LLMpediaThe first transparent, open encyclopedia generated by LLMs

AES (Advanced Encryption Standard)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: GnuTLS Hop 4
Expansion Funnel Raw 92 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted92
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
AES (Advanced Encryption Standard)
NameAdvanced Encryption Standard
CaptionSubstitution–permutation network structure
OriginUnited States
DesignerJoan Daemen, Vincent Rijmen
Publish date2001
Key size128, 192, 256 bits
Block size128 bits
Rounds10, 12, 14

AES (Advanced Encryption Standard) is a symmetric block cipher selected as a federal information processing standard by a national agency after an international competition. It replaced an earlier cipher in many United States and international systems, serving as a foundational primitive for secure communications in products by Intel Corporation, Microsoft, Apple Inc., Google, and Amazon (company). AES's design and evaluation involved contributions and scrutiny from academic centers such as Katholieke Universiteit Leuven, Tsinghua University, and research groups at Massachusetts Institute of Technology, École Polytechnique Fédérale de Lausanne, and University of California, Berkeley.

History and standardization

The AES selection process was organized by a federal standards agency and began with an open call that attracted submissions from cryptographers associated with institutions including NIST, RSA Security, Mitsubishi Electric, Siemens, and independent teams led by designers like Joan Daemen and Vincent Rijmen. Prominent events during the competition involved evaluations at conferences such as CRYPTO, EUROCRYPT, ASIACRYPT, and discussions in venues like ACM SIGSAC and panels with reviewers from National Security Agency and laboratories such as Los Alamos National Laboratory and Sandia National Laboratories. The winning algorithm was standardized in 2001 after rounds of public review, interoperability testing with vendors like IBM, Sun Microsystems, and adoption guidance issued to agencies including Department of Homeland Security and international bodies like ISO.

Algorithm specification

AES is a substitution–permutation network operating on 128-bit blocks and supporting key lengths of 128, 192, and 256 bits, with 10, 12, or 14 rounds respectively; its structure draws on principles discussed in works by researchers from European Commission-funded projects and published at IACR conferences. The core operations—byte substitution, row shifting, column mixing, and round key addition—use algebraic constructs over Galois field arithmetic originally explored in literature from Technische Universität Darmstadt and Royal Holloway, University of London. The algorithm's S-box derives from multiplicative inversion in a finite field followed by an affine transformation, techniques connected to prior proposals in papers from Bell Labs and academic groups at University College London. Key expansion uses word rotations and round constants, a design approach paralleled in earlier cipher analyses by teams affiliated with Cryptography Research, Inc. and scholars who published in Journal of Cryptology.

Modes of operation and implementation

AES is deployed in block-cipher modes such as CBC, CTR, GCM, and CCM standardized by organizations including IETF, IEEE, and ISO/IEC. Implementations appear in libraries and projects like OpenSSL, LibreSSL, BoringSSL, WolfSSL, and platform frameworks from Oracle Corporation and Red Hat. Hardware acceleration features such as AES-NI were introduced by Intel Corporation and supported by AMD and ARM Holdings processors, with integration into operating systems like Windows NT, Linux kernel, FreeBSD, and macOS. Standards for key management and usage with AES are specified in documents from CMS (Cryptographic Message Syntax), PKCS#11, and enterprise protocols like TLS and IPsec.

Security analysis and cryptanalysis

AES has been subjected to extensive analysis by academics and agencies at conferences including Eurocrypt, CRYPTO, and Usenix Security Symposium. Cryptanalytic techniques applied include differential, linear, integral, and impossible differential attacks developed in studies by researchers from École Normale Supérieure, University of Tokyo, Chinese Academy of Sciences, and Technische Universität München. While no practical full-key recovery attacks are known against the full-round specification, reduced-round variants have been broken in academic settings by teams associated with ANSSI, Nanyang Technological University, and other institutions publishing in the IACR ePrint Archive. Security proofs and tighter bounds have been pursued in theoretical work at Princeton University, Harvard University, and University of Cambridge.

Performance and applications

AES is used in a wide range of applications from disk encryption tools like TrueCrypt and successors, enterprise storage systems by EMC Corporation and NetApp, virtual private networks by Cisco Systems, to secure messaging apps developed by teams at Signal Technology Foundation and companies like WhatsApp. Performance benefits result from software implementations optimized by contributors to projects such as OpenJDK, Golang runtime, and from hardware support in ARM TrustZone, Intel QuickAssist Technology, and FPGA designs used by vendors like Xilinx and Altera. Benchmarks and deployment guidance are published by research groups at NIST and labs such as MITRE.

Vulnerabilities and mitigations

Practical vulnerabilities associated with AES deployments typically arise from side-channel attacks, key management failures, and misuse in inappropriate modes; prominent attacks include timing and cache side-channel exploits demonstrated in research from University of Pennsylvania, Cambridge University, and École Polytechnique. Mitigations include constant-time implementations advocated by teams at Microsoft Research and Google Project Zero, authenticated encryption modes like GCM recommended by IETF and ISO/IEC, and hardware countermeasures implemented by vendors such as Intel Corporation and ARM Holdings. Operational guidance from agencies like NIST and CISA emphasizes proper key lifecycle, random number generation standards influenced by research at University of Waterloo and Carnegie Mellon University, and the use of hybrid cryptographic systems in critical infrastructure overseen by organizations including European Union Agency for Cybersecurity.

Category:Block ciphers