Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is widely used today as it is much stronger than DES and triple DES despite being harder to implement. In this article, we will cover the AES, the Working of Cipher and Encryption-Decryption methods used in it, and its applications.
What is Advanced Encryption Standard (AES)?Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure data by converting it into an unreadable format without the proper key. Developed by the National Institute of Standards and Technology (NIST), AES encryption uses various key lengths (128, 192, or 256 bits) to provide strong protection against unauthorized access. This data security measure is efficient and widely implemented in securing internet communication, protecting sensitive data, and encrypting files. AES, a cornerstone of modern cryptography, is recognized globally for its ability to keep information safe from cyber threats.
Points to Remember
AES is a Block Cipher.The key size can be 128/192/256 bits.Encrypts data in blocks of 128 bits each.That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES relies on the substitution-permutation network principle, which is performed using a series of linked operations that involve replacing and shuffling the input data.
Working of The CipherAES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.
The number of rounds depends on the key length as follows :
128-bit key – 10 rounds192-bit key – 12 rounds256-bit key – 14 roundsCreation of Round KeysA Key Schedule algorithm calculates all the round keys from the key. So the initial key is used to create many different round keys which will be used in the corresponding round of the encryption.
Creation of Round Keys (AES)
EncryptionAES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a column-major arrangement.
[ b0 | b4 | b8 | b12 || b1 | b5 | b9 | b13 || b2 | b6 | b10| b14 || b3 | b7 | b11| b15 ]Each round comprises of 4 steps :
SubBytesShiftRowsMixColumnsAdd Round KeyThe last round doesn’t have the MixColumns round.
The SubBytes does the substitution and ShiftRows and MixColumns perform the permutation in the algorithm.
Sub BytesThis step implements the substitution.
In this step, each byte is substituted by another byte. It is performed using a lookup table also called the S-box. This substitution is done in a way that a byte is never substituted by itself and also not substituted by another byte which is a compliment of the current byte. The result of this step is a 16-byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.
Shift RowsThis step is just as it sounds. Each row is shifted a particular number of times.
The first row is not shiftedThe second row is shifted once to the left.The third row is shifted twice to the left.The fourth row is shifted thrice to the left.(A left circular shift is performed.)
[ b0 | b1 | b2 | b3 ][ b0 | b1 | b2 | b3 ]| b4 | b5 | b6 | b7 |->| b5 | b6 | b7 | b4 || b8 | b9 | b10 | b11 || b10 | b11 | b8 | b9 |[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]Mix ColumnsThis step is a matrix multiplication. Each column is multiplied with a specific matrix and thus the position of each byte in the column is changed as a result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]| c1 | = | 1 2 3 1 | | b1 || c2 | | 1 1 2 3 | | b2 |[ c3 ] [ 3 1 1 2 ] [ b3 ]Add Round KeysNow the resultant output of the previous stage is XOR-ed with the corresponding round key. Here, the 16 bytes are not considered as a grid but just as 128 bits of data.
Added Round Keys (AES)
After all these rounds 128 bits of encrypted data are given back as output. This process is repeated until all the data to be encrypted undergoes this process.
DecryptionThe stages in the rounds can be easily undone as these stages have an opposite to it which when performed reverts the changes. Each 128 blocks goes through the 10,12 or 14 rounds depending on the key size.
The stages of each round of decryption are as follows :
Add round keyInverse MixColumnsShiftRowsInverse SubByteThe decryption process is the encryption process done in reverse so I will explain the steps with notable differences.
Inverse MixColumns聽This step is similar to the Mix Columns step in encryption but differs in the matrix used to carry out the operation.
Mix Columns Operation each column is mixed independent of the other.
Matrix multiplication is used. The output of this step is the matrix multiplication of the old values and a
constant matrix
[b0] = [ 14 11 13 9][ c0 ][b1]=[ 914 11 13 ][ c1 ][b2] =[ 13 914 11][ c2 ][ b3 ]=[ 11 13 914 ] [ c3 ]Inverse SubBytesInverse S-box is used as a lookup table and using which the bytes are substituted during decryption.
Function Substitute performs a byte substitution on each byte of the input word. For this purpose,
it uses an S-box.
ApplicationsAES is widely used in many applications which require secure data storage and transmission. Some common use cases include:
Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to ensure data confidentiality and prevent unauthorized access.Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This helps protect personal information, financial records, and other confidential data from unauthorized access in case of a data breach.Secure communications: AES is widely used in protocols such as internet communications, email, instant messaging, and voice/video calls. It ensures that the data remains confidential.Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and other storage media, protecting it from unauthorized access in case of loss or theft.Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the communication between a user’s device and a remote server. It ensures that data sent and received through the VPN remains private and cannot be deciphered by eavesdroppers.Secure Storage of Passwords: AES encryption is commonly employed to store passwords securely. Instead of storing plaintext passwords, the encrypted version is stored. This adds an extra layer of security and protects user credentials in case of unauthorized access to the storage.File and Disk Encryption: AES is used to encrypt files and folders on computers, external storage devices, and cloud storage. It protects sensitive data stored on devices or during data transfer to prevent unauthorized access.Conclusion聽AES instruction set is now integrated into the CPU (offers throughput of several GB/s)to improve the speed and security of applications that use AES for encryption and decryption. Even though it has been 20 years since its introduction we have failed to break the AES algorithm as it is infeasible even with the current technology. To date, the only vulnerability remains in the implementation of the algorithm.
Frequently Asked Questions on Advanced Encryption Standard (AES) -FAQsWhat is the AES Advanced Encryption Standard?The Advanced Encryption Standard (AES) is a method that uses the same key to both encrypt and decrypt data. It doesn’t just encrypt the data once; instead, it applies multiple rounds of changes, like swapping, mixing, and rearranging data, to make it much more secure and harder to break.
What is the AES encryption code?The AES encryption algorithm, also known as the Rijndael algorithm, is a type of symmetric block cipher that works with 128-bit blocks of data. It uses keys of 128, 192, or 256 bits to encrypt these blocks. After encrypting each block, it combines them to create the final encrypted message or ciphertext.
Where is AES used?The AES algorithm is commonly used in various areas, like wireless security, protecting processors, encrypting files, and securing internet connections with SSL/TLS. It’s used frequently by government agencies, businesses, and other organizations to keep sensitive data safe.
randomsapienImprovePrevious ArticleAES Full FormNext ArticleDifference between AES and DES ciphers