Cryptography & Security

Symmetric Encryption (AES)

Watch AES-128 encrypt data through 10 rounds of SubBytes, ShiftRows, MixColumns, and AddRoundKey transformations on a 4x4 state matrix.

Plaintext (ASCII)

Key (hex, 32 chars)

Round ProgressRound 1/10

Init

SubBytes

ShiftRows

MixColumns

AddRoundKey

State MatrixIdle

63[0,0]

47[0,1]

D9[0,2]

09[0,3]

1B[1,0]

8E[1,1]

9B[1,2]

CF[1,3]

79[2,0]

85[2,1]

71[2,2]

4F[2,3]

7A[3,0]

C9[3,1]

A9[3,2]

3C[3,3]

Press Step or Play to advance through AES operations.

Encryption Metrics

Round

1/10

Operation

Idle

Bytes Changed

Rounds Done

idle

Cell Colors

Unchanged byte

Active operation glow

Changed by operation

Operations

SubBytes

ShiftRows

MixColumns

AddRoundKey

Plaintext

48656c6c6f20576f726c642100000000

About AES-128

AES (Advanced Encryption Standard) is a symmetric block cipher that operates on 128-bit blocks.

AES-128 uses a 128-bit key and performs 10 rounds of transformation on a 4x4 byte state matrix.

Each round applies four operations to achieve confusion (SubBytes, AddRoundKey) and diffusion (ShiftRows, MixColumns).

Event Log0 events

No operations performed yet. Press Step or Play to begin.

Galois Field GF(2^8)

AES operates in the Galois field GF(2^8) with the irreducible polynomial:

x^8 + x^4 + x^3 + x + 1 (0x11B)

MixColumns uses multiplication by 2 and 3 in this field. Multiplication by 2 is a left shift with conditional XOR by 0x1B if the MSB was set.

This field arithmetic ensures every operation is invertible, which is essential for decryption.

Security Properties

Brute force resistance: 2^128 possible keys means ~3.4 x 10^38 attempts needed

Avalanche effect: Changing one input bit affects roughly half the output bits

No known practical attacks: Best theoretical attack on full AES-128 requires 2^126.1 operations

Mode of operation matters: AES is a block cipher; ECB, CBC, CTR, GCM modes determine how blocks are chained

1.0x

AES Round Operations

SubBytesNon-linearity

Each byte in the state is replaced by its corresponding value in the S-Box lookup table. The S-Box is derived from the multiplicative inverse in GF(2^8) followed by an affine transformation.

state[r][c] = SBox[state[r][c]]

Purpose: Provides confusion by making relationship between key and ciphertext complex.

ShiftRowsDiffusion

Each row of the state is cyclically shifted to the left by a different offset. Row 0 stays, Row 1 shifts by 1, Row 2 by 2, Row 3 by 3 positions.

Row 0: no shift

Row 1: shift left 1

Row 2: shift left 2

Row 3: shift left 3

Purpose: Spreads influence of each byte across different columns.

MixColumnsDiffusion

Each column is multiplied by a fixed polynomial matrix in GF(2^8). This mixes all four bytes within each column together.

[2 3 1 1] [s0]

[1 2 3 1] x [s1]

[1 1 2 3] [s2]

[3 1 1 2] [s3]

Purpose: Combined with ShiftRows, ensures complete diffusion after two rounds. Skipped in the final round (Round 10).

AddRoundKeyKey mixing

Each byte of the state is XORed with the corresponding byte of the round key. This is the only operation that incorporates the secret key material.

state[r][c] = state[r][c] XOR roundKey[r][c]

Purpose: Without key mixing, the cipher would be a fixed permutation with no secret. XOR is its own inverse, enabling decryption.

AES Variants

Variant	Key Size	Block Size	Rounds	Security Level
AES-128current	128 bits	128 bits	10	128-bit
AES-192	192 bits	128 bits	12	192-bit
AES-256	256 bits	128 bits	14	256-bit

S-Box (first 4 rows)

The full S-Box contains 256 entries. Each byte b is replaced by SBox[b]. The S-Box provides the non-linear substitution step crucial for AES security.