Advanced Encryption Standard (AES)
What is Encryption?
In cryptography, encryption is a way to convert data into secret data so that nobody can understand that except those with encryption keys.
There are various algorithms for encrypting the data, and AES is one of them, which is considered to be a very secure and fast algorithm available.
The secret converted data by the encryption is called cipher-text.
When encrypted data reaches its destination, it is decrypted by the decryption key. For various algorithms, encryption and decryption keys are different, but in AES, the same key is used for encryption and decryption. This is also called a symmetric key.
In 2001, the National Institute of Standards and Technology (NIST) established the AES algorithm.
As we know, data size can vary from KBs to GBs, so AES breaks the data into specified size blocks and then converts that block into encrypted data, and then it is transferred to the destination point.
The block size in AES is 128 bits or 16 bytes.
There are different numbers of rounds in the AES algorithm for encrypting one block of data and based on the number of different rounds, there are different sizes of keys used.
- If there are 10 rounds, then a 128-bit key is used. It is also called the AES-128 version.
- If there are 12 rounds, then a 192-bit key is used. It is also called the AES-192 version.
- If there are 14 rounds, then a 256-bit key is used. It is also called the AES-256 version.
In each block, there is a key expansion algorithm that expands the key into more number of bits to encrypt the data for different rounds.
- If there are 10 rounds, then the key is expanded into 44 words.
- If there are 12 rounds, then the key is expanded into 52 words.
- If there are 14 rounds, the key is expanded into 60 words.
Upper 4 words are always used in the Pre-round transformation (w0 to w3), and later at each round, 4 words are used in the AddRoundKey step.
As we have discussed, there is 128-bit data or 16-byte data in a block, so this data will be available in the form of a 4X4 matrix where each block of the matrix represents one byte of data. This matrix is called a state. After each stage, this state is updated.
By key expansion algorithm, if there are 10 rounds, the key is expanded into 44 words.
Before each round, there is a pre-round transformation where the state matrix is bitwise xor with 4 words of the key.
At each round, there are 4 steps:
1. SubBytes
In this stage, there is an s- block of 16X16 size where hexadecimal values are written. Each byte of state represents the row and column, and the value at that row and column in S-block is written back in that particular byte of state.
Suppose, there is a value 00010101 in the one-byte block of the state matrix, then the upper half byte will represent. So, the row number will be 1, and the column number will be 5.
So, in the S-block, the value at the (1,5) position will be written into the state matrix’s that particular byte.
2. ShiftRows
In this stage, the rows of the state matrix are shifted left by some bytes.
- The 0th row is not shifted.
- The 1st row is shifted 1 byte left.
- The 2nd row is shifted left 2 bytes.
- The 3rd row is shifted left by 3 bytes.
3. MixColumns
In this stage, every column of the state matrix is multiplied by a constant matrix of size 4X4. So there are changes in the values of the state matrix.
4. Add Round Key
Now in this stage, the state matrix is XORed with 4-word keys of that round.
So these 4 steps are followed in this order for a round, and the output of this round world is input for the next round. If there is the last round, then the matrixColumns step is skipped, and the output is said as encrypted text.
If we talk about the decryption, the same steps are followed but in the reverse order.
For each round, the steps are:
- Add round keys
- MixColumns
- shiftRows
- SubBytes
In the sub bytes, an inverse S-block is used to write back the value in the state matrix.
In the mix columns, there is a different matrix used to get back the values in the state matrix.