First of all, my answer only intends to add content to the answer of mgibsonbr, which is already quite complete. I had to make a theoretical rationale for my course completion work. I think it would be very selfishness of me, to leave everything I wrote only on paper, so therefore I decided to share what I wrote with the community. Some improvements are still needed and I think I may have made some slips, because the algorithm is very much complex. If this happens, feel free to edit my answer.

1-cryptography

Second Bond et al. (2003), encrypting data means converting it so that it can only be decrypted and read by authorized users, therefore, data encryption requires an algorithm to be applied to this data. The way to write logic is called an algorithm, which, according to Cormen et al. (2002, p. 3), nothing is more than any computational procedure as well defined that takes some value or set of values as input and produces some value or set of values as output. Therefore, an algorithm is a sequence of computational steps that transform input into output. In this way, an encryption algorithm is a mathematical procedure that contains an input, the data to be encrypted, performs a processing mathematical based on a key, and generates an output: the encrypted data (KUROSE; ROSS, 2010; BOND et al., 2003; RAPPAPORT, 2009; STALLINGS, 2008; FOROUZAN; FEGAN, 2008). Forouzan and Fegan (2008) explains some terms used when referring to cryptography, according to him:

1. Cipher: are the encryption and decryption algorithms
2. Key: is a number or set of numbers over which the cipher operates.

2-Symmetric Cryptography

Symmetric encryption is the type of encryption that uses the same key to encrypt and decrypt data (FOROUZAN; FEGAN, 2008). Generally symmetric encryption algorithms are quite sophisticated and use 56 or 128-bit keys. Due to the size and mathematical probability of the number and complexity of the key, an encryption algorithm cannot be easily reversed, this means that without the key, the encrypted data would take hundreds of years to be deciphered in a brute force attack, that is, if, only if, the algorithm that encrypted this data is sufficiently robust (BOND et al., 2003).

Symmetric encryption is used to ensure the confidentiality of certain data and ensures that only authorized recipients, those who know the decryption key, can retrieve the original data (BOND et al., 2003).

An example of symmetric encryption is the AES algorithm, from English: Advanced Encryption Standard, which is an evolution of DES and was developed because the DES key was too short. The AES is a very complex cyclic cipher and was designed with three key sizes: 128, 192 or 256 bits (Forouzan; FEGAN, 2008).

3-Asymmetric Encryption

Asymmetric encryption is one that uses different symmetric encryption algorithms and requires the use of two keys: the private key, which is kept secret by the owner and used to encrypt data, and the public key, which is known to persons authorized by the owner of the private key and is used to decrypt the data (FOROUZAN; FEGAN, 2008). However, if a data is encrypted with the public key, only the owner of the private key can decrypt this data (BOND et al., 2003)

4-The AES algorithm

The advanced encryption standard algorithm, or simply AES, is a 128-bit (16-byte) block symmetric encryption algorithm, developed since 1997 by Vincent Rijmen and Joan Daemen, and announced on November 26, 2001 by the NIST, (National Institute of Standards and Technology) Institute US National Standards and Technology in free translation (NIST, 2001)¹.

The AES algorithm has 128-bit, 192-bit or 256-bit keys or 16, 24 and 32 bytes respectively. Key is understood as the digital data set on which the cipher operates (Forouzan; FEGAN, 2008). Because it is a symmetric encryption algorithm with 128-bit blocks, the encryption function, which is the function responsible for transforming and shuffling the data, receives blocks of 16 bytes (128 bits) at a time and returns, too, 16 bytes per time. It is called the set of blocks that will be encrypted "message", and the set returned by the encryption function"cipher". The decryption process is done analogously, however, contrary to that of encryption and therefore receives a set of encrypted blocks (cipher) and returns the message identical to the original, if, only if, the key is the same as it was used to encrypt the data. The encryption process can also be called encryption or even "encryption", in the same way that the decryption process is synonymous with"decryption "or"decryption" (NIST, 2001). Figure 1 shows a pseudocode of the AES algorithm, the steps of the algorithm are explained later.

Figure 1-AES Pseudo code

Source: adapted from NIST (2001, our translation)

5-The State

Internally, the operations of the AES algorithm are performed on a two-dimensional array of bytes "State" calls (s). The state consists of an array organized in 4 columns of bytes, each containing 4 bytes, 16 bytes in all, and the values of each byte range from 0 to 255. During the encryption or decryption process, 128-bit blocks (16 bytes) are copied to this array, so that responsible operations are performed by the functioning of the algorithm in this copy (NIST, 2001). Figure 2 illustrates the input blocks, the State array, and the output blocks, with each item corresponds to one byte:

Figure 2-input blocks, State and output blocks

Source: adapted from NIST (2001, our translation)

6-addition Operation {

Addition is nothing more than a sum of the bits, known as the XOR operation (or Exclusive), also called "exclusive disjunction". It is a logical operation between two operands that results in a true logical value if, and only if, exactly one of the operands has a value true. It can be synthesized as a detector of differences between two logical operands (NIST, 2001) and is represented by ions.

7-multiplication Operation {

In the case of the AES algorithm the multiplication is the polynomial representation GF(2⁸) (indicated by⊗), that is, corresponds to the multiplication of modulo polynomials in irreducible polynomials of degree 8. A polynomial is irreducible if its only divisors are one and itself (NIST, 2001, our translation). For the AES algorithm, this irreducible polynomial is: ²

Or {01} {1B} in hexadecimal notation.

For example, 57 ⊗ 83 = c1, because:

X⁷ + x⁶ + 1, the obtained result, it can be written as⁷ + x⁶ + 0x + 0x + 0x + 0x + 0x + 1 is: {11000001} in binary is equivalent to {c1} as a hexadecimal value.

The 2x agents² and 2x were cut because these polynomials only they have 0 and 1 as factors, so even factors saw 0 and odd factors saw 1.

The modular reduction by m (x) ensures that the result will be a polynomial binary of degree less than 8, and thus can be represented by a byte. On the contrary, there is no simple operation at the byte level that corresponds to this multiplication (NIST, 2001, translation ours)³.

Therefore, in a simple way, it is understood that the multiplication operation is the representation of the polynomial in its binary representation, made a multiplication of the agents of this equation and subsequently divided by the reducing agent (modulus operation). The rest of this division will then be the result of the multiplication operation. In the case of AES, the reducing agent cited in Equation 2.1

8-Rijndael S-Box e A Subbyte Step

The Rijndael S-Box, or simply S-Box, is a square, nonlinear matrix used as a replacement table in several byte transformations. It is also used in routines of expanding one-to-one value keys in bytes. In the AES algorithm it is used in the Subbyte step and during key Expansion)⁴ (NIST, 2001, our translation).

The Subbyte step, or subbyte transformation, is a nonlinear substitution that operates independently on each byte of the state array using the Rijndael s-Box substitution table (NIST, 2001, translation ours). To Rijndael S-Box is reversible, and is built by composing two transformations⁵:

1. the multiplicative inverse of the byte is calculated, i.e. a byte such that multiplied by itself, it results in 1. Element 0 (zero) is mapped to itself.
2. applies an affine transformation, which can be expressed in matrix form as:

Related transformation of the Rijndael s-Box

Source: adapted from NIST (2001)

During the SubBytes, the bytes of the State array are overwritten from the S-Box, generating different and seemingly random values. The S-Box used in this step is shown in Figure 3.

Figure 3-s-Box in hexadecimal notation

Source: adapted from NIST (2001)

For example, if we have the position State_1,1 = {53}, then the value of the substitution will be determined by the intersection of the index row 5 and Index column 3, Illustrated in Figure 3. I.e., the result of the substitution in the state position_1,1 it will be {ed}.

9 - ShiftRows stage

In the ShiftRows step, the bytes of the last three rows of the state are shifted cyclically along different numbers of bytes (offsets) ⁶ (NIST, 2001, our translation). Only the first row, it is not shifted. Figure 4 illustrates this process and highlights the bytes that have been transposed.

Figure 4-step ShiftRows

Source: Adapted from NIST (2001)

10-Stage MixColumns

The MixColumns step operates on the column-by-column State, and treats each column as a four-term polynomial (NIST, 2001, our translation), according to the following equation⁷:

Columns are considered as polynomials and multiplied by modulus x⁴ + 1 with a fixed polynomial a (x) , given by the equation:

So the result of the step MixColumns over the State array, which is represented by s (x) , is the multiplication of the polynomial described in Equation 2.9 by elements of the State array s (x) which can be written as:

Being a (x) and s (x) the representation of Matrices, and elements of these matrices, it is possible to represent equation 2.10 in the form of a multiplication of matrices, as in the NIST article on AES, therefore, the representation equivalent can be seen in Figure 5 (NIST, 2001).

Figure 5-matrix representation for the MixColumns step

Source: adapted from NIST (2001)

With the result of this multiplication, the four bytes of a column are replaced, element by Element, as shown in Figure 6, just below:

Figure 6-elements to be replaced in the MixColumns step

Source: adapted from NIST (2001)

After the number of the elements in s - _{0,and c} , o_{1,, c} , o_2,c, , and o_{3 a,c,} array of the State, which together make up the column - c, they are replaced by the elements of s_{0,and c} , s' - _{1,, c} , s' - _2,c, , and s_{3 a,c,} , including the step of MixColumns, as shown in Figure 7.

Figure 7-step MixColumns

Source: NIST (2001)

11-stage AddRoundKey

The AddRoundKey step consists of adding a subkey to each byte of the array State, by means of a bitwise XOR operation (addition). The key is expanded each round using the AES key expansion, so that in each round a different key is used, derived from the original key, as seen in Figure 8.

Figure 8-step AddRoundKey

Source: NIST (2001)

12-decryption

The decryption consists of a process similar to that of encryption, but following the reverse order. The AES algorithm receives the encrypted content and if the key is the same as the one used to encrypt, the end result will be the original message. All AES operations are easily invertible. In a simple way, it is possible, for example, to rotate the columns to the original state in the ShiftRows step, or to know what the original byte by checking the row and column containing the byte in the step of SubBytes and reconstructing the Previous status.

Notes:

1. the original reference of the algorithm can be obtained through the link: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

2. in the polynomial representation, multiplication in GF(2⁸) (denoted by⊗) corresponds with the multiplication of polynomials modulo an irreducible polynomial of degree 8. A polynomial is irreducible if its only divisors are one and itself. For the AES algorithm, this irreducible polynomial is:

3. The modular reduction by m (x) ensures that the result will be a binary polynomial of degree less than 8, and thus can be represented by a byte. Unlike addition, there is no simple operation at the byte level that corresponds to this multiplication.

4. Non-linear substitution table used in several byte substitution transformations and in the Key Expansion routine to perform a one-for-one substitution of a byte value.

5. the SubBytes () transformation is a non-linear byte substitution that operates independently on each byte of the State using a substitution table (S-box). This s-box (fig. 7), which is invertible, is constructed by composing two transformations.

6. In the ShiftRows () transformation, the bytes in the last three rows of the State are cyclically shifted over different numbers of bytes (offsets). The first row, r = 0, is not shifted.

7. the MixColumns () transformation operates on the State column-by-column, treating each column as a fourterm polynomial as described in Sec. 4.3. The columns are considered as polynomials over GF(2⁸ ) and multiplied modulo X 4 + 1 with a fixed polynomial a(x), given by:

Sources:

BOND, Martin et al. Learn J2EE in 21 days. [S. l.]: Pearson Education of Brazil, 2003.

Cormen, Thomas H. et al. algorithms: theory and practice . Rio de Janeiro: Ed. Elsevier, 2002.

Forouzan, Behrouz A.; FEGAN, Sophia Chung. Data Communication and network Computers . [S. l.]: McGraw-Hill, 2008.

KUROSE, James F.; ROSS, Keith W. Computer Networking and the Internet: a top-down approach . [S. l.]: Pearson Education, 2010.

RAPPAPORT, Theodore S. Wireless Communication: principles and applications . [S. l.]: Pearson Prentice Hall, 2009.

NIST. Announcing the advanced encryption standard (aes). Federal Information-Processing Standards Publication 197 , n. 197, P.51, 2001. Available in: csrc.nist.gov/publications/fips/fips197/fips-197.pdf>.

Thanks:

To the user mgibsonbr who initially answered this question and showed solidarity by removing my doubts in the comments and in the chat private. Very grateful! Without your knowledge and your solidarity, I would never have elaborated this answer and my knowledge about the AES algorithm (which is not yet complete and I still need to study a lot) would tend to zero.

In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as the encryption standard by the United States.

Is expected to be used worldwide and analyzed extensively, as was its predecessor, the data Encryption Standard (DES). The AES was announced by NIST (U.S. National Institute of Standards and technology) as U.S. FIPS PUB (FIPS 197) on November 26, 2001, after 5 years of a standardization process. It became an effective standard on May 26, 2002. In 2006, AES is already one of the most popular algorithms used for symmetric key encryption.

AES has a block size of 128 bits and a key with a size of 28, 192 or 256 bits, while Rijndael can be specified with keys and block sizes of any 32-bit multiple, with a minimum of 128 bits and a maximum of 256 bits.

The key is expanded using Rijndael key scheduling. Most AEs calculations are done in a finite field of their own. AES operates on a two-dimensional array of bytes with 4x4 positions, called a state (versions of Rijndael with a larger block size have additional columns in the state).

To encrypt, each turn of the AES (except the last one) consists of four stages (as already illustrated in the other answers):

1. AddRoundKey-each byte of the state is combined with the turn's own subkey; each subkey is derived from the main key using the key scheduling algorithm.

2. SubBytes - is a nonlinear substitution step where each byte is replaced by another according to a reference table.

3. ShiftRows-is a transposition step where each row of the state is shifted by a certain number of positions.

4. MixColumns-is an operation of merge that operates on the state columns and combine the four bytes of each column using a linear transformation. The final turn replaces the MixColumns stage with a new addroundkey stage.