AES Explained (Advanced Encryption Standard)

In this post we are going to delve into AES (Advanced Encryption Standard). We will cover everything from what’s good about it, how it works, and why it was judged “good enough” to the Standard for encryption.

How AES Works

This is going to be a bit of a rough ride if this is your first introduction to how encryption works down at a bit level. But hold on and I promise in time it will make more sense the more you read it. AES is a 128-bit symmetric block cipher. This means it takes 128 bits of a message and it encrypts it into 128 bits of ciphertext with a key. The key can either be 128, 192, or 256 bits and that gives you just varying amounts of security. And if you are thinking that 128 is weak it is only when compared to its 256 counterpart. Based off of other encryptions the 128 is still very secure.

So don’t worry about it if you find your browser is using the 128 bit version, theses were specified as part of the AES standard. Alright lets get right into it we’re going to be doing some amount of substitution or bringing in some confusion and some amount of permutation. Moving things around to add diffusion. You don’t want just like the Enigma machine to have one byte in one byte out because that would make it easier to analyze and proven historically to be the case. In stead of having a long line of bits or bytes like most ciphers might arrange things AES lies to arrange things in a grid. Making it a block cypher, which takes chunks at a time and encrypts them.

The grid that AES uses 4×4 grid of 428 bits (16 bytes). So we can have a message which is 128 bit as a 4×4 grid starting with byte 00 at the top left and filling the grid top to bottom left to right it will come out looking like the example bellow.

So using this example we’re going to start doing our SP network we’re going to substitute bytes and then transform them into some way where an attacker can’t read what the message used to be. There are a few different operations that AES will do. But remember everything in AES happens on the 4×4 grid described above. We are going to be diving into more depth but here is the main work flow of AES

• Plaintext
• Preform XOR using key and plaintext
• Entering into rounds
  • Substitute Bytes
  • Row Shifting
  • Column Mixing
  • Add round key

The most interesting thing at first glance is going to be the rounds. This is where the different bits we talked about comes into play. They are the determining factor of how many rounds you have. 128 bit key has 10 rounds, 192 bit key has 12 rounds, and the 256 bit key has 14 rounds. I’m not going to go into details about the key schedule as its effect is just meant to be fast. Basically with AES is just takes your shorter key and expands it sufficiently such that you can put it in at these different rounds.

How Secure Is AES 256?

If AES is the gold standard, 256-bit encryption is its poster child. With the longest rounds, the 256-bit key provides the strongest level of encryption.

It is near impossible to crack it even if brute force is applied – trying every combination of numbers possible until the correct key is found. The longer the key size, the more attempts are needed.

A hacker trying to crack a 256-bit key would need 2 to the power of 256 attempts to find the right key. Even if hackers use Tianhe-2 (MilkyWay-2), the fastest supercomputer in the world, it will take them a few million lifetimes to crack a 256-bit AES encryption.

The bottom line is, entities that face threats from all directions, like the U.S. Military or your Office 365 that stores business-critical information, need AES 256-bit protection.