With cybercrime at an all-time high, advance data encryption is the need of the hour. From personal data being sold on the dark web to security vulnerabilities in apps, our data is under constant scrutiny making encryption of paramount importance.
When it comes to encryption AES (Advanced Encryption Standard) is the gold standard for security. It is a subset of Rijndael block cipher, which uses a data block of 128 bits and a key size of 128 bits, 192 bits and 256 bits — giving rise to three different versions of AES, namely, AES128, AES192 and AES256. It is a symmetric encryption algorithm which uses the same key for encryption and decryption. Due to this, keeping keys secure is of utmost importance. If a malicious entity gets hold of the encryption keys, they could decrypt the data.
There are a lot of encryption algorithms out there but what makes AES unique is its speed, security and ease of implementation. This algorithm is so lightweight that it can encrypt a block of 128 bits in a matter of 0.5 milliseconds using an 8-bit processor. Due to this, smart cards could use this algorithm to make secure payments at a lightning-fast speed. It is also very efficient when it comes to encrypting bulk amounts of data. Due to this reason, Google drive uses AES 128 to encrypt data in its servers.
AES Encryption explained
The AES algorithm consists of two components key expansion and data manipulation.
Most encryption methods use a secret key to encrypt data which creates the ciphertext. In the case of AES(128) encryption, the size of the key is 128 bits, but the algorithm does not use one key to encrypt the data. To make the encryption unbreakable, it uses the master key and generates multiple keys using key expansion algorithms. In the case of AES 128, this algorithm creates a total of 10 keys, one for each round of encryption.
In the case of AES 192 and 256, the number of keys increases to 12 and 14 respectively due to more number of rounds.
AES is a block cipher, so the plain text (128 bits) of data is first transformed into a 4×4 matrix. Each element of the matrix is 8 bits in size, making the matrix hold a total of 8×16=128bits.
Once the data is put into this matrix format, the encryption key is added using the XOR operation. After this, transformations and substitutions are performed using SPN (Substitution permutation network) block cipher algorithm. The SPN uses four main transformations or substitutions to create the ciphertext
- Substitution using s-box: The AES algorithm uses an s-box (substitution box) to make substitutions to the 4×4 matrix. The s-box is a standard lookup table which is used in a number of encryption algorithms to add diffusion into the data making algorithms harder to crack
- Row transformations: This is a simple matrix transformation operation which shifts each row in the matrix to the left according to its row number.
- Mix columns: Each column is multiplied with a pre-defined 4×4 matrix
- Addition of keys: Keys which are generated during key expansion are added to the matrix.
AES 128 performs a total of 10 rounds to encrypt the data. The first nine rounds perform the above-mentioned operations in the given order, but in the tenth round, the mix columns operation is omitted. Once all this is done, your first 128 bits of data have been encrypted.
In the case of AES 128 and 256 due to the increase in key size, the number of rounds increases to 12 and 14 respectively. This increase in rounds makes these versions of AES even stronger and harder to break.
Is AES secure enough
The US government uses AES128 and 256 to encrypt its top-secret files Since its commission in 2001 as the US federal standard in encryption, there have been no attacks which could crack the AES encryption without knowing the encryption keys.
AES and the internet
Although the primary goal of AES was to encrypt classified documents of the US government, it is used for encrypted file transfers over the internet. AES encryption is used in secure file transfer protocols like FTPS and HTTPS. Messaging apps like Whatsapp provide end to end AES256 encryption. Even wifi routers can be configured to WPA2/AES configuration to use AES encryption.