When the National Institute of Standards and Technology (NIST) published the Advanced Encryption Standard (AES) in 2001, it was a specification for the encryption of electronic data that was developed by the United States. AES is widely used today because it is significantly stronger than DES and triple DES, even though it is more difficult to implement.
Points to keep in mind
- AES is a block cypher, which means it encrypts data in blocks.
- The key size can range from 128 bits to 192 bits to 256 bits.
- Data is encrypted in blocks of 128 bits at a time.
Thus, 128 bits of encrypted cypher text is received as input and outputs 128 bits of encrypted cypher text as output. To perform AES, the substitution-permutation network principle is used. This means that it is accomplished through a series of linked operations that involve the replacement and shuffling of the input data is used.
The cypher’s method of operation:
AES operates on bytes of data rather than bits, so it is more efficient. As a result, the cypher can only process 128 bits (or 16 bytes) of the input data at a time because the block size is 128 bits.
The number of rounds is determined by the length of the key as follows:
- 10 rounds with a 128-bit key
- 12 rounds with a 192-bit key
- 14 rounds for a 256-bit key
Round keys were created in the following ways:
To calculate all the round keys from a key, the algorithm known as Key Schedule is used. As a result, the initial key is used to generate a large number of unique round keys, each of which will be used in the corresponding round of encryption.
Encryption is used to protect sensitive information.
When used in a column major arrangement, AES treats each block as a 16 byte grid (4 byte x 4 byte = 128) of data.
[b0 | b4 | b8 | b12 | b0 | b4 | b8 | b12 | b0 | b4 | b8 | b12 | b0 | b4 | b8 | b12 | b0 | b4 | b4 | b4 | b4 | b4 | b4 | b4 | b4 | b4 | b4 | b4 |
| b1 | b5 | b9 | b13 | b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 | | b2 | b6 | b10| b14 |
The following are the values for the letters B3 and B7: B11 and B15, respectively.
Each round is divided into four steps:
- SubBytes
- ShiftRows
- MixColumns
- Toss in a Round Key
The MixColumns round is not included in the final round of the game.
In the algorithm, the SubBytes perform the substitution, and the ShiftRows and MixColumns perform the permutation, respectively.
SubBytes (in bytes):
This step is responsible for putting the substitution into effect.
The substitution of one byte for another takes place in this step.
(This is accomplished through the use of a lookup table, also known as the S-box.)
By doing so, it ensures that no byte ever substitutes for itself and that no byte ever substitutes for another byte that is a complement of the current byte.
- Similarly to the previous step, the result of this step is another 16 bytes (4 x 4) matrix as before.
- The permutation is implemented in the following two steps.
- ShiftRows are a type of row that is shifted from one position to another.
- This step is exactly what it sounds like. There is a specific number of times that each row is shifted.
- The first row has not been altered in any way.
- The second row is moved to the left by one position.
- The third row has been shifted to the left twice more.
- A total of three times to the left is shifted the fourth row.
- (This is accomplished through the use of a left circular shift.)
[b0 | b1 | b2 | b3 ] [b0 | b1 | b2 | b3 ] [b0 | b1 | b2 | b3 ] [b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b4 | b5 | b6 | b7 | -> | b4 | b5 | b6 | b7 | -> | b4 | b5 | b6 | b7 | -> | b4 | b5 | b6 | b7 | -> | b4 | b5 | b6 | b7 |
The letters b8 and b9 are used to indicate the number b10 and the number b11. | b10 and b11 | b8 and b9 | | b10 and b11 | | b10 and b11 |
[b12 | b13 | b14 | b15] [b12 | b13 | b14 | b15] [b12 | b13 | b14 | b15] [b15 | b12 | b13 | b14] [b15 | b12 | b13 | b14]
Columns in a mix are referred to as mix columns.
This step consists primarily of a matrix multiplication operation. In this case, each column is multiplied by a specific matrix, and the position of each byte in the column changes as a result of this operation.
In the previous round, this step was skipped.
[c0] [c0] [c0] [c0] [2 3 1 1] [2 3 1 1] [2 3 1 1] [b0] [b0] [b0] [b0]
| c1 | = | 1 2 3 1 | | b1 | = | 1 2 3 1 | | c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 | | 1 1 2 3 | | c2 |
[c3] [c3] [c3] [c3] [3 1 1 2] [3 1 1 2] [b3] [b3] [b3] [b3]
Round keys can be added as follows:
The resultant output of the previous stage is now XORed with the round key that corresponds to the current stage. In this case, the 16 bytes are not considered to be a grid, but rather as 128 bits of information.
After all of these rounds, 128 bits of encrypted data is returned to the user as an output result. This process is repeated until all of the data to be encrypted has been subjected to the encryption process.
Decryption is the process of decrypting data.
A simple way to undo the changes made during the rounds is to perform the opposite of what was done during the stages. This reverses the changes.
Each of the 128 blocks goes through 10, 12, or 14 rounds, depending on the size of the key used.
The following are the stages of each round of decryption: Stage 1:
- Insert a round key.
- MixColumns in the inverse direction
- ShiftRows
- SubByte in Reverse
The decryption process is simply the encryption process carried out in reverse, so I’ll go over the steps with some notable differences.
Inverse MixColumns (also known as Inverse MixColumns):
This step is similar to the MixColumns step in encryption, with the exception that the matrix used to carry out the operation is different.
[b0] [b0] [b0] [b0] [14 11 13 9 ] [14 11 13 9 ] [14 11 13 9 ] [c0] [c0] [c0] [c0]
• | b1 | = • • • • • • • • •
| b2 | | 13 9 14 11 | | c2 | | b2 | | 13 9 14 11 |
[b3] [b3] [b3] [b3] [11 13 9 14] [11 13 9 14] [11 13 9 14] [11 13 9 14] [c3] [c3] [c3] [c3]
SubBytes in the inverse order:
A lookup table called an Inverse S-box is used during the decryption process, and the bytes are substituted with those from the lookup table.
A succinct summary is as follows:
To improve the speed and security of applications that use AES for encryption and decryption, the AES instruction set has now been integrated into the CPU (and can handle a throughput of several GB/s).
Even though it has been 20 years since its introduction, we have not been able to break the AES algorithm because it is infeasible even with current technology. The implementation of the algorithm continues to be the only point of vulnerability at this time.
