What Is AES?
AES — the Advanced Encryption Standard — is a symmetric block cipher adopted by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a rigorous public competition. It replaced the aging DES (Data Encryption Standard) and has since become the most widely deployed encryption algorithm in the world.
When you connect to a secure website, unlock an encrypted hard drive, or send a message through a secure app, AES is almost certainly doing the heavy lifting. Understanding how it works demystifies a technology you rely on every single day.
The Basics: Block Cipher with Fixed Key Sizes
AES is a block cipher — it encrypts data in fixed-size chunks called blocks. Each AES block is always 128 bits (16 bytes). Longer messages are broken into 128-bit chunks and encrypted sequentially (with some additional mechanisms to prevent patterns, more on that below).
AES supports three key lengths:
- AES-128: 128-bit key — 10 rounds of processing
- AES-192: 192-bit key — 12 rounds of processing
- AES-256: 256-bit key — 14 rounds of processing
Longer keys mean more rounds and more security. AES-256 is commonly used for highly sensitive data.
Inside a Round: Four Transformations
AES processes each block through multiple rounds. Each round (except the last) applies four distinct operations to a 4×4 matrix of bytes called the state:
- SubBytes: Each byte in the state is replaced by a corresponding value from a fixed lookup table (the S-box). This introduces non-linearity, making it hard for attackers to find mathematical shortcuts.
- ShiftRows: The rows of the state matrix are cyclically shifted left by different amounts. Row 0 stays put, Row 1 shifts by 1, Row 2 by 2, Row 3 by 3. This spreads bytes across different columns.
- MixColumns: Each column is treated as a polynomial and multiplied by a fixed matrix over a special mathematical field (GF(2⁸)). This thoroughly mixes the bytes within each column, ensuring that each output byte depends on all four input bytes of the column.
- AddRoundKey: The state is XORed with a round key derived from the original encryption key via a key schedule. This is where the secret key actually enters the encryption process.
Why So Many Rounds?
Each round alone provides modest security. But layering 10–14 rounds creates what cryptographers call confusion and diffusion — after enough rounds, changing a single bit in the input scrambles roughly half the output bits unpredictably. This property, called the avalanche effect, is essential for security.
AES Modes of Operation
Because AES only encrypts one 128-bit block at a time, a mode of operation is needed for longer messages. The mode determines how blocks relate to each other:
| Mode | Description | Common Use |
|---|---|---|
| ECB | Each block encrypted independently | Rarely used (insecure for patterns) |
| CBC | Each block XORed with previous ciphertext before encryption | File encryption, TLS (older) |
| CTR | Encrypts a counter value; XORed with plaintext | Streaming data |
| GCM | CTR mode + authentication tag | TLS 1.3, HTTPS, modern apps |
AES-GCM is currently the gold standard — it provides both encryption and built-in message authentication, protecting against tampering.
Is AES Breakable?
With current technology, breaking AES by brute force is computationally infeasible. AES-128 has 2¹²⁸ possible keys — a number so large that even hypothetical future supercomputers would take longer than the age of the universe to try them all. Theoretical weaknesses have been found in reduced-round versions, but full AES remains unbroken in practice. It's the standard for a reason.