AES Encryption
Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. . It supersedes DES, has been adopted by the U.S. government, and is now used worldwide. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used to encrypt and decrypt the data.
In the United States, AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a five-year standardization process in which fifteen competing designs were presented and evaluated before it was selected as the most suitable. It became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many different encryption packages. AES is the first publicly accessible and open cipher-approved specification by the National Security Agency (NSA) for top-secret information.
Security
Until May 2009, the only successful published attacks against the full AES were side-channel attacks on some specific implementations. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for U.S. government non-classified data. In June 2003, the U.S. government announced that AES may be used to protect classified information. The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use. AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. By 2006, the best known attacks were on 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.
Libraries
Rijndael is free for any use public or private, commercial or non-commercial. The authors of Rijndael used to provide a homepage for the algorithm. Care should be taken when implementing AES in software. Like most encryption algorithms, Rijndael was designed on big-endian systems. For this reason, little-endian systems return correct test vector results only through swapping bytes of the input and output words. The algorithm operates on plaintext blocks of 16 bytes. Encryption of shorter blocks is possible only by padding the source bytes, usually with null bytes. This can be accomplished via several methods, the simplest of which assumes that the final byte of the cipher identifies the number of Null bytes of padding added.
Careful choice must be made in selecting the mode of operation of the cipher. The simplest mode encrypts and decrypts each 128-bit block separately. In this mode, called "electronic code book (ECB)", blocks that are identical will be encrypted identically, which is entirely insecure. This will make some of the plaintext structure visible in the cipher text. Selecting other modes, such as impressing a sequential counter over the block prior to encryption (CTR mode), and removing it after decryption, avoids this problem.
- Current list of FIPS 197-validated cryptographic modules
- Current list of FIPS 140-validated cryptographic modules with validated AES implementations - Most of these involve a commercial implementation of AES algorithms. Look for the FIPS-approved algorithms entry in the Level/Description column, followed by AES and then a specific certificate number.
C/ASM library
- BeeCrypt
- ccrypt
- OpenSSL
- GnuTLS
- PolarSSL (single header and source-file implementation Source Code)
- Reference implementation and derived code
- Brian Gladman
- libtomcrypt used in Dropbear SSH client and server
- mcrypt
- ncrypt
- Microsoft CryptoAPI uses cryptographic service providers to offer encryption implementations. The Microsoft AES cryptographic provider was introduced in Windows XP and can be used with any version of the Microsoft CryptoAPI.
C++ library
- Botan has implemented Rijndael since its very first release in 2001.
- Crypto++: A comprehensive C++ semi-public-domain implementation of encryption and hash algorithms; FIPS validated
C# /.NET
- As of version 3.5 of the .NET Framework, the System.Security.Cryptography namespace contains both a fully managed implementation of AES and a managed wrapper around the CAPI AES implementation.
- Bouncy Castle Crypto Library
Java
- Java Cryptography Extension, integrated in the Java Runtime Environment since version 1.4.2 (see example code)
- IAIK
- Bouncy Castle Crypto Library
Javascript
Python
- PyCrypto
- M2Crypto, a Python wrapper for OpenSSL
- Python AES
- NCrypt, a Python wrapper for OpenSSL built using Pyrex
- alo-aes
- pycryptopp, a set of Python wrappers for a few of the best crypto algorithms from the Crypto++ library
- SlowAES, slow but still useful when faster ones are not available
- pycrypt, a small Python program that encrypts or decrypts files, using AES
- crypto_example, a set of example code that wraps around PyCrypto and demonstrates best-practices symmetric encryption, as per Cryptographic Right Answers by Colin Percival.
References
- Nicolas Courtois, Josef Pieprzyk, Cryptanalysis of Block Ciphers with Over -Defined Systems of Equations; pgs.267–287, ASIACRYPT 2002.
- Joan Daemen, Vincent Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard; Springer, 2002. ISBN 3-540-42580-2.
- Christof Paar, Jan Pelzl, "The Advanced Encryption Standard", chapter 4 of Understanding Cryptography, A Textbook for Students and Practitioners. (companion website contains online lectures on AES), Springer, 2009.
Useful links
- Reference implementation and derived code
- FIPS PUB 197: The official AES standard
- AES-algorithm archive information
- Animation of the AES-encryption process
- Fully functional animation of the AES encryption process and key expansion - Based on the work of Enrique Zabala
- Stick Figure Guide to AES, a layman introduction to cryptography and AES
- AES encryption is cracked
- An in-depth description of the Advanced Encryption Standard and the math behind it.
- Accelerating AES in software by using custom instructions
- AES VHDL implementation (pipelined and iterative)