Wikipedia

Advanced Encryption Standard: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m NIST/CSEC validation: take advantage of the {{currency}} template
No edit summary
Tags: Reverted Visual edit Mobile edit Mobile web edit
Line 1:
{{Short description|Standard for the encryption of electronic data}}The '''Advanced Encryption Standard''' ('''AES'''), also known by its original name '''Rijndael''' ({{IPA|nl|ˈrɛindaːl}}),<ref name="Rijndael-ammended.pdf" /> is a specification for the [[encryption]] of electronic data established by the U.S. [[National Institute of Standards and Technology]] (NIST) in 2001.<ref name="fips-197">{{cite web |url=https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |title=Announcing the ADVANCED ENCRYPTION STANDARD (AES) |publisher=United States National Institute of Standards and Technology (NIST) |work=Federal Information Processing Standards Publication 197 |date=November 26, 2001 |access-date=August 26, 2024 |url-status=live |archive-url=https://web.archive.org/web/20240823165748/https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |archive-date=August 23, 2024}}</ref>
{{Short description|Standard for the encryption of electronic data}}
{{Infobox block cipher
| name = Advanced Encryption Standard{{break}}(Rijndael)
| image = [[File:AES (Rijndael) Round Function.png|250px]]
| caption = Visualization of the AES round function
| designers = [[Joan Daemen]], [[Vincent Rijmen]]
| publish date = 1998
| derived from = [[Square (cipher)|Square]]
| derived to = [[Anubis (cipher)|Anubis]], [[Grand Cru (cipher)|Grand Cru]], [[Kalyna (cipher)|Kalyna]]
| related to =
| certification = [[Advanced Encryption Standard process|AES]] winner, [[CRYPTREC]], [[NESSIE]], [[National Security Agency|NSA]]
| key size = 128, 192 or 256 bits<ref name="keysize" group="note">Key sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128, 192, and 256-bit key sizes are specified in the AES standard.</ref>
| block size = 128 bits<ref name="blocksize" group="note">Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm for each key size, but only the 128-bit block size is specified in the AES standard.</ref>
| structure = [[Substitution–permutation network]]
| rounds = 10, 12 or 14 (depending on key size)
| cryptanalysis = Attacks have been published that are computationally faster than a full [[brute-force attack]], though none as of 2023 are computationally feasible.<ref name="aesbc">{{cite web |url=http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-url=https://web.archive.org/web/20160306104007/http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf |archive-date=March 6, 2016 |title=Biclique Cryptanalysis of the Full AES |access-date=May 1, 2019 |url-status=dead |df=mdy-all}}</ref>
 
AES is a variant of the Rijndael [[block cipher]]<ref name="Rijndael-ammended.pdf">{{cite web |url=http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |title=AES Proposal: Rijndael |last1=Daemen |first1=Joan |last2=Rijmen |first2=Vincent |date=March 9, 2003 |publisher=National Institute of Standards and Technology |page=1 |access-date=21 February 2013 |url-status=live |archive-url=https://web.archive.org/web/20130305143117/http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |archive-date=5 March 2013}}</ref> developed by two [[Belgium|Belgian]] cryptographers, [[Joan Daemen]] and [[Vincent Rijmen]], who submitted a proposal<ref name="Rijndaelv2">{{cite web |url=http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |url-status=dead |archive-url=https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |archive-date=February 3, 2007 |title=AES Proposal: Rijndael |author=Joan Daemen and Vincent Rijmen |date=September 3, 1999}}</ref> to NISTNIS during the [[Advanced Encryption Standard process|AES selection process]].<ref>{{Cite news |title=U.S. Selects a New Encryption Technique |first=John |last=Schwartz |newspaper=[[The New York Times]] |date=October 3, 2000 |url=https://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |url-status=live |archive-url=https://web.archive.org/web/20170328215407/http://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |archive-date=March 28, 2017}}</ref> Rijndael is a family of ciphers with different [[key size|key]] and [[Block size (cryptography)|block size]]ssizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
For AES-128, the key can be recovered with a [[computational complexity]] of 2<sup>126.1</sup> using the [[biclique attack]]. For biclique attacks on AES-192 and AES-256, the computational complexities of 2<sup>189.7</sup> and 2<sup>254.4</sup> respectively apply. [[Related-key attack]]s can break AES-256 and AES-192 with complexities 2<sup>99.5</sup> and 2<sup>176</sup> in both time and data, respectively.<ref name = relkey>Alex Biryukov and Dmitry Khovratovich, ''Related-key Cryptanalysis of the Full AES-192 and AES-256'', {{cite web |url=https://eprint.iacr.org/2009/317 |title=Related-key Cryptanalysis of the Full AES-192 and AES-256 |access-date=2010-02-16 |url-status=live |archive-url=https://web.archive.org/web/20090928014006/http://eprint.iacr.org/2009/317 |archive-date=2009-09-28 |at=Table 1}}</ref>
 
AES has been adopted by the [[Federal government of the United States|U.S. government]]. It supersedes the [[Data Encryption Standard]] (DES),<ref>{{cite news |url=http://www.findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |title=NIST reports measurable success of Advanced Encryption Standard |work=Journal of Research of the National Institute of Standards and Technology |first=Harold B. |last=Westlund |date=2002 |url-status=dead |archive-url=https://web.archive.org/web/20071103105501/http://findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |archive-date=2007-11-03}}</ref> which was published in 1977. The algorithm described by AES is a [[symmetric-keyskey algorithm]], meaning the same keyPUB is197 used(FIPS for197) bothon encryptingNovember 26, 2001.<ref name="fips-197" /> This announcement followed a five-year standardization process in which fifteen competing designs were presented and decryptingevaluated, before the dataRijndael cipher was selected as the most suitable.<ref group="note">See [[Advanced Encryption Standard process]] for more details.</ref>
Another attack was blogged<ref name="Bruce Schneier">{{cite web |url=http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |title=Another New AES Attack |author=Bruce Schneier |date=2009-07-30 |work=Schneier on Security, A blog covering security and security technology |access-date=2010-03-11 |url-status=live |archive-url=https://web.archive.org/web/20091005183132/http://www.schneier.com/blog/archives/2009/07/another_new_aes.html |archive-date=2009-10-05}}</ref> and released as a [[preprint]]<ref>{{cite web |url=https://eprint.iacr.org/2009/374 |title=Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds |author=Alex Biryukov |author2=Orr Dunkelman |author3=Nathan Keller |author4=Dmitry Khovratovich |author5=Adi Shamir |date=2009-08-19 |access-date=2010-03-11 |archive-url=https://web.archive.org/web/20100128050656/http://eprint.iacr.org/2009/374 |archive-date=28 January 2010 |url-status=live}}</ref> in 2009. This attack is against AES-256 that uses only two related keys and 2<sup>39</sup> time to recover the complete 256-bit key of a 9-round version, or 2<sup>45</sup> time for a 10-round version with a stronger type of related subkey attack, or 2<sup>70</sup> time for an 11-round version.
 
AES is included in the [[International Organization for Standardization|ISO]]/[[International Electrotechnical Commission|IEC]] [[List of International Organization for Standardization standards, 18000-19999|18033-3]] standard. AES became effective as a U.S. federal government standard on May 26, 2002, after approval by U.S. [[United States Secretary of Commerce|Secretary of Commerce]] [[Donald Evans]]. AES is available in many different encryption packages, and is the first (and only) publicly accessible [[cipher]] approved by the U.S. [[National Security Agency]] (NSA) for [[Classified information|top secret]] information when used in an NSA approved cryptographic module.<ref group="note">See [[Advanced Encryption Standard#Security|Security of AES]] below.</ref>
}}
 
The '''Advanced Encryption Standard''' ('''AES'''), also known by its original name '''Rijndael''' ({{IPA|nl|ˈrɛindaːl}}),<ref name="Rijndael-ammended.pdf" /> is a specification for the [[encryption]] of electronic data established by the U.S. [[National Institute of Standards and Technology]] (NIST) in 2001.<ref name="fips-197">{{cite web |url=https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |title=Announcing the ADVANCED ENCRYPTION STANDARD (AES) |publisher=United States National Institute of Standards and Technology (NIST) |work=Federal Information Processing Standards Publication 197 |date=November 26, 2001 |access-date=August 26, 2024 |url-status=live |archive-url=https://web.archive.org/web/20240823165748/https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |archive-date=August 23, 2024}}</ref>
 
AES is a variant of the Rijndael [[block cipher]]<ref name="Rijndael-ammended.pdf">{{cite web |url=http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |title=AES Proposal: Rijndael |last1=Daemen |first1=Joan |last2=Rijmen |first2=Vincent |date=March 9, 2003 |publisher=National Institute of Standards and Technology |page=1 |access-date=21 February 2013 |url-status=live |archive-url=https://web.archive.org/web/20130305143117/http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf#page=1 |archive-date=5 March 2013}}</ref> developed by two [[Belgium|Belgian]] cryptographers, [[Joan Daemen]] and [[Vincent Rijmen]], who submitted a proposal<ref name="Rijndaelv2">{{cite web |url=http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |url-status=dead |archive-url=https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf |archive-date=February 3, 2007 |title=AES Proposal: Rijndael |author=Joan Daemen and Vincent Rijmen |date=September 3, 1999}}</ref> to NIST during the [[Advanced Encryption Standard process|AES selection process]].<ref>{{Cite news |title=U.S. Selects a New Encryption Technique |first=John |last=Schwartz |newspaper=[[The New York Times]] |date=October 3, 2000 |url=https://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |url-status=live |archive-url=https://web.archive.org/web/20170328215407/http://www.nytimes.com/2000/10/03/business/technology-us-selects-a-new-encryption-technique.html |archive-date=March 28, 2017}}</ref> Rijndael is a family of ciphers with different [[key size|key]] and [[Block size (cryptography)|block size]]s. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
 
AES has been adopted by the [[Federal government of the United States|U.S. government]]. It supersedes the [[Data Encryption Standard]] (DES),<ref>{{cite news |url=http://www.findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |title=NIST reports measurable success of Advanced Encryption Standard |work=Journal of Research of the National Institute of Standards and Technology |first=Harold B. |last=Westlund |date=2002 |url-status=dead |archive-url=https://web.archive.org/web/20071103105501/http://findarticles.com/p/articles/mi_m0IKZ/is_3_107?pnum=2&opg=90984479 |archive-date=2007-11-03}}</ref> which was published in 1977. The algorithm described by AES is a [[symmetric-key algorithm]], meaning the same key is used for both encrypting and decrypting the data.
 
In the United States, AES was announced by the NIST as U.S. [[Federal Information Processing Standard|FIPS]] PUB 197 (FIPS 197) on November 26, 2001.<ref name="fips-197" /> This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable.<ref group="note">See [[Advanced Encryption Standard process]] for more details.</ref>
 
AES is included in the [[International Organization for Standardization|ISO]]/[[International Electrotechnical Commission|IEC]] [[List of International Organization for Standardization standards, 18000-19999|18033-3]] standard. AES became effective as a U.S. federal government standard on May 26, 2002, after approval by U.S. [[United States Secretary of Commerce|Secretary of Commerce]] [[Donald Evans]]. AES is available in many different encryption packages, and is the first (and only) publicly accessible [[cipher]] approved by the U.S. [[National Security Agency]] (NSA) for [[Classified information|top secret]] information when used in an NSA approved cryptographic module.<ref group="note">See [[Advanced Encryption Standard#Security|Security of AES]] below.</ref>
 
== Definitive standards ==
Retrieved from "https://en.wikipedia.org/wiki/Advanced_Encryption_Standard"