The Advanced Encryption Standard (AES)
Encryption and Decryption
Encryption is the process of converting plaintext to encrypted text. Since encrypted text cannot be read by anyone, encrypted text hides the original data from unauthorized users. Decryption is the process of converting encrypted data to plaintext. Basically, it is the reverse of encryption. It is used to decrypt the encrypted data so that only an authorized user can access and read the data. The process entailing encryption and decryption together is called cryptography.
Private and Public Keys in Cryptography
A key is a bit valued string which is used to convert the plaintext into cipher text and vice-versa. A key can be a word, number or phrase. Cryptography makes use of public and private keys. A public key is issued publicly by the organization and it is used by the end user to encrypt the data. The encrypted data, once received by the organization, is decrypted by using a private key and the data is converted to plaintext.
Encryption Types – Cryptography uses symmetric and asymmetric encryption for encryption and decryption of data. If the sender and the recipient of the data use the same key to encrypt and decrypt the data, it’s called symmetric encryption and if the keys are different for encryption and decryption then its asymmetric encryption.
Now the basics are clear, let’s focus on the Advanced Encryption Standard (AES) algorithm in this post.
Advanced Encryption Standard – Advanced Encryption Standard short formed as AES falls under Symmetric Encryption category. Thus, in AES the sender and the recipient of the data uses the same key to encrypt and decrypt the data. AES is a FIPS-approved symmetric algorithm that can be used for protecting the data and maintaining confidentiality and integrity of the data.
Since AES is a Symmetric algorithm it encrypts data in blocks where the size of each block is 128 bits. The key used by the AES algorithm can be 128, 192 or 256 bits in length.
AES Operation and Working
In this section we will understand how AES operates over blocks of different sizes and in the next section we will see how encryption takes place
AES divides data into blocks of 16 bytes and applies the same operation on each block of the same length. Thus, AES operation is iterative in nature.
AES consists of a series of operations which are linked to each other. Few operations involve replacement of specific input with specific output (substitutions) and few involve shuffling of bits around (permutations). Thus, AES is based on a “substitution permutation” network.
Encryption in AES – Let’s understand how encryption works in AES. Encryption in AES takes place in 4 stages. They are as follows –
- Byte Substitution – AES uses Rijndael S-box as a lookup table in this step. The input 16 bytes are substituted as per the lookup table which results in a matrix of 4 rows and 4 columns.
- Shiftrows – In this step, each row obtained from the first step is shifted to the left. Shifting takes place as follows –
- No change is made to 1st row and it is not shifted
- 2nd row is shifted 1 byte to the left
- 3rd row is shifted 2 bytes to the left
- 4th row is shifted 3 bytes to the left
This results in a new matrix of 16 bytes shifted with respect to each other.
- MixColumns – In this step, operation is performed on columns where each column is transformed based on a special function. The function takes 4 bytes of each column and outputs 4 new bytes changing the original column completely. This step is not performed in the last round.
- Addroundkey – 16 bytes (128 bits) from the above matrix is XORed with the round key of 128 bits. This process is continued until the last round. The output of the first round is passed on to the next round until it reaches the last round and the output of the last round is the cipher text.
Decryption in AES – Decryption in AES is the exact reverse process of Encryption.
Steps are as follows –
- Add round key
- Mix columns
- Shift rows
- Byte substitution
AES is a widely used and adopted symmetric key algorithm in the real world in both hardware and software. Also, till date since no practical cryptanalytics attacks has been discovered, this makes AES more fit to be used in the corporate environment.