What is AES encryption?

AES is one of the most widely used encryption protocols, but where did it come from and how does it work?

Graphic showing a digital padlock overlaid above information that has been encrypted

While it may not be something most people think about every day particularly if they're not IT professionals most organisations and individuals want to keep the majority of the information they store and exchange secure. The most common way of doing this is the centuries-old practice of encryption.

There are numerous different types of encryption used to keep data secure, whether that be messages sent over the open web such as through email, secure chats, or messaging apps like WhatsApp, or data stored in the cloud, in an on-premise data centre, on a device or on a removable drive. All of them, however fall into five algorithm types:

  • RSA, a public key algorithm that includes protocols like PGP, SSL/TLS and SSH
  • Data Encryption Standard (DES), which was originally developed by the US government. Once considered uncrackable, the power of computers now means it can be compromised and so isn't suitable for the most sensitive data
  • TripleDES a newer and more secure version of DES that was also developed by the US government, but has the disadvantage of being very slow
  • Twofish, which was created in response to a National Institute of Standards and Technology (NIST) call for a new, more secure encryption standard in the late 1990s. While it's considered very fast and very secure, it lost out in NIST's Advanced Encryption Standard competition to the final algorithm on our list
  • Advanced Encryption Standard (AES) – originally known as Rijndaell, a portmanteau of the names of the Belgian developers who created it

How and why was AES developed?

The standard encryption method for 22 years between 1977 and 1999 was DES, developed by IBM, and used as the official algorithm for encrypting US government information. This was widely considered uncrackable, but the advancement of computing power in the 90s proved just enough for researchers to build systems capable of breaking the 56-bit encryption algorithm that DES represented.

The first public demonstration that DES could be cracked occurred in June 1997, where the DESCHALL Project harnessed a monumental amount of computing power to break the encryption key. The Deep Crack Project, spearheaded by the Electronic Frontier Foundation (EFF), in July 1998 broke DES encryption in only 56 hours. Further collaborative efforts between the EFF and distributed.net, six months later, slashed this time to 22hrs 15mins.

The US National Institute for Standards and Technology (NIST) subsequently realised that DES was in need of a drastic overhaul, having seen that encryption-breaking was becoming far more feasible. Work, therefore, began immediately on developing the successor to DES.

NIST launched an open competition in September 1997 calling for entries to explore how to protect data now and in the future. Dubbed the Advanced Encryption Standard process, the competition attracted 15 encryption designs. Three years later, a project known as Rijindael, developed by two Belgian cryptographers Vincent Rijmen and Joan Daemen, was chosen as the standard for AES encryption that’s still in use today. Then, in November 2000, the AES standard was certified for use by the US government, as a direct replacement for DES.

How does AES work?

In simple terms, AES takes a block of plain text, and applies alternating rounds of substitution and permutation boxes to the passage. This form of encryption is known as a substitution permutation network (SPN) block cipher algorithm, and the size of the boxes alternate between 128, 192 or 256 bits, depending on the strength of encryption. The standard strength for encryption is 128, with 256 reserved as and when the strongest levels of protection are required.

During this substitution-permutation process, an encryption key is generated, which can then be used to decipher and read the protected information as was originally intended. Without this decryption key, the data is completely illegible and totally scrambled, meaning it’s useless to third-parties who intercept traffic in the hope of stumbling on data they can steal.

Where is AES used?

While AES started life as a tool for the US government, including the NSA, it's been adopted by businesses and other organisations worldwide and is now one of the most widely used encryption algorithms around.

It's used in all sorts of file and transfer scenarios. For example, when you transmit files over an HTTPS connection, the chances are AES is keeping your data secure from any man-in-the-middle type attacks.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020