Stay on top of emerging trends impacting your industry with updates from our GigaOm Research Community Join Research Community
  • Actionable
  • Timely
  • Informative
  • Executive
  • Strategic

Issue 43 What is Advanced Encryption Standard (AES)?

The encryption protocol underlying the vast majority of today’s secure information transfer.

Type Technology
Topic Innovation
Urgency Keep an eye on this
Maturity Expect more applications
Viability Likey to succeed in a commercial environment
Impact Making general improvements or large improvements in some sectors

Overview

What it is: AES, or Advanced Encryption Standard, is an encryption specification. Its algorithm can quickly and efficiently scramble and unscramble data to a degree of elaboration such that it’s almost uncrackable if implemented correctly. Established in 2001 by the US National Institute of Standards and Technology, it’s now the gold standard for encryption worldwide.

What it does: AES is a symmetric private key encryption system, meaning that it encrypts and decrypts text with a string of bits held privately by the sender and receiver. The algorithm scrambles the original text using the key multiple times (10 iterations is standard) until it’s unreadable by anyone who doesn’t have the key, and then does the same in reverse. This process undergirds all of the secure file transfer that we do, including the transfer of highly classified government information.

Why it matters: Quite simply, AES, if implemented correctly, is virtually unbeatable as of this date. Although security researchers have proposed viable attacks against it, they’re purely theoretical at this point, requiring untenable amounts of computing power.

What to do about it: There’s nothing to do, unless you’re a computer security researcher or a malicious actor with big dreams. AES is, in computer security, as omnipresent as gravity, and almost as reliable. You don’t need to know how it works to be taking advantage of it constantly. There are potential vulnerabilities in systems where AES is implemented such that the encrypting devices leak information; these are called side-channel attacks. However, to date, these attacks remain preventable. Additionally, it’s speculated that quantum computing could break AES, but this is also theoretical at this time.

History

AES was not the first encryption standard. It replaced DES, the Data Encryption Standard after DES was shown to be insecure in a series of contests in the late 1990s, in which researchers were tasked with breaking DES-encrypted messages with brute force attacks. In the first contest, a message was decrypted in a matter of months; following contests brought the time down to a matter of days. At first, it was thought that this could be remedied by simply implementing DES multiple times on the same text, but this was proven inadequate and was also computationally intensive. AES was selected in 2001 as DES’s replacement over other competing algorithms, and it was proposed by Belgian cryptographers Vincent Rijmen and Joan Daemen.

Side-Channel Attacks

As mentioned above, AES can, at present, only be threatened by a side-channel attack, which is to say, by using information leaked by a system to attack its cryptography. For example, researchers have demonstrated that it’s possible to pull a private key from a system running AES by picking up patterns in the magnetic fields inherent in all electronic communication.

Quantum Computing

Grover’s Algorithm uses quantum computation to significantly speed up attacks on AES and other encryption specs. However, employing it successfully would require significant advances in quantum computing architecture that may take decades. In addition, AES can be improved by using 256 bits instead of the current standard of 128, and some researchers consider 256-bit AES to be quantum-resistant.

Thoughts, questions, or other feedback? Please contact us and let us know.