In this lesson, we introduce Advanced Encryption Standard (AES) and its basic operation.

On October 2, 2000,

NIST selected the proposal submitted by two Belgian cryptographers,

Joan Daemen and Vincent Rijmen,

as AES standard after three years of competitions.

There is NIST report;

details, the selection process, and the result.

AES is a subset of Rijndael cipher.

It is selected from five finalists: Serpent, Twofish, MARS,

RC6 based on general security,

implementation difficulty, software performance,

smart card memory requirement, hardware performance,

and defend against power and timing analysis, and design features.

AES is a block cipher with a block size of 120 bits.

A message need to plug into the single block size, uniform block size.

It supports three different key size: 128, 192, 256 bits.

It is the current default symmetric key algorithm adopted by governments,

industry, computer platforms, library for encrypting the content.

Here, we show the AES algorithm structure using a pseudocode with 128 bit key as example.

For 128 bit key,

the number of round and iterations of

basic set operation shown inside the orange blocks is 10.

For 128 bit key operations,

the number of round will be increased to 12 for 256 bit keys operations.

The number of round is 14.

The window function take two inputs parameters.

Plaintext 128 bits equivalent to 16 byte.

Key 128 bit against 16 byte.

They produce a ciphertext as output,

which is 128 bit and also 16 byte again.

Long messages will have to be chopped by the quarter into

128 bit blocks and submitted with key to this window functions.

Inside the window function,

the first initialization steps is key expansions.

Expand_key function takes the original 128 bit key input and expand it to the 44 word.

Each word is 4 byte as output represented by the r key array here,

rk stand for round key.

The first round key rk[0] is the original key.

They are in four by four by metrics.

Rk1 contains the next four word 16 byte,

which is the first expanded key to be exclusive or with state variable,

which is four by four metrics.

At the end of the first round of operations,

similarly for rk2 to rk10.

Rk1 to rk10 are the 10 round key.

Next is copy_plaintext to state functions it copies

the plaintext output and lay out in a four by four as a state variable bio-metrics.

The state metrics is then exclusive all with rk[0],

the first round key,

originally key input as four by four metrics.

The process then iterate through 10 rounds or operations.

They are four basic operation within each round.

First, there is a substitution operation where it's by in the state metrics is substitute

with typical

AES S-box lookup table.

Second step is to rotate the row of the four by four stage

metrics each row with different numbers of byte starting with the first row zero byte,

second row one byte rotate to the left,

and then second row rotate two byte to the left.

The last row, fourth row rotate three byte to the left.

This is similar to the transposition function in

the third step except for the last round the columns are mix.

Then in the four steps the same mix is exclusive all with

the related rk round key metrics which we derived before from the current round.

The design goal of this operation is to avoid cryptanalysis while

maintain 10 simple fast operations.

Here is a AES forward S-metrics.

It has 16 by 16 there is a equivalent of inverse

as box when we do the decryptions for lookup.

The Rijndael S-box was specially designed to

be resistant to linear and differential cryptanalysis.

This was done by minimizing the correlation between linear transformation of input and

output bits and at the same time minimize the difference propagation probability.

We use the first nimble which is the first full bit of the input byte to select a row,

and we use the second nimble which is second

for bits of the input byte to select the current.

The intersections select that substituting result.

For example, the input value of Hexadecimal value 9a

is convert into the hexadecimal b8.

Finally, the State metric value is copied

back in sequence as output of cyber attacks 128 bit.

Note that the above is for encryption.

Similar process will be for the decryption process

but we'll have the reverse step of what we just described.

Starting with the XO exclusive of the last round

key then revised and mix_column,

rotate the mix_column, and then reverse

rotation overall followed by starting probably from

the last row second and the first row followed by

substitution of four by four metrics by look up the inverse S-box metrics.

After goes through the 10 rounds,

it will be exclusively always round key 0 which is the original key.

Then the resulting state four by four metric is

copied into the output 128 byte cipher text.