This November will mark the 20th anniversary of AES encryption, possibly the most recognizable Belgian export after waffles and an innate contempt for the French. It’s hence high time we learned a few (more) details about this cybersecurity staple that has so far been among the most defining influences on 21st-century cryptography.
So, what’s the secret to devising a security standard so bulletproof that it impresses the U.S. government to the point of becoming the central piece of modern telecommunications? Math, as always. But before we move into that, let’s demystify the actual name of the protocol, which is pretty mundane, as the abbreviation stands for “Advanced Encryption Standard”.
Why AES encryption is so important for the modern Internet era
Don’t let that generic-sounding moniker fool you into thinking AES is just a vague reference to cryptographic communications. No, it’s a specific encryption technology developed by a pair of Belgian programmers – Joan Daemen and Vincent Rijmen. The duo first published their research proposal detailing the pioneering concepts behind AES in 1998. Though it wasn’t until late 2001 that the protocol was peer-reviewed, finalized, and officially established in a NIST publication.
While this might seem obvious, it bears repeating that Daemen and Rijmen didn’t come up with AES spontaneously. Their proposal was submitted in direct response to a ’97 call for tenders from NIST. We’re talking about a turning point in the history of the IT industry; an era wherein the world was in urgent need of a successor to the old Data Encryption Standard. DES had been in use for over two decades by that point, aging less than gracefully. As best illustrated by its rapidly growing susceptibility to brute-force attacks.
The issues primarily stemmed from the protocol’s relative mathematical, i.e., cryptographical simplicity. DES originally used a 56-bit key size which was far from equipped to survive the golden era of Moore’s law. That held true even after the IT industry started double- and triple-encrypting sensitive communications while NIST hunted for a worthwhile successor.
Just for added context, a modern computer can crack DES in literally seconds nowadays, using nothing more sophisticated than a plaintext attack. This is akin to getting robbed during the five minutes it took you to install your new Ring Video Doorbell because the robbers realized your walls are made of crumpled paper.
Why AES will outlast its predecessor many times over
The U.S. National Institute of Standards and Technology always intended for the winning bid to be incorporated into a solution called the Advanced Encryption Standard, as mundane as that label was. The silver lining is that the original branding was… even less catchy, to put it mildly. Since Rijmen and Daemen’s aptitude for ciphers failed to translate into a natural prowess for cool-sounding name amalgamations, someone simply had to step in and prevent them from ever again mentioning “Rijndael”, which is how they initially dubbed their AES precursor.
It’s worth pointing out that their innovation was more of a foundational block that led to AES than a true prototyped predecessor. In other words, Rijndael was a cipher block from which the rest of the protocol was devised.
The proposed protocol structure thus doubled the underlying cipher key size to 128 bit even in its absolute simplest form. This upped the number of possible combinations from a bit over 72 quadrillion (72,057,594,037,927,936 – 17 digits) to the following 72-digit figure that we have no idea how to even read: 340,282,366,920,938,463,463,374,607,431,768,211,456.
Isn’t math amazing? If you’re interested in learning more about the mechanics of encryption, our in-depth introduction to all things cryptography has more entertaining calculations. But let’s move on because we actually still haven’t touched upon the undisputed number one security feature of AES – the variability of supported ciphers. The finalized standard included not one, but three Rijndael ciphers, each with a 128-bit block size but ALSO – and here comes the number-one part – varying key lengths.
Besides the entry-level 128-bit key cipher length mentioned above, the 2001 standard specification also included 192-bit and 256-bit keys. To understand the significance of this change, you have to keep the historical context in mind here. As by the early naughties, DES became something akin to a sandcastle during open house season. Primarily owing to the fact that it didn’t matter where you probed or how hard you pushed – getting in was a question of resources, not technical know-how.
And then came AES, replacing that frail excuse for encryption with pretty much its polar opposite; an insurmountable barrier hashed to infinity and back; a figurative fortress with entrance points that were both literally impenetrable and practically invisible, not to mention commandingly ever-shifting. That’s quite a trifecta, and not just due to the completely ridiculous brute-forcing odds stemming from its permutations. Inasmuch as Moore’s law is looking super shaky these days, AES has but one final message to deliver to would-be spies and unrefined hackers: “nice try, see you in a century or two.”