Menu

Menu

Table of Contents

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a widely-used symmetric-key encryption algorithm that is used to protect sensitive data, such as financial transactions, military communications, and personal information. It was adopted by the US government as a standard in 2001. AES encryption uses one of the block ciphers methods, where encrypted information and decrypted information is in fixed-size blocks, and is considered to be highly secure due to its key length and mathematical properties.

Advanced Encryption Standard AES is a symmetric block cipher algorithm with a block size of 128 bits and a key of 128/192/256 bits, adopted as the US encryption standard by the results of the AES competition. It was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. This algorithm has been well analyzed and is now widely used, as was the case with his Data Encryption Standard DES advocacy.

The National Institute of Standards and Technology NIST published the AES specification on November 26, 2001, after a five-year period during which 15 candidates were created and evaluated. On May 26, 2002, AES was announced as the encryption standard. As of 2009, AES is one of the most widely used symmetric encryption algorithms.

The need for the adoption of a new standard was caused by the small length of the DES key of 56 bits, which theoretically made it possible to use a brute force method or exhaustive search of keys against this algorithm. In addition, the DES architecture was oriented towards hardware implementation, and the software implementation of the algorithm on platforms with limited resources did not provide sufficient performance. The 3-DES modification had a sufficient key length but was three times slower.

On January 2, 1997, NIST announces its intention to select a successor to DES, which has been the American standard since 1977. On October 2, 2000, it was announced that the winner of the competition was the Rijndael cipher, and the standardization procedure began. On February 28, 2001, the draft was published, and on November 26, 2001, AES was adopted as FIPS 197.

The main features of AES encryption include:

- Scattering – Changing any character of the AES key or plaintext affects a large number of characters of the ciphertext.
- Mixing – the transformations used make it difficult to obtain statistical dependencies between the plaintext and the private text.
- Not susceptible to many types of cryptanalytic attacks, such as differential cryptanalysis, linear cryptanalysis, and square attack.
- Byte-oriented structure, which gives good prospects for the implementation of the algorithm in future processors.
- High performance on various platforms.

On August 20, 1998, a list of 15 candidates was announced at the 1st AES conference: CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, Rijndael, SAFER+, Serpent, Twofish.

In subsequent discussions, these algorithms were subjected to a comprehensive analysis, and not only cryptographic properties were investigated, such as resistance to known attacks, the absence of weak encryption keys, and good statistical properties, but also practical aspects of implementation: optimization of code execution speed on various architectures, the possibility of optimizing code size, the possibility of parallelization. Candidates were tested for the formation of random binary sequences using the NIST statistical test suite.

During the first round, testing was carried out with 128-bit keys. Only 9 algorithms out of 15 were able to pass the statistical tests, namely: CAST-256, DFC, E2, LOKI-97, MAGENTA, MARS, Rijndael, SAFER+, and Serpent. In March 1999, the 2nd AES conference was held, and in August 1999, 5 finalists were announced: MARS, RC6, Rijndael, Serpent, and Twofish.

In the second round, the suitability of the first-round finalists as random number generators was evaluated based on 192-bit and 256-bit keys, and all five finalists were successfully tested. The Rijndael algorithm received the most votes.

During the third conference, Rijndael was analyzed with a reduced number of rounds, and its weakness, in this case, was shown, the issue of integrating all five candidate algorithms into the final standard was discussed, and all algorithms were tested again. At the end of the second day, a presentation was held, at which the applicants talked about their algorithms, their advantages, and their disadvantages.

On October 2, 2000, it was announced that the winner of the competition was the Rijndael algorithm, and the standardization procedure began.

AES relies on the substitution-permutation network principle which means it is performed using a series of linked operations that involves replacing and shuffling of the input data.

Initially, the input data is divided into blocks of 16 bytes, if the total size is not a multiple of 16 bytes, then the data is padded to a size that is a multiple of 16 bytes. Blocks are represented as a 4×4 matrix – state. Next, the key expansion procedure occurs and operations 2-4 are applied to each state block. So, the algorithm consists of the following steps:

**KeyExpansion**– Key extension. The initial round is the addition of state with the main key.

9 rounds of encryption, each of which consists of transformations:

**SubBytes**

**ShiftRows**

**MixColumns**

**AddRoundKey**

Final round consisting of transformations:

**SubBytes**

**ShiftRows**

**AddRoundKey**

Since all encryption transformations are performed unambiguously, there is an inverse transformation by which the ciphertext is translated into plaintext. The reverse transformation is a sequence of inverted encryption operations performed in reverse order:

**KeyExpansion**

9 rounds of AES decryption process, each of which consists of transformations:

**AddRoundKey**– summation of state with a round key**InverseMixColumns**— reverse permutation of state columns**InverseShiftRows**— reverse cyclic shift of state columns**SubBytes**— replacement of state bytes according to the reverse table of substitutions InverseS-box

Final round:

**AddRoundKey****InverseShiftRows****InverseSubBytes**

Let’s take a closer look at each of the above transformations:

**SubBytes** – replacement of state bytes according to the S-box table. Each byte is represented as two hexadecimal numbers b = (x, y), where x is defined by the 4 most significant bits of b and y by the 4 least significant ones. The 16×16 S-box contains values to replace the original byte: the value b at the intersection of row x and column y of the S-box is used as a replacement for the original byte b.

**ShiftRows** – a cyclic shift of state rows. The zero line remains in place, the first is shifted to the left by 1 byte, the second by 2 bytes, and the third by 3, respectively.

**MixColumns** – multiplications of each state column by a fixed matrix. Thus, a linear transformation is performed on the state columns. Moreover, multiplication and addition are performed according to the rules described above.

**AddRoundKey** – the round key is added element by element to state using bitwise XOR.

**KeyExpansion** is a procedure for expanding the main key to create round keys, which are then used in encryption rounds. The extended key consists of 44 four-byte words (wi): 4 words for the main key and 4 words for 10 round keys. Thus, the total length of the extended key is 1408 bits.

AES encryption is one of the strongest cryptographic systems in the world. It has become widespread in many industries where an extremely high level of cybersecurity is required. Today, AES libraries are built for a variety of programming languages, including C, C++, Java, Javascript, and Python.

The AES encryption standard is also used by various file compression programs including 7 Zip, WinZip, and RAR, as well as drive encryption systems like BitLocker and FileVault; and file systems such as NTFS.

AES is also widely used to secure databases and VPNs. For HTTPS in SSL / TLS, AES is often used as an encryption algorithm for transmitted data. In addition, the algorithm is often used in password manager systems and to provide wireless security.

- The main difference between Data Encryption Standard DES and AES encryption is that the block in DES is split into two halves before further processing, while in AES the entire block is processed to produce the ciphertext.
- The DES algorithm works on the principle of the Feistel cipher, while the AES algorithm works on the principle of substitution and permutation.
- The key size of DES is 56 bits, which is comparatively smaller than that of AES cipher, which has 128,192, or a 256-bit secret key.
- Rounds in DES include Expansion Swap, Xor, S-box, P-box, Xor, and Swap. On the other hand, rounds in AES include Subbytes, Shiftrows, Mix columns, and Addroundkeys.
- AES security is more reliable than DES due to the larger key size.
- AES is comparatively faster than DES.

The standard allows only one value of the length of the state block – 128 bits for 3 versions of the AES encryption algorithm. While the key size differs between versions: AES-192 uses a 192-bit master key size and produces 12 encryption rounds, while AES-256 uses a 256-bit master key size and 14 encryption rounds.

More rounds make encryption process more secure. Thus, AES-256 has the most secure implementation. However, it should be noted that the longer the key and the more rounds, the higher the performance requirement.

In the table shown below, the number Nk is the number of words in the key, Nb is the number of words in the block, and Nr is the number of rounds, respectively.

Rivest, Shamir, and Adleman RSA is a public-key cryptographic algorithm based on the computational complexity of the large semiprime factorization problem.

The RSA cryptosystem was the first system suitable for both encryption and digital signature. The algorithm is used in a wide range of cryptographic applications, including PGP, S/MIME, TLS/SSL, IPSEC/IKE, and others.

AES is a symmetric encryption algorithm. It is better suited for the task of encrypting large amounts of data at rest or for encrypting data in motion. However, RSA is better suited for PKI, digital certificates, and digital signatures.

Both algorithms can perfectly complement each other. For example, an AES secret key encrypted with the RSA algorithm can be transmitted over an insecure channel, which greatly simplifies and secures this weak point of symmetric encryption.

There are several models of attacks on this algorithm. It is worth dwelling on the class of third-party channel attacks and briefly considering 2 relevant examples from this class.

This attack is based on the assumption that operations in devices are performed at different times depending on the input data. Thus, by having a set of accurate time measurements for different operations, a cryptanalyst can recover the original data.

The attack under consideration is impossible on algorithms whose operations are performed in the same number of cycles on all platforms: bitwise operations on a fixed number of bits. But since the AES encryption uses addition and multiplication operations that do not satisfy this requirement, it is subject to a timing attack.

Possible methods to counter this type of attack:

- Make the execution time of all operations the same, after which the timing attack becomes impossible. It should be noted that this method is quite difficult to implement, since compiler optimizations, cache access, and other factors can introduce various temporary deviations.
- Add to the execution time of a delay operation of random duration

This attack is based on measuring the power consumption of the device with high accuracy during the operation of the encoder. Thus, the cryptanalyst can obtain information about the operations performed in the device and it becomes possible for him to extract cryptographic keys or other secret information from the device without directly affecting it.

Possible methods to counter this type of attack are:

- Power consumption balancing — during the operation, use all hardware parts of the device.
- Ensuring the independence of energy consumption fluctuations and the processes occurring in the system.

There are different theoretical key attacks:

**Related-Key Attacks**, when there is a way to somehow link the public key to the private key;

**Known-Key Distinguishing Attacks**, when one encrypted data and its known encryption key are used to guess another unknown encrypted data;

**Key-recovery attack,** when one piece of encrypted and decrypted data is used to deduce what the key used to encrypt it was. it’s four times faster than a brute-force attack, nut still requires unreasonable time and resources on it.

The NSA (US National Security Agency) did research on whether a cryptographic attack based on tau statistic may help to break AES. But at present, there is no known practical attack that would allow someone without knowledge of the key to read the AES encrypted data.

Advanced Encryption Standard AES is a strong and widely-used encryption algorithm that provides secure protection for sensitive data. Its adoption as a standard by the US government and its widespread use in industries such as finance and military communications attest to its effectiveness in securing information. AES’s block cipher method and strong mathematical properties make it a trusted tool for encryption. Helenix develops cryptographic solutions for a wide variety of use cases, you can learn more about our competencies in the Custom Development section.

Yes, Advanced Encryption Standard AES encryption is considered to be a highly secure encryption algorithm due to its use of strong key lengths and mathematical properties.

AES encryption algorithm is considered to be one of the best encryption methods, but there is no single “best” encryption method as security needs vary based on context.

RSA and AES serve different purposes, with RSA used for key exchange and digital signing and AES encryption used for data encryption. Both are secure when used correctly.

AES-256 uses a 256-bit key length, providing a higher level of security than the commonly used AES-128. It is considered secure for protecting sensitive information.