Home
Partner Content
Solution

Introduction to AES Encryption

Date2025-01-27

1. Introduction to AES Encryption

AES (Advanced Encryption Standard) is a symmetric encryption algorithm, which means that the same key is used for both encryption and decryption. It is widely used for data encryption and information security protection. It was officially published by the National Institute of Standards and Technology (NIST) in 2001, replacing the previous DES (Data Encryption Standard).

2. Classification of AES

Name AES-128 AES-196 AES-256
Plaintext Block Length / bits 128 128 128
Key Length / bits 128 196 256
Number of Rounds 10 12 14
 
      AES supports different key lengths of 128 bits, 192 bits, and 256 bits. The longer the key length, the higher the encryption security, but the computational complexity will also increase accordingly. In practical applications, the appropriate key length needs to be chosen based on security requirements and computational resources. For example, for general commercial applications, a 128-bit key usually provides sufficient security; while for scenarios with extremely high security requirements, such as military and financial fields, a 256-bit key may be chosen. The following text mainly introduces AES-128.
 
3. AES Encryption and Decryption Process
 
Encryption:
  1. Plaintext block — 128 bits. The input to the encryption and decryption algorithm is a 128-bit block. These blocks are represented as a 4×4 byte matrix, which is copied into a 16-byte array and modified at each stage of encryption and decryption.
  2. Key expansion — w[0, 3] to w[40, 43], which will be represented as k0 to k10, a total of 11 ks. The specific steps of key expansion will be described in Chapter 6.
  3. Initial transformation of the 0th round iteration — Plaintext ⊕ K0.
  4. 9 rounds of iteration, each round includes 4 steps — Byte substitution, row shifting, column mixing, and round key addition.
  5. The 10th round iteration, only 3 steps — Byte substitution, row transformation, and round key addition.
 

      The process of one round of iteration is as follows:
      Byte substitution, row shifting, column mixing, and round key addition:

 

      Multi-round iteration process:
 
 
Decryption:
  1. Ciphertext block — 128 bits.
  2. Ciphertext ⊕ K10 (corresponding to the initial transformation).
  3. 9 rounds of iteration — Inverse row shifting, inverse byte substitution, round key addition, inverse column mixing.
  4. Iteration 10 —— Inverse Shift Rows, Inverse Byte Substitution, Add Round Key.
Four. Four Major Stages of AES Encryption and Decryption

  1. Byte Substitution

      Method:
      Perform byte substitution using the S-box.
      S-box:
      The S-box of AES is defined separately and is a 16 * 16 byte matrix.
      Specific Process:
      A plaintext block consists of 16 bytes (128 bits), arranged in 4 rows of 4 bytes each (also known as 1 word). For example, S(0,0), S(0,1), …, S(3,3) are replaced byte by byte.
      Since a hexadecimal number is 4 bits, 1 byte (8 bits) can represent 2 hexadecimal numbers. For example, S(1,1) in the above image.
      Lookup: The byte in S(1,1), which consists of two hexadecimal numbers, uses the high part (left side) as the X input (which row); and the low part as the Y input (which column).

 
      Example:
      1. {86} is mapped to {44}.
      2. {B4} is mapped to {8D}.

      【The numbers in curly braces are hexadecimal】

 
      The generation of the S-box and inverse S-box will be described in Chapter 5.

  1. Shift Rows

      The first row remains unchanged; the second row shifts left by one position; the third row shifts left by two positions; the fourth row shifts left by three positions.
      Inverse Transformation:
      The first row remains unchanged; the second row shifts right by one position; the third row shifts right by two positions; the fourth row shifts right by three positions.

  1. Column Mixing

      Each column is multiplied by this matrix on the left, resulting in column vectors that are then placed back in their original positions.
      Inverse Column Mixing:
      Multiply by the inverse of the above matrix on the left.
 

  1. Add Round Key

  • This stage is the only step in encryption/decryption that involves the key.
      Operation: Bitwise XOR.
      Inverse Add Round Key:
      The operation is the same as Add Round Key, because the XOR operation is its own inverse.
 
Five. Generation of S-box and Inverse S-box
 
      S-box Construction:
  1. Initialization: Construct a 16*16 S-box. Set the initial value at position (y, x) to {yx}.
  2. Find the inverse of {yx} in GF(2^8). 【For finding the inverse, refer to: Euclidean algorithm, Extended Euclidean algorithm (Euclid), and how to find the inverse of AES's S-BOX - CSDN Blog
  3. Transform the result matrix from step 2 (invertible).
  4. Convert the column vector (binary number) to bytes (hexadecimal number) and fill it into (y, x).
      The matrix operation is shown in the figure, note: b7 to b0 is arranged in reverse order from bottom to top:

 

      For example:
  1. Take input {95}
  2. The inverse of {95} is {8A}={10001010}
  3. M * [0 1 0 1 0 0 0 1](T) + [1 1 0 0 0 1 1 0](T)
  4. The result converted to hexadecimal equals {2A}
      Construction of the Inverse S-box:
  1. Convert the byte to a column vector
  2. XOR the result from step 1 and apply the inverse matrix transformation
  3. Convert the column vector back to a byte
  4. Find the inverse of {yx} in GF(2^8)
  5. Fill in the corresponding position in the inverse S-box
Six. Key Expansion
  • AES-128 uses a 10-round encryption process. Each round requires a round key.
  • In addition to these 10 rounds, there is an initial round where the original key is used. Therefore, a total of 11 round keys are needed.
      The key expansion algorithm takes a 16-byte input and outputs 16 * 11 = 176 bytes. W represents a column of K (4 bytes)
  1. The input key is directly copied to W0 to W3.
  2. The last W of each row, such as W3, is processed through the g function to become W '.
  3. W4n = W ’ ⊕ W4n-4, [ n = 1,2,3…10 ], (the first W of each row).
  4. Wm = Wm-1 ⊕ Wm-4, [ m ≠ 4n ], XOR the above with the left, (the last three W of each row).
  5. Repeat steps 3 and 4 until W43 is computed. [ Because 44/4 = 11 groups of subkeys ] [11 = 1+9+1]
  6. Output.
      g function:

      K contains 128 bits of data, W contains 32 bits (4 bytes) of data. Denote these 4 bytes as B(0), B(1), B(2), B(3)
  1. B is cyclically left-shifted by one position.
  2. Each of the four B's is replaced using the S-box. (Same as the S-box in the first stage of encryption byte substitution)
  3. XOR with the round constant Rcon[ j ]. (To eliminate symmetry)
  4. Output.
 
 
Seven. IV Vector
 
        IV (Initialization Vector):
      The purpose of IV is to provide a random or pseudo-random input value used in block cipher modes (such as CBC, CFB, OFB, etc.). It ensures that the same plaintext produces different ciphertexts during encryption, thereby enhancing the security of the encryption.
      Characteristics: IV is typically a fixed-length random number, with a length equal to the block size of the encryption algorithm (for example, for AES, the IV length is 128 bits, or 16 bytes).
      During the encryption process, the IV is usually combined with the first block of plaintext in some form (such as XOR) to produce the first ciphertext block. Subsequent blocks depend on the previous ciphertext block. The IV does not need to be kept secret, but it must be different for each encryption to prevent pattern analysis attacks.
 
Eight. Appendix
  2. "Cryptography and Network Security Principles and Practice"

★All content is provided by individuals and is unrelated to the platform. For any legal or infringement issues, please contact the Tech Highlights Exclusive Email