AES is one of the most widely used encryption protocols, but where did it come from and how does it work?
The Advanced Encryption Standard – AES for short –is a method of securing data first conceived in the late 1990s and still in use today.
AES is also sometimes known as Rijndael, although this name isn't really correct as it's in fact a subset of the Rijndael algorithm ciphers.
How was AES developed?
AES was developed by two Belgian cryptography researchers, Vincent Rijmen and Joan Daemen, following an appeal by the US National Institute of Standards and Technology (NIST), which was looking for a replacement for the Data Encryption Standard (DES).
DES had been in use by the US government to share sensitive, but unclassified, data since 1977. However, in the 1990s, it was discovered that the protocol wasn't as secure as had been thought, requiring the creation of a new one, and thus AES was developed. After several years of testing, NIST certified the new protocol in 2001 and in 2003 it was declared suitable for use when dealing with classified data too, surpassing DES.
It wasn't just the level of security that made AES a winner when it came to replacing DES, though. It's also fast, both at the hardware and software level, which made it even more attractive than some of the alternatives.
How does AES work?
AES is a substitution permutation network (SPN) block cipher algorithm. This means the algorithm takes a block of plain text and applies alternating rounds of substitution and permutation boxes to it. In AES, the size of each box is 128, 192 or 256 bits, depending on how strong the encryption needs to be, but 128-bit is typical.
An encryption key is generated during the substitution-permutation process, allowing the data to be deciphered and read by the intended recipient. Without the key, though, the data is completely scrambled and unintelligible.
Where is AES used?
While AES started life as a tool for the US government, including the NSA, it's been adopted by businesses and other organisations worldwide and is now one of the most widely used encryption algorithms around.
It's used in all sorts of file and transfer scenarios. For example, when you transmit files over an HTTPS connection, the chances are AES is keeping your data secure from any man-in-the-middle type attacks.