Advanced Encryption Standard (AES)

 The Advanced Encryption Standard (AES) is a symmetric-key

block cipher published by the National Institute of Standards
and Technology (NIST) in December 2001.
 AES is a non-Feistel cipher that encrypts and decrypts a data
block of 128 bits. It uses 10, 12, or 14 rounds. The key size,
which can be 128, 192, or 256 bits, depends on the number of
rounds. Figure 7.1 shows the general design for the encryption
algorithm (called cipher); the decryption algorithm (called
inverse cipher) is similar, but the round keys are applied in the
reverse order.
Advanced Encryption Standard (AES)
 In Figure 7.1, Nr defines the number of rounds. The figure
also shows the relationship between the number of rounds and
the key size, which means that we can have three different
AES versions; they are referred as AES-128, AES-192, and
AES-256. However, the round keys, which are created by the
key-expansion algorithm are always 128 bits, the same size as
the plaintext or ciphertext block.
AES Encryption
AES
Data Units
 AES uses five units of measurement to refer to data: bits,
bytes, words, blocks, and state. The bit is the smallest and
atomic unit; other units can be expressed in terms of smaller
ones. Figure 7.2 shows the non-atomic data units: byte, word,
block, state.
Data Units
 Bit
In AES, a bit is a binary digit with a value of 0 or 1. We use a
lowercase letter to refer to a bit.
 Byte

A byte is a group of eight bits that can be treated as a single

entity, a row matrix (1 × 8) of eight bits, or a column matrix (8 ×
1) of eight bits. When treated as a row matrix, the bits are
inserted to the matrix from left to right; when treated as a
column matrix, the bits are inserted into the matrix from top to
bottom. We use a lowercase bold letter to refer to a byte.
Data Units
Data Units
 Word
A word is a group of 32 bits that can be treated as a single entity,
a row matrix of four bytes, or a column matrix of four bytes.
When it is treated as a row matrix, the bytes are inserted into the
matrix from left to right; when it is considered as a column
matrix, the bytes are inserted into the matrix from top to bottom.
We use the lowercase bold letter w to show a word.
 Block

AES encrypts and decrypts data blocks. A block in AES is a

group of 128 bits. However, a block can be represented as a row
matrix of 16 bytes.
Data Units
 State
AES uses several rounds in which each round is made of several stages.
Data block is transformed from one stage to another. At the beginning and
end of the cipher, AES uses the term data block; before and after each
stage, the data block is referred to as a state. We use an uppercase bold
letter to refer to a state. Although the states in different stages are normally
called S, we occasionally use the letter T to refer to a temporary state.
States, like blocks, are made of 16 bytes, but normally are treated as
matrices of 4 × 4 bytes. Occasionally, a state is treated as a row matrix (1 ×
4) of words. This makes sense, if we think of a word as a column matrix.
At the beginning of the cipher, bytes in a data block are inserted into a
state column by column, and in each column, from top to bottom. At the
end of the cipher, bytes in the state are extracted in the same way, as
shown in Figure 7.3.
Block-to-state and state-to-block transformation
Structure of Each Round
 Figure 7.5 shows the structure of each round at the encryption
side. Each round, except the last, uses four transformations
that are invertible. The last round has only three
transformations. As Figure 7.5 shows, each transformation
takes a state and creates another state to be used for the next
transformation or the next round. The pre-round section uses
only one transformation (AddRoundKey); the last round uses
only three transformations (MixColumns transformation is
missing).
Structure of Each Round
Structure of Each Round
 At the decryption site, the inverse transformations are used:
InvSubByte, InvShiftRows, InvMixColumns, and
AddRoundKey (this one is self-invertible).
TRANSFORMATIONS
 To provide security, AES uses four types of transformations:
substitution, permutation, mixing, and key-adding.
 Substitution
 AES, like DES, uses substitution. However, the mechanism is
different. First, the substitution is done for each byte. Second,
only one table is used for transformation of every byte, which
means that if two bytes are the same, the transformation is
also the same. Third, the transformation is defined by either a
table lookup process or mathematical calculation the field.
AES uses two invertible transformations.
TRANSFORMATIONS
 SubBytes
 The first transformation, SubBytes, is used at the encryption
site. To substitute a byte, we interpret the byte as two
hexadecimal digits. The left digit defines the row and the right
digit defines the column of the substitution table. The two
hexadecimal digits at the junction of the row and the column
are the new byte. Figure 7.6 shows the idea.
TRANSFORMATIONS
TRANSFORMATIONS
 In the SubBytes transformation, the state is treated as a 4 × 4
matrix of bytes. Transformation is done one byte at a time.
The contents of each byte is changed, but the arrangement of
the bytes in the matrix remains the same. In the process, each
byte is transformed independently. There are sixteen distinct
byte-to-byte transformations.
SubBytes Transformation Table
InvSubBytes
 InvSubBytes
InvSubBytes is the inverse of SubBytes. The transformation is
done using Table 7.2. We can easily check that the two
transformations are inverse of each other.
InvSubBytes
Example
Transformation
 Permutation
Another transformation found in a round is shifting, which
permutes the bytes. Unlike DES, in which permutation is done at
the bit level, shifting transformation in AES is done at the byte
level; the order of the bits in the byte is not changed.
 ShiftRows

In the encryption, the transformation is called ShiftRows and the

shifting is to the left. The number of shifts depends on the row
number (0, 1, 2, or 3) of the state matrix. This means the row 0
is not shifted at all and the last row is shifted three bytes. Figure
7.9 shows the shifting transformation.
Transformation
Transformation
 InvShiftRows
n the decryption, the transformation is called InvShiftRows and
the shifting is to the right. The number of shifts is the same as
the row number (0, 1, 2, and 3) of the state matrix.
Example