Content deleted Content added
No edit summary Tags: Reverted Mobile edit Mobile web edit |
→External links: demo link added |
||
| (10 intermediate revisions by 8 users not shown) | |||
Line 3:
| name = Advanced Encryption Standard{{break}}(Rijndael)
| image = [[File:AES (Rijndael) Round Function.png|250px]]
| caption =
| designers = [[Joan Daemen]], [[Vincent Rijmen]]
| publish date = 1998
Line 20 ⟶ 16:
| cryptanalysis = Attacks have been published that are computationally faster than a full [[brute-force attack]], though none as of 2023 are computationally feasible.<ref name="aesbc">{{cite web |url=http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-url=https://web.archive.org/web/20160306104007/http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-date=March 6, 2016 |title=Biclique Cryptanalysis of the Full AES |access-date=May 1, 2019 |url-status=dead |df=mdy-all}}</ref>
For AES-128, the key can be recovered with a [[computational complexity]] of 2<sup>126.1</sup> using the [[biclique attack]]. For biclique attacks on AES-192 and AES-256, the computational complexities of 2<sup>189.7</sup> and 2<sup>254.4</sup> respectively apply. [[Related-key attack]]s can break AES-
Another attack was blogged<ref name="Bruce Schneier">{{cite web |url=http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |title=Another New AES Attack |author=Bruce Schneier |date=2009-07-30 |work=Schneier on Security, A blog covering security and security technology |access-date=2010-03-11 |url-status=live |archive-url=https://web.archive.org/web/20091005183132/http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |archive-date=2009-10-05}}</ref> and released as a [[preprint]]<ref>{{cite web |url=https://eprint.iacr.org/2009/374 |title=Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds |author=Alex Biryukov |author2=Orr Dunkelman |author3=Nathan Keller |author4=Dmitry Khovratovich |author5=Adi Shamir |date=2009-08-19 |access-date=2010-03-11 |archive-url=https://web.archive.org/web/20100128050656/http://eprint.iacr.org/2009/374 |archive-date=28 January 2010 |url-status=live}}</ref> in 2009. This attack is against AES-256 that uses only two related keys and 2<sup>39</sup> time to recover the complete 256-bit key of a 9-round version, or 2<sup>45</sup> time for a 10-round version with a stronger type of related subkey attack, or 2<sup>70</sup> time for an 11-round version.
Line 28 ⟶ 24:
The '''Advanced Encryption Standard''' ('''AES'''), also known by its original name '''Rijndael''' ({{IPA|nl|ˈrɛindaːl}}),<ref name="Rijndael-ammended.pdf" /> is a specification for the [[encryption]] of electronic data established by the U.S. [[National Institute of Standards and Technology]] (NIST) in 2001.<ref name="fips-197">{{cite web |url=https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |title=Announcing the ADVANCED ENCRYPTION STANDARD (AES) |publisher=United States National Institute of Standards and Technology (NIST) |work=Federal Information Processing Standards Publication 197 |date=November 26, 2001 |access-date=August 26, 2024 |url-status=live |archive-url=https://web.archive.org/web/20240823165748/https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |archive-date=August 23, 2024}}</ref>
AES is a variant of the Rijndael [[block cipher]]<ref name="Rijndael-ammended.pdf">{{cite web |url=http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |title=AES Proposal: Rijndael |last1=Daemen |first1=Joan |last2=Rijmen |first2=Vincent |date=March 9, 2003 |publisher=National Institute of Standards and Technology |page=1 |access-date=21 February 2013 |url-status=live |archive-url=https://web.archive.org/web/20130305143117/http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |archive-date=5 March 2013}}</ref> developed by two [[Belgium|Belgian]] cryptographers, [[Joan Daemen]] and [[Vincent Rijmen]], who submitted a proposal<ref name="Rijndaelv2">{{cite web |url=http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |url-status=dead |archive-url=https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |archive-date=February 3, 2007 |title=AES Proposal: Rijndael |author=Joan Daemen and Vincent Rijmen |date=September 3, 1999}}</ref> to NIST during the [[Advanced Encryption Standard process|AES selection process]].<ref>{{Cite news |title=U.S. Selects a New Encryption Technique |
AES has been adopted by the [[Federal government of the United States|U.S. government]]. It supersedes the [[Data Encryption Standard]] (DES),<ref>{{cite news |url=http://www.findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |title=NIST reports measurable success of Advanced Encryption Standard |work=Journal of Research of the National Institute of Standards and Technology |first=Harold B. |last=Westlund |date=2002 |url-status=dead |archive-url=https://web.archive.org/web/20071103105501/http://findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |archive-date=2007-11-03}}</ref> which was published in 1977. The algorithm described by AES is a [[symmetric-key algorithm]], meaning the same key is used for both encrypting and decrypting the data.
Line 189 ⟶ 185:
The Cryptographic Algorithm Validation Program (CAVP)<ref>{{cite web |url=http://csrc.nist.gov/groups/STM/cavp/index.html |title=NIST.gov – Computer Security Division – Computer Security Resource Center |publisher=Csrc.nist.gov |access-date=2012-12-23 |url-status=live |archive-url=https://web.archive.org/web/20130102044410/http://csrc.nist.gov/groups/STM/cavp/index.html |archive-date=2013-01-02}}</ref> allows for independent validation of the correct implementation of the AES algorithm. Successful validation results in being listed on the NIST validations page.<ref>{{cite web |url=http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm |title=Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules |url-status=dead |archive-url=https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm |archive-date=2014-12-26 |access-date=2014-06-26}}</ref> This testing is a pre-requisite for the FIPS 140-2 module validation. However, successful CAVP validation in no way implies that the cryptographic module implementing the algorithm is secure. A cryptographic module lacking FIPS 140-2 validation or specific approval by the NSA is not deemed secure by the US Government and cannot be used to protect government data.<ref name="cnss.gov"/>
FIPS 140-2 validation is challenging to achieve both technically and fiscally.<ref name="openssl">{{cite web |author=OpenSSL, openssl@openssl.org |url=http://openssl.org/docs/fips/fipsnotes.html |title=OpenSSL's Notes about FIPS certification |publisher=Openssl.org |access-date=2012-12-23 |url-status=dead |archive-url=https://web.archive.org/web/20130102203126/http://www.openssl.org/docs/fips/fipsnotes.html |archive-date=2013-01-02}}</ref> There is a standardized battery of tests as well as an element of source code review that must be passed over a period of a few weeks. The cost to perform these tests through an approved laboratory can be significant (e.g., well over
== Test vectors ==
Line 229 ⟶ 225:
* [http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf Animation of Rijndael] – AES deeply explained and animated using Flash (by Enrique Zabala / University ORT / Montevideo / Uruguay). This animation (in English, Spanish, and German) is also part of [[CrypTool|CrypTool 1]] (menu Indiv. Procedures → Visualization of Algorithms → AES).
* [https://formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng-html5.html HTML5 Animation of Rijndael] – Same Animation as above made in HTML5.
* [https://infsec.de/aes-in-excel-eng/ AES Demo in Excel] - Example implementation and demonstration in Excel (without macros) by Tim Wambach.
{{Cryptography navbox | block}}
| |||