InfoSec Notes
Complete guide to the AES algorithm covering its structure, rounds, key expansion, modes of operation, implementation in Python, and why AES replaced DES as the global encryption standard.
Overview
The Advanced Encryption Standard (AES) is the most widely used symmetric encryption algorithm in the world. Adopted by NIST in 2001 after a five-year competition, AES replaced the aging DES standard. The winning algorithm, Rijndael (designed by Vincent Rijmen and Joan Daemen), operates on 128-bit blocks with key sizes of 128, 192, or 256 bits.
AES Specifications
| Parameter | AES-128 | AES-192 | AES-256 |
|---|---|---|---|
| Key Size | 128 bits (16 bytes) | 192 bits (24 bytes) | 256 bits (32 bytes) |
| Block Size | 128 bits (16 bytes) | 128 bits (16 bytes) | 128 bits (16 bytes) |
| Number of Rounds | 10 | 12 | 14 |
| Round Key Size | 128 bits | 128 bits | 128 bits |
AES Internal Structure
| b2 | b6 | b10 | b14 |
|---|---|---|---|
| b3 | b7 | b11 | b15 |
Plaintext (16 bytes arranged in 4x4 matrix)
Initial Round
Rounds 1-9 (Main Rounds)
Final Round (Round 10)
Step-by-Step Round Operations
| Before | After: |
| Row 0: No shift [a b c d] | [a b c d] |
| Row 1: Shift left 1 [e f g h] | [f g h e] |
| Row 2: Shift left 2 [i j k l] | [k l i j] |
| Row 3: Shift left 3 [m n o p] | [p m n o] |
Python Implementation
AES vs DES Comparison
| Feature | DES | AES |
|---|---|---|
| Year | 1977 | 2001 |
| Key Size | 56 bits | 128/192/256 bits |
| Block Size | 64 bits | 128 bits |
| Rounds | 16 | 10/12/14 |
| Structure | Feistel network | Substitution-permutation |
| Status | BROKEN (1999) | Secure |
| Brute-force time | Hours (modern hardware) | Billions of years |
| Hardware support | None (legacy) | AES-NI instructions |
Security Considerations
Why AES is Considered Secure
- Large key space: 2^256 possible keys for AES-256 (more atoms than the universe)
- No practical attacks: Best known attack on full AES is slightly faster than brute force but still infeasible
- Designed for resistance: Each round provides confusion (SubBytes) and diffusion (MixColumns, ShiftRows)
- Public scrutiny: Open competition, extensively analyzed since 1998
Potential Weaknesses
- Side-channel attacks: Timing attacks, power analysis on implementations (not the algorithm)
- Related-key attacks: Theoretical weakness in AES-256 key schedule (not practical)
- Quantum threat: Grover's algorithm halves effective key length (AES-256 → 128-bit equivalent, still secure)
Interview Questions
- Why was AES chosen over other finalists in the NIST competition?
- Rijndael (AES) won due to its combination of security, performance, and flexibility. It offered excellent resistance to all known attacks, performed well in both hardware and software, worked efficiently across platforms (from smart cards to servers), and supported multiple key sizes.
- What is the difference between AES-128 and AES-256?
- Both use 128-bit blocks but differ in key size (128 vs 256 bits) and rounds (10 vs 14). AES-256 provides higher security margin against quantum attacks (128-bit post-quantum security) but is about 40% slower. For most applications, AES-128 is sufficient; AES-256 is required for classified data.
- Why is AES-GCM preferred over AES-CBC in modern applications?
- GCM provides authenticated encryption (confidentiality + integrity) in one operation, is parallelizable for better performance, doesn't require padding (no padding oracle attacks), and is the mandatory cipher suite in TLS 1.3. CBC only provides confidentiality and is vulnerable to padding oracle attacks.
- What is AES-NI and why is it important?
- AES-NI is a set of CPU instructions (Intel/AMD/ARM) that perform AES operations in hardware. This provides massive speed improvements (10-20x faster), constant-time execution (preventing timing side-channel attacks), and makes full-disk encryption practical without noticeable performance impact.
- Is AES quantum-resistant?
- Partially. Grover's algorithm provides a quadratic speedup for brute-force search, effectively halving the key length. AES-128 becomes 64-bit equivalent (breakable), but AES-256 becomes 128-bit equivalent (still secure). NIST recommends AES-256 for post-quantum security.
Summary
AES is the gold standard for symmetric encryption — fast, secure, and universally supported. When implementing AES, always use authenticated encryption (GCM mode), generate random nonces/IVs, use appropriate key sizes (256-bit for highest security), and leverage hardware acceleration (AES-NI) where available.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for AES - Advanced Encryption Standard.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, cryptography, aes, aes - advanced encryption standard
Related Information Security Topics