Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES)

• Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure
data by converting it into an unreadable format without the proper key. It is developed by the
National Institute of Standards and Technology (NIST) in 2001.
• It is is widely used today as it is much stronger than DES and triple DES despite being harder to
implement.
• AES encryption uses various key lengths (128, 192, or 256 bits) to provide strong protection
against unauthorized access.
• AES is a Block Cipher.

• The key size can be 128/192/256 bits.

• Encrypts data in blocks of 128 bits each.

Working of The Cipher

•AES performs operations on bytes of data rather than in bits. Since the block
size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data
at a time.

•The number of rounds depends on the key length as follows :

Creation of Round Keys

A Key Schedule algorithm calculates all the round keys from the key. So the initial key is used to create
many different round keys which will be used in the corresponding round of the encryption.
Encryption

AES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a

column-major arrangement.
Each round comprises of 4 steps :

Step1. Sub Bytes

This step implements the substitution.

In this step, each byte is substituted by

another byte. It is performed using a
lookup table also called the S-box.This
substitution is done in a way that a byte
is never substituted by itself and also not
substituted by another byte which is a
compliment of the current byte. The
result of this step is a 16-byte (4 x 4 )
matrix like before.

The next two steps implement the

permutation.
Step 2: Shift Rows

This step is just as it sounds. Each

row is shifted a particular number of
times.

•The first row is not shifted

•The second row is shifted once to the

left.

•The third row is shifted twice to the

left.

•The fourth row is shifted thrice to the

left.
Step 3: Mix Columns

This step is a matrix multiplication.

Each column is multiplied with a
specific matrix and thus the position
of each byte in the column is
changed as a result.

This step is skipped in the last

round.
4.Add Round Keys

•Now the resultant output of the

previous stage is XOR-ed with the
corresponding round key. Here, the
16 bytes are not considered as a grid
but just as 128 bits of data.

•After all these rounds 128 bits of

encrypted data are given back as
output. This process is repeated until
all the data to be encrypted
undergoes this process.
Example:
the basic steps needed to go through the encryption procedure, understand
this example to follow along.
ADD ROUND KEY:
CONT…
•Sub-Bytes: It passes the elements through a 16x16 S-Box to get a completely
new state array.
CONT..
Shift Rows: Mix columns:
Add Round Key:
This state array is now the final
ciphertext for this particular round.
This becomes the input for the next
round. Depending on the key length,
you repeat the above steps until you
complete round 10, after which you
receive the final ciphertext.
Final State Array:
Decryption
The stages in the rounds can be easily undone as these stages have an opposite to it which when
performed reverts the changes. Each 128 blocks goes through the 10,12 or 14 rounds depending
on the key size.

The stages of each round of decryption are as follows :

•Add round key

•Inverse MixColumns

•ShiftRows

•Inverse SubByte
The decryption process is the encryption process done in reverse so I will explain the steps with
notable differences.

Inverse MixColumns

•This step is similar to the Mix Columns step in encryption but differs in the
matrix used to carry out the operation.

•Mix Columns Operation each column is mixed independent of the other.

•Matrix multiplication is used. The output of this step is the matrix

multiplication of the old values and a constant matrix
Inverse SubBytes

•Inverse S-box is used as a lookup table and using which the bytes are
substituted during decryption.

•Function Substitute performs a byte substitution on each byte of the input

word. For this purpose, it uses an S-box.
Applications of AES:

• Wireless security: AES is used in securing wireless networks, such as

Wi-Fi networks, to ensure data confidentiality and prevent unauthorized access.

• Database Encryption: AES can be applied to encrypt sensitive data stored in

databases. This helps protect personal information, financial records, and other
confidential data from unauthorized access in case of a data breach.

• Secure communications: AES is widely used in protocols such as internet

communications, email, instant messaging, and voice/video calls. It ensures that
the data remains confidential.

• File and Disk Encryption: AES is used to encrypt files and folders on
computers, external storage devices, and cloud storage. It protects sensitive data
stored on devices or during data transfer to prevent unauthorized access.
Limitations of AES

1. Key Management – Secure distribution/storage is challenging

.2. Brute-Force Risk – Future quantum attacks possible.
3. High Resource Use – Not ideal for low-power devices.
4. Side-Channel Attacks – Vulnerable to timing and power analysis.
5. No Integrity Check – Needs HMAC/GCM for verification.
6. Mode Weaknesses – ECB mode leaks patterns.