What is AES encryption?

AES is one of the most widely used encryption protocols, but where did it come from and how does it work?

Graphic showing a digital padlock overlaid above information that has been encrypted

Since Roman times, encryption has been essential in keeping communications between parties private and secure. Today, it forms the backbone of online security, helping to keep purchases and banking safe form cyber criminals.

There are several forms of encryption that can be used to secure data, whether its messages sent over the open web through email, secure chats, or messaging apps like WhatsApp, or data stored in the cloud, in an on-premise data centre, on a device, or on a removable drive. However, most of these use one of five types of algorithm:

  • RSA – a public key algorithm that comprises protocols such as PGP, SSL/TLS, and SSH
  • Data Encryption Standard (DES) – a protocol originally created for the US government and once thought of as unbreakable. Modern computing power now means it can be compromised and so isn't appropriate for the most sensitive data
  • TripleDES – a more secure and up to date version of DES that was also developed by the US government but has the drawback of being quite slow
  • Twofish – developed in response to a National Institute of Standards and Technology (NIST) call for a new, more secure encryption standard at the turn of the millennium. While it's thought of as very fast and secure, it lost out in NIST's Advanced Encryption Standard competition to the final algorithm on our list
  • Advanced Encryption Standard (AES) – originally known as Rijndael, a combination of the names of the Belgian developers who created it

How and why was AES developed?

A padlock on a circuit board to represent encryption

Between the years 1977 and 1999, the principal encryption method used was DES. First developed by IBM and widely used by the US government, the 56-bit DES algorithm was considered to be uncrackable – that was until advancements in computer technology in the late 90s proved this to be false.

In 1997, during a challenge hosted by RSA Security that pitted teams against each other to be the first to crack the DES protocol, it would be the DESCHALL Project that would ultimately demonstrate that the DES could be bypassed using an enormous amount of computing power. This was followed by The Deep Crack Project, spearheaded by the Electronic Frontier Foundation (EFF), which in July 1998 broke DES encryption in only 56 hours. Further collaborative efforts between the EFF and distributed.net six months later slashed this time to 22hrs 15mins.

The US National Institute for Standards and Technology (NIST) subsequently realised that DES needed a drastic overhaul, having seen that encryption-breaking was becoming far more feasible. Work, therefore, began on developing the successor to DES.

NIST launched an open competition in September 1997 calling for entries to explore how to protect data, both now and in the future. Dubbed the Advanced Encryption Standard process, the competition attracted 15 encryption designs. Three years later, a project known as Rijndael, developed by two Belgian cryptographers Vincent Rijmen and Joan Daemen, was chosen as the standard for AES encryption that’s still in use today.

By November 2000, the AES standard was certified for use by the US government, as a direct replacement for DES.

How does AES work?

Simply put, AES takes a block of plain text and applies alternating rounds of substitution and permutation boxes to the passage. This form of encryption is known as a substitution permutation network (SPN) block cipher algorithm, and the size of the boxes alternate between 128, 192 or 256 bits, depending on the strength of encryption. The standard strength for encryption is 128, with 256 reserved for as and when the strongest levels of protection are required.

During this substitution-permutation process, an encryption key is generated, which can then be used to decipher and read the protected information as was originally intended. Without this decryption key, the data is completely illegible and totally scrambled, meaning it’s useless to third parties who intercept traffic in the hope of stumbling on data they can steal.

Where is AES used?

The logo of the National Security Agency in front of the US flag

While AES started life as a tool for the US government, including the NSA, it's been adopted by businesses and other organisations worldwide and is now one of the most widely used encryption algorithms around.

It's used in all sorts of file and transfer scenarios. For example, when you transmit files over an HTTPS connection, the chances are AES is keeping your data secure from any man-in-the-middle type attacks.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Graylog launches new cyber security solution to address legacy issues
cyber security

Graylog launches new cyber security solution to address legacy issues

21 Oct 2021
US to ban surveillance software exports to authoritarian governments
cyber security

US to ban surveillance software exports to authoritarian governments

21 Oct 2021
A quarter of all malicious JavaScript is obfuscated
hacking

A quarter of all malicious JavaScript is obfuscated

20 Oct 2021
Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021