Advanced Encryption Standard: Difference between revisions
imported>Sandy Harris (related hash standards) |
Pat Palmer (talk | contribs) (removing PropDel) |
||
(19 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
{{TOC | {{TOC|right}} | ||
The '''Advanced Encryption Standard''', or '''AES''', is a US government specification for a [[block cipher]] to replace the earlier and weaker [[Data Encryption Standard]] (DES). | The '''Advanced Encryption Standard''', or '''AES''', is a US government specification for a [[block cipher]] to replace the earlier and weaker [[Data Encryption Standard]] (DES). AES encrypts data in 128-bit blocks and can take a 128, 192 or 256-bit key. DES used 64-bit blocks and a 56-bit key. | ||
AES | As for DES, AES is required for some applications in government and in regulated industries, but is also also widely used in other applications and widely used outside the US. As for DES, there is a whole [[Block_cipher#The_AES_generation|generation of ciphers]] with some similarities to AES, those can be substituted for AES in applications, and some governments choose one of those as a national standard rather than adopt a US standard. | ||
Starting in the late 90s, the US [[National Institute of Standards and Technology]] (NIST) ran a | Starting in the late 90s, the US [[National Institute of Standards and Technology]] (NIST) ran a competition to find a block cipher to replace DES. Fifteen candidates were submitted; for descriptions of the criteria used and of all candidates see [[AES competition]]. | ||
In October 2002, they announced [http://www.nist.gov/public_affairs/releases/g00-176.htm] the winner — '''Rijndael''' (pronounced approximately "rhine doll"), from two Belgian designers. That algorithm is now the Advanced Encryption Standard. | |||
The [http://csrc.nist.gov/archive/aes/rijndael/wsdindex.html NIST page on AES] has much detail, including links to all the Rinjdael design documents, to several implementations, and to the official standard, approved as FIPS 197. The [[Block_cipher/External_Links#AES_links | external links]] of the block cipher article have additional links. | |||
== Design== | |||
AES is an [[Block_cipher#Iterated_block_ciphers|iterated block cipher]], but unlike DES it is not a [[Feistel cipher]]; the overall structure is an [[SP network]]. Nonlinearity is obtained by mixing operations from different algebraic groups. There are four operations. | |||
Two give confusion: | |||
: AddRoundKey: bitwise XOR of 128-bit state and 128-bit round key | |||
: SubBytes: run individual bytes through an 8 by 8 S-box | |||
The other two give diffusion, treating the 128-bit block as a four by four matrix of bytes (as did an earlier cipher from the same designers, [[Square (cipher)|Square]]): | |||
: ShiftRows: cyclicly shift each row by a fixed amount | |||
: MixColumns: treat each column as a polynomial over the [[Galois field]] '''GF'''(''2<sup>8</sup>''); multiply it by one constant polynomial modulo another | |||
It encrypts 128-bit blocks with a 128, 192 or 256-bit key. The number of rounds varies with key size: 10 for 128-bit keys, 12 for 192-bit keys and 14 for 256-bit keys. The numbers of rounds were chosen based on an analysis showing that they are enough to give [[Block_cipher#Resisting_linear_.26_differential_attacks | resistance]] to [[linear cryptanalysis]] and [[differential cryptanalysis]]. | |||
== AES in hardware == | |||
There are a number of AES chips on the market, for example [http://it.toolbox.com/blogs/adventuresinsecurity/nist-certifies-seagate-aes-chip-18054 Seagate], and many academic papers on the design of such chips, for example [http://portal.acm.org/citation.cfm?id=1119891&dl=GUIDE&coll=GUIDE&CFID=76862826&CFTOKEN=52431922 Su, Lin, Huang & Wu]. | |||
Intel is adding [http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/ AES instructions] in their CPUs. | |||
==References== | ==References== | ||
{{reflist|2}} | {{reflist|2}}[[Category:Suggestion Bot Tag]] |
Latest revision as of 13:39, 13 September 2024
The Advanced Encryption Standard, or AES, is a US government specification for a block cipher to replace the earlier and weaker Data Encryption Standard (DES). AES encrypts data in 128-bit blocks and can take a 128, 192 or 256-bit key. DES used 64-bit blocks and a 56-bit key.
As for DES, AES is required for some applications in government and in regulated industries, but is also also widely used in other applications and widely used outside the US. As for DES, there is a whole generation of ciphers with some similarities to AES, those can be substituted for AES in applications, and some governments choose one of those as a national standard rather than adopt a US standard.
Starting in the late 90s, the US National Institute of Standards and Technology (NIST) ran a competition to find a block cipher to replace DES. Fifteen candidates were submitted; for descriptions of the criteria used and of all candidates see AES competition.
In October 2002, they announced [1] the winner — Rijndael (pronounced approximately "rhine doll"), from two Belgian designers. That algorithm is now the Advanced Encryption Standard.
The NIST page on AES has much detail, including links to all the Rinjdael design documents, to several implementations, and to the official standard, approved as FIPS 197. The external links of the block cipher article have additional links.
Design
AES is an iterated block cipher, but unlike DES it is not a Feistel cipher; the overall structure is an SP network. Nonlinearity is obtained by mixing operations from different algebraic groups. There are four operations.
Two give confusion:
- AddRoundKey: bitwise XOR of 128-bit state and 128-bit round key
- SubBytes: run individual bytes through an 8 by 8 S-box
The other two give diffusion, treating the 128-bit block as a four by four matrix of bytes (as did an earlier cipher from the same designers, Square):
- ShiftRows: cyclicly shift each row by a fixed amount
- MixColumns: treat each column as a polynomial over the Galois field GF(28); multiply it by one constant polynomial modulo another
It encrypts 128-bit blocks with a 128, 192 or 256-bit key. The number of rounds varies with key size: 10 for 128-bit keys, 12 for 192-bit keys and 14 for 256-bit keys. The numbers of rounds were chosen based on an analysis showing that they are enough to give resistance to linear cryptanalysis and differential cryptanalysis.
AES in hardware
There are a number of AES chips on the market, for example Seagate, and many academic papers on the design of such chips, for example Su, Lin, Huang & Wu.
Intel is adding AES instructions in their CPUs.