Advanced Encryption Standard (AES), also known as US FIPS PUB 197, is a block cipher which has been adopted as an encryption standard by the U.S. government, superseding the Data Encryption Standard (DES).
It is also known as Rijndael, which is a portmanteau of the surnames of the two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who developed the cipher as a refinement of their earlier design, Square.
Its release by the National Institute of Standards and Technology (NIST) took place on November 26, 2001. Its subsequent standardization took place on May 26, 2002.
AES is a substitution-permutation network (SPN), meaning it uses a series of linked mathematical operations. Implementation of AES is fairly simple, and only a small amount of memory is required. It is fast in both software and hardware. AES has a fixed block size of 128 bits, so it operates on a 4 x 4 array of bytes. It may have a key size of 128, 192 or 256 bits. AES calculations usually take place in a special finite field.
The AES encryption process goes through four rounds (SubBytes, ShiftRows, MixColumns and AddRoundKey) before undergoing a final round, which consists of the same steps but without the MixColumns step.
The SubBytes step is a non-linear substitution step where a lookup table is used to determine what each byte is replaced with. An 8-bit Rijndael S-box, derived from the multiplicative inverse over GF(28) and constructed by combining the inverse function with an invertible affine transformation, is used to update each byte in the array. The S-box is chosen to avoid any fixed points and opposite fixed points.
The ShiftRows step is a transposition step that operates on the rows of the state. For a certain number of steps, each row of the state is shifted cyclically by a certain offset, although it leaves the first row unchanged. Each byte of the second row is shifted to the left by an offset of one, each byte of the third row is shifted to the left by an offset of two, and each byte of the fourth row is shifted to the left by an offset of three.
This shifting pattern is also applied to the block of size 128 bits and 192 bits. For the 256-bit block, the first row remains unchanged, but the second row is shifted by an offset of 1, the third by an offset of 3, and the fourth by an offset of 4.
The MixColumns step is a mixing operation which uses an invertible linear transformation to combine the four bytes in each column of the state. Four bytes are taken as input, and then four bytes are generated as output. Each column is treated as a polynomial over GF(28) and is multiplied modulo x4 + 1 with a fixed polynomial c(x) = 3x3 + x2 + x + 2.
The AddRoundKey step derives round keys from the cipher key using Rijndael's key schedule, and then combines the round key to each byte of the state. Through the use of bitwise exclusive or (XOR), the round key is added by combining each byte of the state with the corresponding byte of the round key.
AES is currently being deployed on a large scale, and it is one of the most popular algorithms used in symmetric key cryptography as of 2006.