Advanced Encryption Standard (AES)
Federal Information Processing Standards Publication 197 (FIPS PUBS), dated November 26, 2001, announced the advanced encryption standard (AES) to the world. AES specifies a FIPS-approved cryptographic algorithm used to protect electronic data. The publication defines it as, “...a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information....” The U.S. government adopted this standard, and in June 2003, the U.S. government (NSA) announced that AES was secure enough to protect classified information up to the TOP SECRET level.
Different Encryption Strengths
The AES standard uses one of three block ciphers, AES-128, AES-192, and AES-256, that were adopted from a larger collection originally published as Rijndael.
Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with which you can scramble the data but also increase the complexity of the cipher algorithm, forcing the number of rounds to increase from 10, 12, and 14, respectively, required to open the virtual vault you have encompassing your data.
Limitations of AES
Limitations of AES? That is hard to say; when this standard was first introduced it was declared completely unbreakable. What we can say is that AES is used to encrypt everything from the U.S. government’s most secret documents to financial transactions from banks and e-commerce sites around the globe. A tear in the AES fabric would open up valuable personal and business information to hackers and foreign governments alike. It’s only a matter of time before someone looks for the missing scale on this dragon.
That is just what happened in the spring 2009, when Biryukov, Khovratovich, and Nokolic found a key recovery attack on AES-256 with a time complexity of 2131. This enterprise was completely impractical, but it marked the first time anyone had published an attack on the full AES cipher. Shortly after that, the time was reduced to 2119 and the first attack on AES-192 was attempted and succeeded. As a result, AES is no longer considered theoretically secure.
Is AES broken? No. The latest attack techniques on AES-192 and AES-256 are impractical outside a lab setting, but they do nonetheless provide theoretical proof that versions of AES are susceptible to attack. Think about all the newer practical uses for chaining gaming systems together and cryptooffloading to video acceleration cards.