DES belongs to history, so what about modern encryption standards? One of the most commonly employed encryptions is the Advanced Encryption Standard (AES), which is like a harder-to-crack DES.
Enter the Matrix
AES works on 128-bit (16 byte) blocks, which are split up into a matrix. If we input the bytes b0-b15, they would go into the matrix like this:
b0 b4 b8 b12
b1 b5 b9 b13
b2 b6 b10 b14
b3 b7 b11 b15
This matrix allows for more complex permutations than DES, which adds a great deal of difficulty to cracking the encryption.
AES can handle three kinds of keys: 16-byte, 24-byte, and 32-byte (128, 192, and 256 bits). This is important because a brute force attack on the smallest encryption has about 3*10^38 (300 trillion-trillion-trillion) keys to check. If you can check ~1 billion keys every second, it will still take about 300,000 trillion-trillion seconds to hit them all (and I don’t know about you, but I don’t have a billion years to figure out your credit card number).
The actual encryption is done in rounds, just like DES, but the number of rounds is determined by the size of the key:
10 rounds for 128
12 rounds for 192
14 rounds for 256
Key Expansion (Key Schedule)
Just like DES, AES uses a special form of key expansion to produce a functional 128-bit stream cipher. This operation is much more complex than DES, because it uses a fairly complicated algorithm, involving:
– Rotate 8 bits left and keep 32-bits
– Substitute each byte with another byte based on the rcon table (or the algorithm which we use to produce that table…)
– Substitute every resulting byte with another byte based on the s-box table
This produces what we call a “key schedule” – basically a stream cipher key
If you want to see the key expansion in detail, check out en.wikipedia.org/wiki/Rijndael_key_schedule
The Actual Encryption
After we’ve made our key schedule, we actually encrypt the data. The operation isn’t so complicated:
Initial Round: Add the first round key to the original values
1. Substitute each byte using a special (non-linear) lookup table
2. Shift each row right by its row number (0-3 places)
3. Mix the columns using a transformation matrix (it’s matrix math)
4. Add this round’s key
1. Substitute using the lookup table
2. Shift the rows
3. Add this round’s key
The basic algorithm isn’t that hard to understand, is it? Basically, we just use substitution, addition, rotation, and a special matrix transformation to produce absolute gibberish.
As previously stated, a brute-force attack where we try every key is 100% impractical. However, even better, so far nobody has figured out a way to crack the algorithm in less than 1 billion steps, and that only works for some outdated hardware.
AES is easy for a computer to encrypt, easy for the recipient to decrypt, and still basically impossible to crack. Even better, it’s not actually that hard to understand at the most basic level.