Big Changes Ahead for the Method that Secures The Internet
So, a quick question. What is the block size for AES:
A 64 bits
B 128 bits
C 192 bits
D 256 bits
The answer is, of course, B 128 bits. With this, we take our plaintext and then split it into 128-bit (16-byte) blocks. With a block cipher, we then need to pad the last block:
With AES, we use a part of the key for a number of rounds. For 128-bit AES, we have 10 rounds, for 192-bit AES, we have 12 rounds, and for 256-bit AES we have 14 rounds:
But this could change in the future due to a new NIST draft (SP 800–197) [here]:
Overall, the new draft calls for public comments on increasing the size of the AES block to 256 bits. There is an increasing need to process large amounts of data, and thus, the larger block size will have advantages in processing times. NIST, too, is now looking to standardise a 512-bit key size, a block size of 512 bits, and a target security level of 256 bits.
NIST obviously need to decide whether to stick with AES and upgrade it in the face of quantum computers or develop a new standard. AES (based on the Rijndael method) has done well since it was standardised in 2001, so the choice is likely to stick with AES but enhance it. The new enhancement will be based on Rijndael-256 and with a 256-bit block size and a 256-bit key size.
Overall, with a 128-bit block size, then an Exabyte of data would have a 10^{-5} chance of a data leak, and a Zetabyte of data is almost certain to leak data. With the 128-bit block size, we can have 2¹²⁸ different permutations no matter the size of the key. We then need around 2⁶⁴ blocks to be distinguishable from random. In some cases where we have large amounts of data, we must rekey in order to avoid a collision. This limitation would be avoided using a 256-bit block size, and which will have 2²⁵⁶ permutations. When we have AES-CBC mode, then two cipher blocks that have the same value — a collision — then the different between the two plaintext values is revealed. The larger block size makes this massively more difficult to happen.
With the rise of quantum computers, the security level will relate to half of the key size. As so, a 128-bit key will have a 64-bit strength, and which could be crackable. For a 256-bit key, we will have 128-bit security, and which should be secure against quantum cracking.
Here is more information of AES:
