 Uses 128 bit block size

 Key size of either 128, 192, or 256 bits

 Has 10, 12, or 14 rounds depending on key
size used
 Finite field GF(28) is used for mathematics
involved
 We’ll look at the algorithm using 10 rounds
and 16 byte key size
 Expansion function
for key expansion
 Cipher function has
four transformations:
◦ Substitute bytes
◦ Shift rows
◦ Mix columns
◦ Add round key
 Transformations
include S-box
substitution and
matrix transforms
 Finite field is defined over polynomials
 Irreducible polynomial is: x8 + x4 + x3 + x + 1
 Addition is done modulus 2
 Multiplication is done regularly, then reduce
via irreducible polynomial if highest degree is
more than x7
 We’ve done this in class, anyone need
clarification?

 Bit rep. would be (hex): 80 * 02 = 1B

 We begin with 16 byte key (4 words)
 This is expanded to 176 bytes (44 words)
 Input key is used as the first key, then a key is
generated for each of the next 10 rounds
 Each word of a key is the XOR of the previous word
and the fourth previous word (except the first key)
 So, w[i] = w[i-1] (+) w[i-4], i >= 4

 Also; if i mod4 = 0, then we run a function

g on w[i-1] before the XOR operation

So, w[5] = w[4] (+) w[1],

So, w[4] = g(w[3]) (+) w[0],
 The function g takes a word and does a
left byte shift on the data,
 Then the word is run through a S-box
(byte level),
 And finally the S-box output is XOR’d
with a round constant
 Round constant is four bytes, the right three
are zero
 Left byte of round constant begins at (hex) 01
 Each round the constant is multiplied by 2, with
respect to our finite field
 SubBytes does a simple replacement of each
byte of the block data using an S-box
 Left four bits determine row, right four bits
determine the column
 S-box defined by affine transformation over
our finite field
 Both multiplication by matrix and addition by
a constant vector
 Byte is inversed wrt/ finite field before
transformation
 Addition of vector constant removes fixed
points from the mapping
 S: b’ = Xb (+) C
 IS: b = Yb’ (+) D
 So we need:
◦ YX=I -> Y-1 = X
◦ YC = D
 b= Y(Xb (+) C) (+) D
= YXb (+) YC (+) D
= b (+) YC (+) D
= b (+) D (+) D
= b
 In our representation block data is arranged
down columns of our matrix
 ShiftRows simply byte shifts the rows
◦ First row: no change
◦ Second row: one byte cyclical left shift
◦ Third row: two byte cyclical left shift
◦ Fourth row: three byte cyclical left shift
 THE AES IS VERY COOL

 ShiftRows is run after SubBytes, so we

wouldn’t have the plaintext as input
 MixColumns runs on each column individually
 Each byte is mapped to a new value which
depends on the value of all four of the bytes
in the column
 This is a matrix transformation; its
coefficients chosen to mix bytes the most
 As well as to favor encryption speed over
decryption speed
 The round key is XOR’d with the block of data
 The complexity of all other stages ensure
security of overall algorithm,
 And cut down on complexity needed for this
stage
 Simple example to show steps
 Values used are as given:
 Key expansion example with given values
 First four words is first key, which is given
 The rest of the keys are generated
 First few rounds of encryption
 Look at all these bytes! Awwww yeahhh!!!
 Key expansion again
 Difference of one bit
gives ‘avalanche’
effect
 Same ‘avalanche’
effect is seen with
bit difference in
plaintext
1. Stallings, William. Cryptography and Network
Security; Principles and Practices. 5th ed. Prentice
Hall, 2006/2011
2. Mao, Wenbo. Modern Cryptography: Theory and
Practice. Prentice Hall, 2003
3. Federal Information Processing Standards
Publication 197, Announcing the Advanced
Encryption Standard (AES), November 2001.