Advanced Encryption Standard

The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies and, as a likely consequence, may eventually become the de facto encryption standard for commercial transactions in the private sector. (Encryption for the US military and other classified communications is handled by separate, secret algorithms.)

In January of 1997, a process was initiated by the National Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department, to find a more robust replacement for the Data Encryption Standard (DES) and to a lesser degree Triple DES. The specification called for a symmetric algorithm (same key for encryption and decryption) using block encryption (see block cipher) of 128 bits in size, supporting key sizes of 128, 192 and 256 bits, as a minimum. The algorithm was required to be royalty-free for use worldwide and offer security of a sufficient level to protect data for the next 20 to 30 years. It was to be easy to implement in hardware and software, as well as in restricted environments (for example, in a smart card) and offer good defenses against various attack techniques.

The entire selection process was fully open to public scrutiny and comment, it being decided that full visibility would ensure the best possible analysis of the designs. In 1998, the NIST selected 15 candidates for the AES, which were then subject to preliminary analysis by the world cryptographic community, including the National Security Agency. On the basis of this, in August 1999, NIST selected five algorithms for more extensive analysis. These were:

• MARS, submitted by a large team from IBM Research
• RC6, submitted by RSA Security
• Rijndael, submitted by two Belgian cryptographers, Joan Daemen and Vincent Rijmen
• Serpent, submitted by Ross Andersen, Eli Biham and Lars Knudsen
• Twofish, submitted by a large team of researchers including Counterpane's respected cryptographer, Bruce Schneier

Implementations of all of the above were tested extensively in ANSI C and Java languages for speed and reliability in such measures as encryption and decryption speeds, key and algorithm set-up time and resistance to various attacks, both in hardware- and software-centric systems. Once again, detailed analysis was provided by the global cryptographic community (including some teams trying to break their own submissions). The end result was that on October 2, 2000, NIST announced that Rijndael had been selected as the proposed standard. On December 6, 2001, the Secretary of Commerce officially approved Federal Information Processing Standard (FIPS) 197, which specifies that all sensitive, unclassified documents will use Rijndael as the Advanced Encryption Standard.

Learn more about Disk Encryption and File Encryption

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - NIST has a Web site about the Advanced Encryption Standard. - The Rijndael home page provides details about the algorithm. - The Twofish home page provides details about the Twofish Algorithm. - SearchSecurity includes news and selected links to security and cryptography sites.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT No major PCI DSS revision expected in 2010 The next revision of PCI DSS will contain clarifications, but no major revisions, according to Bob Russo, general manager of the PCI Security... How to use TrueCrypt for disk encryption Learn how to use TrueCrypt to create an ecrypted drive on a Windows PC, as well as how to create a hidden drive within a drive as an additional data... The future of PCI DSS encryption requirements? Tokenization for PCI Can tokenization help reduce the scope of PCI DSS? How does tokenization interact with PCI DSS encryption requirements? Learn more about this...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com)