Welcome to this session on AES Encryption

and Decryption. As mentioned in our “AES Keys” video, we will present the subject without

going deeper into its mathematical context. We intend to cover that part of AES, in another

video to be released shortly. Our approach is to learn by practicing. We

therefore recommend that you download “AES128-EncrDecr.xlsx” from the link given in the description part.

In that Excel workbook, we use formulae and functions that are part of MS Excel and not

our own macros. Please also download “NIST.FIPS.197.pdf” from

“https://csrc.nist.gov/publications/fips” listed under number 197. Our Excel workbook

uses the sample cases given in Appendices -A & C of that “pdf”. It would therefore become

easy for you to follow our workings and also validate the results with that given in that

document. We recommend that you view our “AES Key Expansion”

video before continuing with this session. The link to that video is given below, in

the description part. In our “AES Key Expansion” session, we left

off after generating the Round-Keys (or the key schedule) using 128-bit, 192 Bit and 256

Bit cipher keys. In this session, we will consider 128-Bit Encryption and Decryption. The videos for 192 &256 Bit encryption would be published shortly.

We will use the “AES128-EncrDecr.xlsx” workbook and refer to Appendix-C on Page-35

of “FIPS.197.pdf”. Enter the 16-Byte plaintext given in that

“pdf”, in cell range B3:Q3 and the cipher-key in cell range B4:Q4 in “Summary” sheet. All

values are in hexadecimal. These values are split word by word and filled in appropriate

columns in cell ranges B7:E10 for plaintext and in F7:I10 for cipher key. The keys are

automatically copied to cell range B3:E6 in the “Keys” sheet and to cell range B3:E6 in

the “AES128” sheet. Cell range B5:Q5 under “your Ciphertext” is for you to use later,

if you wish to decrypt your own ciphertext. It may be ignored for now.

Let us now go to “Keys” sheet. With the Cipherkey copied from Cell range F7:I10 of the “summary”

sheet, the Round keys are automatically computed as explained in our earlier video. These are

the keys that would be used in AES Encryption/Decryption. So these values are copied from cell range

C9:F52 of this sheet to range R3:U46 of the “AES128” sheet. Please note that the key-schedule

for Decryption is copied in the reverse order, in cell range R53:U96. Let us now work on

AES encryption. AES-128 Bit encryption consists of 10 iterations.

We also have an initial XOR operation of the key with the plaintext. That makes the number

of roundkeys required to 11. Each round involves the following four steps:

1) Substitute bytes 2) Shift rows

3) Mix columns 4) Add round key. 1. Substitution Bytes: “Substitute bytes” is generally called SubBytes,

which involves substitution of every byte with the values from S-Box (this is given

in the “data”-sheet of the Workbook). These values are generally given as 16×16 lookup

table (Figure-7 on page 16 of the pdf file). We have converted this 16×16 table as a 256-rows

lookup table, so that we could use VLOOKUP function of MS-Excel. These values are not

just selected randomly but each substitution entry in the lookup table is created by using

the multiplicative inverses in GF(2^8). It is then bit scrambled using Affine Transformation,

to remove bit-level correlations inside each byte.

In our data-sheet, we have given the Galois inverse of each HEX value under cell range

AW3:AX258. The working of Affine Transformation is shown in our “data” sheet. Consider the

inverse of B2, which is “1F”. Then apply Affine Transformation and a final XOR operation. The output now becomes “37”. This is the substitution value for B2 in the S-Box. Check cell “A181”

and you will find “37” as the substitution value for “B2”. The Column “C’ gives the decryption

value. For “37”, the value that we have substituted now, the decryption value is given in cell

“C57”, which is “B2”, the value that we began our example with. So we are able to retract

the original value. This is the logic behind construction of S-Box substitution values.

Unlike DES, which had 8 S-Boxes, in AES we have only one S-Box.

2. Shift Rows: The ShiftRows transformation consists of

(i) no shifting in the first row (ii) circular shifting from second row, by

one byte to the left (iii) circular shifting from third row by

two bytes to the left (iv) circular shifting from last row by three

bytes to the left Remember, while filling the plaintext, inside

the Block, we filled each word in one column. That is, the first four bytes of the input

block fill the first column, the next four bytes in the second column and so on. Therefore,

if we shift the rows now as described above, its effect is to scramble-up the entire byte

order. 3. Mix Column:

This is a “state” with 4 rows and Nb columns, here it is 4 and the MixCols transformation

acts on each column. Each column can be treated as a polynomial b(x)=b_3x^3+b_2x^2+b_1x+b0. Ok!

And we take it that the polynomial has has a solution in a(x)={03}x^3 + {01}x^2 + {01}x + {02}. The coefficients are {03,01,01,02} , these values are given in AH1:AK4 of the

“data” sheet. For the sake of more space, we are moving to “SampleMixCols” sheet. We

have copied the shift rows and the encryption matrix. When we use this column and multiply

with this first row, we get these 4 values, we have to XOR them, that way we get the 1st

value in the MixCols. Again we use the same word and multiply with 2nd row, we get the

second value. Again we use the same word and multiply with 3rd row, we get the third value.

And we use the same word and multiply with 4th row, we get the fourth value. But before

using them, we have to do an XOR for each multiplication value. In this rows 2:5 and 14:17 are the same. The top rows contain only formulae and bottom

are actual workings. Now for the next MixCols, we take the 2nd word and do the same kind

of calculation. This is how we compute the entire MixCols for encryption. In the actual computation, we have XORed the 1st and 2nd column and got the 5th column;

then 3rd with 5th to get the 6th column; XOR of 6th with 4th gives the final value. Decryption is the same, We consider the values from the decryption part, we again take column

by column and compute MixCols but the for decryption, we use the inverse solution a^-1(x)={0b}x^3 + {0d}x^2 + {09}x + {0e}. The Decryption matrix coefficients are {0B,0D,09,0E}. These values are given in AN1:AQ4 of the “data” sheet. This is how MixCols values

are computed. For the sake of simplicity, we have expanded

the above operation in this sheet. The actual workings in “AES128″ sheet involves a compound

formula, which you may analyze and understand its implementation of this expanded operation

as given in the ” SampleMixCols ” sheet. The output is the cipher-text for the round

concerned. This cipher-text is XORed with the Round-key for the next round. This concludes

one round of operation. At the end of the tenth round, we don’t do

the MixColumn operation but only the XOR operation with the last round-key and we get our AES

cipher-text. AES Decryption

In decryption, like in DES, the keys would be used in the reverse order. Notice that

Cell Range R53:U96 points to the keys in Key-sheet in the reverse order.

In encryption we began with input state array being XORed with the first four words of the

key schedule. The same thing happens during decryption — except that now we XOR the

ciphertext state array with the last four For decryption, each round consists of the following four steps: 1) Inverse shift rows,

2) Inverse substitute bytes, 3) Add round key, and 4) Inverse mix columns. Note the

differences between the order in which substitution and shifting operations are carried out in

a decryption round vis-a-vis the order in which similar operations are carried out in

an encryption round. The third step consists of XORing the output of the previous two steps

with four words from the key schedule. The fourth step is “Inverse mix column”

operation which is the inverse of what has already been explained in Encryption.

Please note that the SubBytes() and ShiftRows() commute; which means the order of the operation

does not matter. Either you can shift and substitute or vice versa. You get the same

result. This is true for inverse operation too. This is because the “Sub” and “Shift”

order does not matter. You may experiment with the Excel sheet by shifting these two

operations. We have carried the ciphertext and the decrypted

plaintext to the “summary” sheet under cell range T3:AI3 & T4:AI4 respectively. If you wish to decrypt your own ciphertext, then enter it in cell range B5:Q5 (the encryption

key should also be entered, if it is different), set the toggle cell value to 1, then you will

get the plaintext in cell range T4:AI4. You may now experiment with various key & plaintext

to get a firm grip on the AES128 Bit Encryption/Decryption Algorithm.

Thank you! We will meet again in another session on “AES192 Bit Encryption/Decryption Algorithm”.

Bye until then!

Help! why only upper