# AES Algorithm – Part 2 – 128 Bit Encryption/Decryption

Welcome to this session on AES Encryption
and Decryption. As mentioned in our “AES Keys” video, we will present the subject without
going deeper into its mathematical context. We intend to cover that part of AES, in another
video to be released shortly. Our approach is to learn by practicing. We
In that Excel workbook, we use formulae and functions that are part of MS Excel and not
“https://csrc.nist.gov/publications/fips” listed under number 197. Our Excel workbook
uses the sample cases given in Appendices -A & C of that “pdf”. It would therefore become
easy for you to follow our workings and also validate the results with that given in that
document. We recommend that you view our “AES Key Expansion”
video before continuing with this session. The link to that video is given below, in
the description part. In our “AES Key Expansion” session, we left
off after generating the Round-Keys (or the key schedule) using 128-bit, 192 Bit and 256
Bit cipher keys. In this session, we will consider 128-Bit Encryption and Decryption. The videos for 192 &256 Bit encryption would be published shortly.
We will use the “AES128-EncrDecr.xlsx” workbook and refer to Appendix-C on Page-35
of “FIPS.197.pdf”. Enter the 16-Byte plaintext given in that
“pdf”, in cell range B3:Q3 and the cipher-key in cell range B4:Q4 in “Summary” sheet. All
values are in hexadecimal. These values are split word by word and filled in appropriate
columns in cell ranges B7:E10 for plaintext and in F7:I10 for cipher key. The keys are
automatically copied to cell range B3:E6 in the “Keys” sheet and to cell range B3:E6 in
the “AES128” sheet. Cell range B5:Q5 under “your Ciphertext” is for you to use later,
if you wish to decrypt your own ciphertext. It may be ignored for now.
Let us now go to “Keys” sheet. With the Cipherkey copied from Cell range F7:I10 of the “summary”
sheet, the Round keys are automatically computed as explained in our earlier video. These are
the keys that would be used in AES Encryption/Decryption. So these values are copied from cell range
C9:F52 of this sheet to range R3:U46 of the “AES128” sheet. Please note that the key-schedule
for Decryption is copied in the reverse order, in cell range R53:U96. Let us now work on
AES encryption. AES-128 Bit encryption consists of 10 iterations.
We also have an initial XOR operation of the key with the plaintext. That makes the number
of roundkeys required to 11. Each round involves the following four steps:
1) Substitute bytes 2) Shift rows
3) Mix columns 4) Add round key. 1. Substitution Bytes: “Substitute bytes” is generally called SubBytes,
which involves substitution of every byte with the values from S-Box (this is given
in the “data”-sheet of the Workbook). These values are generally given as 16×16 lookup
table (Figure-7 on page 16 of the pdf file). We have converted this 16×16 table as a 256-rows
lookup table, so that we could use VLOOKUP function of MS-Excel. These values are not
just selected randomly but each substitution entry in the lookup table is created by using
the multiplicative inverses in GF(2^8). It is then bit scrambled using Affine Transformation,
to remove bit-level correlations inside each byte.
In our data-sheet, we have given the Galois inverse of each HEX value under cell range
AW3:AX258. The working of Affine Transformation is shown in our “data” sheet. Consider the
inverse of B2, which is “1F”. Then apply Affine Transformation and a final XOR operation. The output now becomes “37”. This is the substitution value for B2 in the S-Box. Check cell “A181”
and you will find “37” as the substitution value for “B2”. The Column “C’ gives the decryption
value. For “37”, the value that we have substituted now, the decryption value is given in cell
“C57”, which is “B2”, the value that we began our example with. So we are able to retract
the original value. This is the logic behind construction of S-Box substitution values.
Unlike DES, which had 8 S-Boxes, in AES we have only one S-Box.
2. Shift Rows: The ShiftRows transformation consists of
(i) no shifting in the first row (ii) circular shifting from second row, by
one byte to the left (iii) circular shifting from third row by
two bytes to the left (iv) circular shifting from last row by three
bytes to the left Remember, while filling the plaintext, inside
the Block, we filled each word in one column. That is, the first four bytes of the input
block fill the first column, the next four bytes in the second column and so on. Therefore,
if we shift the rows now as described above, its effect is to scramble-up the entire byte
order. 3. Mix Column:
This is a “state” with 4 rows and Nb columns, here it is 4 and the MixCols transformation
acts on each column. Each column can be treated as a polynomial b(x)=b_3x^3+b_2x^2+b_1x+b0. Ok!
And we take it that the polynomial has has a solution in a(x)={03}x^3 + {01}x^2 + {01}x + {02}. The coefficients are {03,01,01,02} , these values are given in AH1:AK4 of the
“data” sheet. For the sake of more space, we are moving to “SampleMixCols” sheet. We
have copied the shift rows and the encryption matrix. When we use this column and multiply
with this first row, we get these 4 values, we have to XOR them, that way we get the 1st
value in the MixCols. Again we use the same word and multiply with 2nd row, we get the
second value. Again we use the same word and multiply with 3rd row, we get the third value.
And we use the same word and multiply with 4th row, we get the fourth value. But before
using them, we have to do an XOR for each multiplication value. In this rows 2:5 and 14:17 are the same. The top rows contain only formulae and bottom
are actual workings. Now for the next MixCols, we take the 2nd word and do the same kind
of calculation. This is how we compute the entire MixCols for encryption. In the actual computation, we have XORed the 1st and 2nd column and got the 5th column;
then 3rd with 5th to get the 6th column; XOR of 6th with 4th gives the final value. Decryption is the same, We consider the values from the decryption part, we again take column
by column and compute MixCols but the for decryption, we use the inverse solution a^-1(x)={0b}x^3 + {0d}x^2 + {09}x + {0e}. The Decryption matrix coefficients are {0B,0D,09,0E}. These values are given in AN1:AQ4 of the “data” sheet. This is how MixCols values
are computed. For the sake of simplicity, we have expanded
the above operation in this sheet. The actual workings in “AES128″ sheet involves a compound
formula, which you may analyze and understand its implementation of this expanded operation
as given in the ” SampleMixCols ” sheet. The output is the cipher-text for the round
concerned. This cipher-text is XORed with the Round-key for the next round. This concludes
one round of operation. At the end of the tenth round, we don’t do
the MixColumn operation but only the XOR operation with the last round-key and we get our AES
cipher-text. AES Decryption
In decryption, like in DES, the keys would be used in the reverse order. Notice that
Cell Range R53:U96 points to the keys in Key-sheet in the reverse order.
In encryption we began with input state array being XORed with the first four words of the
key schedule. The same thing happens during decryption — except that now we XOR the
ciphertext state array with the last four For decryption, each round consists of the following four steps: 1) Inverse shift rows,
2) Inverse substitute bytes, 3) Add round key, and 4) Inverse mix columns. Note the
differences between the order in which substitution and shifting operations are carried out in
a decryption round vis-a-vis the order in which similar operations are carried out in
an encryption round. The third step consists of XORing the output of the previous two steps
with four words from the key schedule. The fourth step is “Inverse mix column”
operation which is the inverse of what has already been explained in Encryption.
Please note that the SubBytes() and ShiftRows() commute; which means the order of the operation
does not matter. Either you can shift and substitute or vice versa. You get the same
result. This is true for inverse operation too. This is because the “Sub” and “Shift”
order does not matter. You may experiment with the Excel sheet by shifting these two
operations. We have carried the ciphertext and the decrypted
plaintext to the “summary” sheet under cell range T3:AI3 & T4:AI4 respectively. If you wish to decrypt your own ciphertext, then enter it in cell range B5:Q5 (the encryption
key should also be entered, if it is different), set the toggle cell value to 1, then you will
get the plaintext in cell range T4:AI4. You may now experiment with various key & plaintext
to get a firm grip on the AES128 Bit Encryption/Decryption Algorithm.
Thank you! We will meet again in another session on “AES192 Bit Encryption/Decryption Algorithm”.
Bye until then!

## One thought to “AES Algorithm – Part 2 – 128 Bit Encryption/Decryption”

1. Sơn Trần Cao says:

Help! why only upper