ου γαρ εστιν κρυπτον ο ου φανερον γενησεται ουδε αποκρυφον ο ου γνωσθησεται και εις φανερον ελθη

• Description
• Algorithm
• Block diagrams
• Mathematical functions
• Implementation
AES is a modern block symmetric cipher, one of the most popular ciphers in the world. It was developed in 1997 by Vincent Rijmen and Joan Daemen, and later approved as a federal encryption standard in the United States in 2002.
Block cipher with symmetric secret key
Block length = 128 bits
Key length = 128 or 192 or 256 bits
AES is considered as a strong and secure cipher. Over last few years (mostly 2005-2010) several attacks against different AES implementations were described but generally speaking they concern just some special cases and are not considered to be a threat to the AES algorithm itself.

A secret key in AES, for both data encryption and decryption, may contain 128 or 192 or 256 bits. Based on the length of the key, a different number of encrypting cycles is performed.

## AES Encryption

During encryption, the input data (plaintext) is divided into 128-bit blocks. The blocks of data are presented as column-major matrices of size 4 bytes × 4 bytes, called states. The following operations are performed for all blocks:

## AES Key Expansion

AES uses a secret symmetric key, which contains 128, 192, or 256 bits (that is 16, 24, or 32 bytes respectively). In order to encrypt all data blocks, the key must be expanded. The new bytes are appended to the original bytes of the key:

The first bytes of the expanded key are all bytes of the original secret key. In order to create succeeding bytes of the expanded key, the following steps must be performed, with iterations numbered from 1. Steps below should be repeated until receiving a desirable number of bytes. To simplify the notation, the length (in bytes) of the original secret key (before expansion) will be denoted as n.

## AES Decryption

During decryption, the encrypted text is used as input data to the algorithm. The corresponding, inverse operations should be performed, as during encryption:

Subkeys for each iteration should be taken in the reverse order than during encryption.

## AES Performance

In order to accelerate the application, one can decide to pre-compute the functions in different rounds and replace them by simple byte substitution based on the calculated tables.

The disadvantage of this approach is that the size of the application will be much larger. It may increase from several to tens of kilobytes, depending on the size of the secret key that is used.

AES Encryption Algorithm
AES Key Expansion
In all AES operations presented below, the bytes are written in a hexadecimal notation. Each character represents four bits.
Substitution in Rijndael S-Box
In Rijndael S-Boxes every input byte is replaced by another byte. Values in S-Boxes were chosen in a way, that provides a maximum non-linearity of this transformation. Thanks to that, the whole AES encryption is non-linear.

The byte substitutions are presented in a table below. In the rows, there are specified the more significant halves of input bytes. In the columns, there are the less significant halves of input bytes. The value of the output byte may be found inside the table, at the intersection of the specified row and the column.

 x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF 0x 63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76 1x ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 2x b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 3x 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 4x 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 5x 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf 6x d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 7x 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 8x cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 9x 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db Ax e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 Bx e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 Cx ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a Dx 70 3e b5 66 48 03 f6 0e 6 1 35 57 b9 86 c1 1d 9e Ex e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df Fx 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16

For example, for an input byte 3F, the new output byte is i75.

For decryption, the Inverse Rijndael S-Boxes are used. They can be obtained from the original Rijndael S-Boxes.

 x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF 0x 52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb 1x 7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb 2x 54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e 3x 08 2e a1 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25 4x 72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92 5x 6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9d 84 6x 90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06 7x d0 2c 1e 8f ca 3f 0f 02 c1 af bd 03 01 13 8a 6b 8x 3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73 9x 96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e Ax 47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b Bx fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4 Cx 1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f Dx 60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef Ex a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61 Fx 17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d
Multiplication of columns
Each column of a state matrix is multiplied by a predefined matrix of size of 4bytes x 4bytes. The result of each multiplication is a new column which contains different 4 bytes.

Multiplication of the square matrix with the column c results in creating a new column r, with new values.

Multiplication of columns
 2 3 1 1 1 2 3 1 1 1 2 3 3 1 1 2
 x
 c0 c1 c2 c3
 =
 r0 r1 r2 r3

During decryption, an inverted matrix is used during this step:

 e b d 9 9 e b d d 9 e b b d 9 e
Rcon Operation
In each iteration of the key generation process, the first byte of the current 4-byte long temporary vector is added XOR to 2 raised to the power of number one less than the current iteration number. The Rcon operation is performed in Rijndael's finite field.

These values can be calculated in runtime or stored in a table in the application memory.

 i 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 xi 01 02 04 08 10 20 40 80 1b 36 6c d8 ab 4d 9a
Site under development.