The Paar Lectures on Introductory Cryptography

Slectures by Divya Agarwal and Katie Marsh

6.2 Internal Structure of AES


Link to video on youtube


Accompanying Notes

Overview of AES

  • AES is a block cipher
  • information is handled 128 bits at a time, divided into 16 bytes.
  • key can be 128, 192, or 256 bits long


Picture1.png

  • number of rounds depends on the key length (can be 10/12/14 rounds respectively)

Picture2.png

Rounds

Within each round of AES are different layers. The first iteration starts with a Key Addition Layer and then follows this pattern for the remaining rounds:

  • Byte Substitution Layer
  • ShiftRows Layer
  • MixColumn Layer
  • Key Addition Layer

Picture3.png

The Byte Substitution layer acts as the confusion element, and the ShiftRows and MixColumn Layers act as the diffusion element. In the final round, the MixColumn layer is omitted.

We will now examine each layer separately.

Layers

*Byte Substitution Layer (S) This layer consists of 16 identical S-box which take in 8 bits and output 8 bits. Let $ A_i $ be one byte of input. Then $ S(A_i)=B_i $

But what is the function S? First, the $ A_i^{-1} \in GF(2^8) $ is calculated. Then, an affine transformation is applied.

Picture4.png

In software, S-boxes are usually a look up table.

*ShiftRows Layer This transformation looks fairly random until we write it in a new way. First, we write the input bits in a four byte by four byte grid as follows.

$ B_0 $ $ B_4 $ $ B_8 $ $ B_{12} $
$ B_1 $ $ B_5 $ $ B_9 $ $ B_{13} $
$ B_2 $ $ B_6 $ $ B_{10} $ $ B_{14} $
$ B_3 $ $ B_7 $ $ B_{11} $ $ B_{15} $

Then we shift the second row 3 positions to the right, the third row 2 positions to the right and the fourth row 1 position to the right and achieve the following result:

$ B_0 $ $ B_4 $ $ B_8 $ $ B_{12} $
$ B_5 $ $ B_9 $ $ B_{13} $ $ B_1 $
$ B_{10} $ $ B_{14} $ $ B_2 $ $ B_6 $
$ B_{15} $ $ B_3 $ $ B_7 $ $ B_{11} $

Now $ B_0 $ remains in the same place, but $ B_1 $ goes to where $ B_13 $ was and so on.

*MixColumn Layer

The MixColumn layer takes each column in the above matrix and performs the following linear transformation.

Picture5.png

The entries in this matrix represent hexadecimal notation of elements of $ GF(2^8) $. For example, 03 represents $ (00000011) $. Recall that his represents the polynomial $ x+1 $. All arithmetic is performed in $ GF(2^8) $ as was described in the section on Galois Fields.

*Key Addition Layer The key addition layer takes a 16 byte subkey (which is derived from the key schedule) and adds it to the input mod2.



References

  • C. Paar. Understanding Cryptography. Lecture Notes. Dept. of Electr. Eng. and In­for­ma­ti­on Sci­en­ces, Ruhr University.
  • C. Paar and J. Pelzl. Understanding Cryptography. A textbook for Student and Practitioners. Springer 2010.

Questions and comments

If you have any questions, comments, etc. please post them here.


Back to 2015 Summer Cryptography Paar


Alumni Liaison

Prof. Math. Ohio State and Associate Dean
Outstanding Alumnus Purdue Math 2008

Jeff McNeal