You’ve probably come across the acronym AES more than once. Maybe you’ve even wondered: What is AES? What makes it so special? If so, you’ve come to the right place. In this article, we’ll tell you all you need to know about AES, the Advanced Encryption Standard.
We can define AES as a modern block cipher that supports three key lengths of 128, 192, and 256-bit encryption. It provides excellent long-term security against brute-force attacks.
Here’s the thing:
As of 2010, AES was the most popular file encryptor in the world; it’s widely used in secure file transfer protocols like FTPS, HTTPS (which we have on this website), SFTP, AS2, WebDAVS, and OFTP. Most of the VPN services reviewed here on TechJury are happy to announce they use the highest level of AES encryption. The likes of ExpressVPN and CyberGhost utilize 256-bit AES as a matter of fact.
Specific numbers about its adoption are hard to come by, Professor Christof Paar of the Ruhr University of Bochum, Germany – a world-renowned specialist in AES cryptology – has estimated that it is used to encrypt over 50% of all data globally. Sounds quite impressive, doesn’t it?
Wait – there’s more:
The US National Security Agency authorizes the transmission of classified data at TOP SECRET level through AES. We’re talking official state secrets here, James Bond style. Shaken, not stirred.
So, what’s the big deal?
How It All Began
Let’s start with a bit of background information on encryption standards. The earlier Data Encryption Standard (DES), developed in the mid-1970s and officially adopted in 1977, had become outdated and increasingly susceptible to cyberattacks by the 1990s. So, the US National Institute of Standards and Technology (NIST) decided to replace it with a new, advanced standard.
NIST solicited and ultimately considered several proposals. The winning one, submitted by two young Belgian cryptologists – Vincent Rijmen and Joan Daemen – was called Rijndael. We use it synonymously with AES. NIST officially adopted the new encryption system in November 2001, and it became effective in May 2002. The rest of the world quickly followed suit.
But enough with the boring stuff. Let’s move on to the specifics.
What Is AES?
At its simplest, AES is a cryptographic algorithm used to protect electronic data. It’s a symmetric block cipher that can encrypt and decrypt information. Encryption converts data to an unintelligible form called ciphertext. Decryption converts the data back into its original form called plaintext.
Here’s what makes it so special:
First, AES has an encryption key length of 128, 192, and 256 bits, which can encrypt and decrypt data in blocks of 128 bits. The longest AES encryption key length is also known as military grade encryption. While it is the most secure, you should be perfectly fine using any of the other two – unless, like the US National Security Agency, you fear future attacks from quantum computers!
Second, it can resist most if not all known attacks (more on that a bit later).
Third, it is fast and compact on a wide range of platforms. Using optimum performance you can achieve ca. 1.3 cycles/byte on a single-core Intel® Core™ i7 Processor Extreme Edition, i7-980X for AES-128 in parallel modes. Not bad at all.
All of this makes it extremely popular. Which brings us to:
How AES Works
Like many other block ciphers, AES uses rounds of encryption that carry out the cipher transformations. Each round typically consists of several building blocks designed jointly to create a function, which is then run multiple times. The number of rounds AES performs depends on the length of its key. At 128 bits, it does 10 at 192 – 12, and at 256 – 14.
Unlike its predecessor – the aforementioned DES – which can only encrypt about half of the data path in each round, AES is capable of encrypting the whole data path in one round.
Each round consists of four layers:
1) SubBytes provides excellent confusion – “confusion,” as it relates to AES, is a property of a secure cipher’s operation. It makes the relationship between the ciphertext and the symmetric key as complex as possible. This creates non-linear tables, which are extremely good at eliminating patterns.
2) ShiftRows provides diffusion – where “diffusion” is another property of the operation of a secure AES cipher. The goal here is to dissipate the statistical structure of plaintext over the ciphertext by spreading every part of the input to every part of the output.
3) MixColumns provides further diffusion for added effectiveness.
4) AddRoundKey mixes the key, making it impossible for an attacker to calculate what the cipher does.
Interestingly, the last round does not have a MixColumns layer. This makes the encryption and decryption scheme symmetric.
The addition of a subkey at the beginning and at the end is known as key whitening.
That’s all well and good, I can hear you saying, but still a bit vague. Can you give us an example?
OK, here’s one:
AES Encryption Example
You’re probably familiar with the following (often misquoted) famous lines from William Shakespeare’s Romeo and Juliet:
“What’s in a name? That which we call a rose
By any other word would smell as sweet.”
And this is what they look like in AES 256-bit encryption:
Not nearly as romantic, I suppose, although this would certainly make a highly original Valentine’s Day card. In any event, you can try to encrypt your own plays – or anything else for that matter – here:
That’s quite enough poetry for one day.
There’s much more we can look at, starting with:
Great news! The founders of the AES algorithm specified in their initial proposal that neither it nor any of its implementations would be subject to patents. This makes it free to use. We can find it in all sorts of software, firmware, hardware, or any combination thereof. Perhaps the most common use you’re likely to come across is in…
Wi-Fi security protocols, such as WPA-PSK (AES) and WPA2-PSK (AES). You will generally find the older TKIP (Temporal Key Integrity Protocol) alongside AES. The original purpose of TKIP was to replace the rather insecure WEP (Wired Equivalent Privacy). Unfortunately, it did not prove much of an improvement on its predecessor. So, the much more secure AES came along with the new WPA2 (Wi-Fi Protected Access II) encryption type. The PSK part of the abbreviation means Pre-shared Key, and it is your encryption passphrase.
Programming languages, such as Java and Python, can also benefit from AES security as can, rather more prosaically, that most useful tool for setting up a secret scheme with your chums, known as Facebook Messenger. Perhaps you owe some nefarious London gangster half a million pounds, as the lads in the cult British movie Lock, Stock, and Two Smoking Barrels did, and you need to figure out how to get the money straight away. Perhaps not.
If you’re going to use Facebook Messenger to keep the exact time and place of that affair of yours away from prying eyes, you’ll ask the question:
Is AES Safe?
In general, the strength of encryption depends on the length of the numeric key that scrambles and unscrambles messages.
And here’s the crazy bit:
It’s not possible to carry out a successful brute-force attack on AES-256; any such attempt would require roughly as many combinations as 1,100 followed by 75 zeroes. Quite the number, isn’t it?
In 2017 Dutch researchers managed to extract AES 256 encryption keys using a side-channel attack with improved antenna and signal processing. The equipment cost less than $200, so you could do it yourself – but bear in mind you’ll need to be less than a yard away from the device you’re targeting.
The story of the Advanced Encryption Standard, which began a quarter of a century ago with researchers from the Low Countries, has come full circle with researchers from the same neck of the woods. As of 2019, AES remains the most widely used file encryption software for the protection of electronic data throughout the world. What’s more, it’s likely to remain that way, at least for the very near future.
There’s a good chance you’re using it on whatever device you’re reading this text – which is why you already love it, even if you weren’t aware of this up till now.
Frequently Asked Questions
Q: Where is AES encryption used?
A: It can be used in a wide variety of software, firmware, hardware, or any combination thereof. Its most common use is in Wi-Fi, especially WPA2-PSK (AES); you can also use it in several programming languages, such as Crypto++, Java, and Python, and even in Facebook Messenger.
Q: How safe is AES?
A: It is very safe. Its largest key length size (256-bit) can resist any brute-force attack. It is only in 2017 that Dutch researchers managed to extract encryption keys by way of a side-channel attack with the use of improved antenna and signal processing.
Q: Is AES free to use?
Yes, it is freely available to anyone. The founders specified that it would not be subject to patents.
Q: What is AES?
A: AES, which stands for Advanced Encryption Standard, is a cryptographic algorithm used to protect electronic data. It was originally developed by cryptologists from Belgium in the late 1990s. In essence, it’s a symmetric block cipher that can encrypt and decrypt information. Encryption converts data to an unintelligible form called ciphertext; decryption converts the data back into its original form called plaintext. The US National Institute of Standards and Technology approved it in November 2001, and it entered circulation in May 2002.
Akdemir, Kahraman, Martin Dixon, Wajdi Feghali, Patrick Fay, Vinodh Gopal, Jim Guilford, Erdinc Ozturk, Gil Wolrich, Ronen Zohar, “Breakthrough AES Performance with Intel® AES New Instructions Intel White Paper,” 2010: https://software.intel.com/sites/default/files/m/d/4/1/d/8/10TB24_Breakthrough_AES_Performance_with_Intel_AES_New_Instructions.final.secure.pdf. Last accessed March 11, 2019.
Daemen, Joan, and Vincent Rijmen, AES Proposal: Rijndael. Document version 2, 1999: https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf. Last accessed March 8, 2019.
Federal Information Processing Standards Publication 197: Announcing the Advanced Encryption System. November 26, 2001: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf. Last accessed March 8, 2019.
Fox-IT, “TEMPEST Attacks against AES: Covertly Stealing Keys for €200,” 2017: https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf. Last accessed March 8, 2019.
Paar, Christof, and Pelzl, Jan, Understanding Cryptography: A Textbook for Students and Practitioners. New York: Springer, 2009.
Paar, Christoff, “Introduction to Cryptography by Christoff Paar: Lecture 8: Advanced Encryption Standard (AES),” Winter Semester 2010: https://www.springer.com/gp/book/9783642041006. Last accessed March 8, 2019.