Last updated at Fri, 09 Feb 2024 20:52:22 GMT


There are many data encryption methods or standards which are available in the market. We intend to learn all of them and implement them as the need arises. Initially, they were secure but as the technology progressed over years, the security they offered was not enough to deal with growing security and data integrity threats. We will start our discussion with one of the most popular standard, Advanced Encryption Standard, AES.


The Advanced Encryption Standard (AES) is a symmetric-key square figure calculation for secure and grouped information encryption and decoding.

The National Institute of Standards (NIST) affirmed AES as Federal Information Processing Standards which indicates use of the Rijndael calculation to all touchy characterized information. Rijndael is now known to us as Advanced Encryption Standard.

Bits and Bytes of AES

AES has cryptographic key sizes of 128, 192 and 256 bits. The suffix is the AES tag which indicates the key size, for example AES-256 tells that key size is 256 bit. The configuration depends on SPN and does not utilize DES Feistel.

The AES supplanted the DES with new and refreshed components:

  • Square encryption usage.
  • 128-piece bunch encryption with 128, 192 and 256-piece key lengths.
  • Symmetric calculation requiring just a single encryption and decoding key.
  • AES Encryption/Decryption

AES works on Substitution Permutation Network (SPN). It is fast in both software (performs byte-level operations) and hardware implementations. AES operates on state, which stores the intermediate cipher result. It is a 2-D array having four rows and four columns (For AES-128). The AES cipher is obtained by running a number of transformation rounds repeatedly that convert the plaintext (original) input into ciphertext (encrypted) output. When the plaintext is required, similar steps are carried out in reverse fashion to attain the plaintext. AES practices key-alternating block ciphers.

For Encryption:
XOR operation is performed on the input state array with first four words of key schedule. Then there is sequence of rounds. Each round consists of substitution of bytes, shifting of rows, mixing of columns and adding of round keys. The number of rounds depends upon the key bits. For 128, 192, 256 bit long encryption keys; 10, 12 and 14 rounds are performed respectively.

For Decryption:
For Decryption, the steps are same but their order is altered. In decryption rounds first step is to inverse shift rows, then the inverse substitution of bytes is performed, then there is addition of round keys and lastly inversing mix columns. At the end, the output is XORed with four words from key schedule.

AES Cipher working

To understand the processing steps, imagine the 128-bit block made up of a 4×4 matrix, where each element is a byte. In this way, we have 16 bytes in the matrix. This is our input matrix. The plain text is stored here. The Cipher Key performs Key Expansion. The round keys are obtained from cipher keys using Rijndael’s key schedule. In case of 128-bit key, it is also arranged in a matrix of 4×4 bytes. This is our key matrix.

Before any encryption step can take place, bitwise XOR is performed between input array and first four words of key schedule. The result is stored in the State Array. This is our Initial Round.

After Initial Round, we have certain rounds comprising of the following steps:

SubBytes() – With the help of lookup tables, each byte is replaced with another byte through substitution method. The lookup table is known as S-box whereas, substitution is done byte-wise.

ShiftRows() – There is a cyclic shifting of rows of the state, that is done a certain number of times.

MixColumns() – This method combines the four bytes in each column of a state.

AddRoundKey() – Lastly the round key is added and the process is repeated.

At the end of this process, we achieve the ciphertext.

Except for the last round for each situation, every single other round are indistinguishable. ShiftRows() and MixColumns() both are word-level permutations. Also, for the last round Mix Columns in not performed, similarly for decryption Inverse Mix Columns is skipped.

Assaults and the Use of TLS

As a figure, AES has demonstrated dependable. The main fruitful assaults against it have been side-channel assaults on shortcomings found in the execution or key administration of certain AES-based encryption items. (Side-channel assaults don’t utilize animal constrain or hypothetical shortcomings to break a figure, but instead adventure imperfections in the way it has been actualized.) The BEAST program abuse against the TLS v1.0 convention is a decent illustration; TLS can utilize AES to scramble information, yet because of the data that TLS uncovered, aggressors figured out how to anticipate the introduction vector piece utilized toward the begin of the encryption procedure.

Different scientists have distributed assaults against lessened round forms of the Advanced Encryption Standard, and an exploration paper distributed in 2011 showed that utilizing a system called a biclique assault could recoup AES keys speedier than a savage constrain assault by a variable of in the vicinity of three and five, contingent upon the figure adaptation. Indeed, even this assault, however, does not debilitate the down to earth utilization of AES because of its high computational many-sided quality.


CISCO Support
Juniper Support