What Is Advanced Encryption Standard (AES) and How Does it Work?

By Jayden Andrews. March 2, 2020

If you’re concerned about your online privacy, you’ve probably read a lot about AES on technology websites, VPN reviews, and other articles related to online security. And when it comes to privacy protection, AES is considered the gold standard right now.

AES, also known as Advanced Encryption Standards, is an advanced cryptographic cipher that is widely used to secure a large amount of the information that internet users send and receive in the digital world every day.

AES is a symmetric key encryption cipher used by everyone — from the government intelligence agencies to big tech companies, including Microsoft and Apple.

Because AES has been certified by the National Institute of Standards and Technology or NIST and is being used by governments to secure critical data, this has led to a more general adoption of the AES standard as the key cipher of choice by most organizations.

It is one of the most effective cryptographic algorithms being used to secure user’s data today. Most of all, it is an open and free standard that can be used by any public, private, commercial, or non-commercial organization.

But what is AES and what are the different levels of protection this advanced encryption standard offers? How does encryption work? What makes it different from other encryption technologies? And most of all, is it impregnable? This guide will discuss everything about AES so you’ll have a better understanding of how this standard works to protect your data.

Top VPNs
Price from:
Price from:
Price from:

What Is AES Encryption?

AES or Advanced Encryption Standards, also known by its original name, Rijndael, is one of the most popular methods of encrypting and decrypting critical and sensitive information in the digital world today.

AES encryption method utilizes a block cipher algorithm to make sure that important data is stored or transmitted securely.

AES is known as a symmetric key encryption standard, which means that the key that was used to encrypt the data is also the same key that should be used to decrypt it. Sounds simple, right? But the problem now is how to send the key in a safe way.

Asymmetric encryption standards deal with this problem by encrypting the data using a public key. This public key is then made available to everyone. The data can only be decrypted by the intended recipient who has the correct private key.

This system makes asymmetric encryption more effective at protecting data in transit because the sender is not required to know the receiver’s private key. A perfect example is RSA (Rivest–Shamir–Adleman) encryption, the algorithm used to secure the TLS key exchanges that occurs when users connect to a secure HTTPS website.

Symmetric ciphers, such as AES, on the other hand, are more effective at protecting data that is not in transit. For example, data that is stored on your hard drive or the data saved on your server.

Blocks of electronic data are encrypted using a specific secret key. As set lengths of bits of data is being encrypted, the system temporarily keeps the data in its memory while waiting for the complete block. AES, along with DES (which we will discuss further below), IDEA, Blowfish, RC5 (Rivest Cipher 5) and RC6 (Rivest Cipher 6) are block ciphers.

There are two main reasons why symmetric encryption technologies, such as AES, is much better compared to asymmetric ones:

  • Symmetric ciphers don’t need much computational power. They consume minimal computational resources, making the encryption and decryption process a lot faster than their asymmetric counterparts. Based on tests, symmetric ciphers are several times faster than asymmetric ones.
  • Symmetric ciphers are good for bulk encryption. Because they are a lot faster, symmetric ciphers can easily process bulk or large amounts of data. You don’t need to spend a lot of time for bulk encrypting when you use a symmetric cipher. Asymmetric ciphers, such as RSA, are only useful for encrypting small amounts of data.

However, in today’s digital world, data that is just saved on your hard drive is not really useful. Fortunately, you can safely transfer your stored data over the internet by working together with asymmetric encryption, which is what HTTPS websites use to protect the remote key exchanges between your device and the servers.

A lot of technologies use this technique to secure data both in transit and in storage. OpenVPN, for instance, protects the raw data using a symmetric cipher, specifically AES. Once the data has to be transferred from the PC to the VPN server, an asymmetric TLS key exchange is employed to initiate a secure connection to the server.

History of AES

If you’ve ever sent secret messages to your friends or your crush before, where you replace the letters of your message using a formula only you and your friends know, then you were already dabbling with encryption. Other people won’t be able to read your message without knowing the formula to replace the “encrypted” letters with the correct ones.

Encryption, such as using this simple mathematical algorithm to hide messages, has been used to protect sensitive data since ancient times, but has gained momentum during World War 2. The Germans used the Enigma machine to secure their communications, but the code was cracked by Alan Turing, which helped greatly in the intelligence gathering of the Allied during the war.

Since then, the encryption technology has evolved significantly, though most of the concepts behind this process remain the same.

Today, AES is considered the most advanced encryption standard in the industry. But before AES, there was DES.

What Is DES?

DES or Data Encryption Standards is the predecessor of AES. It worked well in encrypting sensitive information until AES came into the picture.

The first DES algorithm was designed by IBM in the early 1970s. DES was created by IBM based on a prototype algorithm created by Horst Feistel.



Once the algorithm has been completed, it was then submitted to the National Bureau of Standards. The National Bureau of Standards (NBS, which later became NIST) later worked with the National Security Agency (NSA) to modify the original encryption algorithm, which they later released as a Federal Information Processing Standards (FIPS) around1977.

Since then, DES has become the standard algorithm employed by the US government and this was the case for more than two decades. All US non-military agencies, as well as government contractors, were also required to use the FIPS standard.

And since DES was the first of its kind, commercial and industrial companies were quick to adopt DES to secure their data. Although DES only used 56-bit keys, it has become the default encryption standard for both government and non-government organizations at that time.

However, DES began showing its disadvantages in the mid-90s. In fact, it was widely believed during that time that the NSA can already brute-force crack the DES algorithm. This point was proven true in January 1999 when distributed.net and the Electronic Frontier Foundation worked together to publicly crack a DES key within 24 hours.

It took them only 22 hours and 15 minutes to break the key, showing the algorithm’s weakness to the public. It was then apparent that a new encryption technology was needed.

How AES Came About

For more than five years, the National Institute of Standards and Technology, which was formerly known as NBS, strictly evaluated 15 competing cipher designs from various parties.

Some of the popular choices then were Rijndael, MARS from IBM, RC6 from RSA Security, Twofish, and Serpent.

Within that five-year period, the whole cryptographic community worked together to perform detailed tests, initiate discussions, and organize mock attacks to discover potential weaknesses and explore vulnerabilities of each cipher.

But aside from testing and evaluating the strength of each cipher, other factors were also considered. Various panels involved in the evaluation of the ciphers also looked at the speed, versatility, and computational requirements of each standard. What the government needed was an encryption standard that was reliable, fast, and easy to implement.

Most of the competing algorithms performed well and some of them are still being used today, but the Rijndael cipher stood out among the rest. Later, it was declared as the new federal standard.

The Rijndael cipher, which was designed by two Belgian cryptographers named Joan Daemen and Vincent Rijmen, was renamed as Advanced Encryption Standard, which is what we know today.

Over the years, AES has continued to develop and become the advanced encryption standard that we know of today. In 2003, the NSA considered it suitable to guard Top Secret Information.

AES has now completely replaced DES as the default symmetric encryption standard, not just in the US but all over the world.

How Does AES Work?

The AES encryption cipher is part of a type of ciphers known as block ciphers. This simply means that the algorithms encrypt information on a per-block basis.

These data blocks are measured in bits. They determine what is going to be the input of plaintext, as well as the output of the ciphertext. Since AES is composed of 128 bits, there will be 128 bits of ciphertext generated for every 128 bits of plaintext.

Like most encryption algorithms, AES relies on cipher keys for the encryption and decryption process. And because the AES algorithm is symmetric, the same key is required for both the encryption and decryption process.

Let us define these terms first to better understand the process:

  • Plain text – This refers to the sensitive data that you want to encrypt.
  • Secret Key – This key is the 128-bit, 192-bit, or 256-bit key generated by the algorithm.
  • Cipher – The algorithm performs a series of mathematical conversions using the plaintext and the secret key.
  • Ciphertext – This pertains to the encrypted output generated from the cipher after passing through the required number of rounds.

AES works using a 4×4-column- major order matrix of bytes. It sounds very complicated, but the process is a lot of times more complex than this. The key size required for this cipher determines the number of rounds (repetitions) needed to process the plaintext using the cipher and transform it into ciphertext.

Here are the different number of rounds necessary for each key size:

  • A 128-bit key requires 10 rounds.
  • A 192-bit key requires 12 rounds.
  • A 256-bit key requires 14 rounds.

So when you say AES-128, this means that the encryption uses a 128-bit key. The same concept goes for AES-192 and AES-256.

Although longer keys mean stronger encryption and stronger security, this strength usually comes at the cost of performance. Stronger encryptions will generally take longer to encrypt. On the other hand, shorter keys that aren’t as secure as the longer ones provide faster encryption times.

To make the process a lot easier to understand, here is a step-by-step guide of how AES works.

  • The first step is key expansion where the original secret key is used to derive a series of new round keys by utilizing the AES key schedule algorithm.
  • The next step mixes each round key with the plaintext by employing the additive XOR algorithm.
  • Now the resultant data is replaced using a substitution table. This step uses the same concept behind the secret message ciphers you created when you were young.
  • The next step is shifting every byte to the right.
  • After shifting all the bytes in the 4 x 4 column of sixteen bytes that make up the 128-bit block, another algorithm is applied to every column.
  • Rinse and repeat according to the rounds required for each key.

Each additional round decreases the chance of a shortcut attack. This type of attack was used to crack AES-128 in 2011. Because of that attack, four rounds were added to AES-128 to boost its strength.

Applications of AES

Since AES is a free standard, it has been widely adopted for public, private, commercial, and non-commercial use. AES is commonly used to secure data being processed by various systems and software.

Here are some of the common applications of AES encryption today:

Compression Utilities

Sending folders and large files over the internet is a lot complicated and time-consuming, so most users would use an archiving or compression tool to reduce the size of the original file. So if you have downloaded a ZIP file or RAR file from somewhere on the internet, then you’re actually using software that uses AES encryption.

WinZip, 7 Zip, WinRAR, PeaZip, Zipware, and Hamster Zip Archiver are some of the common compression tools today. These utilities allow users to compress and decompress files to optimize storage space. And most of these tools use AES encryption to ensure file security.

Disk Encryption

If you’re concerned about the security of your personal data, you might have used or heard about the benefits of encrypting your hard drive or partition. These hard disk encryption tools likely apply an AES algorithm. BitLocker, VeraCrypt, FileVault, DiskCryptor, and CipherShed are some of the widely used disk encryption tools that rely on AES to keep your data secured.

Password Managers

Trying to remember all your passwords for all your accounts is a huge challenge. This is how password managers became popular. You can save all your passwords using a password manager and you only need to remember one master password to get access to all the passwords you saved. Lastpass and 1Password are some of the most widely used password managers today, and they both use AES encryption to protect the saved passwords.


Encryption is one of the major components of VPNs or virtual private networks. And most professional VPNs used the AES algorithm to secure their users’ internet connection and protect their data.

A VPN is a tool that enables users to connect to the internet safely by connecting to a secure network.

This is made possible by the secure digital tunnel created by the VPN between the user’s device and the encrypted network of servers operated by the VPN.

For example, connecting to a public Wi-Fi, such as the Wi-Fi network of your school library or the local coffee shop, can leave you vulnerable to all types of online attacks. This is because anybody can connect to the public Wi-Fi network and all data sent to and from that network is free for anyone with a bit of tech knowledge to see. An attacker can easily read your messages, steal your information, infect your device with malware, or even override your session.

Using a VPN easily resolves this problem by routing your connection through a private network that will hide your online activities, mask your real location, and keep your data safe.

Aside from this, you can also use a VPN to access restricted content. For example, with a VPN, you can access Netflix content from other countries or visit websites that have been blocked by your network administrator. You can also use a VPN to bypass strict censorship regulations, such as the Great Firewall of China.

However, different VPNs use different encryption technologies to protect their users. And this leads to different levels of protection. The best VPNs, such as NordVPN and SurfShark, usually use an AES-256 encryption. Some VPNs, however, still use obsolete, unsecure, and weak encryption standards, such as PPTP and Blowfish. So when choosing a good VPN, make sure to conduct your research first and find out what type of encryption the VPN provider is using.

Other Applications

Aside from the applications listed above, AES is also used in other programs and software, most of which you are familiar with.

Grand Theft Auto, for example, is equipped with a game engine that employs AES encryption to prevent multiplayer hacking. Messenger apps like WhatsApp and Facebook Messenger also use AES to secure messages that are sent and received by the users.

How Hard Is It to Crack AES?

Since AES is considered one of the toughest and most advanced encryption standards today, it only follows that it is also very hard to crack, even when using brute force.

We have established earlier that the measure of the strength of the cipher is generally determined by the size of its key. For AES, the keys come in 128-bits, 192-bits, and 256-bit. The bigger the size of the key, the more possible combinations there are.

Although the original Rijndael cipher was initially designed to accommodate additional key lengths, this feature was not carried over into AES. This means that AES-256 is the strongest encryption we have so far.

The more advanced the algorithm is, the harder it is for attackers to crack the cipher using a brute force attack. This very primitive, but also effective, form of attack requires an exhaustive key search. Basically, it is just trying every possible number combination until you find the correct key.

And as we know, computers don’t compute using 1,2,3 or A, B, C. It performs all calculations with just binary numbers: zeros and ones. Because the complexity of a cipher is related to its key size in bits, which is the raw number of binaries (ones and zeros) necessary to express the algorithm. This is also known as the key length, which represents the probability of successfully conducting a brute force attack on any given cipher.

The number of possible number combinations increases exponentially with the key size. For example, a 128-bit AES has 3.4 x 10^38 while AES-192 has 6.2 x 10^57 combinations. The biggest key length, AES-256, has 1.1 x 10^77 possible combinations of numbers. It would take a very long time for even the fastest supercomputer to go through all these combinations and crack an AES-256 encryption key using brute force.

AES Security Attacks

As of 2020, there is still no way to break the AES encryption like what the Electronic Frontier Foundation did with DES in 1999. So far, the biggest and most complicated brute-force attack against a block cipher only involved a 64-bit encryption. It would take a lot of computing power and a lot of time to even crack a 128-bit cipher, not to mention a 256-bit AES.

The cryptographic community, therefore agrees that it would take billions of years to successfully attack the AES algorithm using the current hardware. That’s why this scenario is highly improbable.

Right now, there is no single known technique that would enable someone to attack or decrypt data that was encrypted by AES, as long as the cipher was properly implemented.

It is, however, worth looking into the Tau statistics, a tool or technology being developed by the NSA to break AES, as described in the documents leaked by Edward Snowden.

Do you like this post? 1 Star2 Stars3 Stars4 Stars5 Stars