Understanding AES Advanced Encryption Standard

Discussion in 'Engineering Concepts' started by sbh, Jan 24, 2011.

  1. sbh

    sbh New Member

    Jan 5, 2011
    Likes Received:
    Trophy Points:
    Database R&D
    Advanced Encryption Standard is a block cipher symmetric encryption algorithm. It is preferred to protect network communications, personal data etc using AES over DES. It encrypts or decrypts the data through several rounds.


    It is categorized under three types of key sizes – 128, 192 and 256 bits. For all these types, the block size is 128 bits but the key size varies from 128, 192 and 256 bits. The AES algorithm works by dividing the input plaintext into several fixed sized blocks of size 128 bits and then encrypting them in several rounds to produce the final encrypted cipher text. The number of rounds (10, 12, or 14) used depends on the key length, i.e. 128, 192, or 256. Each round performs a sequence of steps on the input state, which is then fed into the following round.
    For encrypting each round, a subkey is used, which is generated using a key schedule.

    How secure is AES?

    AES algorithm is almost impossible to crack. Quoting few statements from an article regarding AES "Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.”

    This gives us an excellent idea about the strength of AES standard.

    Attacks tried

    There have been many attempts to break the AES standard and highlight any possible weakness. Until May 2009, the only successful attacks against the AES were side-channel attacks on some specific implementation.

    Using Padding in encryption

    We have been talking about the block ciphers but there is a limitation with these ciphers. They operate on “equal sized blocks” of plaintext !!

    But how to divide plaintext into these blocks, say of size 128 bits, when plain text is not a multiple of 128. There would be a trouble in encrypting the last block which would not be of size 128 bits.

    Let us get introduced with padding at this stage.

    Block cipher algorithms like DES and AES require their input to be an exact multiple of the block size. If the plaintext to be encrypted is not an exact multiple, we need to pad before encrypting by adding a string. When decrypting, the receiver needs to know how to remove the padding from the decrypted cipher text.

    There are at least five conventional ways of padding -
    1. Pad with bytes all of the same value as the number of padding bytes
    2. Pad with 0x80 followed by zero bytes
    3. Pad with zeroes except make the last byte equal to the number of padding bytes
    4. Pad with zero (null) characters
    5. Pad with space characters
    Whatever padding mechanism is chosen, the receiver needs to remove the padded bytes from the decrypted text.

    We will explore, in depth, about the padding and AES implementation in future blogs, using Bouncy Castle APIs.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice