2024-10-30
Fixed-length blocks of data (so 128, 192, or 256 bits) are transformed as a series of substitutions, permutations, and mixing operations are applied to encrypt and decrypt the data. As AES encryption uses a symmetric key, the same one is used for encryption and decryption.
The process occurs in stages:
1. Key expansion. The initial key is expanded into 44, 52, or 60 32-bit words for 128, 192, and 256-bit keys. These expanded words are used in the subsequent rounds of AES encryption. The key expansion process involves generating additional round keys from the initial key.
2. Initial round. The input or plaintext block is mixed with the initial round key before proceeding to the main rounds of AES encryption.
3. Each round of AES encryption consists of four transformations:
SubBytes. Each byte in the block is replaced with its corresponding byte in a predefined substitution box designed to resist known cryptographic attacks.
ShiftRows. Bytes in each block row are shifted cyclically to the left, with different offsets for different rows. This step ensures that each column of the output state of the ShiftRows operation is composed of bytes originating from each column of the input state.
MixColumns. Each column is transformed using a matrix multiplication operation, which provides diffusion and enhances the security of AES. This operation affects all four bytes in a column together.
AddRoundKey. The resulting block is combined with the round key derived from the key schedule. This step combines the data with the key, providing diffusion.
4. Finalization. After all the main rounds, a final round is performed, including all the steps except MixColumns.
5. Output. The resulting bits are the ciphertext corresponding to the input plaintext block.
Decryption is performed with the reverse operations in the opposite order. The key schedule is used directly (not reversed) to derive the round keys for decryption.
Send your inquiry directly to us