knowledge/technology/Cryptography/AES.md
2024-01-17 09:00:45 +01:00

3.4 KiB

obj
concept

AES

The Advanced Encryption Standard (AES) is a widely adopted symmetric encryption algorithm used to secure sensitive data. It was established as a standard by the U.S. National Institute of Standards and Technology (NIST) in 2001, following a public competition to select a successor to the Data Encryption Standard (DES). AES is known for its efficiency, security, and versatility, making it a popular choice for various applications, including data encryption, secure communications, and cryptographic protocols.

Key Features

1. Symmetric Encryption

AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. This key is kept secret between the communicating parties.

2. Block Cipher

AES operates on fixed-size blocks of data, encrypting and decrypting data in blocks of 128 bits. It supports key sizes of 128, 192, or 256 bits.

3. Key Expansion

The key expansion process in AES generates a set of round keys derived from the original key. These round keys are used in the multiple rounds of encryption and provide a high level of security.

4. Rounds of Encryption

AES performs a series of transformations known as rounds. The number of rounds depends on the key size: 10 rounds for a 128-bit key, 12 rounds for a 192-bit key, and 14 rounds for a 256-bit key.

5. Substitution-Permutation Network (SPN) Structure

AES employs an SPN structure, combining substitution (replacing each byte with another) and permutation (rearranging bytes) operations to achieve confusion and diffusion, enhancing the algorithm's security.

Encryption Process

  1. Key Expansion: Generate a set of round keys from the original key.
  2. Initial Round: Add the initial round key to the plaintext.
  3. Main Rounds: Perform a series of substitution, permutation, and mixing operations for the specified number of rounds.
  4. Final Round: The final round excludes the mixing operation.
  5. Output: The result is the ciphertext.

Decryption Process

  1. Key Expansion: Generate the round keys from the original key.
  2. Initial Round: Add the initial round key to the ciphertext.
  3. Main Rounds: Perform the inverse operations of the encryption process in reverse order.
  4. Final Round: The final round excludes the mixing operation.
  5. Output: The result is the decrypted plaintext.

Strengths of AES

  • Security: AES has withstood extensive cryptanalysis and is considered highly secure when implemented correctly.
  • Efficiency: It is computationally efficient and well-suited for both hardware and software implementations.
  • Versatility: AES is used in various applications, including securing data at rest, data in transit, and cryptographic protocols like TLS.

Variants of AES

  • AES-128: Uses a 128-bit key and 10 rounds of encryption.
  • AES-192: Uses a 192-bit key and 12 rounds of encryption.
  • AES-256: Uses a 256-bit key and 14 rounds of encryption.

Usage

One can use AES with OpenSSL or GPG:

OpenSSL

Encrypt:

openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted_file.enc

Decrypt:

openssl enc -aes-256-cbc -d -in encrypted_file.enc -out decrypted_file.txt

GnuPG

Encrypt:

gpg -c --cipher-algo AES256 file.txt

Decrypt:

gpg -d file.txt.gpg -o decrypted_file.txt