What is AES and How Does it Protect Data
- 29 May 2020
Original encryption was simple and involved disguising words by linking each letter to a corresponding letter or number so that nobody without the code would be able to read it. People eventually got good at decrypting, so good encryption became more and more important, especially in wartime. The Enigma machine was a famously complicated encryption/decryption technique used by the Germans in World War II.
However, as information slowly migrated to the realm of cyberspace, electronic encryption evolved to protect bits and bites. IBM developed a standard encryption form called Data Encryption Standard (DES), but this was cracked in 1997 at a competition. Soon, a DES cracker was developed that could crack a DES key in two days. The US government became nervous at these developments – DES cracking was expensive, and it was unlikely that many people could do it, but their data needed to be protected. In 2001, the National Institute of Standards and Technology revealed a new federal standard based on the Rijndael block cipher – it was called Advanced Encryption Standard, or AES. Today, a DES key could be cracked in about six minutes, whereas with the same machine, it would take 36 quadrillion years to crack an AES key.
AES, simply put, first divides the dataset into blocks of 128 bits of information: 4 columns with 16 bytes of information in each. If your message was ‘AES is the best,’ it would fit into one block of information and look like this:
A I H E
E S E S
Next, a series of different keys would be derived from Rijndael’s key schedule. If you converted ‘AES is the best’ with a plain key of 1, it would look like this:
10 53 4d 65
1e 9e 78 1c
06 80 8f 7b
3b 7d 2b 7c
The initial key is converted to binary and then added to the message, also converted into binary, to get a series of similar-looking bytes. These bites are then substituted according to a specific table that is accessible to the algorithm (e.g., that turns 1e into 5b). After this, rows are shifted and columns are subject to algorithms that make them less straightforward before another key is added.
This process is repeated many times, depending on the key – if it is 128-bit, there are nine rounds of this encryption process; if it is 256-bit, there are 13. The end result is encrypted text that is so difficult to decrypt that it is the base of many encryption solutions – from AES GPG to Proofpoint encryption. Turning a message into a seemingly random selection of letters and numbers is what protects your messages just as well as the government’s emails. You might recall Hillary Clinton’s email scandal – it was because she used her personal email server to give sensitive information to a server that should have been archived by the US government and hence automatically protected by AES.
There you have it: a rundown on what AES is and how it works.