Advanced Encryption

Standard
(AES)
AGENDA
❖ Advanced Encryption Standard
➢ What is AES?
➢ Why AES is so popular?
➢ Design considerations of AES
➢ Schematic Diagram and Flowchart of AES
Algorithm
❖ Encryption
❖ Decryption
❖ Details of the steps of AES
Advanced Encryption
Standard
The Algorithm was developed by Vincent Rijmen
and Joan Daemen. So this is also called
RIJNDAEL.
What is AES?

● AES is an encryption standard chosen by the National Institute of

Standards and Technology(NIST), USA to protect classified
information. It has been accepted world wide as a desirable
algorithm to encrypt sensitive data.
● It supersedes the Data Encryption Standard (DES), which was
published in 1977.
● The algorithm described by AES is a symmetric-key algorithm,
meaning the same key is used for both encrypting and decrypting
the data.
● It is based on both permutation and substitution techniques.
Why AES is so popular? (1/2)

● The cracking of Data Encryption Standard(DES) was becoming

possible. AES overcomes the limitation of the smaller key size of
DES by utilizing a bigger and variable-length key.

● Moreover, it also resolves the slow processing speed of Triple-DES

and utilizes lower resources than the earlier one.

● AES met all security, cost and implementation criteria and it was
accepted by the US government to protect classified information.
Why AES is so popular? (2/2)

● AES supports secret keys of three lengths which are of 128, 192,
256 bits to encrypt and decrypt a data block of 128 bits.
● It is flexible and has implementation for software and hardware.
● It doesn’t have any copyright so it can be easily used globally.
● Overall, this robust algorithm provides high security and can
prevent many attacks.
Design Considerations of AES (1/2)

● AES is based on ‘substitution–permutation network’. It comprises a series of

linked operations, some of which involve replacing inputs by specific outputs
(substitutions) and others involve shuffling bits around (permutations).
● Interestingly, AES performs all its computations on bytes rather than bits. Hence,
AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are
arranged in four columns and four rows for processing as a matrix.
Design Considerations of AES (2/2)
● Unlike DES, the number of rounds in AES is variable and depends on
the length of the key. AES uses 10 rounds for 128-bit keys, 12
rounds for 192-bit keys, and 14 rounds for 256-bit keys. Each
of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
● Every key is expanded so that a separate sub-key (denoted as w[i,j],
where i and j provide the byte range) could be utilized for every
round.
What is state in AES

● The block of data to be encrypted is termed as the state. In AES the

state is a (4×4) matrix of bytes. The state paired with an encryption
key of a certain length form the inputs for the AES algorithm. The
AES is comprised of four different stages, which together represent
a single round. Each stage performs some operations on the current
state. The number of rounds varies with different implementations
of AES.
Schematic Diagram of AES Structure
Flowchart of AES Algorithm
DETAILS OF ENCRYPTION
PROCESS
Encryption Process (1/3)
AES basically repeats four major functions to encrypt data. It takes
128 bit block of data and a key and gives a cipher text as output.
The functions it performs are as follows :

● Byte Substitution
● Shift Rows
● Mix Columns
● Add round key
Encryption Process (2/3)
● Byte Substitution (SubBytes)
The 16 input bytes (for 128-bit key) are substituted by looking up a fixed table (S-box)
given in the design. The result is in a matrix of four rows and four columns.

● Shift rows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are
re-inserted on the right side of the row. The shift is carried out as follows −
➢ First row is not shifted.
➢ Second row is shifted one (byte) position to the left.
➢ Third row is shifted two positions to the left.
➢ Fourth row is shifted three positions to the left.
➢ The result is a new matrix consisting of the same 16 bytes but shifted with
respect to each other.
Encryption Process (3/3)
● MixColumns
➢ Each column of four bytes is now transformed using a special mathematical function.
➢ This function takes as input the four bytes of one column and outputs four completely
new bytes, which replace the original column.
➢ The result is another new matrix consisting of 16 new bytes.
➢ It should be noted that this step is not performed in the last round.
● Add round key
➢ The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128
bits of the round key.
➢ If this is the last round then the output is the ciphertext.
➢ Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another
similar round.
DETAILS OF DECRYPTION
PROCESS
Decryption Process
The process of decryption of an AES cipher text is similar to the encryption
process in the reverse order. Each round consists of the four processes
conducted in the reverse order :
● Add round key
● Mix columns
● Shift rows
● Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a
Feistel Cipher, the encryption and decryption algorithms needs to be
separately implemented, although they are very closely related.
 Overall
Structure of
AES
Encryption
&
Decryption
DETAILED ANALYSIS OF THE STEPS OF
AES
Key Expansion (1/5)
In the key expansion process the given 128 bits cipher key is stored in
[4]x[4] bytes matrix (16*8=128 bits) and then the four column words of
the key matrix is expanded into a schedule of 44 words (44*4=176)
resulting in 11 round keys (176/11=16 bytes or 128 bits).

Number of round keys = Nr + 1 where Nr is the number of rounds

(which is 10 in case of 128 bits key size). So here the round keys = 11.
Key Expansion (2/5)

● Steps:
1) RotWord – A one-byte circular left shift on a word.
2) SubWord – Performs a byte substitution on each byte of its input
word, using a S-box.
3) XOR with round constant – The result obtained from the previous
step
is XORed with a round constant, Rcon.

NOTE : (The Rcon depends on round number).

An Example of Key Expansion (3/5)
● Suppose that the initial round key for round 8 is as follows.
● EA D2 73 21 B5 8D BA D2 31 2B 5F 60 7F 8D 29 2F
● This can be written in matrix form as follows.

EA B5 31 7F

D2 8D 2B 8D

73 BA 5F 29

21 D2 60 2F
 Example Continued (4/5)
Considering the previous matrix (for round 8) we can write –
w[32]=EA D2 73 21 [i=32]
w[33]=B5 8D BA D2 [i=33]
w[34]=31 2B 5F 60 [i=34]
w[35]=7F 8D 29 2F [i=35]
Then the first four bytes (first column) of the round key for round 9 are calculated as
follows:
i Temp Temp = Temp = Rcon (9) Temp = w[i-4] w[i] = w[36] =
= w[i-1] RotWord(Temp) SubWord(Temp) Temp XOR =w[32] Temp XOR
= w[35]) Rcon(9) w[i-4]

36 7F 8D 29 2F 8D 29 2F 7F 5D A5 15 D2 1B000000 46 A5 15 D2 EA D2 73 21 AC 77 66 F3
Key Expansion Briefing (5/5)

Key
Expansion
Byte Substitution (1/2)
Each element of the matrix is replaced by an element of S-box matrix.
Rjindael S-box used for Byte Substitution
(2/2) ●S-box is a special lookup
table which is constructed
by Galois fields.
● Generating Function used
here is GF(28) i.e, 256
values are possible.
● The elements of the S-box
are written in hexadecimal
system. The first digit
represents row and the
second digit represents
column.
Shift Rows
In this step rows of the block are cylindrically shifted in left
direction. The first row is untouched, the second one by one shift,
third by two and fourth by three.
Mix Columns (1/4)
This is the most important part of AES Algorithm. It causes the flip of bits to
spread all over the block. In this step the block is multiplied by a fixed
matrix. The multiplication is field multiplication in Galois field. For each
column there are 16 multiplication, 12 XORs and a 4 byte output.
An Example of Mix Columns (2/4)
It operates on each column individually where a single byte of a column
is mapped into a new value that is a function of all four bytes in that
column. The transformation can be defined by the following matrix
multiplication on state.
S0,0 S0,1 S0,2 S0,3 02 03 01 01

S1,0 S1,1 S1,2 S1,3 01 02 03 01

S2,0 S2,1 S2,2 S2,3 01 01 02 03

S3,0 S3,1 S3,2 S3,3 03 01 01 02

Example of Mix Columns Continued
(3/4)
S = (S * 02) XOR (S * 03) XOR (S * 01) XOR (S * 01)
● 0,0 0,0 1,0 2,0 3,0

● S1,0 = (S0,0 * 01) XOR (S1,0 * 02) XOR (S2,0 * 03) XOR (S3,0 * 01)

● S2,0 = (S0,0 * 01) XOR (S1,0 * 01) XOR (S2,0 * 02) XOR (S3,0 * 03)

● S3,0 = (S0,0 * 03) XOR (S1,0 * 01) XOR (S2,0 * 01) XOR (S3,0 * 02)
Note that * multiplications are not traditional multiplications but can be
performed using two Look-up tables called L-Table and E-Tables.
One such example for calculating only S0,0 is shown in the next slide.
Example of Mix Columns Continued (4/4)

Example: Let, Input = 87 6E 46 A6

So,
S0,0 = (S0,0 * 02) XOR (S1,0 * 03) XOR (S2,0 * 01) XOR (S3,0 * 01)

= (87 * 02) XOR (6E * 03) XOR (46 * 01) XOR (A6 * 01)

= E(L(87)+L(02)) XOR E(L(6E)+L(03)) XOR E((L(46)+L(01))

XOR E(L(A6)+L(01))
= E(74+19) XOR E(………) ………….
= E(8D) XOR …………
= 15 XOR …………..
 Add Round Key
In this step each
byte of the STATE
is XORed with
corresponding
byte of the round
key. Since using
same key weaken
the algorithm.
Hence keys are
expanded using
the procedure as
explained earlier.
THANK YOU