An encryption standard developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.
The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
_Round_Function.png) Visualization of the AES round function | |
| General | |
|---|---|
| Designers | Joan Daemen, Vincent Rijmen |
| First published | 1998 |
| Derived from | Square |
| Successors | Anubis, Grand Cru, Kalyna |
| Certification | AES winner, CRYPTREC, NESSIE, NSA |
| Cipher detail | |
| Key sizes | 128, 192 or 256 bits |
| Block sizes | 128 bits |
| Structure | Substitution–permutation network |
| Rounds | 10, 12 or 14 (depending on key size) |
| Best public cryptanalysis | |
| Attacks have been published that are computationally faster than a full brute-force attack, though none as of 2013 are computationally feasible. For AES-128, the key can be recovered with a computational complexity of 2126.1 using the biclique attack. For biclique attacks on AES-192 and AES-256, the computational complexities of 2189.7 and 2254.4 respectively apply. Related-key attacks can break AES-256 and AES-192 with complexities 299.5 and 2176 in both time and data, respectively. Another attack was blogged and released as a preprint in 2009. This attack is against AES-256 that uses only two related keys and 239 time to recover the complete 256-bit key of a 9-round version, or 245 time for a 10-round version with a stronger type of related subkey attack, or 270 time for an 11-round version. | |
AES is a variant of the Rijndael block cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
AES has been adopted by the U.S. government. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001. This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable.
AES is included in the ISO/IEC 18033-3 standard. AES became effective as a U.S. federal government standard on May 26, 2002, after approval by the U.S. Secretary of Commerce. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the U.S. National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.
