AES - Advanced

Encryption Standard
The Advanced Encryption Standard (AES) is a symmetric-
key block cipher published by the National Institute of
Standards and Technology (NIST) in December 2001.
History
In 1997, NIST started looking for a replacement for DES,
which would be called the Advanced Encryption Standard
or AES. The NIST specifications required a block size of
128 bits and three different key sizes of 128, 192, and
256 bits. The specifications also required that AES be an
open algorithm, available to the public worldwide.
Criteria
The criteria defined by NIST for selecting AES fall into three areas:
• security, - The main emphasis was on security. Because NIST
explicitly demanded a 128-bit key, this criterion focused on
resistance to cryptanalysis attacks other than brute-force attack.
• cost, - The second criterion was cost, which covers the
computational efficiency and storage requirement for different
implementations such as hardware, software, or smart cards.
• Implementation - This criterion included the requirement that
the algorithm must have flexibility (be implementable on any
platform) and simplicity
Rounds
• AES is a non-Feistel cipher that encrypts and decrypts a
data block of 128 bits. It uses 10, 12, or 14 rounds. The
key size, which can be 128, 192, or 256 bits, depends
on the number of rounds.
The number of round
keys generated by the
key-expansion
algorithm is always
one more than the
number of rounds. In
other words, we have
Number of round keys
= Nr + 1
We refer to the round
keys as K0, K1, K2, …,
KNr .
Data Units
AES uses five units of measurement to refer to data:
• bits,
• bytes,
• words,
• blocks, and
• state.
The bit is the smallest and atomic unit; other units can be
expressed in terms of smaller ones.
• Bit
In AES, a bit is a binary digit with a value of 0 or 1. We
use a lowercase letter to refer to a bit.
• Byte
A byte is a group of eight bits that can be treated as a
single entity, a row matrix (1 × 8) of eight bits, or a
column matrix (8 × 1) of eight bits. When treated as a
row matrix, the bits are inserted to the matrix from left
to right; when treated as a column matrix, the bits are
inserted into the matrix from top to bottom.
• Word
A word is a group of 32 bits that can be treated as a
single entity, a row matrix of four bytes, or a column
matrix of four bytes.
• Block
AES encrypts and decrypts data blocks. A block in AES is
a group of 128 bits. However, a block can be
represented as a row matrix of 16 bytes.
•State

• AES uses several rounds in which each round is made of

several stages. Data block is transformed from one stage to
another. At the beginning and end of the cipher, AES uses the
term data block; before and after each stage, the data block is
referred to as a state. We use an uppercase bold letter to refer
to a state. Although the states in different stages are normally
called S, we occasionally use the letter T to refer to a temporary
state. States, like blocks, are made of 16 bytes, but normally
are treated as matrices of 4 × 4 bytes. In this case, each
element of a state is referred to as s r,c, where r (0 to 3) defines
the row and the c (0 to 3) defines the column.
Key Adding
• By Using XOR operation between Plaintext state and
Round key State.
• AddRoundKey also proceeds one column at a time.
• The AddRoundKey transformation is the inverse of itself.
Structure of Each Round
Four different stages are used, one of permutation and
three of substitution:
• Substitute bytes: Uses an S-box to perform a byte-by-
byte substitution of the block.
• ShiftRows: A simple permutation.
• MixColumns: A substitution that makes use of arithmetic
over GF(28).
• AddRoundKey: A simple bitwise XOR of the current block
with a portion of the expanded key.
SubBytes
The first transformation, SubBytes, is used at the
encryption site. To substitute a byte, we interpret the
byte as two hexadecimal digits. The left digit defines
the row and the right digit defines the column of the
substitution table. The two hexadecimal digits at the
junction of the row and the column are the new byte.
InvSubBytes
InvSubBytes is the inverse of SubBytes.
ShiftRows
In the encryption, the transformation is called ShiftRows
and the shifting is to the left.The number of shifts
depends on the row number (0, 1, 2, or 3) of the state
matrix. This means the row 0 is not shifted at all and the
last row is shifted three bytes.
MixColumns
The MixColumns transformation operates at the column
level; it transforms each column of the state to a new
column. The transformation is actually the matrix
multiplication of a state column by a constant square
matrix. The bytes in the state column and constants
matrix are interpreted as 8-bit words (or polynomials)
with coefficients in GF(2).
KEY EXPANSION
RotWord
The RotWord (rotate word) routine is similar to the
ShiftRows transformation, but it is applied to only one
row. The routine takes a word as an array of four bytes
and shifts each byte to the left with wrapping.
SubWord
The SubWord (substitute word) routine is similar to the
SubBytes transformation, but it is applied only to four
bytes. The routine takes each byte in the word and
substitutes another byte for it.
Round Constants
Each round constant, RCon, is a 4-byte value in which
the right most three bytes are always zero.