Content deleted Content added
No edit summary Tags: Reverted Visual edit Mobile edit Mobile web edit |
→External links: demo link added |
||
| (2 intermediate revisions by 2 users not shown) | |||
Line 1:
{{Short description|Standard for the encryption of electronic data}}
{{Short description|Standard for the encryption of electronic data}}The '''Advanced Encryption Standard''' ('''AES'''), also known by its original name '''Rijndael''' ({{IPA|nl|ˈrɛindaːl}}),<ref name="Rijndael-ammended.pdf" /> is a specification for the [[encryption]] of electronic data established by the U.S. [[National Institute of Standards and Technology]] (NIST) in 2001.<ref name="fips-197">{{cite web |url=https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |title=Announcing the ADVANCED ENCRYPTION STANDARD (AES) |publisher=United States National Institute of Standards and Technology (NIST) |work=Federal Information Processing Standards Publication 197 |date=November 26, 2001 |access-date=August 26, 2024 |url-status=live |archive-url=https://web.archive.org/web/20240823165748/https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |archive-date=August 23, 2024}}</ref>▼
{{Infobox block cipher
| name = Advanced Encryption Standard{{break}}(Rijndael)
| image = [[File:AES (Rijndael) Round Function.png|250px]]
| caption = Visualization of the AES round function
| designers = [[Joan Daemen]], [[Vincent Rijmen]]
| publish date = 1998
| derived from = [[Square (cipher)|Square]]
| derived to = [[Anubis (cipher)|Anubis]], [[Grand Cru (cipher)|Grand Cru]], [[Kalyna (cipher)|Kalyna]]
| related to =
| certification = [[Advanced Encryption Standard process|AES]] winner, [[CRYPTREC]], [[NESSIE]], [[National Security Agency|NSA]]
| key size = 128, 192 or 256 bits<ref name="keysize" group="note">Key sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128, 192, and 256-bit key sizes are specified in the AES standard.</ref>
| block size = 128 bits<ref name="blocksize" group="note">Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm for each key size, but only the 128-bit block size is specified in the AES standard.</ref>
| structure = [[Substitution–permutation network]]
| rounds = 10, 12 or 14 (depending on key size)
| cryptanalysis = Attacks have been published that are computationally faster than a full [[brute-force attack]], though none as of 2023 are computationally feasible.<ref name="aesbc">{{cite web |url=http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-url=https://web.archive.org/web/20160306104007/http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-date=March 6, 2016 |title=Biclique Cryptanalysis of the Full AES |access-date=May 1, 2019 |url-status=dead |df=mdy-all}}</ref>
For AES-128, the key can be recovered with a [[computational complexity]] of 2<sup>126.1</sup> using the [[biclique attack]]. For biclique attacks on AES-192 and AES-256, the computational complexities of 2<sup>189.7</sup> and 2<sup>254.4</sup> respectively apply. [[Related-key attack]]s can break AES-192 and AES-256 with complexities 2<sup>99.5</sup> and 2<sup>176</sup> in both time and data, respectively.<ref name = relkey>Alex Biryukov and Dmitry Khovratovich, ''Related-key Cryptanalysis of the Full AES-192 and AES-256'', {{cite web |url=https://eprint.iacr.org/2009/317 |title=Related-key Cryptanalysis of the Full AES-192 and AES-256 |access-date=2010-02-16 |url-status=live |archive-url=https://web.archive.org/web/20090928014006/http://eprint.iacr.org/2009/317 |archive-date=2009-09-28 |at=Table 1}}</ref>
AES is a variant of the Rijndael block cipher<ref name="Rijndael-ammended.pdf">{{cite web |url=http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |title=AES Proposal: Rijndael |last1=Daemen |first1=Joan |last2=Rijmen |first2=Vincent |date=March 9, 2003 |publisher=National Institute of Standards and Technology |page=1 |access-date=21 February 2013 |url-status=live |archive-url=https://web.archive.org/web/20130305143117/http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |archive-date=5 March 2013}}</ref> developed by two [[Belgium|Belgian]] cryptographers, [[Joan Daemen]] and [[Vincent Rijmen]], who submitted a proposal<ref name="Rijndaelv2">{{cite web |url=http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |url-status=dead |archive-url=https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |archive-date=February 3, 2007 |title=AES Proposal: Rijndael |author=Joan Daemen and Vincent Rijmen |date=September 3, 1999}}</ref> to NIS during the [[Advanced Encryption Standard process|AES]].<ref>{{Cite news |title=U.S. Selects a New Encryption Technique |first=John |last=Schwartz |newspaper=[[The New York Times]] |date=October 3, 2000 |url=https://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |url-status=live |archive-url=https://web.archive.org/web/20170328215407/http://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |archive-date=March 28, 2017}}</ref> Rijndael is a family of ciphers with different [[key size|key]] and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.▼
Another attack was blogged<ref name="Bruce Schneier">{{cite web |url=http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |title=Another New AES Attack |author=Bruce Schneier |date=2009-07-30 |work=Schneier on Security, A blog covering security and security technology |access-date=2010-03-11 |url-status=live |archive-url=https://web.archive.org/web/20091005183132/http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |archive-date=2009-10-05}}</ref> and released as a [[preprint]]<ref>{{cite web |url=https://eprint.iacr.org/2009/374 |title=Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds |author=Alex Biryukov |author2=Orr Dunkelman |author3=Nathan Keller |author4=Dmitry Khovratovich |author5=Adi Shamir |date=2009-08-19 |access-date=2010-03-11 |archive-url=https://web.archive.org/web/20100128050656/http://eprint.iacr.org/2009/374 |archive-date=28 January 2010 |url-status=live}}</ref> in 2009. This attack is against AES-256 that uses only two related keys and 2<sup>39</sup> time to recover the complete 256-bit key of a 9-round version, or 2<sup>45</sup> time for a 10-round version with a stronger type of related subkey attack, or 2<sup>70</sup> time for an 11-round version.
AES has been adopted by the U.S. government. It supersedes the (DES),<ref>{{cite news |url=http://www.findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |title=NIST reports measurable success of Advanced Encryption Standard |work=Journal of Research of the National Institute of Standards and Technology |first=Harold B. |last=Westlund |date=2002 |url-status=dead |archive-url=https://web.archive.org/web/20071103105501/http://findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |archive-date=2007-11-03}}</ref> which was published in 1977. The algorithm described by AES is a skey algorithm, meaning the same PUB 197 (FIPS 197) on November 26, 2001.<ref name="fips-197" /> This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable.<ref group="note">See [[Advanced Encryption Standard process]] for more details.</ref>▼
}}
AES is included in the 18033-3 standard. AES became effective as a U.S. federal government standard on May 26, 2002, after approval by U.S. Secretary of Commerce Donald Evans. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the U.S. National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.<ref group="note">See [[Advanced Encryption Standard#Security|Security of AES]] below.</ref>▼
▲
▲AES is a variant of the Rijndael [[block cipher]]<ref name="Rijndael-ammended.pdf">{{cite web |url=http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |title=AES Proposal: Rijndael |last1=Daemen |first1=Joan |last2=Rijmen |first2=Vincent |date=March 9, 2003 |publisher=National Institute of Standards and Technology |page=1 |access-date=21 February 2013 |url-status=live |archive-url=https://web.archive.org/web/20130305143117/http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |archive-date=5 March 2013}}</ref> developed by two [[Belgium|Belgian]] cryptographers, [[Joan Daemen]] and [[Vincent Rijmen]], who submitted a proposal<ref name="Rijndaelv2">{{cite web |url=http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |url-status=dead |archive-url=https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |archive-date=February 3, 2007 |title=AES Proposal: Rijndael |author=Joan Daemen and Vincent Rijmen |date=September 3, 1999}}</ref> to
▲AES has been adopted by the [[Federal government of the United States|U.S. government]]. It supersedes the [[Data Encryption Standard]] (DES),<ref>{{cite news |url=http://www.findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |title=NIST reports measurable success of Advanced Encryption Standard |work=Journal of Research of the National Institute of Standards and Technology |first=Harold B. |last=Westlund |date=2002 |url-status=dead |archive-url=https://web.archive.org/web/20071103105501/http://findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |archive-date=2007-11-03}}</ref> which was published in 1977. The algorithm described by AES is a
In the United States, AES was announced by the NIST as U.S. [[Federal Information Processing Standard|FIPS]] PUB 197 (FIPS 197) on November 26, 2001.<ref name="fips-197" /> This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable.<ref group="note">See [[Advanced Encryption Standard process]] for more details.</ref>
▲AES is included in the [[International Organization for Standardization|ISO]]/[[International Electrotechnical Commission|IEC]] [[List of International Organization for Standardization standards, 18000-19999|18033-3]] standard. AES became effective as a U.S. federal government standard on May 26, 2002, after approval by U.S. [[United States Secretary of Commerce|Secretary of Commerce]] [[Donald Evans]]. AES is available in many different encryption packages, and is the first (and only) publicly accessible [[cipher]] approved by the U.S. [[National Security Agency]] (NSA) for [[Classified information|top secret]] information when used in an NSA approved cryptographic module.<ref group="note">See [[Advanced Encryption Standard#Security|Security of AES]] below.</ref>
== Definitive standards ==
Line 200 ⟶ 225:
* [http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf Animation of Rijndael] – AES deeply explained and animated using Flash (by Enrique Zabala / University ORT / Montevideo / Uruguay). This animation (in English, Spanish, and German) is also part of [[CrypTool|CrypTool 1]] (menu Indiv. Procedures → Visualization of Algorithms → AES).
* [https://formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng-html5.html HTML5 Animation of Rijndael] – Same Animation as above made in HTML5.
* [https://infsec.de/aes-in-excel-eng/ AES Demo in Excel] - Example implementation and demonstration in Excel (without macros) by Tim Wambach.
{{Cryptography navbox | block}}
| |||