DEBRE MARKOS UNIVERSITY

BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Computer Security
By:
Amare W.

1
 2

Chapter 3: continued

Advanced Encryption Standards (AES)

♥ The crucial problem with DES is that the key length of 56 bits
is susceptible to an exhaustive key search.
♥ Special-purpose DES crackers have been built that can recover
DES keys in a matter of hours, and distributed attacks using
volunteer computers on the Internet have succeeded in finding
DES keys.
♥ The Advanced Encryption Standard (AES) was published by
the National Institute of Standards and Technology (NIST) in
2001.
 3 01/27/2025

♥ Originally called Rijndael (pronounced as “rain doll”), the cipher

was developed by two Belgian cryptographers, Dr. Joan Daemen
and Dr. Vincent Rijmen.
♥ Similarly to DES, AES encrypts plaintext in a series of rounds,
involves the use of a key and block sizes, and leverages
substitution and permutation boxes. It differs from DES in the
following respects:
 It supports 128-bit block sizes.
 The key schedule is based on the S-box.
 It is not based on a Feistel cipher. 3/2/2018

 It is extremely complex
 4 01/27/2025

♥ It is currently one of the most popular of encryption standards

and, for people involved in any security work.
♥ AES is a symmetric block cipher that is intended to
supersede/replace DES.
♥ Since AES algorithm is not a Feistel cipher, in order to decrypt,
the AES operations must be invertible.
♥ Also unlike DES, the AES algorithm has a highly mathematical
structure.
3/2/2018
 5 01/27/2025

Overview of the Algorithm

♥ AES encrypts and decrypts a data block size of 128 bits. Key
lengths can be 128 bits, 192 bits, or 256 bits;
♥ The algorithm is referred to as AES-128, AES-192, or AES-
256, depending on the key length.
♥ AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-
256 uses 14 rounds.
♥ However, the round key, which are generated by the key
expansion algorithm are always 128 bits, the same size as
3/2/2018

plaintext or cipher text blocks.

 6 01/27/2025

♥ The input to encryption and decryption algorithms is 128-bit block.

♥ This block is depicted as a square matrix of bytes. This block is
copied into the State array, which is modified at each stage of
encryption or decryption.
♥ After the final stage, State is copied to an output matrix. These
operations are shown in AES’s data structure figure (a).
♥ Similarly, the key is depicted as a square matrix of bytes. This key is
then expanded into an array of key schedule words. Figure (b) shows
the expansion for the 128-bit key. Each word is four bytes, and the
3/2/2018
total key schedule is 44 words for the 128-bit key.
 7 01/27/2025

♥ Note that the ordering of bytes within a matrix is by column. So, for
example, the first four bytes of a 128-bit plaintext input to the
encryption cipher occupy the first column of the in matrix, the second
four bytes occupy the second column, and so on.
♥ Similarly, the first four bytes of the expanded key, which form a
word, occupy the first column of the w matrix.
♥ The cipher consists of rounds, where the number of rounds depends
on the key length:
 10 rounds for a 16-byte key,
 12 rounds for a 24-byte key, and 3/2/2018

 14 rounds for a 32-byte key.

 8 01/27/2025

♥ The first n-1 rounds consist of four distinct transformation functions:

SubBytes, ShiftRows, MixColumns, and AddRoundKey, which are described
subsequently.
♥ The final round, nth round, contains only three transformations, and there is a
initial single transformation (AddRoundKey) before the first round, which can
be considered Round 0.
♥ Each transformation takes one or more 4x4 matrices as input and produces a
4x4 matrix as output.
♥ Also, the key expansion function generates N+1 round keys, each of which is
a distinct 4x4 matrix. Each round key serve as one of the inputs to the
3/2/2018

AddRoundKey transformation in each round.

 9 01/27/2025
A
E
S

E
n
F c
i r
g y
u p
r t
e i
o
n

P
r
o
c
3/2/2018
e
s
s
 10 01/27/2025

Figure: AES Data structure

3/2/2018

Table: AES Parameters

 11 01/27/2025

♥ The number of round keys generated by the key expansion

algorithm is always one more than the number of rounds.
Thus,
Number of round keys= Nr + 1
• We refer to the round keys as N1, N2, …, Nr.
Data Units in AES
• AES uses 5 units of measurements to refer to data:

i. Bits: Bit is a binary digit having a value of 0 or 1.

ii. Bytes: The basic unit for processing in AES algorithm is a
byte, a sequence of 8 bits treated as a single entity, a row matrix
3/2/2018
(1×8) or a column matrix (8×1) of 8 bits.
 12 01/27/2025

♥ The input, output & Cipher Key bit sequences are

processed as arrays of bytes.
♥ For an input, output or Cipher Key denoted by a, the
bytes in the resulting array will be referenced using
one of the two forms, an or a[n], where n will be in one
of the following ranges:
Key length = 128 bits, 0 ≤ n < 16
Key length = 192 bits, 0 ≤ n < 24; 3/2/2018

Key length = 256 bits, 0 ≤ n < 32.

 13 01/27/2025

♥ All byte values in the AES algorithm will be presented as the

concatenation of its individual bit values (0 or 1) between braces in
the order {b7, b6, b5, b4, b3, b2, b1, b0}.

♥ These bytes are interpreted as finite field elements using a

polynomial representation:
b7 x7 + b6 x6 + b5 x5 + b4 x4 + b3x3 + b2 x2 + b1x1 + b0

♥ For example, {01100011} identifies the specific finite field element

x6 + x5 + x +1.
♥ Byte values can also be represented using hexadecimal notation
3/2/2018

with each of two groups of four bits being denoted by a single

 14 01/27/2025

Bit pattern Character

0000 0 0100 41000 81100 c
0001 1 0101 51001 91101 d
0010 2 0110 61010 a 1110 e
0011 3 0111 71011 b1111 f
Hence the element {0110 0011} can be represented as {63}.

Arrays of Bytes: Arrays of bytes will be represented in the following form: a0 a1 a2

...a15. The bytes and the bit ordering within bytes are derived from the 128-bit input
sequence:
input0 input1 input2 … input126 input127
as follows: a0 = {input0, input1, …, input7};
a1 = {input8, input9, …, input15};
3/2/2018
…
a15 = {input120, input121, …, input127}.
 15 01/27/2025

iii. Words:
♥ A word is a group of 32 bits that can be treated as a single entity, a row matrix of 4
bytes, or a column matrix of 4 bytes.
iv. Blocks:
♥ AES encrypts and decrypts data blocks. A block in AES is a group of 128 bits.
However, a block can be represented as a row matrix of 16 bytes.
v. States:
♥ AES uses the term data block at the beginning and end of the cipher; before and after
each stage, the data block is referred to as state.
♥ AES algorithm’s operations are performed on a two-dimensional array of bytes called
the State.
3/2/2018
♥ The State consists of four rows of bytes, each containing Nb bytes, where Nb is the
block length divided by 32.
 16 01/27/2025

The State as an Array of Bytes

♥ In the State array denoted by the symbol s, each individual byte has two indices, with
its row number r in the range 0 ≤ r < 4 and its column number c in the range 0 ≤ c <
Nb.

♥ This allows an individual byte of the State to be referred to as either sr,c or s[r,c]. For

this standard, Nb=4, i.e., 0 ≤ c < 4.

♥ At the start of the Cipher and Inverse Cipher, the input, the array of bytes in0, in1, …

in15, is copied into the State array as illustrated in the following:

input bytes State array output bytes
in0 in4 in8 in12 s0,0 s0,1 s0,2 s0,3 out0 out4 out8 out12
in1 in5 in9 in13 -> s1,0 s1,1 s1,2 s1,3 -> out1 out5 out9 out13
in2 in6 in10 in14 s2,0 s2,1 s2,2 s2,3 out2 out6 out10 out14
in3 in7 in11 in15 s3,0 s3,1 s3,2 s3,3 out3 out7 out11 out15 3/2/2018
 17 01/27/2025

♥ Hence, at the beginning of the Cipher or Inverse Cipher, the

input array, in, is copied to the State array according to the
scheme:
s[r, c] = in[r + 4c] for 0 ≤ r < 4 and 0 ≤ c < Nb,

and at the end of the Cipher and Inverse Cipher, the State is
copied to the output array out as follows:

out[r + 4c] = s[r, c] for 0 ≤ r < 4 and 0 ≤ c < Nb.

♥ On encryption, the first 4 bytes of plaintext are copied to the

3/2/2018

first column of State, & so on.

 18 01/27/2025

♥ The four bytes in each column of the State array form 32-bit
words, where the row number r provides an index for the four
bytes within each word.
♥ The state can hence be interpreted as a one-dimensional array of
32 bit words (columns), w0,...,w3, where the column number c
provides an index into this array.
♥ Hence, for the following example, the State can be considered as
an array of four words, as follows:
w0 = s0,0 s1,0 s2,0 s3,0 w2 = s0,2 s1,2 s2,2 s3,2 3/2/2018

w1 = s0,1 s1,1 s2,1 s3,1 w3 = s0,3 s1,3 s2,3 s3,3

 19 01/27/2025

….cont’d
 Algorithm Specification
♥ For the AES algorithm, the length of the input block, the output
block and the State is 128 bits.

♥ This is represented by Nb = 4, which reflects the number of 32-bit

words (number of columns) in the State. For the AES algorithm,
the length of the Cipher Key, K, is 128, 192, or 256 bits.

♥ The key length is represented by Nk = 4, 6, or 8, which reflects

the number of 32-bit words (number of columns) in the Cipher
Key. 3/2/2018
 20 01/27/2025

♥ For the AES algorithm, the number of rounds to be performed

during the execution of the algorithm is dependent on the key size.
The number of rounds is represented by Nr, where
Nr = 10 when Nk = 4,
Nr = 12 when Nk = 6, and
Nr = 14 when Nk = 8.

♥ The only Key-Block-Round combinations that conform to this

standard are given in the following:

Key Length (Nk words) Block Size (Nb words) Number of Rounds (Nr)
AES-128 4 4 10 3/2/2018
AES-192 6 4 12
 21 01/27/2025

Detailed Structure of AES

♥ The following figure shows the AES cipher in more detail,

indicating the sequence of transformations in each round and
showing the corresponding decryption function.
♥ The encryption proceeds down the page and decryption
proceeding up the page. Before delving into details, we can make
several comments about the overall AES structure:

1) One remarkable feature of this structure is that it is not a Feistel

structure. In Feistel structure, half of the data block is used to
modify the other half of the data block and then the halves
3/2/2018 are

swapped.
 22 01/27/2025

♥ AES instead processes the entire data block as a single matrix

during each round using substitutions and permutation.
♥ 2) The key that is provided as input is expanded into an array
of forty-four 32-bit words, w[i].
♥ Four distinct words (128 bits) serve as a round key for each
round; these are indicated in the following figure too.

3/2/2018
 23 01/27/2025

3) Four different stages are used, one of permutation and three of

substitution:
 Substitute bytes: Uses an S-box to perform a byte-by-byte substitution
of the block
 Shift Rows: A simple permutation that is performed by row by
row
 Mix Columns: A substitution that alters each byte in a column
as a function of all of the bytes in the column.
 Add Round Key: A bitwise XOR of the current block with a portion of
expanded key

3/2/2018
 24 01/27/2025

A
A
E
E
S
S

E
D
N
E
C
C
R
R
Y
Y
P
P
T
T
I
I
O
O
N
N
3/2/2018
 25 01/27/2025

4) The structure is quite simple. For both encryption and decryption,

the cipher begins with an Add Round Key stage, followed by nine
rounds that each includes all four stages, followed by a tenth round of
three stages.

5) Only the Add Round Key stage makes use of the key. For this
reason, the cipher begins and ends with an Add Round Key stage.

6) The Add Round Key stage by itself would not be formidable. The
other three stages together provide confusion, diffusion, and
nonlinearity, but by themselves would provide no security because
3/2/2018

they do not use the key.

 26 01/27/2025

We can view the cipher as alternating operations of XOR

encryption (Add Round Key) of a block, followed by scrambling of
the block (the other three stages), followed by XOR encryption, and
so on. This scheme is both efficient and highly secure.

7) Each stage is easily reversible. For the Substitute Byte, Shift

Rows, and Mix Columns stages, an inverse function is used in the
decryption algorithm.

For the Add Round Key stage, the inverse is achieved by XORing
the same round key to the block, using the result that A ⊕ B3/2/2018
⊕B = A.
 27 01/27/2025

3/2/2018

Figure: AES Encryption round

 28 01/27/2025

8) As with most block ciphers, the decryption algorithm makes

use of the expanded key in reverse order.
However, the decryption algorithm is not identical to the
encryption algorithm. This is a consequence of the particular
structure of AES.
9) Once it is established that all four stages are reversible, it is
easy to verify that decryption does recover the plaintext.
As shown in figure which indicates encryption and decryption of
AES, the encryption and decryption going in opposite vertical
directions. At each horizontal point (e.g., the dashed line in the
figure), State is the same for both encryption and decryption.
10) The final round of both encryption and decryption consists
3/2/2018
of
only three stages.
 29 01/27/2025

AES TRANSFORMATION FUNCTIONS

♥ For both its Cipher and Inverse Cipher, the AES algorithm uses a
round function that is composed of four different byte-oriented
transformations:
1) byte substitution using a substitution table (S-box),
2) shifting rows of the State array by different offsets,
3) mixing the data within each column of the State array, and
4) adding a Round Key to the State.

3/2/2018
 30 01/27/2025

PUBLIC KEY CRYPTOSYSTEM

♥ Public-key cryptography, also known as asymmetric

cryptography, is a class of cryptographic algorithms which
requires two separate keys, one of which is secret (private) and
one of which is public.
♥ Public-key cryptography is often used to secure electronic
communication over an open networked environment such as the
internet.
♥ Open networked environments are susceptible to a variety of
communication security problems such as man-in-the-middle
3/2/2018

attacks and other security threats.

 31 01/27/2025

♥ Sending a secure communication means that the communication being

sent must not be readable during transit (preserving confidentiality),
♥ the communication must not be modified during transit (preserving
the integrity of the communication) and to enforce non-repudiation or
non-denial of the sending of the communication.
♥ The distinguishing technique used in public-key cryptography is the
use of asymmetric key algorithms, where the key used to encrypt a
message is not the same as the key used to decrypt it.
♥ Each user has a pair of cryptographic keys – a public encryption key
3/2/2018
and a private decryption key.
 32

Thank you