“It was twenty years ago today” is the opening lyric to Sgt Pepper’s Lonely Hearts Club band, the seminal song and 8th studio album from the Beatles released in 1967. It’s also 20 years ago today, well close enough, depending on when you are reading this blog when AES or the Advanced Encryption Standard was announced by the National Institute for Standards and Technology (NIST) U.S. via their publication FIPS PUB 197 (FIPS 197) on November 26, 2001.
First a bit of background. Let’s start with the Data Encryption Standard (DES), a symmetric key block algorithm with key size of 56 bits had been around since the mid-seventies. Remember, symmetric defines a class of algorithms where the same cryptographic key is used to encrypt and decrypt data – asymmetric algorithms on the other hand use a different method employing public and private key pair.
By the 1990’s DES was looking weak and susceptible to brute force attacks partly due to the availability of increased computing power that was becoming generally available. In response Triple DES or 3DES was introduced in 1995, applying the DES cipher three times to each block. That results in a key size of 168 bits, although demonstrated man in the middle attacks subsequently reduced its effective strength to 112 bits. NIST have further downgraded its effective key length given its susceptibility to block collision attacks yielding an effective key length of 80 bits.
By today’s standard that is considered weak crypto. As a result, NIST deprecated its use in 2017 and will disallow the use of the algorithm after 2023. It is still in use today predominately in the payments space for PIN transactions, albeit with restrictions, such as restricting the lifespan and maximum number of times a key can be used for encryption. Its continued use illustrates that crypto migration on a large scale isn’t easy.
The weakness of 64-bit block ciphers informed the development of a NIST competition to replace this type of symmetric algorithm. Fifteen candidates (CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, Rijndael, SAFER+, Serpent, and Twofish) were evaluated by the standards body and academia and cryptanalysts over a five-year period before whittling those down to five AES finalists: MARS, RC6, Rijndael, Serpent, and Twofish. On October 2, 2000, after thorough cryptanalysis from NIST and interested parties globally, NIST announced Rijndael submitted by two young Belgian cryptographers, Vincent Rijmen and Joan Daemen as the Advanced Encryption Standard (AES) winner. NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. A year later, on November 26, 2001, it was approved as FIPS PUB 197.
Twenty years on and AES is still going strong. It is in use in a wide range of applications including the Wi-Fi security protocols, such as WPA-PSK (AES) and WPA2-PSK (AES), mobile phone messenger apps, and across the internet, it is used in TLS and HTTPS for secure exchange of application data and web content, protecting online transactions worldwide. Further, the US Nation Security Agency approve its use including assets marked Top Secret. At Entrust it is used in a wide range of applications where data is encrypted such as when an nShield Security World is created to define the cipher suite used to protect key tokens through to the volume encryption of multi-cloud virtual machine environments by Entrust DataControl.
Looking forward, investigation into post quantum cryptography has once again shone the spotlight on classical computing algorithms such as AES. Lou Grover’s work in this area known as Grover’s Algorithm is a quantum search algorithm that runs quadratically faster than any equivalent classical algorithm. This represents a remarkable increase in processing efficiency and time saved.
What does this mean in practical terms? If you wanted to find one item in a list of 1 trillion, and each item took 1 microsecond to check, for today’s off the shelf, classical computer that will take you the best part of a week. In a suitably powered quantum computer the same search might take a couple of seconds to find that one item. Amazing stuff!
The quadratic speed up approach can be applied directly to brute force attacks on symmetric algorithms such as AES. Grover determined that quantum computers might be able to attack a symmetric cipher with a key up to twice as long as could be attacked by an attacker with access to a classical computer. Fortunately, NIST has considered Grover’s algorithm and concluded “it is quite likely that Grover’s algorithm will provide little or no advantage in attacking AES, and AES 128 will remain secure for decades to come…..and both AES 192 and AES 256 will still be safe for a very long time..” So one take-out may be if you are considering long term data storage then encrypting using AES 192 or 256 might be a consideration. Refer to the NIST FAQ article if you want to read more here.
So back to Sgt Pepper….It has been a Long and Winding Road and you might be thinking will AES still be around When I’m 64? Only time will tell but let’s Come Together, raise a glass and cheer to celebrate 20 years of AES!
To learn more about best practices for preparing for post quantum computing download the solution brief.