Professional Documents
Culture Documents
What Is AES Encryption and How Does It Work
What Is AES Encryption and How Does It Work
does it work?
JOSH LAKE
October 5, 2018
Contents [hide]
1 Why was AES developed?
2 Why was this cipher chosen for AES?
3 How does AES work?
4 128 vs 192 vs 256-bit AES
5 AES security issues
6 Is AES enough?
7 Why do we need encryption?
The DES only has a 56-bit key (compared to the maximum of 256-
bit in AES, but we’ll get to that later), so as technology and cracking
methods improved, attacks against it started to become more
practical. The first DES encrypted message to be broken open was in
1997, by the DESCHALL Project in an RSA Security-sponsored
competition.
The next year, the Electronic Frontier Foundation (EFF) built a DES
cracker which could brute force a key in just over two days. In 1999,
the EFF and the internet’s first computing collective, distributed.net,
collaborated to get that time down to under 24 hours.
Their choice was a specific subset of the Rijndael block cipher, with a
fixed block-size of 128-bits and key sizes of 128, 192 and 256-bits. It
was developed by Joan Daemen and Vincent Rijmen, two
cryptographers from Belgium. In May of 2002, AES was approved to
become the US federal standard and quickly became the standard
encryption algorithm for the rest of the world as well.
Under this method of encryption, the first thing that happens is that
your plaintext (which is the information that you want to be encrypted)
is separated into blocks. The block size of AES is 128-bits, so it
separates the data into a four-by-four column of sixteen bytes (there
are eight bits in a byte and 16 x 8 = 128).
If your message was “buy me some potato chips please” the first block
looks like this:
o
b m p
e
u m o
y e t
s
a
We’ll skip the rest of the message for this example and just focus on
what happens to the first block as it is encrypted. The “…to chips
please” would normally just be added to the next block.
Key expansion
Key expansion involves taking the initial key and using it to come up
with a series of other keys for each round of the encryption process.
These new 128-bit round keys are derived with Rijndael’s key
schedule, which is essentially a simple and fast way to produce new
key ciphers. If the initial key was “keys are boring1”:
k i
e a b n
y r
o g
s r
e 1
Then each of the new keys might look something like this once
Rijndael’s key schedule has been used:
s5
14 29 1h
9f st 9f
h9
gt
2h hq 73
ks dj df
hb
Although they look like random characters (and the above example is
just made up) each of these keys is derived from a structured process
when AES encryption is actually applied. We’ll come back to what
these round keys are used for later on.
Add round key
In this step, because it is the first round, our initial key is added to the
block of our message:
o
b m p
e
u m o
y e t
s
a
k i
e a b n
y r
o g
s r
e 1
jd zu 7s
h3
s8
7d 26 2n
dj 9c
4b 9d
el
74 2h hg
Substitute bytes
jb n3 kf n2
9f jj js
1h
74 wh 0d 18
hs 17 px
d6
Shift rows
jb kf n2
n3
jj js 9f
1h
18
0d 74 wh
px hs d6
17
Mix columns
This step is a little tricky to explain. To cut out most of the maths and
simplify things, let’s just say that each column has a mathematical
equation applied to it in order to further diffuse it. Let’s say that the
operation gives us this result:
ls j4
2n ma
83 28 ke 9f
3l
9w xm m4
5b a9 cj ps
Remember those round keys we made at the start, using our initial
key and Rijndael’s key schedule? Well, this is where we start to use
them. We take the result of our mixed columns and add the first round
key that we derived:
ls j4
2n ma
83 28 ke 9f
3l
9w xm m4
5b a9 cj ps
s5
14 29 1h
9f st 9f
h9
gt
2h hq 73
ks dj df
hb
sf
9d 5b 28
ls df hf
3b
9t 8f
28 hp
62 7d 15 ah
If you thought that was it, we’re not even close. After the last round
key was added, it goes back to the byte substitution stage, where
each value is changed according to a predetermined table. Once
that’s done, it’s back to shift rows and moving each row to the left by
one, two or three spaces. Then it goes through the mix columns
equation again. After that, another round key is added.
It doesn’t stop there either. At the start, it was mentioned that AES has
key sizes of either 128, 192 or 256-bits. When a 128-bit key is used,
there are nine of these rounds. When a 192-bit key is used, there are
11. When a 256-bit key is used, there are 13. So the data goes
through the byte substitution, shift rows, mix columns and round key
steps up to thirteen times each, being altered at every stage.
Key expansion
Byte substitution
Shift rows
Mix columns
Byte substitution
Shift rows
A lot of things happen when our data is encrypted and it’s important to
understand why. Key expansion is a critical step, because it gives us
our keys for the later rounds. Otherwise, the same key would be
added in each round, which would make AES easier to crack. In the
first round, the initial key is added in order to begin the alteration of the
plain text.
The byte substitution step, where each of the data points is changed
according to a predetermined table, also performs an essential role.
It alters the data in a non-linear way, in order to apply confusion to the
information. Confusion is a process that helps to hide the relationship
between the encrypted data and the original message.
At the end of a round, a new round key that was derived from the
initial key is added. This adds greater confusion to the data.
Why are there so many rounds?
“ok23b8a0i3j 293uivnfqf98vs87a”
There have been several other theoretical attacks, but under current
technology they would still take billions of years to crack. This means
that AES itself is essentially unbreakable at the moment. Despite
this, AES can still be vulnerable if it hasn’t been implemented properly,
in what’s known as a side-channel attack.
Side-channel attacks occur when a system is leaking information.
The attacker listens in to the sound, timing information,
electromagnetic information or the power consumption in order to
gather inferences from the algorithm which can then be used to break
it.
The last weakness is more general than AES specific, but users need
to be aware that AES doesn’t automatically make their data
safe. Even AES-256 is vulnerable if an attacker can access a
user’s key. This is why AES is just one aspect of keeping data
secure. Effective password management, firewalls, virus detection and
education against social engineering attacks are just as critical in their
own ways.
Is AES enough?
In the current age, we all transmit so much of our sensitive data
online, AES has become an essential part of our security. Although
it’s been around since 2001, it’s repetitive process of adding keys,
byte substitution, shifting rows and mixing columns has proved to
stand the test of time.
Just think about all of the data you enter into your
devices: passwords, bank details, your private messages and
much more. Without any kind of encryption, this information would be
much easier for anyone to intercept, whether they be criminals, crazy
stalkers or the government.