What is AES encryption?

AES is one of the most widely used encryption protocols, but where did it come from and how does it work?

Graphic showing a digital padlock overlaid above information that has been encrypted

Since Roman times, encryption has been essential in keeping communications between parties private and secure. Today, it forms the backbone of online security, helping to keep purchases and banking safe form cyber criminals.

There are several forms of encryption that can be used to secure data, whether its messages sent over the open web through email, secure chats, or messaging apps like WhatsApp, or data stored in the cloud, in an on-premise data centre, on a device, or on a removable drive. However, most of these use one of five types of algorithm:

  • RSA – a public key algorithm that comprises protocols such as PGP, SSL/TLS, and SSH
  • Data Encryption Standard (DES) – a protocol originally created for the US government and once thought of as unbreakable. Modern computing power now means it can be compromised and so isn't appropriate for the most sensitive data
  • TripleDES – a more secure and up to date version of DES that was also developed by the US government but has the drawback of being quite slow
  • Twofish – developed in response to a National Institute of Standards and Technology (NIST) call for a new, more secure encryption standard at the turn of the millennium. While it's thought of as very fast and secure, it lost out in NIST's Advanced Encryption Standard competition to the final algorithm on our list
  • Advanced Encryption Standard (AES) – originally known as Rijndael, a combination of the names of the Belgian developers who created it

How and why was AES developed?

A padlock on a circuit board to represent encryption

Between the years 1977 and 1999, the principal encryption method used was DES. First developed by IBM and widely used by the US government, the 56-bit DES algorithm was considered to be uncrackable – that was until advancements in computer technology in the late 90s proved this to be false.

In 1997, during a challenge hosted by RSA Security that pitted teams against each other to be the first to crack the DES protocol, it would be the DESCHALL Project that would ultimately demonstrate that the DES could be bypassed using an enormous amount of computing power. This was followed by The Deep Crack Project, spearheaded by the Electronic Frontier Foundation (EFF), which in July 1998 broke DES encryption in only 56 hours. Further collaborative efforts between the EFF and distributed.net six months later slashed this time to 22hrs 15mins.

The US National Institute for Standards and Technology (NIST) subsequently realised that DES needed a drastic overhaul, having seen that encryption-breaking was becoming far more feasible. Work, therefore, began on developing the successor to DES.

NIST launched an open competition in September 1997 calling for entries to explore how to protect data, both now and in the future. Dubbed the Advanced Encryption Standard process, the competition attracted 15 encryption designs. Three years later, a project known as Rijndael, developed by two Belgian cryptographers Vincent Rijmen and Joan Daemen, was chosen as the standard for AES encryption that’s still in use today.

By November 2000, the AES standard was certified for use by the US government, as a direct replacement for DES.

How does AES work?

Simply put, AES takes a block of plain text and applies alternating rounds of substitution and permutation boxes to the passage. This form of encryption is known as a substitution permutation network (SPN) block cipher algorithm, and the size of the boxes alternate between 128, 192 or 256 bits, depending on the strength of encryption. The standard strength for encryption is 128, with 256 reserved for as and when the strongest levels of protection are required.

During this substitution-permutation process, an encryption key is generated, which can then be used to decipher and read the protected information as was originally intended. Without this decryption key, the data is completely illegible and totally scrambled, meaning it’s useless to third parties who intercept traffic in the hope of stumbling on data they can steal.

Where is AES used?

The logo of the National Security Agency in front of the US flag

While AES started life as a tool for the US government, including the NSA, it's been adopted by businesses and other organisations worldwide and is now one of the most widely used encryption algorithms around.

It's used in all sorts of file and transfer scenarios. For example, when you transmit files over an HTTPS connection, the chances are AES is keeping your data secure from any man-in-the-middle type attacks.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

How to use machine learning and AI in cyber security
Security

How to use machine learning and AI in cyber security

30 Jul 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

29 Jul 2021
Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
hacking

Colonial Pipeline hack spurred copycat attacks on other oil and gas companies

29 Jul 2021
Study finds companies are mishandling cyber security recruitment
cyber security

Study finds companies are mishandling cyber security recruitment

28 Jul 2021

Most Popular

Salesforce's $28bn Slack acquisition: What's next for workplace collaboration?
collaboration

Salesforce's $28bn Slack acquisition: What's next for workplace collaboration?

22 Jul 2021
UK gun owners urged to be ‘vigilant’ after Guntrader data breach
data breaches

UK gun owners urged to be ‘vigilant’ after Guntrader data breach

23 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021