In 1997, DES (Data Encryption Standard) was broken. The US Government asked the world for a replacement. Two Belgian cryptographers (Daemen and Rijmen) submitted "Rijndael". It won. It became AES. It is fast, efficient, and mathematically clean.
How it works (SPN)
AES is a Substitution-Permutation Network. It treats data as a 4x4 grid of bytes.
It performs 4 operations in loop (10, 12, or 14 rounds).
1. SubBytes: Swap every byte with another byte using a lookup table (S-Box). (Confusion).
2. ShiftRows: Move bytes left in the grid. (Diffusion).
3. MixColumns: Use Matrix multiplication to mix the columns. (Diffusion).
4. AddRoundKey: XOR the grid with the Secret Key.
1. Modes of Operation (Critical)
AES encrypts 128-bit blocks. What if your file is bigger? You need a Mode.
ECB (Electronic Codebook) - BAD
Encrypt each block independently.
Problem: Identical inputs produce identical outputs. If you encrypt a picture of the Linux Penguin in ECB mode, you can still clearly see the penguin in the static. NEVER USE ECB.
CBC (Cipher Block Chaining) - OKAY
XOR the previous ciphertext block with the current plaintext block before encrypting.
Problem: Slow (cannot proceed in parallel). Vulnerable to "Padding Oracle Attacks" if not implemented perfectly.
GCM (Galois/Counter Mode) - BEST
Turns the block cipher into a stream cipher using a counter.
Feature: Authenticated Encryption (AEAD). It encrypts AND verifies integrity (Hashing) at the same time.
This prevents attackers from tampering with the encrypted data.
2. Key Sizes
| Key Size | Rounds | Security Level |
|---|---|---|
| 128-bit | 10 | Secret (Commercial) |
| 192-bit | 12 | Top Secret (NSA) |
| 256-bit | 14 | Paranoid (Quantum Resistant) |