Advanced Encryption Standard is a block cipher symmetric encryption algorithm. It is preferred to protect network communications, personal data etc using AES over DES. It encrypts or decrypts the data through several rounds.

It is categorized under three types of key sizes – 128, 192 and 256 bits. For all these types, the block size is 128 bits but the key size varies from 128, 192 and 256 bits. The AES algorithm works by dividing the input plaintext into several fixed sized blocks of size 128 bits and then encrypting them in several rounds to produce the final encrypted cipher text. The number of rounds (10, 12, or 14) used depends on the key length, i.e. 128, 192, or 256. Each round performs a sequence of steps on the input state, which is then fed into the following round.

For encrypting each round, a subkey is used, which is generated using a key schedule.

AES algorithm is almost impossible to crack. Quoting few statements from an article regarding AES "Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.”

This gives us an excellent idea about the strength of AES standard.

There have been many attempts to break the AES standard and highlight any possible weakness. Until May 2009, the only successful attacks against the AES were side-channel attacks on some specific implementation.

We have been talking about the block ciphers but there is a limitation with these ciphers. They operate on “equal sized blocks” of plaintext !!

But how to divide plaintext into these blocks, say of size 128 bits, when plain text is not a multiple of 128. There would be a trouble in encrypting the last block which would not be of size 128 bits.

Let us get introduced with padding at this stage.

Block cipher algorithms like DES and AES require their input to be an exact multiple of the block size. If the plaintext to be encrypted is not an exact multiple, we need to pad before encrypting by adding a string. When decrypting, the receiver needs to know how to remove the padding from the decrypted cipher text.

There are at least five conventional ways of padding -

We will explore, in depth, about the padding and AES implementation in future blogs, using Bouncy Castle APIs.

### Categorization

It is categorized under three types of key sizes – 128, 192 and 256 bits. For all these types, the block size is 128 bits but the key size varies from 128, 192 and 256 bits. The AES algorithm works by dividing the input plaintext into several fixed sized blocks of size 128 bits and then encrypting them in several rounds to produce the final encrypted cipher text. The number of rounds (10, 12, or 14) used depends on the key length, i.e. 128, 192, or 256. Each round performs a sequence of steps on the input state, which is then fed into the following round.

For encrypting each round, a subkey is used, which is generated using a key schedule.

### How secure is AES?

AES algorithm is almost impossible to crack. Quoting few statements from an article regarding AES "Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.”

This gives us an excellent idea about the strength of AES standard.

### Attacks tried

There have been many attempts to break the AES standard and highlight any possible weakness. Until May 2009, the only successful attacks against the AES were side-channel attacks on some specific implementation.

### Using Padding in encryption

We have been talking about the block ciphers but there is a limitation with these ciphers. They operate on “equal sized blocks” of plaintext !!

But how to divide plaintext into these blocks, say of size 128 bits, when plain text is not a multiple of 128. There would be a trouble in encrypting the last block which would not be of size 128 bits.

Let us get introduced with padding at this stage.

Block cipher algorithms like DES and AES require their input to be an exact multiple of the block size. If the plaintext to be encrypted is not an exact multiple, we need to pad before encrypting by adding a string. When decrypting, the receiver needs to know how to remove the padding from the decrypted cipher text.

There are at least five conventional ways of padding -

- Pad with bytes all of the same value as the number of padding bytes
- Pad with 0x80 followed by zero bytes
- Pad with zeroes except make the last byte equal to the number of padding bytes
- Pad with zero (null) characters
- Pad with space characters

We will explore, in depth, about the padding and AES implementation in future blogs, using Bouncy Castle APIs.