Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is a data encryption standard widely used by many parts of the US government and by private organizations. Data encryption standards such as AES are designed to protect data on computers. AES is a symmetric block cipher algorithm, which means that it encrypts and decrypts information using an algorithm. Since AES was first chosen as the US government's preferred encryption software, hackers have tried to develop ways to break the cipher, but some estimates suggest that it could take billions of years for current technology to break AES encryption. In the future, however, new technology could make AES obsolete.

Origins of AES

The US government has used encryption to protect classified and other sensitive information for many years. During the 1990s, the US government relied mostly on the Data Encryption Standard (DES) to encrypt information. The technology of that encryption code was aging, however, and the government worried that encrypted data could be compromised by hackers. The DES was introduced in 1976 and used a 56-bit key, which was too small for the advances in technology that were happening. Therefore, in 1997, the government began searching for a new, more secure type of encryption software. The new system had to be able to last the government into the twenty-first century, and it had to be simple to implement in software and hardware.

The process for choosing a replacement for the DES was transparent, and the public had the opportunity to comment on the process and the possible choices. The government chose fifteen different encryption systems for evaluation. Different groups and organizations, including the National Security Agency (NSA), had the opportunity to review these fifteen choices and provide recommendations about which one the government should adopt.

Two years after the initial announcement about the search for a replacement for DES, the US government chose five algorithms to research even further. These included encryption software developed by large groups (e.g., a group at IBM) and software developed by a few individuals.

The US government found what it was looking for when it reviewed the work of Belgian cryptographers Joan Daemen and Vincent Rijmen. Daemen and Rijmen had created an encryption process they called Rijndael. This system was unique and met the US government’s requirements. Prominent members of the cryptography community tested the software. The government and other organizations found that Rijndael had blocked encryption implementation; it had 128-, 192-, and 256-bit keys; it could be easily implemented in software, hardware, or firmware; and it could be used around the world. Because of these features, the government and others believed that the use of Rijndael as the AES would be the best choice for government data encryption for at least twenty to thirty years.

Refining the Use of AES

The process of locating and implementing the new encryption code took five years. The National Institute of Standards (NIST) finally approved the AES as Federal Information Processing Standards Publication (FIPS PUB) 197 in November 2001. (FIPS PUBs are issued by NIST after approval by the Secretary of Commerce, and they give guidelines about the standards people in the government should be using.) When the NIST first made its announcement about using AES, it allowed only unclassified information to be encrypted with the software. Then, the NSA did more research into the program and any weaknesses it might have. In 2003—after the NSA gave its approval—the NIST announced that AES could be used to encrypt classified information. The NIST announced that all key lengths could be used for information classified up to SECRET, but TOP SECRET information had to be encrypted using 192- or 256-bit key lengths.

Although AES is an approved encryption standard in the US government, other encryption standards are used. Any encryption standard that has been approved by the NIST must meet requirements similar to those met by AES. The NSA has to approve any encryption algorithms used to protect national security systems or national security information.

According to the US federal government, people should use AES when they are sending sensitive (unclassified) information. This encryption system can also be used to encrypt classified information, as long as the correct size of key code is used according to the level of classification. Furthermore, people and organizations outside the federal government can use the AES to protect their own sensitive information. When workers in the federal government use AES, they are supposed to follow strict guidelines to ensure that information is encrypted correctly.

The Future of AES

The NIST continues to follow developments with AES and within the field of cryptology to ensure that AES remains the government’s best option for encryption. The NIST formally reviews AES (and any other official encryption systems) every five years. The NIST will make other reviews as necessary if any new technological breakthroughs or potential security threats are uncovered.

Although AES is one of the most popular encryption systems on the market, encryption itself may become obsolete in the future. With 2020s technologies, it would likely take billions of years to break an AES-encrypted message. However, quantum computing is becoming an important area of research, and developments in this field could make AES and other encryption software obsolete. DES, AES's predecessor, can now be broken in a matter of hours, but when it was introduced, it also was considered unbreakable. As technology advances, new ways to encrypt information will have to be developed and tested. Some experts believe that AES will be effective until the 2030s or 2040s, but the span of its usefulness will depend on other developments in technology.

Bibliography

"Advanced Encryption Standard (AES)." Geeks for Geeks, 16 July 2024, www.geeksforgeeks.org/advanced-encryption-standard-aes/. Accessed 19 Nov. 2024.

"Advanced Encryption Standard (AES)." Techopedia.com. Janalta Interactive Inc. Web. 31 July 2015. http://www.techopedia.com/definition/1763/advanced-encryption-standard-aes

"AES." Webopedia. QuinStreet Inc. Web. 31 July 2015. http://www.webopedia.com/TERM/A/AES.html

Daniel, Brett. "What Is AES Encryption? [The Definitive Q&A Guide]." Trenton Systems, 31 Mar. 2021, www.trentonsystems.com/blog/aes-encryption-your-faqs-answered. Accessed 30 Dec. 2022.

National Institute for Standards and Technology. "Announcing the Advanced Encryption Standard (AES): Federal Information Processing Standards Publication 197." NIST, 2001. Web. 31 July 2015. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

National Institute for Standards and Technology. "Fact Sheet: CNSS Policy No. 15, Fact Sheet No. 1, National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information." NIST, 2003. Web. 31 July 2015. http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf

Rouse, Margaret "Advanced Encryption Standard (AES)." TechTarget. TechTarget. Web. 31 July 2015. http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard

Wood, Lamont. "The Clock Is Ticking for Encryption." Computerworld. Computerworld, Inc. 21 Mar. 2011. Web. 31 July 2015. http://www.computerworld.com/article/2550008/security0/the-clock-is-ticking-for-encryption.html