(Very) Basic intro to AES-256 Cipher

Lane Wagner
Jun 11, 2019 · 5 min read

This was originally published on: https://qvault.io/2020/01/02/very-basic-intro-to-aes-256-cipher/

AES stands for “Advanced Encryption Standard” and is a specification that has selected the Rijndael cipher as its symmetric key ciphering algorithm. Using AES, a message can be encrypted with a key (like a password) and no one except the key holder can decrypt the message. This is useful for many reasons, but a good example is a password manager that encrypts all of the user’s passwords using one master password. This is how Qvault, a free and open-source password manager operates.

Symmetric Encryption vs Asymmetric Encryption

Image for post
Image for post
https://learn.g2.com/what-is-encryption

As shown above, symmetric encryption uses the same key for encryption and decryption and asymmetric encryption uses different keys.

Asymmetric encryption is preferred when you want someone to be able to send you encrypted data, but you don’t want to give them your private key.

Symmetric encryption is preferred when you are encrypting only for yourself.

Image for post
Image for post
Kullabs

AES-256 Secret Key

The secret key used in AES-256 must be 256 bits long. In order to use a password or passphrase as the key, a hashing algorithm can be used to extend the length.

The shorter the password or passphrase, the easier it is for an attacker to decrypt the data by guessing passwords, hashing them, and attempting to decrypt the message. In order to mitigate this threat, some applications enforce safeguards.

In the case of Qvault, the master password is hashed using the scrypt algorithm in order to produced the private key. Scrypt is a very slow password-based key derivation function (similar properties to a hashing algorithm), which slows down attacks. Qvault also requires that passwords are at least 12 characters long, or encourages that users use a passphrase instead.

Image for post
Image for post
https://xkcd.com/936/

Rijndael Encryption Process (Simplified)

  1. Choose a password, then derive a short key from that password (using a function like Scrypt or SHA-256). This short key will then be expanded using a key schedule to get separate “round keys” for each round of AES-256.

password: password12345678 →

short key: aafeeba6959ebeeb96519d5dcf0bcc069f81e4bb56c246d04872db92666e6d4b →

first round key: a567fb105ffd90cb

Deriving the round keys from the short key is out of the scope of this article. The important thing for us to understand is that a password is converted into round keys which are used in the AES ciphering process.

2. Choose a secret message:

Here is a secret

3. Encode the first round key and message in hexadecimal bytes and format them in 4x4 tables (top to bottom, left to right):

First Round Key:

61 66 35 39

35 62 66 30

36 31 66 63

37 30 64 62

Message:

48 20 61 63

65 69 20 72

72 73 73 65

65 20 65 74

4. Add the round key to the message (XOR). The corresponding cells in the message and key tables are added together. The output matrix will be used in the next step.

61 ⊕ 48 = 29

35 ⊕ 65 = 50

…etc

29 46 54 5a

50 0b 46 42

44 42 15 06

52 10 01 16

5. In the resulting table, use the substitution box to change each 2-character byte to its corresponding byte:

Image for post
Image for post
https://www.researchgate.net/figure/Rijndael-S-box-S-RD_fig7_325428613

a5 5a 20 be

53 2b 5a 2c

1b 2c 59 6f

00 7c 7c 47

6. Shift rows. The first row doesn’t shift, the second row shifts once, the third row twice, and the last row 3 times.

a5 5a 20 be

53 2b 5a 2c → 2b 5a 2c 53

1b 2c 59 6f → 2c 59 6f 1b → 59 6f 1b 2c

00 7c 7c 47 → 7c 7c 47 00 → 7c 47 00 7c → 47 00 7c 7c

a5 5a 20 be

2b 5a 2c 53

59 6f 1b 2c

47 00 7c 7c

7. Mix Columns. Each column is modulo multiplied by the Rijndael’s Galois Field. The math involved is outside the scope of this article, so I won’t be including the example output matrix.

Image for post
Image for post
https://www.commonlounge.com/discussion/e32fdd267aaa4240a4464723bc74d0a5

8. The output of the multiplication is used as the input “message” in the next round of AES. Each step is repeated 10 or more times in total, with one extra “add key” step at the end. Each round of “Add key” will use a new round key, but each new round key is still derived from the same password and short key.

  • Add key
  • Substitute bytes
  • Shift rows
  • Multiply columns

Thats it! /s

Obviously the Rijndael cipher used in AES is fairly complex but I hope I’ve been able to shed light on a high level view of what goes on inside! Thanks for reading.

Be sure to checkout Qvault, its an open source password manager that uses AES-256 as the cipher.

Sources

https://www.youtube.com/watch?v=gP4PqVGudtg

Get Best Software Deals Directly In Your Inbox

Image for post
Image for post

Coinmonks

Coinmonks is a non-profit Crypto educational publication.

Sign up for Coinmonks

By Coinmonks

A newsletter that brings you week's best crypto and blockchain stories and trending news directly in your inbox, by CoinCodeCap.com Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Lane Wagner

Written by

Computer scientist, libertarian, atheist and founder of https://qvault.io

Coinmonks

Coinmonks

Coinmonks is a non-profit Crypto educational publication. Follow us on Twitter @coinmonks Our other project — https://coincodecap.com

Lane Wagner

Written by

Computer scientist, libertarian, atheist and founder of https://qvault.io

Coinmonks

Coinmonks

Coinmonks is a non-profit Crypto educational publication. Follow us on Twitter @coinmonks Our other project — https://coincodecap.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store