AES encryption: once counterintelligence, now indispensable protection for all

Author: Jan Tissler

The AES (Advanced Encryption Standard) is used in the USA for documents with the highest level of secrecy, but is also found in many everyday applications. It is interesting to learn how this standard came about. Below we trace the history of its creation.

If you hook up to a secure WiFi connection, use Skype or protect your computer data using Apple's FileVault or the Windows EFS file system, then you’re using the AES. But would you have known that it can be traced back to two security experts from Belgium?

The end of the forerunner DES

The conception of this new encryption system is considered by experts to be an exemplary feat. The starting point was the fact that by the early 1990s, the prevailing DES (Data Encryption Standard) was no longer considered sufficiently secure. This standard had been implemented almost 20 years earlier because at that time, while the military already had efficient encryption technologies, the general public did not.

DES initially became a recognized standard for authorities in the late 1970s and eventually also for companies in the early 1980s. There were persistent rumors that the US security agency NSA had installed a back door – which later turned out not to be true.

However, such a deliberate and hidden vulnerability probably wasn’t necessary: The greatest weakness of DES was that the encryption could be cracked simply by using enough computing power. The reason being, the key - at just 56 bits - was comparatively short and could be guessed by automated trial and error during the course of a “brute force” attack. The NSA most likely had the necessary computing power long before anyone else.

The exponential increase in computing capacity also heralded the end of DES. In 1998, the US Electronic Frontier Foundation (EFF) demonstrated with a purpose-built computer called “Deep Crack” that it could crack DES within 56 hours. In 1999, the same machine successfully did so together with 100,000 computers in just 22 hours and 15 minutes.

One way out was to use DES not just once, but three times with different keys (called "Triple DES" or "3DES"). By the end of the ‘90s, the successor AES was already on the way.

How AES was created in public

The United States Department of Commerce had started looking for a new standard. The National Institute of Standards and Technology (NIST) took the lead.

While there had been all sorts of secrecy surrounding the development of DES, the makers of its successor, AES, decided to do the exact opposite: everything would take place in public. There was a competition for the best encryption algorithm, with 15 candidates submitted by the June 1998 deadline.

The most important decision criterion was of course the security level of the potential new standard. It needed to remain usable well into the next century. But it was also important that the new method incurred minimal costs and, for example, that it be economical in terms of computing power and storage space. In the end it was planned to use it even on chip cards. In addition, the standard had to be free of license payments so that it could be made available to everyone free of charge.

Five finalists were selected from the initial proposals, all of which had very similar characteristics. Therefore, additional criteria were adopted and the candidates were thoroughly examined for weaknesses.

The Belgian algorithm "Rijndael" finally emerged as the winner in October 2000. It was named after its developers Joan Daemen and Vincent Rijmen. A number of people in the United States weren’t initially very happy about having to take advantage of a European development. But eventually, the simplicity and high performance of the algorithm managed to convince even the skeptics.

AES is used today with key lengths of 128, 192 or 256 bits. In the USA, 192 bits are considered sufficient for documents with a "secret" seal and 256 bits for those classified as "top secret".

Final Word

So far, AES has performed well against all attempted attacks. There are theoretical weaknesses but these can hardly be exploited in practice because the required effort is still enormous. For this reason, there are often attempts to find weaknesses in implementation.

Of course, AES won’t be safe enough forever. Nevertheless, as mentioned above, US authorities continue to rely on AES – even for documents with the highest level of confidentiality.