AES
Finally Advanced Encryption Standard | Day-6 learnings as part of #Quantum30 QuantumComputingIndia — An August learning marathon
Topics covered: Introduction to AES, Structure of AES, Internals of AES, Decryption.
Introduction to AES
AES stands for Advanced Encryption Standard. It is a symmetric-key algorithm used for encrypting and decrypting data. Some key points about AES:
It is a block cipher that encrypts data in fixed-length groups called blocks. AES uses a 128-bit block size and supports three key lengths: 128 bits, 192 bits, and 256 bits. The longer the key, the more secure the cipher.
AES uses “rounds” of processing to encrypt the data, with different numbers of rounds for each key length:
128-bit key: 10 rounds
192-bit key: 12 rounds
256-bit key: 14 rounds
Structure of AES
AES doesn’t have feistel cipher. It encrypts all 128 bits of the datapath in 1 round.
Each round consists of 4 layers.
1) Byte substitution
2) Shiftrow
3) Mix column
4) Key addition
Note: At the beginning of AES & at the end, a subkey is added “Key Whitening”.
What happens inside the layers?
Internals of AES
Note: The 128-bit data path is split into 16 bytes.
Byte substitution or S-Box Layer
SubBytes Step: In the SubBytes step of AES, each byte of the input state matrix is replaced with a corresponding byte from the S-box. The S-box is a fixed 16x16 lookup table that performs a nonlinear substitution on each byte.
S-box Transformation: The S-box transformation is a combination of two operations: the inverse in the Galois field and a bitwise substitution. Each byte in the input is divided into two parts: the higher-order nibble (4 bits) and the lower-order nibble (4 bits).
Substitution: For each byte in the input state:
- The higher-order nibble is used as the row index in the S-box.
- The lower-order nibble is used as the column index in the S-box.
- The value in the S-box at the intersection of the row and column is the substituted value.
Galois Field Operations: The S-box is designed to provide resistance against linear and differential cryptanalysis. It is constructed using operations in a finite field (Galois field) to add a nonlinear layer of security. Galois field arithmetic involves operations like addition, multiplication, and inversion.
Inverse Operations: The inverse in the Galois field ensures that the S-box is resistant to attacks. It involves finding the multiplicative inverse of each byte value in the field. This inverse is used during the byte substitution to ensure that no simple algebraic relationship exists between input and output.
Shiftrow
The ShiftRows step in the AES encryption process involves shifting the rows of the state matrix to create diffusion and spread out the data. This step enhances the algorithm’s security by increasing the complexity of the relationship between the input and output data.
State Matrix: The input data is organized into a 4x4 state matrix, where each element represents a byte of data.
Shift Rows: In this step, each row of the state matrix is shifted to the left by a certain number of positions. The number of positions each row is shifted is determined by its row index. The shift amounts for each row are as follows:
- Row 0: No shift (0 positions)
- Row 1: Shift left by 1 position
- Row 2: Shift left by 2 positions
- Row 3: Shift left by 3 positions
The result is a transformed state matrix where the bytes in each row have been shifted according to the specified shift amounts
Effect: Shifting the rows helps to disperse the data across different columns and rows, increasing the diffusion and making patterns in the input data less recognizable in the output. This enhances the algorithm’s resistance against various types of attacks, such as linear and differential cryptanalysis.
Mix column
Mix Columns takes the 4 bytes of each column, applies a polynomial transformation and outputs 4 new bytes to form the next column. This mixes up the bytes across the column, strengthening the encryption.
MixColumns transforms each column in the AES state matrix by applying matrix multiplication in the Galois field, introducing diffusion and nonlinearity for enhanced encryption security.
Key addition
Key Addition, also known as AddRoundKey, is a fundamental step in the AES encryption process where the state matrix is combined with a round key to introduce key-specific information and enhance cryptographic security.
Decryption
Decryption in AES involves reversing the encryption process by applying the inverse of each step, including AddRoundKey, InvShiftRows, InvSubBytes, and InvmixColumns, using the round keys in reverse order.
