The document provides an overview of the Advanced Encryption Standard (AES), a symmetric block cipher adopted by the US government for protecting classified information and widely used for encrypting sensitive data globally. It compares AES with the previous Data Encryption Standard (DES), emphasizing AES's greater security and structure, which includes processes like key expansion and various transformation functions. Additionally, real-world applications of AES, particularly in end-to-end encryption for chat systems like WhatsApp, underline its importance in modern cybersecurity.

1. Click to edit Master title style
1
Advanced
Encryption
Standard
B y,
A k a s h R a n j a n D a s
5 t h S e m e s t e r
B - Te c h , C o m p u t e r S c i e n c e A n d Te c h n o l o g y
S i d d a g a n g a I n s t i t u t e O f Te c h n o l o g y, Tu m k u r

2. Click to edit Master title style
2
Agenda
What is Advanced Encryption Standard (AES)?
Why AES?
Structure Of AES
o Basic Structure Of AES
o Detailed Structure Of AES
o Data Structure of AES
Working of AES encryption and Encryption
o AES Transformation Functions
o AES Key Expansion
Real World Software Application.
2

3. Click to edit Master title style
3
What is Advanced
Encryption Standard
(AES)?
3

4. Click to edit Master title style
4
Advanced Encryption Standard (AES)
4
• The Advanced Encryption Standard (AES) is a
symmetric block cipher chosen by the US government to
protect classified information.
• AES is implemented in software and hardware
throughout the world to encrypt sensitive data.
• The National Institute of Standards and Technology
(NIST) started development of AES in 1997 when it
announced the need for an alternative to the Data
Encryption Standard (DES) , which was starting to
become vulnerable to brute force attacks.

5. Click to edit Master title style
5
Why AES?
5

6. Click to edit Master title style
6
Why AES?
6
Data Encryption Standard (DES) Advanced Encryption Standard (AES)
• DES can be broken easily as
it has known vulnerabilities.
• DES can encrypt 64 bits of
plaintext.
• Known attacks against DES
include : Brute-force, Linear
crypt-analysis and Differential
crypt-analysis.
• AES is more secure than the DES
cipher and is the de facto world
standard.
• AES can encrypt 128 bits of
plaintext.
• No known crypt-analytical attacks against
AES but side channel attacks against AES
implementations possible. Biclique attack
have better complexity than brute-force
but still ineffective.

7. Click to edit Master title style
7
Structures Of AES
7

8. Click to edit Master title style
8
Simple Structure Of AES
8
AES
x
y
128
128
128/192/256
k
x: plain text (128 bits = 16 bytes)
k: secret key
y: encrypted text (128 bits = 16 bytes)
Key lengths #rounds = nr
128 bits 10
192 bits 12
256 bits 14

9. Click to edit Master title style
9
Block Diagram of AES Encryption
9
Plain Text x
Key Addition Layer
Byte Substitution Layer
Shift Rows
Mix Column Layer
Key Addition Layer
Round 1 Diffusion Layer
Transform 0
Key k
Transform 1
k0
k1
Last Round nr Transform nrknr
Cipher Text
y= AES(x)

10. Click to edit Master title style
10
Block Diagram of AES Decryption
10
Plain Text x = AES-1(y)
Key Addition Layer
Inverse Substitution Layer
Inverse Shift Rows
Inverse Mix Column Layer
Key Addition Layer
Round nr
Diffusion Layer
Transform 0
Key k
Transform 1
k0
k1
Round 1
Transform nr
knr
Cipher Text
Key Addition Layer

11. Click to edit Master title style
11
Data Structure of AES
In0 In4 In8 In12
In1 In5 In9 In13
In2 In6 In10 In14
In3 In7 In11 in15
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
O0 O4 O8 O12
O1 O5 O9 O13
O2 O6 O10 O14
O3 O7 O11 O15
Input State Array Output
k0 k4 k8 k12
k1 k5 k9 K13
k2 k6 k10 k14
k3 k7 k11 k15
w0 w1 w2
w42 w43
Key Expanded Key

12. Click to edit Master title style
12
Working Of AES
12

13. Click to edit Master title style
13
AES Round Function for rounds 1, 2, …. nr-1
A0 A2 A2 A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 A14 A15
B0 B2 B2 B3 B4 B5 B6 B7 B8 B9 B10 B11 B12 B13 B14 B15
C0 C2 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13 C14 C15
s s s s s s s s s s s s s s s s
k1
Byte Substitution
Shift Rows
Mix Columns
Key Addition

14. Click to edit Master title style
14
Byte Substitution Layer
14
• The first layer in each round.
• S(Ai) = Bi
• Ai : each byte in the state matrix.
• Bi : substituted byte.
• S : substitution function.
• S- Box is the only non-linear element of AES i.e. it holds that ByteSub(A) +
ByteSub(B) ≠ ByteSub(A+B) for two states A and B.
• S-Box substitution is bijective mapping.
• Each of 28 = 256 possible inputs elements is one-to-one mapped to one output element.
• Allows us to uniquely reverse the S-Box for decryption.
• S-Box is usually realized as a 256-by-8 bit look up table with fixed entries.
A0 A4 A8 A12
A1 A5 A9 A13
A2 A6 A10 A14
A3 A7 A11 A15
B0 B4 B8 B12
B1 B5 B9 B13
B2 B6 B10 B14
B3 B7 B11 B15

15. Click to edit Master title style
15
AES S – Box for Encryption
15

16. Click to edit Master title style
16
Inverse AES S – Box for Decryption
16

17. Click to edit Master title style
17
Computation of sub byte transformation
17
• Ex 1 : Let’s assume the input byte to the S-BOX is Ai = (C2)hex , then the substituted value is
S((C2)hex) = (25)hex
On a bit level:
S(11000010) = (00100101)
• Even though the S-Box is bijective, it does not have any fixed points i.e. there aren’t inputs values Ai
such that S(Ai) = Ai.
• Even the zero input is not a fixed point: S(00000000) = S(01100011)
• Ex 2 : Let’s assume that the input to the byte substitution layer is:
(C2,C2,C2,C2,….,C2)hex
The output state is then
(25,25,25,25,…..,25)hex

18. Click to edit Master title style
18
18
s0,0 s0,1 s0,2 s0,3
s1,0 s1,1 s1,2 s1,3
s2,0 s2,1 s2,2 s2,3
s3,0 s3,1 s3,2 s3,3
x
y
s'0,0 s'0,1 s'0,2 s'0,3
s'1,0 s'1,1 s'1,2 s'1,3
s'2,0 s'2,1 s'2,2 s'2,3
s'3,0 s'3,1 s'3,2 s'3,3
Input State matrix
S-Box
Output State matrix

19. Click to edit Master title style
19
Mathematical description of the S-BOX
19
GF(28)
inverse
Affine
mapping
Ai B’i Bi
• GF(28): Galois Field
• The function used here is Galois Field Inversion.
• B’i = Ai
-1, where Ai and B’i are considered elements in the galois field GF(28) with fixed
polynomial P(x) = x8+x4+x3+x+1.
• The inverse is obtained from a look up table of the multiplicative inverse in GF(28).
• In Affine mapping each byte B’i is multiplied by a constant bit-matrix followed by the
addition of a constant 8-bit vector.

20. Click to edit Master title style
20
Multiplicative inverse table in GF(28)
20

21. Click to edit Master title style
21
Affine Mapping
21

22. Click to edit Master title style
22
Example: S-BOX computation
22
• Ex: We assume the S-BOX input Ai = (11000010)2 = (C2)hex .
Solution:
Step 1: From look-up table (Multiplicative inverse table in GF(28)) we can see
that the inverse
Ai
-1 = B’i = (2F)hex = (00101111)2
Step 2 : We now apply the B’i bit vector as input to the affine transformation.
Bi = (00100101)2 = (25)hex
Thus, S((C2)hex) = (25)hex
• If one computes both steps for all 256 possible input elements of the S-BOX
and stores the results, one obtains the Multiplicative inverse table in GF(28).

23. Click to edit Master title style
23
Shift-Rows Sub Layer
23
• From Byte substitution layer we get the substituted byte matrix.
• Shift Rows transformation shifts:
• The second row of the state matrix by three bytes to the right.
• The third row by two bytes to the right.
• The fourth row by one byte to the right.
• The first row remains as it is.
• The purpose of the shift rows transformation is to increase diffusion properties of AES.
B0 B4 B8 B12
B1 B5 B9 B13
B2 B6 B10 B14
B3 B7 B11 B15
B0 B4 B8 B12
B5 B9 B13 B1
B10 B14 B2 B6
B15 B7 B3 B11
No shift
One position left shift
Two positions left shift
Three positions left shift

24. Click to edit Master title style
24
Mix-Column Sub Layer
24
• Linear Transformation which mixes each column of the state matrix.
• Let B be the 16 byte input state matrix and C be the 16 byte output state matrix,
Mix-Column(B) = C
• Each four byte column is considered as a vector and multiplied by a fixed 4x4 matrix.

25. Click to edit Master title style
25
Key Addition Layer
25
• The key schedule takes the original input key (of length 128,
192, or 256 bit) and derives the sub-keys used in AES.
• XOR addition of a sub-key is used both at the input and output of
AES. This process is referred to as key whitening.
• The number of sub-keys is equal to the number of rounds plus
one, due to the key needed for key whitening in the first key
addition layer.
• AES sub-keys are computed recursively, i.e. , in order to derive
sub-key ki , sub-key ki-1 must be known.

26. Click to edit Master title style
26
AES Key Schedule for 128-bit key size
26

27. Click to edit Master title style
27
Key Expansion Algorithm
27
keyExpansion(byte key[16], word[44]) {
word temp;
for(i = 0 ; i < 4 ; i++) {
w[i] = (key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]);
}
for(i = 4 ; i < 44 ; i++) {
temp = w[i - 1];
if (i mod 4 == 0)
temp = subWord(rotWord(temp)) Rcon[i/4];
w[i] = w[i - 4] temp;
}
}

28. Click to edit Master title style
28
Real World Software
Application
28

29. Click to edit Master title style
29
End To End Encryption in Chat Systems
29
• WhatsApp has now became world’s leading chat portal for end to
end users and also for groups.
• The security system which it follows is End to End
Encryption(E2EE).
• E2EE uses AES (Cipher Block Chaining(CBC) Mode) and public
key cryptography to secure the chat between two users or
among the group members.
• In this AES plays an important role to encrypt the data.
• (User1->text)->encrypted text->decrypted text->(text->User2)

30. Click to edit Master title style
30
Thank You