AES Basics¶

AES (Advanced Encryption Standard) is a symmetric encryption algorithm. It is a block cipher that encrypts data in blocks of 128 bits. The key size can be 128, 192, or 256 bits. The block size is always 128 bits.

Idea behind AES is to use a key to encrypt and decrypt data. The same key is used for both encryption and decryption. The key is kept secret and is shared between the sender and receiver.

AES Modes of Operation¶

AES has several modes of operation. The most common modes are:

ECB (Electronic Codebook)
CBC (Cipher Block Chaining)
CFB (Cipher Feedback)
OFB (Output Feedback)
CTR (Counter)

You can check other modes of operation here.

Pure AES¶

AES is a block cipher. It can only encrypt data in blocks of 128 bits. If you have data that is not a multiple of 128 bits, you need to pad the data to make it a multiple of 128 bits. The most common padding scheme is PKCS7.

Padding¶

Pure AES has no built-in mechanism to handle padding. You need to handle padding yourself. The most common padding scheme is PKCS7.

PKCS7 padding works as follows:

Calculate the number of bytes required to make the data a multiple of 128 bits.
Add that number of bytes to the data. Each byte will have the value of the number of bytes added.

As an example, let's say you have the following data:

Hello, World!

The data is 13 bytes long. To make it a multiple of 128 bits, you need to add 3 bytes. The data after padding will look like this:

Hello, World!\x03\x03\x03

AES in Depth¶

AES

AES is a complex algorithm. It has several steps that it performs to encrypt and decrypt data. The steps are:

Key Expansion
Mixing Columns
SubBytes
ShiftRows
AddRoundKey

Check this video for a better understanding of the AES algorithm:

Key Expansion¶

Key expansion is the process of expanding the key to generate the round keys. The round keys are used in the encryption and decryption process.

The key expansion process is as follows:

The first round key is the original key.
The next round keys are generated by applying the key schedule to the previous round key.

The key schedule is a series of transformations that are applied to the previous round key to generate the next round key.

Mixing Columns¶

Mixing columns is a step in the encryption and decryption process. It is a linear transformation that operates on the columns of the state matrix.

The mixing columns transformation is as follows:

Each column of the state matrix is multiplied by a fixed matrix.
The result is XORed with the original column.

The mixing columns transformation is used to provide diffusion in the state matrix.

SubBytes¶

SubBytes is a step in the encryption and decryption process. It is a non-linear transformation that operates on the bytes of the state matrix, which makes AES linear-cryptanalysis resistant. Vice versa, it is also the weakest part of the AES algorithm if the S-box is not secure.

The SubBytes transformation is as follows:

Each byte of the state matrix is replaced with a byte from the S-box.
The S-box is a 16x16 table that maps each byte to another byte.

The SubBytes transformation is used to provide confusion in the state matrix.

ShiftRows¶

ShiftRows is a step in the encryption and decryption process. It is a linear transformation that operates on the rows of the state matrix.

The ShiftRows transformation is as follows:

Each row of the state matrix is shifted to the left by a fixed number of bytes.
The number of bytes each row is shifted is determined by the row number.

The ShiftRows transformation is used to provide diffusion in the state matrix.

AddRoundKey¶

AddRoundKey is a step in the encryption and decryption process. It is a bitwise XOR operation that operates on the state matrix and the round key.

The AddRoundKey transformation is as follows:

Each byte of the state matrix is XORed with the corresponding byte of the round key.
The round key is derived from the original key using the key schedule.

The AddRoundKey transformation is used to provide confusion in the state matrix.