Back Gevorderde Versleutelingstandaard Afrikaans معيار التعمية المتقدم Arabic Qabaqcıl şifrləmə standartı Azerbaijani Advanced Encryption Standard Bulgarian Advanced Encryption Standard Catalan Advanced Encryption Standard Czech Advanced Encryption Standard Danish Advanced Encryption Standard German AES (kriptado) Esperanto Advanced Encryption Standard Spanish
_Round_Function.png) Visualization of the AES round function | |
| General | |
|---|---|
| Designers | Joan Daemen, Vincent Rijmen |
| First published | 1998 |
| Derived from | Square |
| Successors | Anubis, Grand Cru, Kalyna |
| Certification | AES winner, CRYPTREC, NESSIE, NSA |
| Cipher detail | |
| Key sizes | 128, 192 or 256 bits[note 1] |
| Block sizes | 128 bits[note 2] |
| Structure | Substitution–permutation network |
| Rounds | 10, 12 or 14 (depending on key size) |
| Best public cryptanalysis | |
| Attacks have been published that are computationally faster than a full brute-force attack, though none as of 2023 are computationally feasible.[1]
For AES-128, the key can be recovered with a computational complexity of 2126.1 using the biclique attack. For biclique attacks on AES-192 and AES-256, the computational complexities of 2189.7 and 2254.4 respectively apply. Related-key attacks can break AES-256 and AES-192 with complexities 299.5 and 2176 in both time and data, respectively.[2] Another attack was blogged[3] and released as a preprint[4] in 2009. This attack is against AES-256 that uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version, or 245 time for a 10-round version with a stronger type of related subkey attack, or 270 time for an 11-round version. | |
The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]),[5] is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.[6]
AES is a variant of the Rijndael block cipher[5] developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal[7] to NIST during the AES selection process.[8] Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government. It supersedes the Data Encryption Standard (DES),[9] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001.[6] This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable.[note 3]
AES is included in the ISO/IEC 18033-3 standard. AES became effective as a U.S. federal government standard on May 26, 2002, after approval by U.S. Secretary of Commerce Donald Evans. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the U.S. National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.[note 4]
Cite error: There are <ref group=note> tags on this page, but the references will not show without a {{reflist|group=note}} template (see the help page).
- ^ "Biclique Cryptanalysis of the Full AES" (PDF). Archived from the original (PDF) on March 6, 2016. Retrieved May 1, 2019.
- ^ Alex Biryukov and Dmitry Khovratovich, Related-key Cryptanalysis of the Full AES-192 and AES-256, "Related-key Cryptanalysis of the Full AES-192 and AES-256". Table 1. Archived from the original on 2009-09-28. Retrieved 2010-02-16.
- ^ Bruce Schneier (2009-07-30). "Another New AES Attack". Schneier on Security, A blog covering security and security technology. Archived from the original on 2009-10-05. Retrieved 2010-03-11.
- ^ Alex Biryukov; Orr Dunkelman; Nathan Keller; Dmitry Khovratovich; Adi Shamir (2009-08-19). "Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds". Archived from the original on 28 January 2010. Retrieved 2010-03-11.
- ^ a b Daemen, Joan; Rijmen, Vincent (March 9, 2003). "AES Proposal: Rijndael" (PDF). National Institute of Standards and Technology. p. 1. Archived (PDF) from the original on 5 March 2013. Retrieved 21 February 2013.
- ^ a b "Announcing the ADVANCED ENCRYPTION STANDARD (AES)" (PDF). Federal Information Processing Standards Publication 197. United States National Institute of Standards and Technology (NIST). November 26, 2001. Archived (PDF) from the original on August 23, 2024. Retrieved August 26, 2024.
- ^ Joan Daemen and Vincent Rijmen (September 3, 1999). "AES Proposal: Rijndael" (PDF). Archived from the original (PDF) on February 3, 2007.
- ^ John Schwartz (October 3, 2000). "U.S. Selects a New Encryption Technique". New York Times. Archived from the original on March 28, 2017.
- ^ Westlund, Harold B. (2002). "NIST reports measurable success of Advanced Encryption Standard". Journal of Research of the National Institute of Standards and Technology. Archived from the original on 2007-11-03.