Originally published by Robert Beisert at fortcollinsprogram.robert-beisert.com

Modern Encryption – AES

DES belongs to history, so what about modern encryption standards? One of the most commonly employed encryptions is the Advanced Encryption Standard (AES), which is like a harder-to-crack DES.

Enter the Matrix

AES works on 128-bit (16 byte) blocks, which are split up into a matrix. If we input the bytes b0-b15, they would go into the matrix like this:

b0    b4    b8    b12
b1    b5    b9    b13
b2    b6    b10    b14
b3    b7    b11    b15

This matrix allows for more complex permutations than DES, which adds a great deal of difficulty to cracking the encryption.


AES can handle three kinds of keys: 16-byte, 24-byte, and 32-byte (128, 192, and 256 bits). This is important because a brute force attack on the smallest encryption has about 3*10^38 (300 trillion-trillion-trillion) keys to check. If you can check ~1 billion keys every second, it will still take about 300,000 trillion-trillion seconds to hit them all (and I don’t know about you, but I don’t have a billion years to figure out your credit card number).

The actual encryption is done in rounds, just like DES, but the number of rounds is determined by the size of the key:

10 rounds for 128
12 rounds for 192
14 rounds for 256

Key Expansion (Key Schedule)

Just like DES, AES uses a special form of key expansion to produce a functional 128-bit stream cipher. This operation is much more complex than DES, because it uses a fairly complicated algorithm, involving:

– Rotate 8 bits left and keep 32-bits
– Substitute each byte with another byte based on the rcon table (or the algorithm which we use to produce that table…)
– Substitute every resulting byte with another byte based on the s-box table

This produces what we call a “key schedule” – basically a stream cipher key

If you want to see the key expansion in detail, check out en.wikipedia.org/wiki/Rijndael_key_schedule

The Actual Encryption

After we’ve made our key schedule, we actually encrypt the data. The operation isn’t so complicated:

Initial Round: Add the first round key to the original values

Rounds 2-11

1. Substitute each byte using a special (non-linear) lookup table

2. Shift each row right by its row number (0-3 places)

3. Mix the columns using a transformation matrix (it’s matrix math)

4. Add this round’s key

Final Round

1. Substitute using the lookup table

2. Shift the rows

3. Add this round’s key

The basic algorithm isn’t that hard to understand, is it? Basically, we just use substitution, addition, rotation, and a special matrix transformation to produce absolute gibberish.


As previously stated, a brute-force attack where we try every key is 100% impractical. However, even better, so far nobody has figured out a way to crack the algorithm in less than 1 billion steps, and that only works for some outdated hardware.

AES is easy for a computer to encrypt, easy for the recipient to decrypt, and still basically impossible to crack. Even better, it’s not actually that hard to understand at the most basic level.

photo by: