**AES**. My favorite ones are the stick figure explanation of AES, the AES flash animation and of course the dense official AES standard.

Before we can begin our adventure and set foot in the realm of cryptanalysis, we need a piĆ±ata. Something we can squish and squeeze to help us learn the nuts and bolts of **block cipher cryptanalysis**. And for that, why not use the state of the art?

To facilitate the understanding of **AES**, we've split the implementation of the block cipher in several steps. They should not require "too much" time if you already know about **bitwise operations**. If you do not, then pick a programming language, and get yourself ready to learn a lot of new things. Of course, this does not substitute for reading the official standard.

To transform a plaintext into a ciphertext, AES makes it undergo a number of transformations, one of them is to XOR it with keys. Since we only provide AES with **a single key**, AES will need to derive a number of keys from it.

The next helper function we'll need for our key Expansion is SubWord. SubWord takes an input of 4 bytes like the previous function, and returns an output of 4 bytes as well. SubWord is basically an **Sbox**.

The last helper function **Rcon** takes an integer as input, and gives back an array of 4 bytes with the 3 least significant bytes set to 0.

We've got all of the functions we need to implement the key scheduler! So let's finally get to it :)

The plaintext that AES manipulates is represented as a square of 4 rows and 4 columns.

AES-128 has 10 rounds in total. Each round takes a different round key and the last round is a bit different from the other rounds. (The last round skips the MixColumns transformation.) With that in mind we will start by implementing SubBytes, the first transformation in an AES round.

Our second transformation, ShiftRows, is a pretty simple one! It takes a state, look at its rows and rotate them. The first row doesn't get touched, the second one gets rotated by one position on the left, the second by two positions and the third by three positions.

Now, on to our third round transformation. And surprise! It's another one of these AES operations that use the weird field we talked about in Rcon

The last transformation of a round is called AddRoundKey, and at this point you probably have an idea of what it is. And you're also probably right, it is just a XOR between the values in the state, and the values of your round key.

Now is time to combine all of the functions we've been implementing into one big Encryption function.

That's cool, you can encrypt and all. But what about decrypting :)