The document discusses the Advanced Encryption Standard (AES). It describes AES as a symmetric block cipher selected by the U.S. National Institute of Standards and Technology (NIST) in 2001 to replace the Data Encryption Standard (DES). AES uses a variable block size of 128 bits and a key size of 128, 192, or 256 bits. The cipher operates on a 4x4 column-byte state and has 10, 12, or 14 rounds depending on the key size. Each round consists of byte substitution, shift rows, mix columns, and add round key transformations.

1. AES-Advanced Encryption
Standard

2. Module-2 (Modern Symmetric Key Cryptosystems)
Symmetric key ciphers – Block vs Stream ciphers, Block cipher
components, Product ciphers, Feistel and Non-Feistel ciphers.
Data Encryption Standard (DES) – Structure, Key generation,
Design criteria,Weaknesses, Double DES,Triple DES.
Advanced Encryption Standard (AES) – Structure, Key
expansion.
Block cipher modes of operation – Electronic Codebook Mode
(ECB), Cipher Block Chaining Mode (CBC),Cipher Feedback
Mode (CFB), Output Feedback Mode (OFB), Counter Mode
(CTR).
Stream ciphers – Structure, RC4.

3. Origins
• A replacement for DES was needed.
• Solution =Triple-DES – but slow and small block size(64) with 168
bit key.
• US NIST(National institute of Standards &Technology) issued call
for ciphers in 1997.
• 15 algorithms were chosen.
• 5 were then shortlisted.
• Rijndael (RINE dahl)[named afterVincent Rijmen and Joan
Daemen) – Belgium- was selected as the AES in 2001

4. EVALUATION CRITERIA USED BY NIST FOR
SELECTING AES
Security
This refer to efforts required to Cryptanalyze an Algorithm
(Resistance to cryptanalysis), Soundness of Math,
Randomness of Output, etc.
Cost
Computational Efficiency (Speed)
Memory Requirements
Algorithm and Implementation Characteristics
Flexibility, Hardware and Software Suitability, Algorithm
Simplicity.

5. RIJNDAEL AS AES
• The RIJNDAEL PROPOSAL FOR AES DEFINED A CIPHER IN WHICHTHE
BLOCK LENGTH AND KEY LENGTH CAN BE INDEPENDENTLY
SPECIFIEDTO BE 128,192, OR 256 BITS
• THE AES SPECIFICATION USESTHE SAME 3 KEY SIZE ALTERNATIVES
BUT LIMITSTHE BLOCK LENGTHTO 128 –BITS.
• A NUMBER OF AES PARAMETERS DEPEND ONTHE KEY LENGTH
• RIJNDAEL WAS DESIGNED TO HAVETHE FOLLOWING
CHARECTERISTICS
• RESISTANCE AGAINST ALL KNOWN ATTACKS
• SPEED AND CODE COMPACTNESS ON A WIDE RANGE OF
PLATFORMS
• DESIGN SIMPLICITY.

6. AES Requirements
• Private key Symmetric Block Cipher
• Resistance against all known attacks.
• Block Size of 128-bit data(16 * 8).
• 128/192/256-bit keys can be used
• Stronger & faster thanTriple-DES

7. • AES is an S-P cipher involving N-rounds (N depends on Key-
Length).
AES has definedThreeVersions, with 10, 12, and 14 rounds.
Each version uses a different cipher key size (128, 192, or
256), but the round keys are always 128 bits.
A cycle ofAES involves One Substitution and 2 Permutation
Functions. And A Key Function.

8. General design of AES encryption cipher

9. The AES Cipher - Rijndael
• An Iterative rather than Feistel cipher
• Processes data as Block of 4 columns of 4 bytes
• Operates on entire data block in every round
• Input to Encryption and Decryption Algorithm is a
single 128 bit block.
• This block is copied into a State Array which is
modified at each stage of Encryption/Decryption.

10. Rijndael
• Data block of 4 columns of 4 bytes is called State.
• Initial 128 bit Key is expanded to Array ofWords
• (11*4bytes=44words)
• 4 different Stages are used
• Byte Substitution (S-box used on every byte)
• Shift Rows (permute bytes between groups/columns)
• Mix Columns (subs using matrix multiply of groups)
• Add Round Key (XOR state with key material)

11. Rijndael-AES

12. Overall AES Structure.
• Structure-Starts with Add Round Key followed by 9 rounds of
4 stages followed by a tenth round of 3 stages.
• Cipher begins and ends with Add round Key stage-Better
Security.
• Each Stage is easily revertible.
• Decryption Algorithm uses Keys in Reverse Order.
• AES uses Arithmetic in the Finite Field GF(2^8) with the
irreducible Polynomial m(x)=x^8+x^4+x^3+x+1.

13. AES SINGLE ROUND

14. General design of AES encryption cipher

15. Byte Substitution(S-Box)
• AES defines a 16*16 matrix of byte values called an S-Box.
• Uses one table of 16x16 bytes containing a permutation of all 256 8-
bit values.
• A simple substitution of each byte.
• Each byte of state is replaced by byte indexed by row (left 4-bits) &
column (right 4-bits).
• eg. byte {95} is replaced by byte in row 9 column 5
• which has value {2A}
• S-box constructed using defined transformation of values in GF(28).
• Designed to be resistant to all known attacks.

17. Byte Substitution

18.  Construction of S- Box

19. 

20. AES S-Box
For example, the output from S-box of 95 is 2A

21. Inverse S-box
 It is calculated by first calculating the inverse affine
transformation on the input value, followed by the multiplicative
inverse.
The inverse affine transformation is as follows


22. AES INVERSE S-Box

23. A circular Byte Shift
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
Decrypt inverts using shifts to right
Since state is processed by columns, this step
permutes bytes between the columns
Shift Rows

25. Mix Columns
• Each column is processed separately
• Each byte is replaced by a value dependent on all 4 bytes in the
column

26. MixColumns
The MixColumns transformation operates at the column
level; it transforms each column of the state to a new column.
MixColumns transformation

27. Constant matrices used by
MixColumns and InvMixColumns

28. Mix Columns
• Can express each Column as 4 Equations
• Decryption requires use of Inverse Matrix
• We need an inter byte transformation that
changes the bits inside a byte, based on the bits
inside the neighboring bytes. We need to mix
bytes to provide diffusion at the bit level.

29. Add Round Key
• XOR state with 128-bits of the round key
• Processed by column
• Inverse for decryption identical
• since XOR own inverse, with reversed keys
• AddRoundKey proceeds one column at a time.
AddRoundKey adds a round key word with each
state column matrix; the operation in
AddRoundKey is matrix addition.

30. AddRoundKey transformation
AddRoundKey proceeds one column at a time. AddRoundKey
adds a round key word with each state column matrix; the
operation in AddRoundKey is matrix addition.

31. Add Round Key

32. AES Key Expansion
• Takes 128-bit (16-byte) key and expands into array of 44 32-bit words
• Start by copying key into first 4 words
• Then loop creating words that depend on values in previous & 4 places
back
• in 3 of 4 cases just XOR these together
• 1st word in 4 has rotate + S-box + XOR round constant on previous,
before XOR 4th back
To create round keys for each round, AES uses a key-expansion
process. If the number of rounds is Nr , the key-expansion
routine creates Nr + 1 128-bit round keys from one single 128-
bit cipher key.

34. AES Key Expansion

35. Key expansion in AES

36. Key Expansion(every 4th word)
• For a word whose posn inW array is a multiple of 4.
• The Function “g” consists of the following subfns
• Rotword-one byte left shift on a word.
• SubWord-byte substitution on each byte of its input word
using the S-Box
• Result of steps 1 and 2 are XORed using a round constatnt
Rcon[j].
• Round Constant is a word in which the 3 right most bytes
are always 0.
• Round const is diff for each round and is defined as
• Rcon[j]=(RC[j],0,0,0), with RC[1]=1;RC[j]=2*RC[j-1].
• Multiplication is defined over GF(2^8).
• [ie,01,02,04,08,10,20,40,80,1B,36]

37. AES Decryption
• AES decryption is not identical to encryption since steps
done in reverse
• But can define an equivalent inverse cipher with steps as
for encryption
• but using inverses of each step
• with a different key schedule

38. AES Decryption

39. Summary
• Have considered:
• The AES selection process
• The details of Rijndael – the AES cipher
• Looked at the steps in each round
• The key expansion