In 2000, after a very thorough and open selection process, NIST announced that AES (formally known as Rijndael, after one of its creators) would replace DES as its recommended “unclassified, publicly disclosed encryption algorithm capable of protecting sensitive government information well into the next century.”
Based on NIST’s recommendation, the US government uses AES to secure its classified information:
“The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require the use of either the 192 or 256 key lengths.”Brute force attacks
The most basic form of attack possible on any encryption cipher is a brute force attack, which involves trying every possible key combination until the correct one is found.
As we discuss in Privacy Decrypted #3: Can encryption be broken? Fugaku is currently the most powerful (known) supercomputer in the world. If it dedicated its entire output to the task, it would take Fugaku 12 trillion years to exhaust all possible combinations for AES-128.
AES-256 is 340 billion-billion-billion-billion times harder to brute force than AES-128. To put this into perspective, the universe is 14 billion years old. It is, therefore, safe to say that even at its lower bit sizes, AES is highly resistant to brute force attacks from conventional computers.
It is often theorized that when quantum computing becomes available, modern encryption algorithms will be rendered all but useless. There is truth in this when it comes to asymmetric-key ciphers, but symmetric-key ciphers are relatively quantum-resistant, although quantum computers still reduce the security of AES by half. This means AES-256 remains secure, but AES-128 is less so.
Brute force attacks, however, are not the only way to compromise an encryption algorithm.
Key attacks
Over the years, a number of theoretical attacks on AES keys have been published by cryptographers, but all of these are either unworkable in practice, or are only effective on AES implementations that use a reduced number of rounds (see below).
The most successful attempt was a biclique attack published in 2011 that can reduce the time needed to brute force AES by a factor of four. However, it would still require billions of years to brute force AES on any current or foreseeable computer hardware.
No known key attack is practical against properly implemented AES-128 or higher.
Side channel attacks
A side-channel attack attempts to reduce the number of combinations required to make a successful brute force attack by looking for clues from the computer performing the encryption calculations. Clues can be gleaned by examining:
Timing – how long a computer takes to perform an operation
Electromagnetic leaks
Audio cues
Visual cues (picked up using a high-resolution camera).
Cache-timing attacks, in particular, have proven to be quite effective at successfully cracking AES. In the most notable example, researchers in 2016 were able to recover an AES-128 key using “only about 6 – 7 blocks of plaintext or ciphertext (theoretically even a single block would suffice)”.
However, there are a number of things that can be done to mitigate against the threat of side-channel attacks:
Properly implemented AES can prevent ways that data can be leaked. Hardware that integrates the AES instruction set further reduces the side-channel attack surface of AES. Randomization techniques can be used to disrupt the relationship between data protected by AES and any leaked data that could be collected using a side-channel attack.
It is also worth noting that, in many cases, side-channel attacks require the attacker to have close proximity or physical access to the device as it decrypts data (although remote attacks are possible if malicious software is installed on a device, particularly in the case of timing attacks).
The human factor
Security is only as strong as its weakest point. There is little point in encrypting your data with AES-256 if you then secure it using the password “12345”. Social engineering attacks and keylogger viruses are also a threat to AES-encrypted data.
Use of a good password manager, anti-virus software, and improved education about cybersecurity are the best forms of defence against these kinds of attacks. Note that this kind of attack is only a risk if you encrypt your own data with a password.
