In part two of this series, we looked at how digital communications meant we needed to add further complexity to the ways in which we secured our information. In this short blog we'll look at the algorithm that is used across the globe to protect data today while at rest and in transit across the internet.

### We can do better than that

In 2001 the National Institute of Standards and Technology (NIST) threw a gauntlet to the security community to develop a successor to 3DES. I think that deep down they saw that using the DES algorithm three times in a row a bit of a cop-out, and wanted something fresh. Fifteen different algorithms were evaluated and an algorithm called Rijndael was finally selected.

Rijndael was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and was finally standardised as AES (The Advanced Encryption Algorithm) in 2002.

Where DES and 3DES have fixed length keys (64bit and 192bit respectively), the AES algorithm has three accepted standard length keys (128-bit, 192-bit and 256-bit) which alter the number of cycles that the algorithm uses (10, 12 and 14 respectively).

Also AES takes a slightly different approach to keys and plaintext. Rather than laying the plaintext out in a single row (as computer scientists have traditionally done since time immemorial) it makes a 4x4 two-dimensional matrix out of the data, and manipulates it in that way. AES makes use of four basic functions during its processing:

1. AddRoundKey - This is an XOR of the current ciphertext state with the current round key. 2. SubBytes - This is a rather contrived substitution function; but is basically equivalent to S-box in DES. 3. ShiftRows - Since the bytes are ordered in a 4x4 matrix rather than in a row, in this function, each row is shifted left by n-1 bytes, where n is the row number, making this a transposition step. 4. MixColumns - This is another transposition step, but uses a matrix multiplication function to shift the columns of the matrix all about. So the running order for AES goes like this:

1. Rijndael has its own key schedule where keys are constructed for each round from the master key, so we generate these here, in the first step.

2. Initial Round

3. Rounds (repeated 10,12 or 14 times depending on key size)

a) SubBytes

b) ShiftRows

c) MixColumns

4. Final Round (same as any other round, except we don't MixColumns)

a) SubBytes

b) ShiftRows