Lecture outline: 0:01 History/Intro to AES: 2:00 Structure of AES: 18:10 Internals: Layers 32:25 ---- Each layer in detail ----- SubBytes - 52:12 ShiftRows - 1:15:45 MixCol - 1:22:40 Doesn't seem to go into the round key add step in that very much detail, though.

Your accent makes this 1000000x more entertaining.

Professors who care about notes making are the best!

Hello, honestly say, your lecture is much, much better than my university two months lecture just about this AES stuffs. You're awesome. Clear. Exact. Specific. Understandable. I like when you said "Please silent to your students." Hopefully, you will get your good work blessed. ;)

Professor Paar, I would like to thank you for providing this series of fantastic lectures. Your teaching inspired me to purchase the book which has only heightened my interested in the subject. Lastly, I have to say that after about 2 hours of research and reading many different explanations that I found on-line, I finally figured out the "affine transformation"...that is pretty brutal without any real guidance. Again, thanks ....you are really good at what you do.

Truly awesome, very deep coverage on AES.

The motivation that you gives me a lot of motivation and also an idea that made me to get involved.

This course is really helpfull i own the book, while i'm doing criptography in the Universidad Catolica del Norte, and this videos are extremely helpful, i really hope you can do a video with the key schedule and the decryption for AES, its very easy to understand the way you teach this.

What an amazing lecture deleivered by Sir Christof. I enjoyed the lecture

thank you very much "Christof Paar" you are really explained very easy and pro way.

Funny he keeps reminder the class... I would never fall asleep. Every hour with Professor Paar saves at least 10 hours of self-study.

Excellent lecture! I watched your galois field lecture in 2016 or so when I was doing a presentation on error correction codes and had this AES lecture on my watch later list. Finally got around to it and enjoyed it!

Professor Paar, I just love you !

Really, you are a very good lecturer. your discussion is very interesting , simple and attractive. Thanks.

Thank you very much for these lectures, they are making my life much easier

Thank you for this Video Lecture Pr. Christof Paar. Very helpful as a I am a Student in NYC.

that was a better lecture i found than others .. i found it very beneficial and detailed thank you very much

Awesome explanation, thank you! Keep up the good work, sir.

Great explanation! Great accent! Loving the videos! Thank you!! -From California :)

Vielen Dank für die tollen Vorlesungen! Fantastisch zu schauen :)

Thanks for the explanation, Sir. It really helped me to understand the AES concept.

I know absolutely nothing about any encryption, yet I watched the whole lecture. I don't know anymore now then I did before. Lol

Thank you Sir for such an amazing Lecture Series .

thank you very much professor... this lecture helped me a lot to complete my project...

Much love to you sir! Very clear explanation! Love you!

Awesome! Thanks for sharing this lecture!

Great Lecturer Series,,,, Keep the good work Going

This video series is fantastic! I'm taking crypto and it's following basically this exact trajectory. Shame about those chatty cathy's in the audience

1:08:51 ,Herr Paar: "yeah this is wrong. this is wrong. this is wrong. this is all wrong..." Me(having just finished writing everything down): NOOOOOOOO! you have got to be kidding me😭😭😭 Anyways, thank you sooo much for these lectures, absolutely fascinating. It's one of the only truly understandable courses on internet for lower-level students. Incredible, I also bought the book!!!

Great lecture, thanks a lot.

Great Lecturer series. thank you

Thank you for this lecture.

Professor Paar, s there any chance of you recording the continuation of this course? You are the best teacher I found on crypto!

easy to understand, thanks professor

Really good!! Thanks :D

You can skip the history bit by going to 18:20

Beautiful teaching... there is ans for every "why?"

Thank you sir for your explanation! It helps a lot. Can you explain about Key schedule?

Man, you rock;-) Thanks a lot!

This is helpful! thank you

Well done lecture. Enjoyed it.

thank you good sir, great lecture very helpful.

Sir. I would like to know about the fixed matrix of affine transformation for S-box construction in AES, What is the logic behind that matrix?

Could you please provide the information regarding the confidentiality and integrity algorithms EEA3 and EIA3 or ZUC?

This is really helpful!

sir ,can u explain me how u caluculated inverse substitution layer

Why does it say in other places that the MixColumns multiplication uses modulo x^4+1 rather than what you've said here - modulo x^8+x^4+x^3+x+1 ???

Can anyone tell me where can I find a book that has to do with C# and encryption : something like this " Encryption Programming in C# " sorry for my bad english

Great lecture

Dear Professor, You have not discuss decryption and key schedule (I mean the way you done for DES) I hope we can see some video too. Thank you so much for such an interesting lecture.

Wirklich klasse! Mich hätten ein paar mehr Hintergrundinfos zum Design von AES interessiert. Ich weiss nun genau, wie es funktionniert, aber verschiedene Design-Entscheidungen (warum 10 Runden, und nicht 9 oder 11?) erscheinen weiterhin willkürlich. Sehr gut fand ich z.B. den Exkurs über die Diffusion.. Es kann natürlich sein, dass die Hintergründe einfach zu kompliziert für eine 90 minütige Vorlesung sind.

awesome lecture

Great lecture! Got a bit lost around the SBOX explaination part

still i am having doubt in s-box functionality...

Sir you are the best

Thank you very much

Thank you!!!

why is the number of rounds required for aes 128 bit algorithm equal to 10?is there any formula for it?

very nice and helpful :) thank you for all ur lectures...they are very enlightening and make the topics so easily understandable compared to the complex chapters in the cryptography books

how to find the a inverse if anyone had got it please explain i am stuck

Q: Where does all that sexy Extension Field stuff from last lecture come into play? A: In the S-boxes 59:00

Hello Prof Paar It is my understanding that for any (existing) block cipher or mode that the cipher test key and therefore the round keys are exactly the same for each block that is processed by the block cipher. Is that correct? Second part of the question: If that is correct what does that say to the relative strengths of block vs stream ciphers where (in stream ciphers) the key is always being expanded by a CSPRNG with an extremely low predictability factor Thank you for this course Steve

Intro to AES 2:00 Structure of AES 18:10 Internals of AES 32:25

Good Job!

thank you very much sir!!!!!!!!!

addictive course to someone new to cryptography..

Professor is there any explanation for key expansion for AES available.

Very well explain sir thak you sir

it is very helpfull

I love these and thank you for sharing them. I will say I disagree about the statement at 17:25 though about AES being generally secure because the agencies use it. What was later found since this time period was that AES has this property where some keys are strong and others are weak. There were certain attacks possible with poorly chosen keys and of course the NSA requires their own use of AES to get keys provided from a central key authority within the NSA. This key authority then only provides strong keys for their internal use and if laymen use AES they lack the knowledge of how to select these extra strong keys. Now that future attacks such as Invariant Subspace were discovered we can see how clever this was. So the statement at 17:25 I highly disagree with and we learned that this kind of logic fails with new side-channel and mathematical attacks. The simple use of an algorithm by the government means nothing unless you also can use their key selection processes. They are willing to bless subpar implementations and utilize those weaknesses against others while shielding themselves. Otherwise excellent lecture.

Thank you.

thank u very much sir

What would be the case if the input byte has no inverse, which would be the case if the input byte is the same as the mod polynomial? the remainder would be Zero.

good explanation

Professor u didn't do the last topic so where can I find the decryption part, it's really important to me Professor, as I am not in any University, your lectures are my only way to learn

Very Helpful

It might be a dumb question, but I wonder: If you enter the same plaintext with the same key in an AES, you always get the same cyphertext, right? Then would it be possible to make a block cypher which always give different cyphertexts even if the plaintext and the key stay the same? Would such a cypher be decrypteable by Bob? Thanks again for the amazing lectures! You're so clear that even a total newbie like me can understand (I think)

Mix Columns in AES Would someone please explain how the number of XOR gates are 3 and 11 respectively for the following: Number of XOR gates needed for constant 02 multiplication in GF(2 power 8) is 3 Number of XOR gates needed for constant 03 multiplication in GF(2 power 8) is 11

Thanks a lot

super professor

I'm confused. He says that you simply XOR the MixCol output with the key. This paper says that key addition is more involved than : engineering.purdue.edu/kak/compsec/NewLectures/Lecture8.pdf Does anyone know the reason for the discrepancy?

This course is from 2010 but I'm in 2019 is there anything that has changed in cryptography in the past decade or is this course enough

1:14:50 "this is really complicated in a very clear mathematical way" :D

Nice!

I aware of the fact that AES is more secure and stuff, but I've used DM5 in my school project coz it's simple to implement in java app. Any thoughts on DM5 algorithm?

cant easily understand substitution layer sir can u explain this more frequently

buy the text book. It makes the lecture easier!

how do you get B' ? Oh, got it. It is the inverse of A^(-1)=B', such that AxB'=1. And B' to be computed using Euclidean Algoth. Once B' is found B can be computed, and actually it is on that table from the book, right?

can any help me to ,how we are getting keys k0,k1,.........k14.What is the process involved in that.

Thank you for the video, but a few questions if you don't mind. i) How to you find the inverse of a hex number; we were given A = C2 with inv B' = 2F but I should like to know how we work this out. ii) in the affine mapping we have the matrix constant, reading down the rows of the matrix (in hex) we have 8F, C7, E3, F1 and then each one reversed (so to speak) F8, 7C, 3E and 1F. All I can see here is that each row includes five 1s and three 0s, but what is the thinking behind this choice? Could we move them, or change them, without loss of security? iii) lastly, a similar question to (ii), what is the reason behind the choice of the vector constant? Could it be any vector constant? Your answers would be very helpful and much appreciated. I have tried to find the answers online but to no avail... My thanks in advance...

so simple, easy to understand and interesting lectures. one thing that didnt get is that in which university it is recorded it looks like american but the lecturer is talking in german too.

Question: I might not be understanding this correctly but how does AES ensure that at the end of 14 rounds, it hasnt done enough bit flips that is now the original unencrypted byte? Also thank you for this video.

Can any1 pls elaborate how to do matric multiplications of polynomials with example?

sorry, but i couldn't really catch your last sentence, where would decryption be done? (:

When does decryption start?

Sir In 1.10.50 why the inverse of Ai (1100 0010) is Bi(0010 1111)? Should't be Bi = (0011 1101)? I mean for example a bit 1 in Ai become 0 in Bi?

I'm not seeing discussion of "Key Addition".

prof , there are no decryption part of aes!

Hello Professor, I have a question on key length. As per AES, it can be 128, 192 or 256 bits. What would be the deciding factor to choose the key length? And w.r.t cost i assume 192 and 256 key lengths cost more. Am i right?

Waiting for the Decryption part. Although I know it, continuity is the reason I'm asking for it.