ADVANCE ENCRYPTION STANDARD

Hi 

                        ADVANCED ENCRYPTION STANDARD ALGORITHM

            The increasing need for protecting data communication in computer networks has led to development of several cryptography algorithms. The Advanced Encryption  Standard (AES) is a computer security standard issued by the National Institute of Standards and Technology (NIST) intended for protecting electronic data. Its specification is defined in Federal Information Processing Standards (FIPS) Publication 197.

Features of AES algorithm

·        The AES cryptography algorithm can be used to encrypt/decrypt blocks of 128 bits and is capable of using cipher keys of 128, 196 or 256 bits wide (AES128, AES196, and AES256).

·        Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Except for the last round in each case, all other rounds are identical. Each round of processing includes one single-byte based substitution step, a row-wise permutation step, a column-wise mixing step, and the addition of the round key.

·        The order in which these four steps are executed is different for encryption and decryption.

·        A 128-bit block as consisting of a 4 × 4 matrix of bytes, arranged as follows

Therefore, the first four bytes of a 128-bit input block occupy the first column in the 4 × 4 matrix of bytes. The next four bytes occupy the second column, and so on.

·        The 4 × 4 matrix of bytes is referred to as the state array.

·        AES also has the notion of a word. A word consists of four bytes, that is 32 bits. Therefore, each column of the state array is a word, as is each row.

·        Each round of processing works on the input state array and produces an output state array.

·        The output state array produced by the last round is rearranged into a 128-bit output block.

·        AES is a subset and slightly modified form of Rijndael algorithm.

·        AES requires the block size to be 128 bits, the original Rijndael cipher works with any block size  that is a multiple of 32 as long as it exceeds 128. The state array for the different block sizes still has only four rows in the Rijndael cipher.

The Encryption Key and its Expansion

·        Assuming a 128-bit key, the key is also arranged in the form of a matrix of 4 × 4 bytes. As with the input block, the first word from the key fills the first column of the matrix, and so on.

·        The four column words of the key matrix are expanded into a schedule of 44 words. Each round consumes four words from the key schedule.

·        The figure below depicts the arrangement of the encryption key in the form of 4-byte words and the expansion of the key into a key schedule consisting of 44 4-byte words.

                        Expansion of encryption into 44- 4 Byte word

Complete Structure of AES

·        The number of rounds are 10, is for the case when the encryption key is 128 bit long.

·        Before any round-based processing for encryption can begin, the input state array is do ne XOR with the first four words of the key schedule. The same thing happens during decryption — except that now we XOR the ciphertext state array with the last four words of the key schedule.

·        For encryption, each round consists of the following four steps

            1) Substitute bytes

                        This step consists of using a 16 × 16 lookup table to find a        replacement                             byte for a given byte in the input state array. The entries in the lookup table                are created by using the notions of multiplicative inverses in GF (28) and bit                        scrambling to destroy the bit-level correlations inside each byte.

            2) Shift rows

                        For shifting the rows of the state array during the forward process

            3) Mix columns

                        For mixing up of the bytes in each column separately during the forward                                     process

            4) Add round key.

                        For adding the round key to the output of the previous step during the                            forward process

·        The last step consists of XOR the output of the previous three steps with four words from the key schedule.

·        For decryption, each round consists of the following four steps

            1) Inverse shift rows

            2) Inverse substitute bytes

            3) Add round key        

            4) Inverse mix columns.

·        The third step consists of XOR the output of the previous two steps with four words from the key schedule.

·        The last round for encryption does not involve the “Mix columns” step. The last round for decryption does not involve the “Inverse mix columns” step.

 Thank You