Advanced Encryption Standard
Generated by DeepSeek V3.2Expansion Funnel Raw 77 → Dedup 33 → NER 12 → Enqueued 12
| Advanced Encryption Standard | |
|---|---|
| Name | Advanced Encryption Standard |
| Caption | The official logo for the Advanced Encryption Standard. |
| Designers | Vincent Rijmen, Joan Daemen |
| Publish date | 2001 |
| Derived from | Square |
| Key sizes | 128, 192, or 256 bits |
| Block sizes | 128 bits |
| Structure | Substitution–permutation network |
| Rounds | 10, 12, or 14 (depending on key size) |
| Cryptanalysis | Best known attacks are on reduced versions; full standard is considered secure. |
Advanced Encryption Standard. It is a specification for the encryption of electronic data established by the National Institute of Standards and Technology in the United States. The algorithm was selected through a public, competitive process initiated to replace the aging Data Encryption Standard and has since become the most widely used symmetric-key cipher globally. Its design, based on the Rijndael cipher developed by Vincent Rijmen and Joan Daemen, provides strong security and efficient implementation in both software and hardware.
History and development
The need for a new encryption standard became urgent in the late 1990s as the security of the Data Encryption Standard was increasingly threatened by advances in cryptanalysis and brute-force attack capabilities. In 1997, the National Institute of Standards and Technology announced a public call for proposals for an Advanced Encryption Standard process. Fifteen initial candidates, including designs like MARS, RC6, Serpent, and Twofish, were submitted from teams around the world, including from IBM and Counterpane Internet Security. After several rounds of analysis and public conferences, the Rijndael cipher, created by Belgian cryptographers Vincent Rijmen and Joan Daemen, was selected in October 2000. The formal standard, Federal Information Processing Standards Publication 197, was published in 2001 and subsequently adopted by the U.S. government, including agencies like the National Security Agency.
Description of the cipher
The algorithm operates on a 128-bit block of data, using a symmetric-key algorithm where the same key is used for both encryption and decryption. The internal structure is a substitution–permutation network, not a Feistel cipher like its predecessor. Processing involves multiple rounds, with the number (10, 12, or 14) determined by the key length (128, 192, or 256 bits). Each round consists of four main operations: SubBytes (a non-linear substitution using an S-box derived from the finite field GF(2^8)), ShiftRows (a transposition step), MixColumns (a mixing operation), and AddRoundKey (where a round key from the key schedule is combined with the state). The key expansion routine transforms the initial cipher key into a series of round keys used throughout the process. Decryption performs the inverse operations in reverse order.
Security and cryptanalysis
Extensive analysis by the global cryptographic community, including researchers at institutions like the Weizmann Institute of Science and Microsoft Research, has solidified its reputation. The most effective attacks known are biclique attacks, which are only marginally faster than a brute-force attack and are considered theoretical, not practical. Side-channel attacks, such as timing attacks or power analysis, pose a more realistic threat to specific implementations, particularly on smart cards, rather than to the algorithm itself. Resistance to linear cryptanalysis and differential cryptanalysis was a core design criterion, and no efficient attacks against the full number of rounds have been discovered. Its security margin is considered substantial, leading to its approval for protecting classified information up to the TOP SECRET level by the National Security Agency.
Implementations and performance
Efficiency across diverse platforms is a hallmark, with highly optimized versions existing for nearly all central processing unit architectures. Many modern CPUs, including those from Intel and Advanced Micro Devices, provide dedicated instruction set extensions like AES instruction set to accelerate operations dramatically in hardware. It is also efficiently implemented in field-programmable gate arrays and application-specific integrated circuits for high-speed networking equipment. In software, it is a core component of cryptographic libraries such as OpenSSL, LibreSSL, and the Microsoft Windows Cryptography API: Next Generation. Performance benchmarks consistently show it to be significantly faster than its predecessor and most other modern block ciphers in both C (programming language) and assembly language implementations, even on resource-constrained devices like those using ARM architecture.
Applications and adoption
Its adoption is virtually universal in securing digital communications and data storage. It is the mandatory cipher in the IEEE 802.11i standard for Wi-Fi Protected Access and forms the basis for Internet Protocol Security and Transport Layer Security protocols that protect web traffic. Major technology firms, including Apple Inc., Google, and Microsoft, use it for encrypting data at rest in services like iCloud, Android (operating system), and BitLocker. It is integral to voice over IP security, virtual private networks, and secure messaging applications like Signal (software). Financial institutions rely on it within the Payment Card Industry Data Security Standard, and it is specified in numerous international standards from ISO/IEC 18033-3 to recommendations by the European Union Agency for Cybersecurity.
Category:Block ciphers Category:Computer security standards Category:Federal Information Processing Standards Category:Cryptography