The Advanced

Encryption Standard
(AES) Encryption
Technique
By Dr. Dipanwita Sadhukhan
 HISTORY
• All cryptographic algorithms we have looked at so far have some problems.
• The earlier ciphers can easily be broken on modern computation systems.
• The DES algorithm was broken in 1998 using a system that costs about
$250,000.
• Triple DES turned out to be too slow for efficiency as the DES algorithm was
developed for mid-1970s hardware and does not produce efficient software code.
• On the other hand, Triple DES has three times as many rounds as DES and is
correspondingly slower.
• After all these investigations NIST finally chose an algorithm known as Rijndael.
• Rijndael was named after the two Belgian cryptographers who developed and submitted it - Dr. Joan
Daemen and Dr. Vincent Rijmen.
• On 26 November 2001, AES (which is a standardized version of Rijndael) became a FIPS standard
(FIPS 197).
AES CONTEST
• MARS: A block cipher developed by IBM Research.
• RC6: A block cipher created by RSA Security.
• Rijndael: Developed by Belgian cryptographers Joan Daemen and Vincent
Rijmen.
• Serpent: Created by Ross Anderson, Eli Biham, and Lars Knudsen.
• Twofish: Built by Counterpane Internet Security.
FEATURES OF AES
• Symmetric block cipher with a block length of 128 bits.
• The AES standard states that the algorithm can only accept a block size of 128 bits and a choice of three keys
- 128, 192, or 256 bits.
• Depending on which version is used, the name of the standard is modified to AES-128, AES-192, or AES-256
respectively.
• AES differs from DES in that it is not a Feistel structure.
• Recall that in a Feistel structure, half of the data block is used to modify the other half of the data block and
then the halves are swapped.
• In this case the entire data block is processed in parallel during each round using substitutions and
permutations.
• Some AES parameters depend on the key length. For example, if the key size used is 128 then the number of
rounds is 10 whereas it is 12 and 14 for 192 and 256 bits respectively.
• At present the most common key size likely to be used is the 128-bit key.
PARAMETERS OF AES
AES
STRUCTURE
AES STRUCTURE
• The input is a single 128-bit block both for decryption and
encryption and is known as the input matrix.
• This block is copied into a state array which is modified at each
stage of the algorithm and then copied to an output matrix.
• Both the plaintext and key are depicted as a 128-bit square matrix
(4x4)of bytes.
• This key is then expanded into an array of key schedule words (the
w matrix).
• Ordering of bytes within the in matrix is by column. The same
applies to the w matrix.
HIGH-LEVEL DESCRIPTION OF r-
ROUND AES
1. Given a plaintext X, initialize state to be X and perform an operation Add
round key, which XOR the round key with the state.

2. For each of the first r − 1 rounds, perform a substitution operation called

SubBytes on state using an S-box; perform a permutation ShiftRows on
state; perform an operation MixColumns on state; and perform
AddRoundKey.

3. Perform SubBytes; perform ShiftRows; and perform AddRoundKey.

4. Define the ciphertext Y to be state.

SubBytes
ShiftRows SubBytes
MixColumns ShiftRows
Add Round Key Add Round Key
HIGH-LEVEL DESCRIPTION OF r-
ROUND AES
• All operations in AES are byte-oriented operations, and all variables used are
considered to be formed from an appropriate number of bytes.
• The plaintext X consists of 16 bytes.
• state is represented as a four-by-four array of bytes. •
• We will often use hexadecimal notation to represent the contents of a byte.
Each byte therefore consists of two hexadecimal digits.
• Plain text (128-bit) converts into 4x4 matrix of bytes.
• Therefore, the first four bytes of a 128-bit input block occupy the first column in the 4x4 matrix
of bytes.
• The next four bytes occupy the second column, and so on.
• AES operates on a 4x4 column-major order matrix of bytes; called a state array.
DATA STRUCTURES IN THE AES
ALGORITHM
PLAIN TEXT TRANSFORM IN
MATRIX FORM
AES
Encryption
& Decryption
 AES TRANSFORMATION FUNCTION
SUBSTITUTE BYTES
• A table lookup using a 16 × 16 matrix of byte values called an s-box.
• This matrix consists of all the possible combinations of an 8-bit sequence (28
= 16 × 16 = 256)
• The s-box is not just a random permutation of these values and there is a
well-defined method for creating the s-box tables.
• The designers of ARS showed how this was done unlike the s-boxes in DES
for which no rationale was given.
• For this particular round each byte is mapped into a new byte in the
following way: the leftmost nibble of the byte is used to specify a particular
row of the s-box and the rightmost nibble specifies a column.
• The s-box must be invertible if decryption is to be possible (Is-box[s-box(a)]=
a)
SUBSTITUTE
BYTES
SUBSTITUTE BYTES
For example, the byte {95} (curly brackets
represent hex values) selects row 9 column 5
which turns out to contain the value {2A}.
AES TRANSFORMATION FUNCTION
SHIFT ROWS
• Simple permutation and nothing more. •
• It works as follows: –
• The first row of the state is not altered.
• The second row is shifted 1 bytes to the left in a circular manner.
• The third row is shifted 2 bytes to the left in a circular manner.
• The fourth row is shifted 3 bytes to the left in a circular manner.
SHIFT ROWS
 AES TRANSFORMATION FUNCTION
MIX COLUMNS
• A substitution but it makes use of the arithmetic of GF(28 ).
• Each column is operated on individually.
• Each byte of a column is mapped into a new value that is a function of all four bytes in the column.
• The transformation can be determined by the following matrix multiplication on state.
• Each element of the product matrix is the sum of products of elements of one row and one
column.
• In this case the individual additions and multiplications are performed in GF(28 ).
• The MixColumns transformation of a single column j (0 ≤ j ≤ 3) of state can be expressed as:

s ′ 0,j = (2 • s0,j) ⊕ (3 • s1,j) ⊕ s2,j ⊕ s3,j

s ′ 1,j = s0,j ⊕ (2 • s1,j) ⊕ (3 • s2,j) ⊕ s3,j

s ′ 2,j = s0,j ⊕ s1,j ⊕ (2 • s2,j) ⊕ (3 • s3,j)

s ′ 3,j = (3 • s0,j) ⊕ s1,j ⊕ s2,j ⊕ (2 • s3,j)

MIX COLUMNS
ROUND KEY TRANSFORMATION
• The 128 bits of state are bitwise XORed with the 128 bits of the round key.
• The operation is viewed as a column-wise operation between the 4 bytes of a
state column and one word of the round key.
• This transformation is as simple as possible which helps in efficiency but it also
affects every bit of the state.
INPUTS FOR AES ENCRYPTION
AES KEY EXPANSION
ROUND CONSTANT
AES ENCRYPTION ROUND
AES IMPLEMENTATION
• To encrypt data on hard drives
• To encrypt electronic communications, such as through messaging apps
• As part of the programming libraries of Java, Python, and C++
• In file compression programs
• In internet browsers
• To encrypt U.S. government agency data
AES Strength
• There are three lengths of AES encryption keys. Each key length has a
different number of possible key combinations:
• 128-bit key length: 3.4 x 1038
• 192-bit key length: 6.2 x 1057
• 256-bit key length: 1.1 x 1077
• This allows for easy implementation, as well as really fast
encryption and decryption times.
for each byte S[i][j] in state matrix S:
// Split the byte into two parts: high nibble (left 4 bits) and low nibble (right 4
bits)
high_nibble = (S[i][j] >> 4) & 0x0F
low_nibble = S[i][j] & 0x0F

// Replace each byte using the AES S-box

S'[i][j] = AES_Sbox[high_nibble][low_nibble]
S'[0][c] = S[0][c] // No shift for the first row

S'[1][c] = S[1][(c + 1) % 4] // Shift left by 1

position for the second row

S'[2][c] = S[2][(c + 2) % 4] // Shift left by 2

positions for the third row

S'[3][c] = S[3][(c + 3) % 4] // Shift left by 3

positions for the fourth row
• for each column i from 0 to 3:
• // Extract the four bytes (elements) of the column
• a0 = S[0][i]
• a1 = S[1][i]
• a2 = S[2][i]
• a3 = S[3][i]

• // Perform matrix multiplication with the fixed MixColumns matrix

• S'[0][i] = (2 * a0) ^ (3 * a1) ^ a2 ^ a3
• S'[1][i] = a0 ^ (2 * a1) ^ (3 * a2) ^ a3
• S'[2][i] = a0 ^ a1 ^ (2 * a2) ^ (3 * a3)
• S'[3][i] = (3 * a0) ^ a1 ^ a2 ^ (2 * a3)
• for each byte S[i][j] in state matrix S:
• S'[i][j] = S[i][j] ^ RoundKey[i][j]