AES (Advanced Encryption Standard)
 Description
 Algorithm
 Block diagrams
 Mathematical functions
 Implementation
A secret key in AES, for both data encryption and decryption, may contain 128 or 192 or 256 bits. Based on the length of the key, a different number of encrypting cycles is performed.
AES Encryption
During encryption, the input data (plaintext) is divided into 128bit blocks. The blocks of data are presented as columnmajor matrices of size 4 bytes × 4 bytes, called states. The following operations are performed for all blocks:
 Preparing Subkeys: one starting subkey is created first, and later one more subkey for every subsequent cycle of encryption (see below).
 Initial Round: all bytes of data block are added to corresponding bytes of the starting subkey using XOR operation.
 A number of encrypting cycles takes place. The number of repetition depends on the length of a secret key:
 9 cycles of repetition for a 128bit key,
 11 cycles of repetition for a 192bit key,
 13 cycles of repetition for a 256bit key.
The following operations are performed during each encryption round: Each byte of the state matrix is replaced with another byte, based on a lookup table, called Rijndael's SBox. The operation is called the SB (Substitute Bytes) Operation. The construction of the lookup table guarantees that this substitution is nonlinear.
 The bytes stored in the last three rows of the state matrix are shifted to the left. Note, that the bytes in the first row are not shifted at all. The bytes in the second row are shifted by one position, in the third row by two positions, and the bytes in the fourth row are shifted by three positions to the left. The leftmost bytes in each row moves to the right side of the same row. This state is called SR (Shift Rows) Operation.
 MC (Mix Columns) Operation (the multiplication of columns): all columns are multiplied with a constant matrix of size 4 bytes × 4 bytes.
 AR (Add Round Key) Operation: adding XOR all state bytes to the subkey bytes. A new subkey is created for every encryption round. Subkeys, like states, are 16byte long.
 Final Round: the same operations are performed as in normal encryption rounds (described above), besides the multiplication of columns, which in the Final Round is omitted.
AES Key Expansion
AES uses a secret symmetric key, which contains 128, 192, or 256 bits (that is 16, 24, or 32 bytes respectively). In order to encrypt all data blocks, the key must be expanded. The new bytes are appended to the original bytes of the key:
 A 128bit key (16 bytes) is expanded to 176 bytes.
 A 192bit key (24 bytes) is expanded to 208 bytes.
 A 256bit key (32 bytes) is expanded to 240 bytes.
The first bytes of the expanded key are all bytes of the original secret key. In order to create succeeding bytes of the expanded key, the following steps must be performed, with iterations numbered from 1. Steps below should be repeated until receiving a desirable number of bytes. To simplify the notation, the length (in bytes) of the original secret key (before expansion) will be denoted as n.
 Creating next 4 bytes of the key:
 Copying 4 last bytes of the current key to a temporary 4byte vector.
 Shifting those four bytes to the left by one position. The leftmost byte should move to the rightmost position.
 Each byte in the vector should be replaced by another one, based on Rijndael's SBoxes.
 Rcon Operation: adding XOR the leftmost byte in the vector to a number 2 raised to the power number equal to (number of current iteration  1).
 Adding XOR the received 4byte vector to a 4byte block starting n bytes before the current end of the expanded key and appending the result to the end of the expanded key. At this point, four new key bytes have been created.
 Creating next 12 bytes of the key by performing the following steps three times:
 If the original key is 256 bits long, the following steps should be performed once in order to create 4 new key bytes:
 Copying 4 last bytes of the current key to a temporary 4byte vector.
 Each byte in the vector should be replaced by another one, based on Rijndael's SBoxes.
 Adding XOR the 4byte vector to a 4byte block starting n bytes before the current end of the expanded key and appending the result to the end of the expanded key.
 If the original key is 128 bits long, the following steps should be omitted. If the original key is 192 bits long, the following steps should be performed twice. If the original key is 256 bits long, the following steps should be repeated three times:
 Increasing the number of iterations by 1.
AES Decryption
During decryption, the encrypted text is used as input data to the algorithm. The corresponding, inverse operations should be performed, as during encryption:
 Inverse bytes substitution (ISB).
 Bytes shifting to the right (ISR).
 Adding XOR to a subkey (IAR).
 Inverse multiplication of columns (IMC).
Subkeys for each iteration should be taken in the reverse order than during encryption.
AES Performance
In order to accelerate the application, one can decide to precompute the functions in different rounds and replace them by simple byte substitution based on the calculated tables.
The disadvantage of this approach is that the size of the application will be much larger. It may increase from several to tens of kilobytes, depending on the size of the secret key that is used.




