition and
multiplication are satisfied
in Finite fields
• In crypto we work with
finite fields.
 Galois Field
• For a prime number , the finite field of order is generally written is an
integer.
• For , we have .
• Finite Fields of Order p:
• For a given prime, , we define the finite field of order , , as the set of integers
together with the arithmetic operations modulo .
• E.g.:- .
• Extension Field :
AES Field!!

• There is no FF of 12 elements, since 12=

 Types of Finite Fields
𝒎
𝑮𝑭 (𝑷 )
m=1 m>1

𝒎
𝑮𝑭 (𝑷) 𝑮𝑭 (𝑷 )
Prime Field Extension Field

Elements in the field are {0,…,} In crypto, we are particularly interested in

Elements in the field are polynomials of the

form , where the coefficients are each in
subfield
Thus
 Prime Fields Arithmetic
• The elements of a prime field are
• Fields - Addition, Subtraction, multiplication and division
• Let , then

• Inversion is also satisfied:

• For , such that
• Extended Euclidean Algorithm
• Note that all conditions of fields are satisfied with these computations.
 Extension Field Arithmetic 0 0 0
0 0 1
0 1 0
• Element Representation:
0 1 1
• The elements of are polynomials: 1 0 0
1 0 1
1 1 0
1 1 1
• E.g.:-
 Extension Field Arithmetic
Computations
• Addition, Subtraction, Multiplication, Division in .
• Let
• The sum of the two elements is then computed according to:

• And the difference is computed as:

• Ex:
• ,B
• Addition:
• Subtraction: (mod 2)
• Note addition modulo 2 is same as subtraction modulo 2.
 Extension Field Arithmetic
Computations
• Multiplication in .
• First do regular polynomial multiplication:
• Ex:
• ,B
• Answer:
• Not in field!!!
• Reduce modulo an irreducible polynomial in to get .
• Irreducible polynomials cannot be factored.

A root of a polynomial 𝑓(𝑥) over a finite field is a value such that 𝑓(𝑟)=0.
• In other words, they have no roots over .
•
 Irreducible Polynomial
• For example, to construct the finite field GF(), we need to choose an irreducible
polynomial of degree 3.
• There are only two such polynomials:
• 1 and 1 .
• For example, let's take the polynomial 1.
• We need to check if either 𝑥=0 or 𝑥=1 is a root, i.e., whether 𝑓(0)=0 or 𝑓(1)=0.
• For 𝑥=0:𝑓(0)=03+0+1=1(not a root because 𝑓(0)≠0)
• For 𝑥=1:𝑓(1)=13+1+1=1+1+1=1(not a root because 𝑓(1)≠0)
• Extension Field Multiplication:
• Let and let
• be an irreducible polynomial.
• The multiplication of the two elements is then computed according to:
 Extension Field Multiplication
• (mod 1 ) = x+1
) Addition and multiplication
over mod 2 will give you the
(mod 2) same result*.
1)
(This is in GF(8))
• There are multiple irreducible polynomials in GF(8), each one results in a
different C(x).
• So, for a give finite field, we must be given the irreducible polynomial.
• The AES irreducible polynomial (part of the AES standard)
•
 Inversion in
• The inverse of an element must satisfy:
•
• Extended Euclidean Algorithm
 Introduction to AES
• The need for a new block cipher announced by NIST in January, 1997
• 15 candidates algorithms accepted in August, 1998
• 5 finalists announced in August, 1999:
• Mars – IBM Corporation
• RC6 – RSA Laboratories
• Rijndael – Joan Daemen & Vincent Rijmen
28
• Serpent – Eli Biham et al. 33
• Twofish – B. Schneier et al. Belgium

• In October 2000, Rijndael was chosen as the AES

• AES was formally approved as a US federal standard in November 2001
 AES
• Symmetric Block Cipher.
• Block Size – 128 bits
• Key size maybe 128/192/256
• Since the block size is 128 bits, the round key size in AES is always 128 bits, regardless of
the key size (128, 192, or 256 bits).
• No: of rounds:
• 128-bit key – 10 rounds
• 192-bit key – 12 rounds
• 256-bit key – 14 rounds
• AES is by now the most important symmetric algorithm in the world.
• NSA allows AES for classified data upto TOP SECRET with 192/ 256 bit keys.
• Not a Feistel cipher.
 M M M
(128 bits) (128 bits) (128 bits)

Add Round Key Key – 128 bits Same as

initial key
Sub Key 0 (128 bits)
128 bits Derived from
Round 1 Sub Key 1 (128 bits)
Derived from
Round 2 Sub Key 2 (128 bits) Key
expansion
Derived from
Round 3 Sub Key 3 (128 bits)
…..

…..
Derived from
Round 10 Sub Key 10 (128 bits)

Ciphertext (128
bits)
AES-128 Structure
 Key Expansion in AES
• Key in Text – ‘commandosecret12’

Key: 01100011 01101111 01101101 01101101 01100001 01101110 01100100 01101111 01110011 01100101
01100011 01110010 01100101 01110100 00110001 00110010

Key Hex: 636F6D6D616E646F7365637265743132

 Key Expansion in AES
• Convert the key into a 4x4 matrix
• Key in Hex : 63 6F 6D 6D 61 6E 64 6F 73 65 63 72 65 74 31 32
𝒃𝟎 𝒃𝟏 𝒃𝟐 𝒃𝟑 𝒃 𝟏𝟓
𝒘 𝟎𝒘 𝟏𝒘 𝟐𝒘 𝟑

1 word = 4 bytes
Key Expansion in AES

Subkey 0 Subkey 1
………
…
 Key Expansion in AES

g
63 61 73 65
6F 6E 65 74
⨁ ⨁ ⨁ ⨁
6D 64 63 31
6D 6F 72 32
 What is function g?

𝑤 4=𝑤 0 ⨁𝑔(𝑤3 )
• Perform a cyclic left shift by one byte on to get
the Rotword.
• This means that an input word is transformed
into
• 74 31 32 65
 What is function g?

𝑤 4=𝑤 0 ⨁𝑔(𝑤3 )
Rotwor Subwor
d d
74 92
31 C7
32 23
65 4D
 What is function g?
• The result of subword is XORed with the round constant, Rcon[j].
Rotwor Subwor
d (X1) d (Y1) ⨁
74 92
31 C7 𝑔 (𝑤3 )
32 23
65 4D Y1 10010010 11000111 00100011 01001101
R1 00000001 00000000 00000000 00000000

10010011 11000111 00100011 01001101

93 C7 23 4D
 Key Expansion in AES

g
63 61 73 65
6F 6E 65 74
⨁ ⨁ ⨁ ⨁
6D 64 63 31
6D 6F 72 32
93
C7
23
4D
 M M M
(128 bits) (128 bits) (128 bits)

Add Round Key Key – 128 bits Same as

initial key
Sub Key 0
128 bits Derived from
Round 1 Sub Key1
Derived from
Round 2 Sub Key2 Key
expansion
Derived from
Round 3 Sub Key3
…..

…..
Derived from
Round 10 Sub Key10

Ciphertext (128
bits)
AES-128 Structure
Internal Structure of AES
 Initial Add Round Key Operation
M secretmessagenow
(128 bits)

73 65 63 72 65 74 6d 65 73 73 61 67 65 6e 6f 77 (16 bytes = 128 bits)

10 04 00 00
73 65 73 65 63 61 73 65
0A 1A 16 1A
65
63
74
6d
73
61
6e
6f
⨁ 6F
6D
6E
64
65
63
74
31
0E 09 02 5E
1F 0A 15 45
72 65 67 77 6D 6F 72 32
Result is also a 4x4 state array
roundkey0
Input state array (4x4 matrix)
Each element in the matrix is a byte

73 01110011
63 01100011
00010000 = 10
Rounds
 Rounds in AES
• Consist of four steps:
• Substitute bytes
• Shift Rows
• Mix Columns
• Add Round Key
• Substitute Bytes – Confusion (S box)
• ShiftRow and MixColumns – Diffusion
• At the beginning of AES and at the very
end, the subkey is added– This is key
whitening
 Byte Substitution
• Does a simple replacement of each
byte of the block data using an S-box.
• Left four bits determine the row, right
four bits determine the column.
10 04 00 00
0A 1A 16 1A
0E 09 02 5E
1F 0A 15 45

CA F2 63 63
67 A2 47 A2
AB 01 77 58
C0 2B 59 6E

This state array is the input to the next step shift rows
 Shift Rows

• Simply byte shifts the rows.

• The first row of State is not altered.
• For the second row, a 1-byte circular left shift is performed.
• For the third row, a 2-byte circular left shift is performed.
• For the fourth row, a 3-byte circular left shift is performed
CA F2 63 63 CA F2 63 63
67 A2 47 A2 A2 47 A2 67
AB 01 77 58 77 58 AB 01
C0 2B 59 6E 6E C0 2B 59

This state array is the input to the next step mix columns
 Mix Columns
• MixColumns, operates on each column
individually.
• Each byte of a column is mapped into a
new value that is a function of all four
bytes in that column.
 Mix Columns
r1 r2 r3 r4
= r5 r6 r7 r8
*
r9 r10 r11 r12
r13 r14 r15 r16

Example from text book:

All operations here are performed as polynomials in GF(), multiplication and addition in FF arithmetic.
If the result is outside the field, we use the irreducible polynomial.
 Mix Columns: How to compute r i
• (02*87)+(03*6E)+(46*01)+(A6*01) =
• 02= 0000 0010, 87 =1000 0111, 03 = 0000 0011, 6E = 0110 1110, 46=0100 0110, 01=0000
0001, A6 = 1010 0110, 01=0000 0001
• Representing as polynomials in GF(256)
• 02*87 =
• 03*6E =
• 46*01 =
• A6 =
• Adding it all up :
• (Not in GF(256))
• Do modulo irreducible polynomial
• (mod P(x)) =
 Add Round Key
• XOR the resultant state array (4x4 matrix) from the mix columns step
with the round key (4 x 4 matrix).
• The resultant state array (4x4 matrix) will be the input to the next
round.
r1 r2 r3 r4
r5 r6 r7 r8 Sub Key1
r9 r10 r11 r12
r13 r14 r15 r16

Input state array for round 2

 Decryption
• In decryption we do the
reverse operations.
• Round keys are applied in
the reverse order.
• Each decryption round
reverses the effect of the
corresponding encryption
round function.
• Each output will be a state
array (4 x 4 matrix)
 Decryption Rounds
• Inverse shift rows
• substitute bytes
• Inverse mix columns (not there in round 10)
• Add round key
• 4x4 ciphertext state array x4 round-key state key
 Inverse Substitute Bytes
• We use the AES inverse S-Box.
• The inverse S-Box was constructed using GF() Finite Field arithmetic.

67  85 85  67
 Inverse Shift Rows
• Rows are shifted right in decryption.
• First row is unchanged.
• Second row – one circular right shift.
• Third row – Two circular right shifts.
• Fourth row – Three circular right shifts.
 Inverse Mix Columns
Encryption - Mix columns step:

*
 Inverse Mix Columns

• For the first row you should be getting:

•
•
•
•
• Adding it all up you will get, 01
 Application of AES

more… more....

VPN
more…
 Amazon Web Services (AWS)
• In AWS, AES encryption is used to secure data in various services, like when storing data in
Amazon S3 (cloud storage) or encrypting databases.
• Amazon Web Services (AWS) is a cloud platform that offers a variety of services to help
businesses and individuals run applications, store data, and manage IT infrastructure
without owning physical hardware.
• Instead of buying and maintaining servers, AWS allows users to rent computing power, storage,
databases, and other tools.
• Hosting websites or applications:
• Instead of setting up your own servers, you can run your website or app on AWS.
• Storing data:
• AWS provides scalable storage options for files, backups, or big data.
• Processing power:
• AWS offers computing resources to run applications, do complex calculations, or train machine learning models.
• Security and networking:
• AWS provides services to secure applications and manage networks efficiently.