What is the Advanced Encryption Standard?

The Advanced Encryption Standard (AES) is a block cipher standardized by the National Institute of Standards and Technology (NIST) that replaces the previously used Data Encryption Standard (DES). It is a symmetric method, meaning the sender and recipient use the same key for encryption and decryption. For AES to be considered quantum-secure, key lengths must be doubled because the Grover algorithm results in a quadratic acceleration. AES can be implemented in either software or hardware and is widely supported.

In the widely used AES operating mode – counter mode (AES-CTR) – two additional public variables are used: a unique initialization value (nonce) and an incremental counter. For each block, the nonce and counter combination is encrypted with AES and linked to the ciphertext via XOR. Since the counter increases with each block, the result is different ciphertexts even for identical plaintext. The nonce and counter are transmitted publicly, enabling the receiver to reverse the process. AES-GCM also uses a counter mechanism but adds parallel multiplications in a Galois field and generates authentication tags. This enables recipients to check data for manipulation, ensuring the authenticity, integrity and confidentiality of data.

AES-CTR and AES-GCM are both suitable for the transmission of highly sensitive data over unsecured networks. Unlike AES-CTR, AES-GCM provides built-in guarantees for data authenticity and integrity within the AES operating mode. With AES-CTR, this is added separately, for example by calculating hash-based authentication tags (HMACs). Our ConnectGuard™ modules for the FSP 3000 and FSP 150 deliver hardware-based AES-256-GCM at full line rate, supported by a hybrid post-quantum key exchange. They are certified to FIPS 140-2 Level 2 and approved by Germany’s BSI for VS-NfD traffic, offering authenticity, integrity and ultra-low latency without the need for extra appliances.