The Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S.
2. INTRODUCTION
• The National Institute of Standards and Technology
(NIST) started development of AES in 1997 when it
announced the need for a successor algorithm for
the Data Encryption Standard (DES), which was
starting to become vulnerable to brute-force attacks.
• Symmetric key symmetric block cipher.
• 128-bit data, 128/192/256-bit keys .
• Stronger and faster than Triple-DES and six time
faster.
• The more popular and widely adopted symmetric
encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard
(AES).
• AES is based Rijndael cipher developed by two
Belgian cryptographers, Vincent Rijmen and Joan
Daemen.
3. HOW AES WORKS ?
128 BIT - PLAIN TEXT
KEY SIZE
(128/192/256)
AES ENCRYPTION
128 BIT - CIPHER
TEXT
INPUT
OUTPUT
4. AES ENCRYPTION
PRE – ROUND TRANSFORMATION
ROUND 1
ROUND 2
ROUND Nr (Slightly Different)
KEY
EXPANSION
128 – BIT PLAIN TEXT
128 – BIT CIPHER TEXT
ROUND KEYS
(128 BIT KEYS)
K0
K1
K2
Kr
CIPHER KEY (128,192 OR
256 BITS)
R KEY SIZE
10 128
12 192
14 256
RELATIONSHIP BETWEEN
NUMBER OF ROUNDS (R)
AND CIPHER KEY SIZE
5. PROCESS IN AES
THERE ARE MAINLY TWO STEPS IN AES TO UNDERSTAND
1. KEY GENERATION
2. ROUNDS
1. KEY GENERATION –
• ROT WORD OF LAST COLUM
• SUB BYTE OF ROT WORD
• XOR WITH RCON AND FIRST COLUM OF KEY AND SUBBYTE
• RESULT BECOME FIRST COLUM OF ROUND KEY ONE
2. ROUNDS –
• XOR WITH ROUND KEY 0
• SUB BYTE
• SHIFT ROWS
• MIX COLUMS
• ADD ROUND KEY
INITIAL ROUND MAIN ROUND FINAL ROUND
• SUB BYTE
• SHIFT ROWS
• ADD LAST ROUND KEY
6. KEY GENERATION
T E A M S C O R P I A N 1 2 3 4
128-BIT KEY :- TEAMSCORPIAN1234
IN BINARY 01010100
IN HEXADECIMAL 8-BIT 8 × 16 = 128 BIT
T 54
54 45 41 4D 53 43 4F 52 50 49 41 4E 31 32 33 34
54
45
41
4D
54 45 41 4D
THESE 4 BYTE
BECAME FIRST
COLUM OF THE KEY
STATE
54
45
41
4D
53
43
4F
52
50
49
41
4E
31
32
33
34
KEY STATE
8 × 16 = 128 BIT KEY STATE
WHICH CREATE 10 SUBKEYS
MORE FOR EACH ROUND
7. SUB - KEY GENERATION
54
45
41
4D
53
43
4F
52
50
49
41
4E
31
32
33
34
KEY STATE
31
32
33
34
TAKING LAST COLUM OF
KEY AND DO ROTWORD
32
33
34
31
ROT WORD
32
33
34
31
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
10 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0
20 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15
30 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75
40 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84
50 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF
60 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8
70 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2
80 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73
90 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB
A0 E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79
B0 E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08
C0 BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A
D0 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E
E0 E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF
F0 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16
23
C3
18
C7
IN SUB BYTE FIRST HEXA DECIMAL CHARACTER
BECOME ROW AND SECOND BECAME COLUM
AND ITERSECTION POINT BECAME NEW BYTE
SUB BYTE
8. SUB - KEY GENERATION
54
45
41
4D
53
43
4F
52
50
49
41
4E
31
32
33
34
KEY STATE
23
C3
18
C7
AFTER CALCULATING ROTWORD
AND SUB BYTE OF LAST COLUM
IN PREVIOUS SILDE WE GET,
THIS COLUM
54
45
41
4D
AFTER SUB
BYTE COLUM
FIRST COLUM
01 02 04 08 10 20 40 80 1B 36
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
RCON
RCON
01
00
00
00
XOR XOR =
76
86
59
8A
25
C5
16
D8
75
8C
57
96
44
BE
64
A2
RCON IS A PRE DEFINED TABLE
FOR KEY GENERATION IN AES
XOR
XOR
XOR
KEY 1
KEY STATE BECAME KEY 0 ,
KEY 1 WE GET IN THIS SLIDE
AND KEY 1 FURTHER CREATE KEY 2 AND SO ON
EVERY KEY USING DIFFERENT RCON COLUM FOR KEY
GENERATION
9. SUB - KEYS
54
45
41
4D
53
43
4F
52
50
49
41
4E
31
32
33
34
KEY 0
76
86
59
8A
25
C5
16
D8
75
8C
57
96
44
BE
64
A2
KEY 1
6F
28
1A
B0
4A
ED
0C
68
3F
61
5B
FE
7B
DF
3F
5C
KEY 2
4A
B6
B8
FA
00
5B
B4
92
3F
3A
EF
6C
44
E5
D0
30
KEY 3
59
6F
C8
FE
59
34
7C
6C
66
0E
93
00
22
EB
43
30
KEY 4
DA
86
D2
FA
83
B2
AE
96
E5
BC
3D
96
C7
57
7E
A6
KEY 5
3C
DD
21
DE
BF
6F
8F
48
5A
D3
B2
DE
9D
84
CC
78
KEY 6
22
82
6A
62
9D
ED
E5
2A
C7
3E
57
F4
5A
BA
9B
8C
KEY 7
1C
76
7E
06
81
9B
9B
2C
46
A5
CC
D8
1C
1F
57
54
KEY 8
9B
B6
25
26
1A
2D
BE
0A
5C
88
72
D2
40
97
25
86
KEY 9
A4
3E
1A
62
BE
13
A4
68
E2
9B
D6
BA
A2
0C
F3
3C
KEY 10
ONE KEY
CREATE
ANOTHER KEY
AND SO ON……
10. ENCRYPTION PROCESS
WE HAVE THREE TYPES OF ROUND –
1. INITIAL ROUND
2. MAIN ROUND
3. FINAL ROUND
XOR
CIPHER KEY 0
ADD ROUND KEY
STATE
MESSAGE BLOCK (128 BIT)
INITIAL ROUND
TO MAIN ROUND
IN THIS ROUND SIMPLY KEY 0 XOR WITH
MESSAGE STATE
11. ENCRYPTION PROCESS
MAIN ROUNDS
XOR
TO LAST ROUND
CIPHER KEY
(1,2,3,4,5,6,7,8,9)
1- SUB BYTES
2- SHIFT ROWS
3- MIX COLUMNS
4- ADD ROUND KEY
STATE (FROM INITIAL ROUND)
9 LOOPS
IN MAIN ROUND 4 PROCESS IS DONE –
1. SUB BYTES
2. SHIFT ROWS
3. MIX COLUMS
4. ADD ROUND KEY
THESE PROCESS REPEAT 9 TIMES THEN GO TO
THE LAST ROUND
12. ENCRYPTION PROCESS
LAST ROUND
XOR
CIPHER TEXT(128 BIT)
CIPHER KEY 10
1- SUB BYTES
2- SHIFT ROWS
3- ADD ROUND KEY
STATE (AFTER MAIN ROUNDS)
IN LAST ROUND ONLY 3 PROCESS IS DONE –
1. SUB BYTES
2. SHIFT ROWS
3. ADD ROUND KEY
AFTER THIS PROCESS CIPHER TEXT OF 128 BIT
GENERATED
13. MESSAGE CONVERSION INTO STATE
M E S S A G E E N C R P T I O N
128-BIT (16 BYTE) MESSAGE :- MESSAGEENCRPTION
CONVERT EACH CHARACTER IN TO HEXADECIMAL
4D 45 53 53 41 47 45 45 4E 43 52 50 54 49 4F 4E
4D
45
53
53
41
47
45
45
4E
43
52
50
54
49
4F
4E
MESSAGE STATE
14. 4D
45
53
53
41
47
45
45
4E
43
52
50
54
49
4F
4E
WE HAVE 4 STEPS IN ROUND –
1. ADD ROUND KEY
2. SUB BYTES
3. SHIFT ROWS
4. MIX COULMNS
ROUND STEPS
ADD ROUND KEY
19
00
12
1E
12
04
0A
17
1E
0A
13
1E
65
7B
7C
7A
XOR =
54
45
41
4D
53
43
4F
52
50
49
41
4E
31
32
33
34
MESSAGE STATE KEY 0 RESULT STATE
XOR
EACH CHARACTER STATE ROW AND COLUMN XOR
WITH EACH KEY 0 ROW AND COLUMN CREATE
NEW ELEMENT WHICH IS RESULT STATE
15. 00
12
1E
12
04
0A
17
1E
0A
13
1E
65
7B
7C
7A
19
ROUND STEPS
STATE
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
10 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0
20 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15
30 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75
40 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84
50 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF
60 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8
70 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2
80 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73
90 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB
A0 E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79
B0 E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08
C0 BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A
D0 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E
E0 E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF
F0 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16
IN SUB BYTE FIRST HEXA DECIMAL CHARACTER
BECOME ROW AND SECOND BECAME COLUM
AND ITERSECTION POINT BECAME NEW BYTE
AFTER SUB BYTE
SUB BYTE
D4
63
C9
72
C9
F2
67
F0
72
67
7D
72
4D
21
10
DA
SUB BYTE TABLE IS A PRE DEFIND TABLE
19
ROW
COLUMN
1
9
D4
16. ROUND STEPS
SHIFT ROWS
63
C9
72
C9
F2
67
F0
72
67
7D
72
4D
21
10
DA
D4 C9 72 4D
D4
63 F2 67 21
C9 67 7D 10
0 - SHIFT
1 - SHIFT
2 - SHIFT
3 - SHIFT
F2
7D
DA
C9
67
10
72
72
21
C9
F0
4D
63
67
72
D4
AFTER SHIFT ROWS
BEFORE SHIFT ROWS
72 F0 72 DA
HERE EVERY ROW IS RIGHT SHIFTING ; STARTING
FROM 0 TO 3
17. ROUND STEPS
MIX COLUMNS
C9
67
10
72 F0
72
21
C9
4D
63
67
72
F2
7D
DA
D4
76
A9
47
19
D1
D2
D3
D0
3
2
1
1
1
3
2
1
1
1
3
2
1
1
3
2
F2
7D
DA
D4
×
(2 ● D4 ) (3 ● F2 ) (1 ● 7D ) (1 ● DA )
(1 ● D4 ) (2 ● F2 ) (3 ● 7D ) (1 ● DA )
(1 ● D4 ) (1 ● F2 ) (2 ● 7D ) (3 ● DA )
(3 ● D4 ) (1 ● F2 ) (1 ● 7D ) (2 ● DA )
=
F2
7D
DA
D4
=
42
45
18
D3 85
BE
80
D1
2A
50
76
37
STATE
THIS MATRIX IS PRE DEFIND FOR MIX COLUMNS
FOR ENCRYPTION ALGORITHM
THEN WE DO MATRIX
MULTIPLICATION
INSTEAD OF MULTIPLY AND ADD WE
DO –
1. MULTIPLY -> DOT PRODUCT
2. ADD -> XOR
AFTER MIX COLUMNS
18. ROUND STEPS
IN GENERAL , WE ARE COMPUTING DOT PRODUCT(INSTEAD OF MULTIPLYING) OF VECTORS OF GALOI’S
FIELDS. THIS MEANS MULTIPLYING CORRESPONDING GALOI’S FIELD FROM THE VECTORS AND SUMMING
THESE PRODUCTS. IF PRODUCT IS BIGGER THAN A BYTE THAN WE REDUCE WITH REDUCE POLYNOMIAL.
3
2
1
1
1
3
2
1
1
1
3
2
1
1
3
2
F2
7D
DA
D4
×
2 ● D4
3 ● F2
1 ● 7D
1 ● DA
2 ● D4
11010100
10 ×
( X1 ) × ( X7+ X6 + X4 + X2)
YOU CAN SIMPLY MULTIPLY
( X8+ X7 + X5 + X3)
= 110101000
IF YOU GET –
• 2X6
= 0(EVEN CONSIDER AS 0)
• X6
= 1(ONLY ODD CONSIDER AS 1)
• IF NUMBER IS NOT PRESENT THAT CONSIDER IS ALSO ZERO
• IF YOU GET X8
WHICH IS MORE THAN A BYTE THAN USING REDUCING
POLYNOMIAL(( X8
+ X4
+ X3
+ X1
+ X0
) CONVERT THIS POLYNOMIAL INTO BINARY
NUMBERS AND DIVIDE IT ( TAKING REMAINDER AS RESULT) INSTEAD OF MINUS USING
XOR
110101000
NOW WE NEED TO REDUCE IT INTO BYTE WITH
REDUCE POLYNOMIAL − ( X8
+ X4
+ X3
+ X1
+ X0
) -> 100011011
100011011
010110011
REPEAT THIS PROCESS UNTIL THE REMAINDER IS
UNDER 8 BIT , THIS PROCESS IS ONLY DONE WHEN
THE POLYNOMIAL OR RESULT IS OVER 8 BIT
11101000
01101010
11001000
10101010
00011001 = 19(IN HEX)
76
A9
47
19
THEN 76 USING NEXT ROW OF
MATRIX AND SO ON ; THIS PROCESS
CREATE SINGLE COLUMN AFTER MIX
COLUMN