# Advanced Encryption Standard

> block cipher standard

**Wikidata**: [Q190746](https://www.wikidata.org/wiki/Q190746)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)  
**Source**: https://4ort.xyz/entity/advanced-encryption-standard

## Summary
The **Advanced Encryption Standard (AES)** is a widely used block cipher standard for encrypting and decrypting data. It was established as a U.S. federal standard in 2000 and is based on the Rijndael algorithm, designed by Belgian cryptographers Vincent Rijmen and Joan Daemen.

## Key Facts
- **Standardized in 2000** as a Federal Information Processing Standard (FIPS 197).
- **Block size**: 128 bits, with key sizes of 128, 192, or 256 bits (AES-128, AES-192, AES-256).
- **Developed by** Vincent Rijmen and Joan Daemen, based on their earlier **Square cipher**.
- **Classification**: Substitution–permutation network (SPN) cipher.
- **Aliases**: Also known as Rijndael, its original name before standardization.
- **Hardware support**: Includes the **AES instruction set**, an extension to the x86 architecture for faster encryption.
- **Global adoption**: Used in security protocols like TLS, Wi-Fi (WPA2), and file encryption (e.g., BitLocker).

## FAQs
### Q: What is AES used for?
A: AES is used to secure sensitive data in applications like internet communications (HTTPS), wireless networks (Wi-Fi), and disk encryption. It is the default encryption standard for the U.S. government and many industries.

### Q: Who created AES?
A: Belgian cryptographers **Vincent Rijmen** and **Joan Daemen** designed the Rijndael cipher, which was selected as AES after a public competition by the U.S. National Institute of Standards and Technology (NIST).

### Q: What are the different versions of AES?
A: AES supports three key lengths: **128-bit (AES-128)**, **192-bit (AES-192)**, and **256-bit (AES-256)**, all with a fixed block size of 128 bits. Longer keys provide stronger security but require more computational resources.

### Q: Is AES still secure?
A: Yes, AES remains secure against all known practical attacks when implemented correctly. No significant vulnerabilities have been found in the algorithm itself, though side-channel attacks (e.g., timing attacks) can exploit poor implementations.

### Q: How does AES work?
A: AES encrypts data by repeatedly applying rounds of substitution (byte replacement) and permutation (shuffling) operations. The number of rounds depends on the key size: 10 for AES-128, 12 for AES-192, and 14 for AES-256.

## Why It Matters
AES is the backbone of modern digital security, protecting everything from online banking transactions to classified government communications. Before AES, the Data Encryption Standard (DES) was the dominant cipher, but its 56-bit key was vulnerable to brute-force attacks. AES addressed this with stronger key lengths and a more robust design, ensuring resistance to cryptanalytic attacks for decades. Its adoption as a global standard simplified interoperability across systems, reducing reliance on proprietary or weaker algorithms. By providing a balance of speed, security, and efficiency, AES enabled the secure expansion of the internet, e-commerce, and cloud computing. Without AES, modern encryption would lack a unified, trustworthy foundation.

## Notable For
- **Winning the NIST competition**: Selected in 2000 from 15 candidates to replace DES as the U.S. encryption standard.
- **First publicly accessible, high-security cipher**: Unlike DES, which had classified design elements, AES was developed openly and scrutinized by the global cryptographic community.
- **Hardware acceleration**: The **AES instruction set** (e.g., Intel AES-NI) allows CPUs to perform encryption/decryption at near-line speed.
- **Versatility**: Used in symmetric-key protocols (e.g., TLS, IPsec) and as a primitive in hash functions (e.g., SHA-3’s Keccak).
- **Longevity**: Remains unbroken after over two decades of cryptanalysis, with no practical attacks faster than brute force.

## Body
### Origins and Development
- AES originated from the **Rijndael cipher**, submitted to NIST’s standardization process in 1998 by Vincent Rijmen and Joan Daemen.
- The competition (1997–2000) evaluated algorithms for security, performance, and suitability in hardware/software. Rijndael was chosen for its combination of speed, memory efficiency, and resistance to known attacks.
- The name "Rijndael" is a portmanteau of the creators’ names (Rijmen + Daemen).

### Technical Specifications
- **Block size**: Fixed at 128 bits (16 bytes).
- **Key sizes**: 128, 192, or 256 bits. The original Rijndael supported additional block/key sizes, but AES standardized only these three.
- **Rounds**:
  - **AES-128**: 10 rounds
  - **AES-192**: 12 rounds
  - **AES-256**: 14 rounds
- **Operations per round**:
  - **SubBytes**: Non-linear byte substitution using a fixed S-box.
  - **ShiftRows**: Cyclic shifting of rows in the state matrix.
  - **MixColumns**: Matrix multiplication over a finite field.
  - **AddRoundKey**: XOR with the round key derived from the main key.

### Security and Cryptanalysis
- **No practical breaks**: The best-known attacks (e.g., related-key attacks) require impractical conditions or computational resources.
- **Side-channel resistance**: Vulnerabilities typically arise from implementation flaws (e.g., poor key management) rather than the algorithm itself.
- **Quantum resistance**: While AES-256 is considered quantum-resistant for now, future quantum computers could reduce its effective security. Post-quantum alternatives (e.g., lattice-based cryptography) are being developed.

### Adoption and Standards
- **FIPS 197**: The official NIST standard published in 2001, updated in 2023.
- **ISO/IEC 18033-3**: Part of the international standard for block ciphers.
- **Widespread use**: Implemented in:
  - **Protocols**: TLS 1.2/1.3, SSH, IPsec.
  - **Storage**: BitLocker (Windows), FileVault (macOS), LUKS (Linux).
  - **Wireless**: WPA2/WPA3 (AES-CCMP for Wi-Fi security).

### Performance and Optimizations
- **Software**: Efficient in C/Java implementations, with optimized assembly for specific architectures.
- **Hardware**: Dedicated AES circuits in CPUs (e.g., Intel AES-NI, ARM CryptoCell) enable encryption at multi-gigabit speeds.
- **Parallelization**: Supports pipelining and SIMD instructions for high-throughput applications.

## Schema Markup
```json
{
  "@context": "https://schema.org",
  "@type": "Thing",
  "name": "Advanced Encryption Standard",
  "description": "A symmetric block cipher standard used for encrypting and decrypting data, based on the Rijndael algorithm.",
  "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf",
  "sameAs": [
    "https://www.wikidata.org/wiki/Q188220",
    "https://en.wikipedia.org/wiki/Advanced_Encryption_Standard"
  ],
  "additionalType": [
    "https://www.wikidata.org/wiki/Q206855",
    "https://www.wikidata.org/wiki/Q1226926"
  ],
  "creator": [
    {
      "@type": "Person",
      "name": "Vincent Rijmen",
      "birthDate": "1970-10-16",
      "nationality": "Belgium"
    },
    {
      "@type": "Person",
      "name": "Joan Daemen",
      "birthDate": "1965",
      "nationality": "Belgium"
    }
  ],
  "datePublished": "2000",
  "alternateName": ["Rijndael", "AES-256", "AES-128", "AES-192", "FIPS 197"]
}

## References

1. Freebase Data Dumps. 2013
2. Quora
3. [aes · GitHub Topics · GitHub](https://github.com/topics/aes)
4. [OpenAlex](https://docs.openalex.org/download-snapshot/snapshot-data-format)