Advanced Encryption Standard: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
(related hash standards)
(removing PropDel)
 
(19 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{subpages}}
{{subpages}}
{{TOC-right}}
{{TOC|right}}
The '''Advanced Encryption Standard''', or '''AES''', is a US government specification for a [[block cipher]] to replace the earlier and weaker [[Data Encryption Standard]] (DES).
The '''Advanced Encryption Standard''', or '''AES''', is a US government specification for a [[block cipher]] to replace the earlier and weaker [[Data Encryption Standard]] (DES). AES encrypts data in 128-bit blocks and can take a 128, 192 or 256-bit key. DES used 64-bit blocks and a 56-bit key.


AES encrypts data in 128-bit blocks and can take a 128, 192 or 256-bit key. DES used 64-bit blocks and a 56-bit key.
As for DES, AES is required for some applications in government and in regulated industries, but is also also widely used in other applications and widely used outside the US. As for DES, there is a whole [[Block_cipher#The_AES_generation|generation of ciphers]] with some similarities to AES, those can be substituted for AES in applications, and some governments choose one of those as a national standard rather than adopt a US standard.


Starting in the late 90s, the US [[National Institute of Standards and Technology]] (NIST) ran a [[AES contest |contest]] to find a block cipher to replace DES. The result is the Advanced Encryption Standard. In October 2002, they announced [http://www.nist.gov/public_affairs/releases/g00-176.htm] the winner — '''Rijndael''' (pronounced approximately "rhine doll"), from two Belgian designers.
Starting in the late 90s, the US [[National Institute of Standards and Technology]] (NIST) ran a competition to find a block cipher to replace DES. Fifteen candidates were submitted; for descriptions of the criteria used and of all candidates see [[AES competition]].


The NIST page on AES [http://csrc.nist.gov/archive/aes/rijndael/wsdindex.html] has much detail, including links to all the Rinjdael design documents, to several implementations, and to the official standard, approved as FIPS 197,
In October 2002, they announced [http://www.nist.gov/public_affairs/releases/g00-176.htm] the winner — '''Rijndael''' (pronounced approximately "rhine doll"), from two Belgian designers. That algorithm is now the Advanced Encryption Standard.


Because of the [[birthday attack]], a [[hash algorithm]] needs to provide output of 2n bits to resist attacks as well as a cipher with an n-bit key. NIST has therefore issued standards for the [[SHA-2]] family of hashes — SHA-256, SHA-384 and SHA-512 to match the strength of AES, plus SHA-224 to match the 112-bit strength of [[Triple DES]]. However, those hashes are all derived from [[SHA]] and some weaknesses (minor so far) have been shown in that, so in 2008 NIST started a contest similar to the AES contest to design an [[Advanced Hash Standard]] which can (if it proves necessary) replace SHA-2 as AES replaced DES.
The [http://csrc.nist.gov/archive/aes/rijndael/wsdindex.html NIST page on AES] has much detail, including links to all the Rinjdael design documents, to several implementations, and to the official standard, approved as FIPS 197. The  [[Block_cipher/External_Links#AES_links | external links]] of the block cipher article have additional links.
 
== Design==
 
AES is an [[Block_cipher#Iterated_block_ciphers|iterated block cipher]], but unlike DES it is not a [[Feistel cipher]]; the overall structure is an [[SP network]]. Nonlinearity is obtained by mixing operations from different algebraic groups. There are four operations.
 
Two give confusion:
: AddRoundKey: bitwise XOR of 128-bit state and 128-bit round key
: SubBytes: run individual bytes through an 8 by 8 S-box
The other two give diffusion, treating the 128-bit block as a four by four matrix of bytes (as did an earlier cipher from the same designers, [[Square (cipher)|Square]]):
: ShiftRows: cyclicly shift each row by a fixed amount
: MixColumns: treat each column as a polynomial over the [[Galois field]] '''GF'''(''2<sup>8</sup>''); multiply it by one constant polynomial modulo another 
 
It encrypts 128-bit blocks with a 128, 192 or 256-bit key. The number of rounds varies with key size: 10 for 128-bit keys, 12 for 192-bit keys and 14 for 256-bit keys. The numbers of rounds were chosen based on an analysis showing that they are enough to give [[Block_cipher#Resisting_linear_.26_differential_attacks | resistance]] to [[linear cryptanalysis]] and [[differential cryptanalysis]].
 
== AES in hardware ==
 
There are a number of AES chips on the market, for example [http://it.toolbox.com/blogs/adventuresinsecurity/nist-certifies-seagate-aes-chip-18054 Seagate], and many academic papers on the design of such chips, for example [http://portal.acm.org/citation.cfm?id=1119891&dl=GUIDE&coll=GUIDE&CFID=76862826&CFTOKEN=52431922 Su, Lin, Huang & Wu].
 
Intel is adding [http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set/ AES instructions] in their CPUs.


==References==
==References==
{{reflist|2}}
{{reflist|2}}[[Category:Suggestion Bot Tag]]

Latest revision as of 13:39, 13 September 2024

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

The Advanced Encryption Standard, or AES, is a US government specification for a block cipher to replace the earlier and weaker Data Encryption Standard (DES). AES encrypts data in 128-bit blocks and can take a 128, 192 or 256-bit key. DES used 64-bit blocks and a 56-bit key.

As for DES, AES is required for some applications in government and in regulated industries, but is also also widely used in other applications and widely used outside the US. As for DES, there is a whole generation of ciphers with some similarities to AES, those can be substituted for AES in applications, and some governments choose one of those as a national standard rather than adopt a US standard.

Starting in the late 90s, the US National Institute of Standards and Technology (NIST) ran a competition to find a block cipher to replace DES. Fifteen candidates were submitted; for descriptions of the criteria used and of all candidates see AES competition.

In October 2002, they announced [1] the winner — Rijndael (pronounced approximately "rhine doll"), from two Belgian designers. That algorithm is now the Advanced Encryption Standard.

The NIST page on AES has much detail, including links to all the Rinjdael design documents, to several implementations, and to the official standard, approved as FIPS 197. The external links of the block cipher article have additional links.

Design

AES is an iterated block cipher, but unlike DES it is not a Feistel cipher; the overall structure is an SP network. Nonlinearity is obtained by mixing operations from different algebraic groups. There are four operations.

Two give confusion:

AddRoundKey: bitwise XOR of 128-bit state and 128-bit round key
SubBytes: run individual bytes through an 8 by 8 S-box

The other two give diffusion, treating the 128-bit block as a four by four matrix of bytes (as did an earlier cipher from the same designers, Square):

ShiftRows: cyclicly shift each row by a fixed amount
MixColumns: treat each column as a polynomial over the Galois field GF(28); multiply it by one constant polynomial modulo another

It encrypts 128-bit blocks with a 128, 192 or 256-bit key. The number of rounds varies with key size: 10 for 128-bit keys, 12 for 192-bit keys and 14 for 256-bit keys. The numbers of rounds were chosen based on an analysis showing that they are enough to give resistance to linear cryptanalysis and differential cryptanalysis.

AES in hardware

There are a number of AES chips on the market, for example Seagate, and many academic papers on the design of such chips, for example Su, Lin, Huang & Wu.

Intel is adding AES instructions in their CPUs.

References