What is AES encryption?

AES is one of the most widely used encryption protocols, but where did it come from and how does it work?

Graphic showing a digital padlock overlaid above information that has been encrypted

Since Roman times, encryption has been essential in keeping communications between parties private and secure. Today, it forms the backbone of online security, helping to keep purchases and banking safe form cyber criminals.

There are several forms of encryption that can be used to secure data, whether its messages sent over the open web through email, secure chats, or messaging apps like WhatsApp, or data stored in the cloud, in an on-premise data centre, on a device, or on a removable drive. However, most of these use one of five types of algorithm:

  • RSA – a public key algorithm that comprises protocols such as PGP, SSL/TLS, and SSH
  • Data Encryption Standard (DES) – a protocol originally created for the US government and once thought of as unbreakable. Modern computing power now means it can be compromised and so isn't appropriate for the most sensitive data
  • TripleDES – a more secure and up to date version of DES that was also developed by the US government but has the drawback of being quite slow
  • Twofish – developed in response to a National Institute of Standards and Technology (NIST) call for a new, more secure encryption standard at the turn of the millennium. While it's thought of as very fast and secure, it lost out in NIST's Advanced Encryption Standard competition to the final algorithm on our list
  • Advanced Encryption Standard (AES) – originally known as Rijndael, a combination of the names of the Belgian developers who created it

How and why was AES developed?

A padlock on a circuit board to represent encryption

Between the years 1977 and 1999, the principal encryption method used was DES. First developed by IBM and widely used by the US government, the 56-bit DES algorithm was considered to be uncrackable – that was until advancements in computer technology in the late 90s proved this to be false.

In 1997, during a challenge hosted by RSA Security that pitted teams against each other to be the first to crack the DES protocol, it would be the DESCHALL Project that would ultimately demonstrate that the DES could be bypassed using an enormous amount of computing power. This was followed by The Deep Crack Project, spearheaded by the Electronic Frontier Foundation (EFF), which in July 1998 broke DES encryption in only 56 hours. Further collaborative efforts between the EFF and distributed.net six months later slashed this time to 22hrs 15mins.

The US National Institute for Standards and Technology (NIST) subsequently realised that DES needed a drastic overhaul, having seen that encryption-breaking was becoming far more feasible. Work, therefore, began on developing the successor to DES.

NIST launched an open competition in September 1997 calling for entries to explore how to protect data, both now and in the future. Dubbed the Advanced Encryption Standard process, the competition attracted 15 encryption designs. Three years later, a project known as Rijndael, developed by two Belgian cryptographers Vincent Rijmen and Joan Daemen, was chosen as the standard for AES encryption that’s still in use today.

By November 2000, the AES standard was certified for use by the US government, as a direct replacement for DES.

How does AES work?

Simply put, AES takes a block of plain text and applies alternating rounds of substitution and permutation boxes to the passage. This form of encryption is known as a substitution permutation network (SPN) block cipher algorithm, and the size of the boxes alternate between 128, 192 or 256 bits, depending on the strength of encryption. The standard strength for encryption is 128, with 256 reserved for as and when the strongest levels of protection are required.

During this substitution-permutation process, an encryption key is generated, which can then be used to decipher and read the protected information as was originally intended. Without this decryption key, the data is completely illegible and totally scrambled, meaning it’s useless to third parties who intercept traffic in the hope of stumbling on data they can steal.

Where is AES used?

The logo of the National Security Agency in front of the US flag

While AES started life as a tool for the US government, including the NSA, it's been adopted by businesses and other organisations worldwide and is now one of the most widely used encryption algorithms around.

It's used in all sorts of file and transfer scenarios. For example, when you transmit files over an HTTPS connection, the chances are AES is keeping your data secure from any man-in-the-middle type attacks.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Schools and colleges on the Isle of Wight hit by ransomware
ransomware

Schools and colleges on the Isle of Wight hit by ransomware

5 Aug 2021
NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks
Security

NSA and CISA publish guidance on hardening Kubernetes following cloud infrastructure cyber attacks

4 Aug 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

4 Aug 2021
McAfee’s zero trust solution strengthens private applications’ security
cyber security

McAfee’s zero trust solution strengthens private applications’ security

3 Aug 2021

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Preparing for AI-enabled cyber attacks
Whitepaper

Preparing for AI-enabled cyber attacks

22 Jul 2021