How AES Works

This is only describes the 128-bit version, but the 192-bit and 256-bit key versions are similar.
AES is designed to work on bytes. However, each byte is interperted as a representation of the polynomial:

b7x7 + b6x6 + b5x5 + b4x4 + b3x3 + b2x2 + b1x + b0
Where each bi is either 0 or 1.

Addition and Multiplication

Addition then becomes exclusive-or, but multiplication is defined as polynomial multiplication modulo x8 + x4 + x3 + x + 1. For example 2d * a3 would be calculated as follows (remembering xy + xy = 0):

2d = 00101101 = x5 + x3 + x2 + 1
a3 = 10100011 = x7 + x5 + x + 1
2d * a3 = (x12 + x10 + x9 + x7) + (x10 + x8 + x7 + x5) + (x6 + x4 + x3 + x) + (x5 + x3 + x2 + 1)
= x12 + x9 + x8 + x6 + x4 + x2 + x + 1
- modulus * x4 = x9 + x7 + x6 + x5 + x2 + x + 1
- modulus * x = x7 + x6 + x4 + 1
2d * a3 = 11010001 = d1

Although this seems not efficient, all multiplications are by a constant, so they can be calculated in advance and turned into a simple table lookup.

Algorithm State

The 128-bit state can be represented as a 4 by 4 table of bytes. The cipher will perform various operations on this array.

Encryption Algorithm (128-bit version)

Cipher(byte in[16], byte out[16], word w[44])
begin
byte state[4,4]
state = in
AddRoundKey(state, w[0, 3])
for round = 1 step 1 to 10
SubBytes (state)
ShiftRows (state)
MixColumns (state)
AddRoundKey (state, w[round*4, (round+1)*4-1])
end for
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, w[40, 43])
out = state
end

SubBytes Routine

In this routine, each byte of the state is replaced according to the following formula:
For each bit i, set bi to bi xor b(i+4) mod 8 xor b(i+5) mod 8 xor b(i+6) mod 8 xor b(i+7) mod 8 + ci where c = 63 hex.
As with multiplication, this is usually implemented as a table lookup.

ShiftRows Routine

This routine modifies each row of the state matrix. The top row is not changed, the next row is rotated left one position, the following row two positions, and the bottom row three positions.

MixColumns Routine

This function mixes up the data in each column according to the following formulas:
• Set s0,c to 2*s0,c xor 3*s1,c xor s2,c xor s3,c
• Set s1,c to 0,c xor 2*s1,c xor 3*s2,c xor s3,c
• Set s2,c to s0,c xor s1,c xor 2*s2,c xor 3*s3,c
• Set s3,c to 3*s0,c xor s1,c xor s2,c xor 2*s3,c



AddRoundKey Routine

This function does an XOR between each column of the state and a 32-bit word from the key schedule.

Key Expansion

The key schedule w is generated in the following form:
• The first four words (w[0] through w[3]) of the key are the incoming cipher key.
• To calculate w[i] for i from 4 to 43:
o Set temp = w[i-1]
o If i = 4, 8, 12, 16, ..., 40 (multiples of 4)
 Rotate this word left one byte
 Replace each byte (using the same substitution function as SubBytes.
 Do an exclusive-or with the round constant Rcon[i]
o Set w[i] = w[i-4] xor temp

AES Decryption

Decryption basically consists of performing each of the encryption steps in reverse, using the following algorithm:
InvCipher(byte in[16], byte out[16], word w[44])])
begin
byte state[4,4]
state = in
AddRoundKey(state, w[40, 43])
for round = 9 step -1 downto 1
InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, w[round*3, (round+1)*3-1]) InvMixColumns(state)
end for
InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, w[0, 3])
out = state
end

Each of the Inv... functions is the inverse of the corresponding encryption function. InvSubBytesbecomes another table lookup, and the equations for InvMixColumns are:
• Set s0,c to 0x0e*s0,c xor 0x0b*s1,c xor 0x0d*s2,c xor 0x09*s3,c
• Set s1,c to 0x09*s0,c xor 0x0e*s1,c xor 0x0b*s2,c xor 0x0d*s3,c
• Set s2,c to 0x0d*s0,c xor 0x09*s1,c xor 0x0e*s2,c xor 0x0b*s3,c
• Set s3,c to 0x0b*s0,c xor 0x0d*s1,c xor 0x09*s2,c xor 0x0e*s3,c

The algorithm can be rewritten so it looks similar to the encryption algorithm, with a few simple modifications.

SubBytes Table

This article describes the S-box used by the Rijndael cryptographic algorithm.

The S-box is generated by determining the multiplicative inverse for a given number in Rijndael's finite field. The multiplicative inverse is then transformed using the following affine transformation:


http://en.wikipedia.org/math/5/8/e/58ede8469b65dd95dc3b5c511 e106be1.png


where [x0, ..., x7] is multiplicative inverse as a vector.


The matrix multiplication can be calculated by the following algorithm:

Store the multiplicative inverse of the input number in two 8-bit unsigned temporary variables: s and x
Rotate the value s one bit to the left; if the value of s had a high bit (eight bit from the left) of one, make the low bit of s one; otherwise the low bit of s is zero.
Exclusive or the value of x with the value of s, storing the value in x
For three more iterations, repeat steps two and three; steps two and three are done a total of four times.
The value of x will now have the result of the multiplication.
After the matrix multiplication is done, exclusive or the value by the decimal number 99 (the hexadecimal number 0x63).

This will generate the following S-box, which is represented here with hexadecimal notation:
---| 0| 1| 2| 3| 4| 5| 6| 7| 8| 9| a| b| c| d| e| f|
00 |63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76
10 |ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0
20 |b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15
30 |04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75
40 |09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84
50 |53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf
60 |d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8
70 |51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
80 |cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73
90 |60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
a0 |e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
b0 |e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
c0 |ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
d0 |70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
e0 |e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
f0 |8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16

Here the column is determined by the least significant nybble, and the row is determined by the most significant nybble. For example, the value 0x9a is converted in to 0xb8 by Rijndael's S-box.

The inverse S-box is simply the S-box run in reverse. For example, the inverse S-box of 0xdb is 0x9f. The following table represents Rijndael's inverse S-box:

---| 0| 1| 2| 3| 4| 5| 6| 7| 8| 9| a| b| c| d| e| f|
00 |52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb
10 |7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb
20 |54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e
30 |08 2e a1 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25
40 |72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92
50 |6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9d 84
60 |90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06
70 |d0 2c 1e 8f ca 3f 0f 02 c1 af bd 03 01 13 8a 6b
80 |3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73
90 |96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e
a0 |47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b
b0 |fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4
c0 |1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f
d0 |60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef
e0 |a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61
f0 |17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d


More Info HERE (http://en.wikipedia.org/wiki/AES)



Best Regards,
urmans.

How AES Works in .pdf

Learn more about AES

The software is DEMO Version
if you like it you buy it



Best Regards,
urmans.

Hmmmmm. Interesting things. I may look a bit closer to all this