According to AbbreviationFinder, Advanced Encryption Standard is known as AES.

In 1997, the National Institute of Standards and Technology (NIST) decided to hold a competition to choose a new encryption algorithm capable of protecting sensitive information during the 21st century. This algorithm was called Advanced Encryption Standard (AES). On January 2, 1997, NIST announced its intention to develop AES, with the help of the crypto industry and community. On September 12 of that year the formal call was made. In this call, several conditions were indicated for the algorithms to be presented:

- Be in the public domain, available to everyone.
- Be a symmetric encryption algorithm and support blocks of at least 128 bits.
- The encryption keys could be 128, 192 and 256 bits.
- Be implementable in both hardware and software.

The 20 as August as 1998 NIST announced the 15 algorithms supported at the first conference AES:

- CAST-256 (Entrust Technologies, Inc.)
- CRYPTON (Future Systems, Inc.)
- DEAL (Richard Outerbridge, Lars Knudsen)
- DFC (CNRS – Center National pour la Recherche Scientifique – Ecole Normale Superieure)
- E2 (NTT – Nippon Telegraph and Telephone Corporation)
- FROG (TecApro International, SA)
- HPC (Rich Schroeppel)
- LOKI97 (Lawrie Brown, Josef Pieprzyk, Jennifer Seberry)
- MAGENTA (Deutsche Telekom AG)
- MARS (IBM)
- RC6 (RSA Laboratories)
- RIJNDAEL (John Daemen, Vincent Rijmen)
- SAFER + (Cylink Corporation)
- SERPENT (Ross Anderson, Eli Biham, Lars Knudsen)
- TWOFISH (Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson)

The second AES conference took place in March 1999 where the analyzes to which the candidates were submitted by the international crypto community were discussed. Comments were accepted until April 15. NIST decided in August 1999 which would be the 5 finalists:

- MARS
- RC6
- RIJNDAEL
- SERPENT
- TWOFISH

These algorithms were subjected to a second, more exhaustive review, which lasted until May 15, 2000. During this period, NIST admitted analysis of the finalist algorithms. During days 13 and 14 of April of 2000 the third conference AES where recent analysis of algorithms finalists were discussed took place. The developers of the finalist algorithms were present. On May 15, 2000, the public analysis period ended. NIST studied all the information available to decide which would be the winning algorithm. On October 2, 2000 it was voted which algorithm would finally win the contest. The result was the following:

- MARS: 13 votes
- RC6: 23 votes
- RIJNDAEL: 86 votes
- SERPENT: 59 votes
- TWOFISH: 31 votes

The Rijndael algorithm won the contest and in November 2001 FIPS 197 was published where it was officially assumed.

## Notes

Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only 128-bit size blocks are specified in AES.

## Development

Rijndael was a refinement of an earlier design from Daemen and Rijmen, Square; Square was itself a development of Shark. Unlike its predecessor DES, Rijndael is a substitution-permutation network, not a Feistel network. AES is fast in both software and hardware, is relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being used on a large scale.

### Encryption description

Strictly speaking, AES is not exactly Rijndael (although in practice they are called interchangeably) since Rijndael allows a greater range of block size and key length; AES has a fixed block size of 128 bits and key sizes of 128, 192 or 256 bits, while Rijndael can be specified by a key that is a multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits.. Most of the AES algorithm calculations are done on a given finite field. AES operates on a 4 × 4 byte array, called state (some versions of Rijndael with a larger block size have additional columns in the state).

### Encryption optimization

On 32-bit or larger word-size systems, it is possible to speed up the execution of this algorithm by converting the SubBytes, ShiftRows, and MixColumn transforms to tables. There are four 256-input 32-bit tables that use a total of 4 kilobytes (4096 bytes) of memory, one Kb each table. Thus, one round of the algorithm consists of 16 lookups in a table followed by 16 32-bit XOR operations in the AddRoundKey step. If the 4 kilobyte size of the table is too large for a given platform, the table lookup can be performed using a single table of 256 32-bit entries using circular rotations.

### MixColumns Stage – Mix Columns

In the MixColumns step, the four bytes in each column of the state are combined using an invertible linear transformation. The MixColumns function takes four bytes as input and returns four bytes, where each input byte influences all four-byte outputs. Along with ShiftRows, MixColumns involves diffusion in encryption. Each column is treated as a polynomial GF (28) and then the modulus x4 + 1 is multiplied with a fixed polynomial c (x). The MixColumns step can be viewed as a matrix multiplication in the finite Rijndael field.