The Advanced Encryption Standard

The symmetric encryption algorithm now most likely encountered in a new application is the Advanced Encryption Standard or AES. In this section, we provide a brief introduction to AES.

Development of AES

In 1998, NIST issued a call for proposals for a new block cipher standard referred to as the AES. The three main requirements for candidate algorithms proposed by NIST were as follows:

1. The block size should be 128 bits.

2. The block cipher should be designed to offer variable key lengths of 128, 192, and 256 bits to allow for future developments in exhaustive key search efforts. These key lengths are all currently well beyond the capabilities of state-of-the-art exhaustive key search techniques.

3. The block cipher had to operate faster than Triple DES across a range of different computing platforms.

In contrast to the development of DES, it was specified during the call for proposals that the selection process would be by an open public ‘competition’ and the chosen algorithm, design, and details would be made freely available. There are probably two reasons why NIST made such a decision:

• Confidence: to allay the suspicions that hung over the development process for DES and thus to maximize public confidence in, and international adoption of, the resulting encryption standard.

• Expertise: to benefit from the dramatic increase in public expertise in cryptology that had taken place between the 1970s and the 1990s by: encouraging the best cryptographic designers to take part and obtaining the widest scrutiny of the candidate algorithms.

As a result of this call, 15 candidate proposals were received and quickly reduced to 11. In 1999, after a public consultation process, these were further reduced to five candidates. Finally, in 2000, the winning algorithm Rijndael was selected. Rijndael was designed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who worked for a Belgian card payment organization and a Belgian university.

While Rijndael was selected on merit after significant scrutiny by international experts, it did not harm the confidence that the final selection was not from the US and was designed by a partnership between the commercial and academic sectors. The principal reasons for Rijndael’s final selection were due to performance issues and not security issues. The four other finalists in the AES process, MARS, RC6, Serpent, and Twofish, are highly regarded.

Federal Information Processing Standard (FIPS 197), the Advanced Encryption Standard, was published in 2001 and contained a slightly modified version of Rijndael. This standard specifies AES as a symmetric encryption algorithm used by US government organizations (and others) to protect sensitive information.

Design of AES

Unlike DES, AES isn’t designed to have an exact blueprint such as the Feistel cipher. However, it’s based on a design principle often referred to as a substitution–permutation network. Under this principle, the design is based on a series of linked operations, some of which involve replacing inputs with specific outputs (substitutions) and others shuffling bits around (permutations). A detailed specification of AES is beyond our scope. However, we’ll provide at least a conceptual overview of the encryption process.

AES encryption

It’s worth noting that AES performs all its computations on bytes rather than bits. Hence, AES first interprets the 128 bits of a plaintext block as 16 bytes. AES then computes several rounds. Similarly to DES, each of these rounds uses a different 128-bit round key, which is calculated from the original AES key and the details of which can be found in the AES key schedule (part of the AES algorithm, which we will not discuss further). Unlike DES, the number of rounds is variable, depending on the length of the AES key. AES employs 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys.

One round of AES is depicted in the illustration below: