AES encryption

AES (Advanced Encryption Standard) has become the encryption

algorithm of choice for governments, financial institutions, and security-
conscious enterprises around the world. The U.S. National Security
Agency (NSC) uses it to protect the country’s “top secret” information.

The AES algorithm successively applies a series of mathematical

transformations to each 128-bit block of data. Because the computational
requirements of this approach are low, AES can be used with consumer
computing devices such as laptops and smartphones, as well as for quickly
encrypting large amounts of data. For example, the IBM z14 mainframe
series uses AES to enable pervasive encryption in which all the data in the
entire system, whether at rest or in transit, is encrypted.

AES is a symmetric algorithm which uses the same 128, 192, or 256 bit
key for both encryption and decryption (the security of an AES system
increases exponentially with key length). With even a 128-bit key, the task
of cracking AES by checking each of the 2128 possible key values (a “brute
force” attack) is so computationally intensive that even the fastest
supercomputer would require, on average, more than 100 trillion years to
do it. In fact, AES has never been cracked, and based on current
technological trends, is expected to remain secure for years to come.

Read our eBook

IBM i Encryption 101

This eBook provides an introduction to encryption, including best

practices for IBM i encryption.
Read
RSA encryption

RSA is named for the MIT scientists (Rivest, Shamir, and Adleman) who
first described it in 1977. It is an asymmetric algorithm that uses a publicly
known key for encryption, but requires a different key, known only to the
intended recipient, for decryption. In this system, appropriately called
public key cryptography (PKC), the public key is the product of
multiplying two huge prime numbers together. Only that product, 1024,
2048, or 4096 bits in length, is made public. But RSA decryption requires
knowledge of the two prime factors of that product. Because there is no
known method of calculating the prime factors of such large numbers,
only the creator of the public key can also generate the private key
required for decryption.

RSA is more computationally intensive than AES, and much slower. It’s
normally used to encrypt only small amounts of data.

How AES and RSA work together

A major issue with AES is that, as a symmetric algorithm, it requires that

both the encryptor and the decryptor use the same key. This gives rise to a
crucial key management issue – how can that all-important secret key be
distributed to perhaps hundreds of recipients around the world without
running a huge risk of it being carelessly or deliberately compromised
somewhere along the way? The answer is to combine the strengths of AES
and RSA encryption.

In many modern communication environments, including the internet, the

bulk of the data exchanged is encrypted by the speedy AES algorithm. To
get the secret key required to decrypt that data, authorized recipients
publish a public key while retaining an associated private key that only
they know. The sender then uses that public key and RSA to encrypt and
transmit to each recipient their own secret AES key, which can be used to
decrypt the data.
What is AES?
It stands for Advanced Encryption Standard, developed in 2001. As triple-
DES was found to be slow, AES was created and is six times faster than the
triple DES. It is one of the most widely used symmetric block cipher
algorithm used nowadays. It works on bytes rather than bits.
What is DES?
It stands for Data Encryption Standard, developed in 1977. It is a multi-round
cipher that divides the full text into 2 parts and then work on each part
individually. It includes various functionality such as Expansion, Permutation,
and Substitution, XOR operation with a round key.
AES and DES are both examples of symmetric block ciphers but have certain
dissimilarities. 
AES DES

AES stands for Advanced Encryption DES stands for Data Encryption

1. Standard Standard

2. The date of creation is 2001. The date of creation is 1977.

3. Byte-Oriented. Bit-Oriented.

Key length can be 128-bits, 192-bits, and

4. 256-bits. The key length is 56 bits in DES.
 AES
Number of rounds depends on key length:
5. 10(128-bits), 12(192-bits), or 14(256-bits)
The structure is based on a substitution-
6. permutation network.
7. The design rationale for AES is open.
The selection process for this is secret but
8. accepted for open public comment.
AES is more secure than the DES cipher
9. and is the de facto world standard.
The rounds in AES are: Byte Substitution,
10. Shift Row, Mix Column and Key Addition
11. AES can encrypt 128 bits of plaintext.
It can generate Ciphertext of 128, 192, 256
12. bits.
AES cipher is derived from an aside-
13. channel square cipher.
AES was designed by Vincent Rijmen and
14. Joan Daemen.
No known crypt-analytical attacks against
AES but side channel attacks against AES
implementations possible. Biclique attacks
have better complexity than brute force but
15. still ineffective.
16. It is faster than DES.
DES
DES involves 16 rounds of identical
operations
The structure is based on
a Feistel network.
The design rationale for DES is
closed.
The selection process for this is
secret.
DES can be broken easily as it has
known vulnerabilities. 3DES(Triple
DES) is a variation of DES which is
secure than the usual DES.
The rounds in DES are: Expansion,
XOR operation with round key,
Substitution and Permutation
DES can encrypt 64 bits of plaintext.
It generates Ciphertext of 64 bits.
DES cipher is derived from Lucifer
cipher.
DES was designed by IBM.
Known attacks against DES include
Brute-force, Linear crypt-analysis,
and Differential crypt-analysis.
It is slower than AES.
 AES DES

17. It is flexible. It is not flexible.

It is efficient with both hardware and

18. software. It is efficient only with hardware.