Advanced Encryption Standard

The AES Cipher

Block length is limited to 128 bit The key size can be independently specified to 128, 192 or 256 bits
Key size (words/bytes/bits) Number of rounds Expanded key size (words/byte) 4/16/128 6/24/192 10 12 44/176 52/208 8/32/256 14 60/240

Key-block-rounds combinations

The AES Cipher

Key received as input array of 4 rows and Nk columns Nk = 4,6, or 8, parameter which depends key size Input key is expanded into an array of 44/52/60 words of 32 bits each 4 different words serve as a key for each round
k0 k1 k4 k5 k8 k9 k12 k13 w0 w1 w2 w42 w43

k2
k3

k6
k7

k10
k11

k14
k15

The AES Cipher

Single 128 bit block as input Copied to a State array with Nb columns
(Nb= block length / 32 = 128/32 = 4)

The AES Cipher

Number of rounds, Nr, depends on key size Each round is a repetition of functions that perform a transformation over State array Consists of 4 main functions: one permutation and three substitutions
Substitute bytes, Shift rows, Mix columns, Add round key

Addition / Subtraction
XOR operation on the bits

Multiplication
Irreducible polynomial

SubBytes Transformation
[b ] is the multiplicative inverse of [sr,c] br,c = sr,c mod m(x)
Irreducible polynomial

SubBytes()Transformation Substitution Bytes

S - Box

SubBytes()Transformation
For example, if s 1,1 = {53}, then the substitution value would be determined by the intersection of the row with index 5 and the column with index 3 in the S-Box. This would result in s 1,1 {ed}.

InvSubBytes() Transformation

ShiftRows() Transformation

InvShiftRows() Transformation

MixColumns() Transformation

MixColumns() Transformation

InvMixColumns() Transformation

AddRoundKey() Transformation

Key Expansion

Key Expansion

The AES Cipher

AddRoundKey() round key is added to the State using XOR operation MixColumns() takes all the columns of the State and mixes their data, independently of one another, making use of arithmetic over GF(2^8) ShiftRows() processes the State by cyclically shifting the last three rows of the State by different offsets SubBytes() uses S-box to perform a byte-by-byte substitution of State

plaintext

The AES Cipher

Add round key

Substitute bytes Shift rows Mix columns Add Round key Round 1

Substitute bytes Substitute bytes Shift rows Mix columns Add round key

Round 9

Shift rows Add round key Cipher text

W[4,7]

W[36,39]

W[40,43]

key

The AES Cipher

Only Add round key makes use of the key Other three functions are used for diffusion and confusion Final round consists of only three stages

ciphertext

The AES Inverse Cipher

Add round key

Inv. Shift rows Inv. Sub bytes Add round key Inv. Mix Columns Round 1

Inv. Shift rows Inv. Shift rows Inv. Sub bytes Add round key Inv. Mix columns

Round 9

Inv. Sub bytes Add round key plaintext

W[36,39]

W[4,7]

W[0,3]

key

The AES Inverse Cipher

Decryption algorithm uses the expanded key in reverse order All functions are easily reversible and their inverse form is used in decryption Decryption algorithm is not identical to the encryption algorithm Again, final round consists of only three stages

Cipher Example