It would be really interesting to explain some of the candidates that didn't make it. For example show why some of the rejected algorithms weren't secure.

Finally a simple enough yet comprehensive explanation of AES. I always wondered how this algorithm worked and you layed it out so well!

The use of the little robots is so engaging! SubBytes is oddly adorable in their mannerisms :D

The clever use of graphics to illustrate the processes elevates the learning experience to a whole new level! Very well done!

Great! Now continue with why simple AES encryption (ECB) is not enough in case of messages longer than 128bits. That's why cipher mode such as CBC exists.

The underlying round function of AES also has the nice property of generalisation, namely, it can easily be adapted to a public key one or a hashing function just by modifying how the key modifies the input in AddRoundKey.

Ironically almost all cipher modes still use one-time pads as shown in the beginning, and we use AES or other keyed mixing algorithms to generate a consistent but unique random key stream. I guess it was concluded that diffusion of the plaintext isn't a useful property in the end. This only works securely if each message starts with a unique "initialisation vector" aka "nonce" though, to ensure each one-time pad sequence for each key-message pair is unique and can't be statistically analysed

Back in '95 I designed a password encryption algorithm based on XOR (exclusive or) logic. The company, AT&T NCR was sutilably impressed.

this is like the only video explaining AES that i totally understand XD Also the visualize with box make my brain learn faster Good video as always, thanks you and the robots so much

Your videos are consistently great. I wish you would do them full time.

Great video! Very clear explanation. Would've loved to hear more about how key expansion works

Wow, a very informative and easily understandable explanation! Well done!

Best channel on youtube. Videos are always so clear and great subject matter.

Great explanation with great animation, as always.

Loved that this guy has not stopped yet!! Thanku so much sir

Great explanation- Seriously underrated channel. Happy I discovered you today. Subbed 😊

I can't say how grateful I am, cause I was breaking my head to find good videos which I could understand easily, algorithm like MD5 and Sha 256 which teaches me and not just the same old crap. Thank you ❤❤

The best explanation of aes I've ever heard

I love how you used 'robots' to describe functions, and the way you arranged them at the end!

Excellent explanation and animations!

Beautiful explanation

Amazing channel. Thank you!

Great easy explanation

Really excellent presentation! Thanks.

This is such a concise explanation and the animation is so cute! Thank you so much for your hard work!

Excellent tutorial. Thanks

I haven't posted a single comment for a few years probably, but this video works so well for me that I have to say - very good explanation and thank you for this vid :)

Started watching this channel and immediately recognized the voice from CS50 🤣 love your lectures, thank you!

You are one of my favourite teachers on cs50❤❤❤❤❤

such a nice content you don't see everyday on youtube nowadays :)

Excellent work 👏👏👏

Great explanation!!

Thank you very much, the explanation was great

Thank you!

very informative video, thanks! do you plan to make a video about the fact that some encryption can be reversed via the same exact key? (i mean the technical requirements for that).

Nice explanation. Can you add a followup to how many rounds are chosen, with regards to full diffusion in N rounds and bidirectional impossible differential cryptanalysis?

Nice video !😀

Amazing video !

The best way to explaine ever ... thank you

great video

Great Video

The Galaxy Cipher Machine: Unbreakable encryption using the Kaliko encryption method. Set up: A disc cipher machine on a spindle, the discs are like checkers in that they have notches to fit into each other. 1st wheel is the set disc with the numbers 1-80 scrambled, etched around the side, and on the top edge are three alphabets, scrambled the same, with two empty spaces to make 80 digits around the top. Each letter on the top is over a number on the side. There are 26 body discs, each having two rows (top and bottom) of 1-80 on their sides. The first message is a four number code: 1234. This is first a security check. The number 23 on the disc, 4 to the right, plus 1, gives you the security response. For the set up: The number one represents which set disc is to be used. The 23 is the number on the set disc that is under the letter on the top "E". This letter is the first body disc to be put on the spindle under the set disc. Depending on what the users invented for themselves, an even number goes left, odd/right. So the order of the body discs is the E first, then of right for the rest of the letter order for the discs. The body discs are like checkers in that they have notches for them to fit into each other. There is a dot on the bottom of the set disc somewhere between two numbers, and a dot on each side of each body disc as well. The last number of the 1234, the 4, is how many (left or right) notches to shift the discs as they are being put on using the dots as beginning points. 4 was invented to mean right for the dots so each disc has their dots spaced 4 notches to the right of the one above it. It is also decided/invented which discs go on up-side down. Once all discs are in place a tightening bolt is screwed on the spindle to secure the discs. Operation: In the coded message sent, the first 30 numbers are still part of the set up. The message follows after them. In these 30 numbers you have invented the pattern that if there are two number 6s in the 5th, 13th, 18th, and 29th numbers, the message is authentic. If there are more or less than two number 6s the message is bogus and is disregarded. In the first 30 numbers, you take the 4th and 9th numbers to know which algorithms to use, in this case both numbers are 12,34. You have invented at least 10 algorithms. The first message letter is O. Find an O on the top of the set disc in one of the alphabets (using another alphabet for the next O), and go down to the number below it on the edge, say 57. Now the first four algorithms are made up by the two users of the machines so they can be anything their imaginations can come up with. Like, from 57, down five discs to the top row of 1-80 where the number is 32, find 32 on the bottom row and go down 7 more discs and do the same, then go straight up to the set disc. 2nd algorithm is a diagonal angling down to the right 8 discs to the lower number on that disc-46, then finding the 46 on the top row, and straight up the to the top set disc. 3rd algorithm is another imaginative pattern ending at the top number 78 on the set disc. 4th algorithm now has a sleeve that fits over the machine with holes randomly drilled into its side lining up with each disc's number lines, 15 holes per line. Now look again to the first 30 numbers and see the 18th and the 62nd numbers are 36, and 84. So now the 78 is lined up with the 3rd disc's top number 6 hole, this shows the number 69 in the bottom number row hole 8. This continues for 4 discs to the last number 51 that is sent in to the other communicating person. (36, 84 is third disc, holes 6 and 8, for 4 discs)They run it all backwards to find the letter O. Throughout the sent message there are many OOs. The pattern invented is that you go six numbers beyond the OO to see if there is a number 5 in that number (75). If there is, you know it is a body disc shift. The other number is how many notches to shift each dot.(Odd numbers one way, even the other). Do this at least once every message. If there is a 2 in that number (27) it means to replace the set disc with another one, in this case the number 7 set disc. You replace the old one and just line up the dots of the new set disc directly over the dot beneath it on the first body disc. Do this at least once every message for both set and body discs. Another code invented tells you to change the entire order of the set up with a 4 digit set up number following it. Another code tells you to change the number of algorithms to use. Golden rules: 1) Never use the same set up code more than once. 2) Always send at least 15 phony messages for every one authentic message. 3) Always shift both the set disc and body discs at least once every message. This cipher machine has ever changing/shifting number patterns, an infinite number of invented algorithms that are used in different orders, a large number of algorithms to constantly change, and every set of machines has a different operation. Each operating set of machines have virgin discs no other machines have. This cipher machine cannot be broken, not even by the largest computers in the world if used correctly. The confirmation that a code has been broken is that the message appears. With a 500 letter message, if 500 GCMs are used where each machine only encrypts one letter, there is no confirmation the letter that comes up when trying to break it is the actual letter that is in the message. Every letter has a machine with different discs, different algorithms, and different operators encrypting it. So the most any attempt to break the code can do is acknowledge that each letter position could be any of the letters in the entire alphabet (A-Z). To write out the possibilities on paper would be to have an entire alphabet under letter position #1, then another one under #2, an so on. In the end there would be 500 alphabets in a row as the only clue to what the message says. A wall of alphabets. Its like telling the hackers there are 500 letters in the message and the words are in the dictionary. With this small bit of information it is IMPOSSIBLE to even begin to try to find the message. Not even the biggest computer in the world, working on it for 10,000 years could find the message. This encryption form is called KALIkO ENCRYPTION, it is unbreakable, and is perfectly suited for the Galaxy Cipher Machine.

I like your explanation of how the XOR gate works, I've never thought of it like that, thank you :D

How to decrypt all this sounds like a nightmare. Is AES key also an clue for how many rounds it took and what was shifted?

Amazing explanation. Really appreciate the background on confusion and diffusion. Really puts context behind each step!

Damn ! That's some good ass content, i can research for days and wouldn't come close to underestand stuff like that

Great video. One note, it's pronounced RHINE-dahl, not RAIN-dahl.

I'd love to see a video explaining how quantum computers break encryption standards, and how other algorithms can work to protect against quantum computing.

You couldn’t of uploaded this at a better time

8:45 Any block cipher that is always able to turn the encrypted data back to normal is just a big substitution cipher where for an input of any block combination it will substitute a different block combination.

Another condition you need to add to make the system at 2:41 "perfectly secure" is that the key needs to be strong. In particular, I think it should have high entropy over all suitably short intervals. How short depends on how much the adversary knows about the plaintext. If the attacker knows absolutely nothing about the plaintext (i.e. considers it to be just random bits with no apparent meaning), then this isn't a problem. But that scenario isn't realistic--usually the plaintext has some obvious structure that the attacker is capable of predicting and recognizing (such as being English sentences), so a randomly chosen OTP key that just happens to contain a low-entropy burst can reveal a burst of information about the plaintext. Modern ciphers like AES avoid that issue by mixing up the bits instead of only XORing them with a (pseudo)random sequence.

I love this kind of video please do more...

Thanks for this cute video that lays out the subject so well, which I've found to be interesting but intimidating. The li'l robots are 👌

9:25 Knew those values looked familiar :)

Yay!, We got a new video 🎉

Wait, at about 10:10 it occurred to me that the process sounds a lot like a neural network, with sequences of linear and nonlinear transformations!

Men, youuuu arrrrre awesome ❤

It's funny that XOR-OTP is 100% guaranteed secure, but AES is only secure in practice, not in theory. Nobody knows if AES has some *hidden vulnerability* that reduces its effective security by orders of magnitude. Some small vulnerabilities have been found, but they reduce the effective security by ~5 key bits, not half of all bits

If I am correct, key is weakest point of that security system. It is in need to deliver it somehow to encrypet message reciever.

Are you planning to do a video like this about TLS? I'd be perfect.

Great job

The robots look like they're Wall-E and Eve's kids

can you make an animation about JWT authentication tokens? i still cant wrap my head around using it for logging in and logging out!

Cool video but i wish it showed the decryption step. As is, AES seems like a fancy hash. I cant fathom how youd do all of that backward again!

Amazing Brian

Interesting. Why is the substitution important for confusion? Wouldn't just applying the round keys do a similar job?

"I'm gonna go get the papers, get the papers."

I loved thisñ

My brain has a very strong confusion algorithm

Thank you goddammit

Seems like mix columns is pretty similar to the key expansion?

By hearing his voice was about to comment its brian from CS50 then in description foind out ohh its him 😅

Kesini gegara direkom mbak luth

How is the key sent to the person you want to be able to “read” the message?

👌

What blows my mind is how the designer of AES guaranteed that the algorithm could be reversed so you can decrypt that giant mess of ciphertext back to the plaintext. Lots and lots of complex math I'll probably never understand.

Now I know AES mix and modifies the bits and bytes of data, and thus it's very secure. I wonder how can we decrypt it...

But how to share the key between the two actors ?

4:16 One really non-performant way to do it with just the simple XOR algorithm is to make the key an transcendental number that can be computed one digit at a time, then send a second piece of data for what digit you're on and so long as they don't know the transcendental number you can iterate through the digits of your number forever without them being any wiser this will of course be limited by how accurately you're computing and the number of bits used to tell the digit you're on, and you'd have to come up with a new transcendental number each time you want a new key.

is the narrator from CS50?

and that's faster than rsa??? It already looks so expensive to run

Yeay, a new video to learn from Brian. Thank you!

Do for Boyer moore algorithm like Fighting

the “uh” sounds at the end of your words are excrutiating

Please upload java course +dsa

good animation :)

The biggest issue with making an AES I would say is the "S" section. Need to stop knowing the AES from working as the sole needed tool to break through it.

How to decrypt with key (or without 😏)

The best thing is that the target is confusion

why can't AES be generalized to higher sizes, like 512 bytes or 1024 etc etc?

When it won the NIST contest, Rijndael reigned all.

12:41 The cyclic group with 256 elements is not a field since 256 is not prime.

6:56 multiple xor lol

The explanation is good but without explaining the reversing operation it's seems just as hashing and not encrypting

Best of the best

I was some day trying to serch up this stuff and i culdnt find anything usful so thanks wery much

0:35 The phrase "One algorithm - Rijndael - won the competition" does sound like "One algorithm reigned all - won the competition". I cannot imagine this is an accident. Well done!

AES is still less secure than a one time key .... The weak point of a one time key, is the same weak point of an AES the key ... if this is compromised it's trivial to decrypt ... the difference is that the AES key is relatively short and only needs to be transmitted once via an other channel - the one time key is long and needs to be updated when it runs out ...

You didn't mention the IV at all. How does CTR block chaining work exactly? It's almost magical, makes the block cipher behave exactly like a stream cipher.