Background

• Sometimes known as the Rijindael algorithm, or AES128
• 128 bit symmetric block cypher: takes blocks of 128 bits (16B) as input and turns them into 128 bits of encrypted output
• Key for encryption can be 128, 192, or 256 bits
  • “Symmetric” block cipher means the same key is needed for both encryption and decryption
• Based on SP (Substitution-Permutation) networks
• Note that AES is not responsible for any key exchanges, it operates under the assumption that some secret key is available to both parties already

Encryption Terminology

• Ciphertext: encrypted data
• Plaintext: unencrypted data
• Block cypher: takes a block of bits of plaintext of a certain size, and creates a mapping to ciphertext with the same sized block

Data Encryption Standard (DES)

• Precursor to AES, developed by IBM
• Used a 56-bit key, which is easy to decrypt using large supercomputers and the brute force method
  • To solve this, researchers came up with triple DES, which essentially used 3 DES keys
  • Made it harder to crack with brute force algorithms, but was also an incredibly slow method
• AES was made to be as secure as triple-DES, but much better in performance

SP Networks

• Substitution-Permutation networks are essentially a set of functions that change plaintext using two operations:

  • Substitutions, or essentially mapping bytes from an input to an output using some sort of lookup table (i.e. each input byte corresponds to some random output byte)
  • Permutations, or essentially changing the order of the bytes/bits within a sequence to add additional randomization

• The following video from Computerphile does a good job of explaining what SP networks are:

  • https://www.youtube.com/watch?v=DLjzI5dX8jc
  • In the video, they randomly come up with a lookup table (on the right)

  

  • An 8 bit number, 103, is turned into binary (01100111), and then split into 2 different 4 bit words
  • This gives the numbers 0110 = 6 in decimal, and 0111 = 7 in decimal, each of which is fed into a separate substitution block
  • Using the lookup table, these numbers are transformed into 8 (1000) and 3 (0011)
  • This number is then fed through a permutation block at the bottom, which mixes up the bits using the mapping shown in the image

• After the number goes through this “network” once, it is fed back in and repeatedly churned through for a number of “rounds”. Doing this for more rounds tends to improve the quality of the encryption

• The structure/mapping of the substitution and permutation blocks are published as a part of an encryption standard, and are reversed by the receiver during the decryption process

  • To actually add security to this mechanism, after each round, the output is XORed with a “round key”

  

  • The diagram above shows plaintext going through several rounds of the SP network. Note that the blocks of the network always have the same format every round. The key is XORed after every round

• A round key is derived from the “secret key” that both the sender and receiver have

  • The round key may be a different size from the secret key (for instance, AES128 creates 128 bit outputs from the SP network every round, yet it can use either a 128, 192, or 256 bit key)
  • The bits of the secret key are manipulated/expanded using a “key scheduler/key expansion” to match the size of the output from the SP network, yet be different for every round
  • The key expansion algorithm is a published part of an encryption standard. Once again, it is the secret key itself that actually leads to security. The encryption standard is just a way to use that key to provide security