[Evans] We're not going to get into the details of how AES works,
but I want to talk a little bit about the main components of it.
There are 2 main things that go into AES and go into almost all modern block ciphers.
They all involve XORs--we saw that in the one-time pad--
and they're XORing some round key which is generated by a key schedule,
some process of generating new keys for each round.
And then what's going into that, there are 2 main operations.
One is shifts, so permuting bits, and there would be a map that would move bits around.
This is better than just doing only XORs
because we're moving data around instead of just XORing and changing it.
The other thing that's really important for a cipher to be hard to cryptanalyze
is to have some nonlinearity, something that is very difficult to analyze
and mixes up data in a way that is nonlinear.
This is done basically by having lookup tables.
So what's called an S-box is something that takes in 8 bits--
in this case it could have different numbers going in--
and basically has a lookup table.
So that's going to have 256 entries mapping each set of 8 bits to some other set of 8 bits.
And designing that lookup table is a challenge.
We want the lookups to be as nonlinear as possible
and make sure there are no patterns in the data in this table.
And so the way AES works is combining shifts and S-boxes with XOR
to scramble up the data.
And it's going through multiple rounds,
so we'll take the outputs of this, put them back through a series of shifts and S-boxes again,
and keep doing that.
The number of rounds depends on the key size.
So for the smallest key, for the 128-bit key, which is the smallest key size for AES,
we would do 10 rounds going through the cycle, getting the output cipher text for that block.
So the details are definitely more complicated than this, and getting them right is very hard.
There's lots of great resources that explain AES in detail, though.
For our purposes we're going to think of it as a black box--
that we can use encryption in our protocols.
We're going to assume it has the properties that we want it to have
and not need to look in more detail at how to actually implement that in a modern cipher.
