AES encryption is actually a substitution-permutation network, not a true block cipher in the classical sense, meaning it shuffles bits around in a highly structured, deterministic way rather than performing a single, complex mathematical transformation.
Let’s see it in action. Imagine we have a block of data, say 0x3243f6a8885a308d313198a2e0370734, and a key 0x2b7e151628aed2a6abf7158809cf4f3c. We’re going to encrypt this using AES-128 (128-bit key, 128-bit block size).
echo -n "This is a test message." > plaintext.txt
echo -n "0123456789abcdef0123456789abcdef" > key.bin # 32 bytes for AES-256
# Using openssl for demonstration. AES-128 would use a 16-byte key.
# For AES-128:
# echo -n "thisisasecretkey" > key_128.bin # 16 bytes
# openssl enc -aes-128-ecb -e -in plaintext.txt -out encrypted_128.bin -K $(xxd -p -c 16 key_128.bin) -nopad
# For AES-256 (demonstrating with a longer key):
openssl enc -aes-256-ecb -e -in plaintext.txt -out encrypted_256.bin -K $(xxd -p -c 32 key.bin) -nopad
Running the decryption:
openssl enc -aes-256-ecb -d -in encrypted_256.bin -out decrypted_256.bin -K $(xxd -p -c 32 key.bin) -nopad
cat decrypted_256.bin
You’ll see "This is a test message." printed.
AES operates on 128-bit blocks of data, which are visualized as a 4x4 matrix of bytes called the state. The encryption process is iterative, consisting of a set number of rounds, with the exact number depending on the key size: 10 rounds for AES-128, 12 for AES-192, and 14 for AES-256. Each round (except the last) involves four transformations: SubBytes, ShiftRows, MixColumns, and AddRoundKey. The final round omits MixColumns.
The AddRoundKey step is where the magic of the key comes in. For each round, a unique round key is generated from the original cipher key using a process called key expansion. This round key is then XORed with the current state. This is why having a strong, unique key is paramount; if the key is compromised, all data encrypted with it is vulnerable.
The SubBytes transformation is a non-linear substitution step. Each byte in the state matrix is replaced by another byte according to a lookup table, the AES S-box. This S-box is carefully constructed using finite field arithmetic to provide confusion, meaning it makes the relationship between the ciphertext and the key as complex as possible. For example, a byte 0x53 might be replaced by 0x3a based on its position in the S-box.
Following SubBytes, ShiftRows rearranges the bytes within each row of the state matrix. The first row is not shifted, the second row is shifted left by one byte, the third by two bytes, and the fourth by three bytes. This diffusion step ensures that changes in one part of the plaintext affect multiple parts of the ciphertext.
MixColumns is another diffusion step. It operates on the columns of the state matrix, treating each column as a polynomial over the finite field GF(2^8) and multiplying it by a fixed polynomial. This transformation mixes the bytes within each column, further spreading the influence of each plaintext byte.
The most surprising true thing about AES is that its security relies heavily on the mathematical properties of finite fields, specifically GF(2^8). The S-box and the MixColumns operations are not arbitrary; they are derived from specific polynomial multiplications and inversions within this mathematical structure, designed to resist known cryptanalytic attacks like differential and linear cryptanalysis.
The key expansion process is a bit like a mini-AES itself, generating the round keys from the initial cipher key. It involves byte substitutions, shifts, and XOR operations, ensuring that each round key is highly dependent on the original key and previous round keys, making it extremely difficult to derive the original key from the round keys.
The final output of the last round’s AddRoundKey is the ciphertext block. Decryption is essentially the reverse process: inverse S-box substitution, inverse ShiftRows, inverse MixColumns, and XORing with the round keys in reverse order.
The concept of modes of operation, like ECB, CBC, CTR, and GCM, is the next crucial layer to understand. ECB is the simplest but least secure, encrypting each block independently, while modes like GCM provide authenticated encryption, ensuring both confidentiality and integrity.