AES Algorithm

Advanced Encryption Standard

The AES Cipher

• Block length is limited to 128 bit• The key size can be independently specified to

128, 192 or 256 bits

Key size (words/bytes/bits) 4/16/128 6/24/192 8/32/256

Number of rounds 10 12 14

Expanded key size (words/byte) 44/176 52/208 60/240

Key-block-rounds combinations

The AES Cipher• Key received as input array of 4 rows and Nk columns• Nk = 4,6, or 8, parameter which depends key size• Input key is expanded into an array of 44/52/60 words

of 32 bits each• 4 different words serve as a key for each round

k0 k4 k8 k12

k1

k2

k3

k5

k6

k7

k9

k10

k11

k13

k14

k15

w0 w1 w2 …… w42 w43

The AES Cipher

• Single 128 bit block as input• Copied to a State array with Nb columns

– (Nb= block length / 32 = 128/32 = 4)

The AES Cipher

• Number of rounds, Nr, depends on key size• Each round is a repetition of functions that

perform a transformation over State array• Consists of 4 main functions: one permutation

and three substitutions

Substitute bytes, Shift rows, Mix columns, Add round key

Addition / SubtractionXOR operation on the bits

Multiplication

Irreducible polynomial

Irreducible polynomial

SubBytes Transformation[b ] is the multiplicative inverse of [sr,c]

b’r,c = sr,c mod m(x)

SubBytes()Transformation Substitution Bytes

S - Box

For example,

if s 1,1 = {53}, then the substitution value would be determined by the intersectionof the row with index ‘5’ and the column with index ‘3’ in the S-Box.

This would result in s’ 1,1 {ed}.

SubBytes()Transformation

InvSubBytes() Transformation

ShiftRows() Transformation

InvShiftRows() Transformation

MixColumns() Transformation

MixColumns() Transformation

InvMixColumns() Transformation

AddRoundKey() Transformation

Key Expansion

Key Expansion

The AES Cipher

• AddRoundKey() – round key is added to the State using XOR operation

• MixColumns() – takes all the columns of the State and mixes their data, independently of one another, making use of arithmetic over GF(2^8)

• ShiftRows() – processes the State by cyclically shifting the last three rows of the State by different offsets

• SubBytes() – uses S-box to perform a byte-by-byte substitution of State

The AES Cipher

Add round key

Substitute bytes

Shift rows

Mix columns

Add Round key

Substitute bytes

Shift rows

Mix columns

Add round key

Substitute bytes

Shift rows

Add round key

plaintext

Cipher text

keyW[4,7] W[36,39] W[40,43]

Round 1

Round 9

The AES Cipher

• Only Add round key makes use of the key• Other three functions are used for diffusion

and confusion • Final round consists of only three stages

The AES Inverse Cipher

Add round key

Inv. Shift rows

Inv. Sub bytes

Add round key

Inv. Mix Columns

Inv. Shift rows

Inv. Sub bytes

Add round key

Inv. Mix columns

Inv. Shift rows

Inv. Sub bytes

Add round key

ciphertext

plaintext

keyW[36,39] W[4,7] W[0,3]

Round 1

Round 9

The AES Inverse Cipher

• Decryption algorithm uses the expanded key in reverse order

• All functions are easily reversible and their inverse form is used in decryption

• Decryption algorithm is not identical to the encryption algorithm

• Again, final round consists of only three stages

Cipher Example