1. Home
  2. Protection

What Is AES Encryption, Examples of How the Advanced Encryption Standard Works

If you’ve ever wondered about how things are kept secure on the Internet, especially considering that there are several malevolent agents that constantly attempt to break in data vaults, cryptography is one of the answers that best fits the question.

As you may know, cryptography is merely one of the methods used to protect information and communications, but that doesn’t mean it’s simple by any means. In fact, it’s a technology that undergoes constant development to ensure that the standards it relies on are always top of the line.

An example of such a standard is AES, an acronym that you probably encountered before, especially if you constantly use communications apps such as WhatsApp, Signal, or Telegram, or VPN software. In this article, we’re going to focus on AES and help you understand it better.

AES Encryption

What is AES?

AES, which stands for Advanced Encryption Standard is a popular form of encryption that’s been used for quite a while now to ensure that data is kept safe and secure, away from prying eyes.

What makes AES encryption stand out in the crowd is the fact that it’s a fast, secure encryption method and its flexibility makes it possible to use it on a wide variety of products, ranging from day-to-day apps like WhatsApp or Signal to military security systems and even hardware.

How encryption works

You probably know how encryption works. If you don’t, here’s a quick reminder: encryption takes plain text and converts it into a ciphered form, which makes it look like it’s made up of random characters. It’s safe to say that AES is a symmetric encryption type, seeing as it uses the same key to encrypt and decrypt data.

This encryption standard uses the substitution permutation network algorithm (SPN algorithm) in order to apply several encryption rounds to protect data. The fact that it uses so many rounds makes AES virtually impenetrable.

AES is not only the first but also the only publicly accessible cipher that was approved by the NSA (National Security Agency) to protect top-secret data. Initially, this encryption standard was called Rijndael based on the names of its two developers, Vincent Rijmen and Joan Daemen (both from Belgium).

AES multiple key lengths

The AES includes three block ciphers, and each of these block ciphers has a different number of possible key combinations, as follows:

  • AES-128: 128-bit key length = 3.4 * 1038
  • AES-192: 192-bit key length = 6.2 * 1057
  • AES-256: 256-bit key length = 1.1 * 1077

Although there are three block ciphers, each one of them encrypts and decrypts data in 128 block bits by using different key lengths (i.e. 128, 192, and 256, as specified above). So it’s safe to say that even though the length of the keys can be different, the block size is always the same (128 bits or 16 bytes, they’re the same thing).

The fact that AES uses different key lengths definitely raised some questions among users, such as why do we need several key lengths, in the first place? Others might even question the need of having several key lengths, more so considering that the 256-bit key is presumably the most secure one.

Despite the fact that the 256-bit AES key is simply the strongest one in the bunch, oftentimes being referred to as “military-grade,” it’s not always deployed by default, and the reason why this happens is because of available, or better yet, unavailable resources.

AES-128 vs AES-256

The bigger a key is in size, the more resource it will consume, so it’s safe to say that a less-capable system is more likely to be using 128-bit AES keys instead of its 256-bit counterpart. For instance, if you use 256-bit AES encryption on your phone, it may drain your battery faster than the 128-bit version of the same encryption standard.

256-bit AES keys are way more difficult to brute-force than 128-bit ones. However, even with tremendous amounts of computing power, 128-bit AES keys are still almost impossible to crack, so using this version instead of the 256-bit keys may be a better choice if you’re concerned about power or latency, especially on portable devices (smartphones, for instance).

On the bright side, technology advancements have made it so that the differences in both computing power and battery life between using AES-256 and AES-128 are negligible, making 256-bit AES the most popular choice, as most users prefer having peace of mind.

The benefits of using AES

AES 256

The fact that the encryption methods enforced by AES are fast and easy to comprehend makes AES a popular choice in a wide variety of fields. AES is not only fast and secure but also easy to implement, which further adds to its innate popularity.

Furthermore, it’s capable of decrypting protected data as fast as it can crypt it, and uses less memory and computing power than other popular encryption standards (such as DES), which gives it an edge.

Last, but not least, if the situation calls for it, AES is flexible enough that it lets you combine it with several other security protocols such as TKIP, WPA2, WEP, but also other encryption types, such as SSL.

Here are some key advantages of choosing AES over other encryption standards:

  • Supports being implemented in both hardware and software
  • The fact that it supports three key lengths gives you some flexibility regarding security and speed (performance)
  • All three key types are long enough, which makes AES an impossible brute-forcing target
  • So far, no cryptographic attack has been proven to work against AES
  • You can find it virtually everywhere, given the fact that the US government defined it as a standard
  • Easy to implement regardless of destination (hardware implementation is reportedly easier than software)
  • Doesn’t hog as much memory as other encryption types (for instance DES)
  • Easy to combine with other security protocols and encryption types

Common uses of AES

Despite the fact that we already mentioned that AES is generally used everywhere it’s supported, there are a few examples where there are higher odds to encounter it. Namely:

  • VPNs
    • The way that VPNs work revolves around re-routing your traffic, but not before encrypting it so that others can’t see it in the event that they’re monitoring your connection. More so, the traffic needs to be decrypted at its exit point, which involves the need for an encryption standard. AES-256 is used by default by several VPN providers, including NordVPN, Surfshark, and ExpressVPN.
  • Password managers
    • Password managers work by letting you put all of your passwords in them and protecting them with a single password through means of encryption. Various password management software solutions on the market have chosen AES as their operative encryption standard, considering it’s easy to implement, fast, and secure.
  • Wi-Fi networks
    • Without traffic encryption, attackers could just sit outside of your wireless network, capture unencrypted packets using an appropriate WiFi adapter, and monitor your entire online whereabouts without a care in the world. Thankfully, AES encryption, usually alongside additional security standards (WPA2 is the most popular at the time being) can prevent that from happening.
  • Web browsers
    • You probably already know that for a while now web browsers have encrypted their users’ connections, to protect them against various cyber threats such as MITM (Man-In-The-Middle) attacks, spoofing, or traffic monitoring.
  • Disk encryption
    • Although this feature is mostly used on portable devices such as smartphones and tablets, encrypting your disk is not unheard of if you want to boost your privacy and security. AES is currently one of the most popular methods used to encrypt and decrypt disk content.
  • File compression software
    • Whether it’s WinRar, WinZip, or 7z we’re talking about, all these archiving and file compression/decompression utilities on the market use AES as their go-to encryption standard to prevent accidental data leaks while handling your files.
  • Communication apps
    • WhatsApp, Signal, Telegram, Snapchat, Messenger, but also others we haven’t mentioned, use AES encryption to make sure that you’ll benefit from complete privacy, whether you’re sending photos, videos, documents, or plain text messages through these apps.
  • Programming language libraries
    • If you’re a programmer, you should probably know that libraries of certain programming languages, including but not limited to C++, Java, and Python make use of AES encryption to help you protect your data and projects against unauthorized access.
  • OS components
    • In order to add an additional layer of security, some operating systems have added AES encryption to some of their components.

How does AES work?

Generally speaking, you need to know or learn how a specific technology works in order to benefit from its capabilities at its full potential. In this case, you should know a thing or two about how AES works before haphazardly implementing or using it on your projects or in your environment.

1. Data gets divided into blocks

As you probably remember from our mentions above, AES is a block cipher, which means that it encrypts the data it receives in blocks of bits, as opposed to encrypting it bit-by-bit.

Therefore, the first step of AES encryption is separating the data into blocks. Each one of these blocks holds a 4-by-4 column of 128 bits or 16 bytes. Considering that one byte consists of 8 bits, we have 16 x 8 = 128 bits, which is the size of the block.

Let’s say, for instance, that you’d want to encrypt ‘addictivetips.com’ using AES, the first thing the encryption process does is separating data into blocks. However, a block can only hold 16 characters, so the first block will not include the ‘m’ at the end of the text. The ‘m’ will be sent to the next block.

Therefore, after applying AES to ‘addictivetips.com‘, the first part of this text will look like the block below:

a c e s
d t t .
d i i c
i v p o

2. Key expansion

The key expansion procedure is a tad more complicated than the step we’ve described above. It involves taking an initial key and use Rijndael’s key schedule to generate a series of additional keys that will be used for each and every single round of the encryption process.

So, for instance, if you use the key “AESencryption12” on our plain text above (addictivetips.com), you’ll get a string of seemingly random numbers.

A e y o
E n p n
S c t 1
  r i 2

However, the Rijndael key schedule uses very specific processes to encrypt every single symbol in the initial phrase.

The result will look like the block below:

7e 04 0b 20
52 6c 1c 56
a7 bf 8e 84
30 03 3d 20

Again, even though it looks like gibberish and random numbers, that’s the exact point of this whole encryption procedure: to hide data behind a cipher, making it inaccessible to users who don’t know what the cipher is and make it impossible to crack it.

Furthermore, this is far from being over, as the encryption process will need to use the keys we’ve recently generated for each round of encryption. But more about that later.

3. Adding a round key

This is actually the first round of encryption, as we’re going the add the initial key (‘AES encryption12‘) to our message block (‘addictivetips.com‘), like in the example below, which may not make sense at first.

a c e s
d t t .
d i i c
i v p o


A e y o
E n p n
S c t 1
  r i 2

Although it might feel like it’s impossible to add two blocks of text together but remember that this is merely a graphical representation of the encryption process so that you may understand it better. In reality, AES uses binary code, making our attempt to add two blocks of text not only completely plausible but also entirely possible.

This operation (of adding the two blocks of text together) is done by using an XOR cipher, and the result can be seen below:

32 d5 5c d9
f3 24 a8 46
7e 1c 37 f3
82 5e 3f 03

4. Byte substitution

To further enhance the protection of your data (in our case the plaintext we’re trying to encrypt), this step of the process will substitute each byte of the block with a predetermined value according to a table, called the Rijndael S-box. You can see the table just below:

  00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
00 63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76
10 ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0
20 b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15
30 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75
40 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84
50 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf
60 d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8
70 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2
80 cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73
90 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db
a0 e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79
b0 e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08
c0 ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a
d0 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e
e0 e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df
f0 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16

Although this table also looks like a series of random characters, you can use it to check which value the substituted bytes will have. For instance, c9 will become dd, 26 will become f7, ff will become 16, and soon. It’s not so hard to use once you get the hang of it.

Now that we’ve seen the table, let’s see how the new block we’ve generated above from the first round of encryption will change after the Rijndael S-box-based byte substitution:

23 03 4a 35
0d 36 c2 5a
f3 9c 9a 0d
13 58 75 7b

Note that we’ve actually substituted the blocks by using the Rijndael S-box table manually, so you can double-check and try to replicate the results if you’re interested. This way, it’s easier for you to follow, especially if you’re passionate about learning more about cryptography.

5. Row shifting

In this step of the AES encryption process, the rows are shifted to put your data behind an additional protection wall. While the first row remains untouched, the next three ones are shifted in different ways, as follows:

  • The second row gets shifted to the left by one byte (cell)
  • The third row gets shifted to the left by two bytes (cells)
  • The fourth and final row gets shifted to the left by three bytes (cells)
23 03 4a 35
36 c2 5a 0d
9a 0d f3 9c
7b 13 58 75

6. Column mixing

While we’d love to stay as accurate as possible, this step involves applying a series of complex mathematical formulas to the block, which gives us a totally different block at the end of the procedure.

To be a bit more specific, each column is multiplied by a predefined matrix during this step. The result will be a new block of code, which will be further used to increase the cipher’s strength and decrease the odds of it being cracked wide open.

At the end of the column mixing process, we’ll get a code block that looks something like this:

43 4d 33 85
c8 37 6d 8d
9a 33 85 9c
42 68 41 99

7. Add extra round key

Remember that a while back we told you that we’ll definitely need the key that we’ve created during the key expansion step? Well, we’ve used it once to scramble everything once, now we’ll need to do one more scrambling to the data we just obtained.

So we take the block of data we got after running the column mixing step and we add another round key to it, just as we did at step 3 in our guide, like so:

43 4d 33 85
c8 37 6d 8d
9a 33 85 9c
42 68 41 99


32 d5 5c d9
f3 24 a8 46
7e 1c 37 f3
82 5e 3f 03

As you’d expect, this step will generate yet another block of data for us to process, but we’ll stop here. We have a feeling that you got the point. However, the encryption process is still far from being over, as the block of data we just generated will undergo several more modifications.

8. More steps

These modifications that we’ve mentioned above include everything we’ve done so far: shifting rows, byte substitution, adding round keys, and mixing columns, so it’s easy to understand why we had to stop here as far as exemplifying goes.

These rounds are identical and the number of times these rounds are repeated depend on the AES key length, as follows:

  • AES-128 uses 9 rounds
  • AES-192 uses 11 rounds
  • AES-256 uses 13 rounds

So if you’re planning to use AES-256, the steps we’ve previously mentioned and explained will be repeated 13 times in a row, which you can agree is a tremendous amount. It’s also easy to understand why AES is so difficult to crack and is a go-to encryption standard in a lot of environments.

However, we’re not done yet. After the 9, 11, or 13 rounds of encryption we’ve briefly talked about above, there’s an additional round, during which the algorithm only substitutes bytes, shifts rows, and adds a round key (it skips mixing columns).

It may sound ridiculous that after 9, 11, or 13 rounds of running all the steps above the mixing columns step gets dropped. The reason is that at this point it’s somewhat redundant, and this step is skipped only to preserve some processing power.

So actually, after running all the steps of the encryption process, the input data (our plaintext we’ve used in the beginning in this case) will have gone through 10, 12, or 14 rounds, depending on the key length you chose and will look like a set of random characters. Not that it didn’t look like that for a long time now, since we started the encryption process and all.

So, to recap, while undergoing encryption, the data you feed to the AES encryption tools undergoes the following processes, in this order:

  1. Block division
  2. Key expansion
  3. Adding a round key
  4. Byte substitution
  5. Row shifting
  6. Column mixing
  7. Adding a round key
  8. Steps 4-7 are repeated for 9, 11, or 13 times depending on the key length
  9. Byte substitution
  10. Row shifting
  11. Adding a round key

At the end of this complex and seemingly endless process, addictivetips.com, the text we’ve attempted to encrypt, will look like the code below if encrypted using a 128-bit key and ‘AESencryption12‘ as our secret key:

  • RcadDaLDuP5fHtor3/Rfnq5EijEfhP02pvrlGkGr1Gc=

Although it may look like complete gibberish, once again, that’s the point of using encryption: making data as simple as plain text look like something went horribly wrong during its transmission and now it looks like gibberish.

How to decrypt AES

We understand that AES and the whole encryption process can be a bit of a handful, as the multitude of steps, as well as the fact that they’re repeated for an ungodly amount of time, can be a bit intimidating.

However, if you take a step back and look at the big picture, the whole thing actually starts to make sense, even for someone who didn’t spend their whole life studying cryptography and designing the perfect way to encrypt or decrypt information.

That’s precisely why we’re pretty confident you’ll have no trouble understanding AES decryption if the encryption process along with all of its steps made sense to you. To put it shortly, AES decryption follows the exact same steps as the encryption process, only they’re reversed.

So, in our case, if we want to go back to ‘addictivetips.com’ from RcadDaLDuP5fHtor3/Rfnq5EijEfhP02pvrlGkGr1Gc=, all we have to do is trace our steps back up until we reach the initial one, like so:

  1. Inverse adding round key
  2. Inverse row shifting
  3. Inverse byte substitution
  4. Inverse adding round key
  5. Inverse column mixing
  6. Inverse row shifting
  7. Inverse byte substitution
  8. Repeat steps 4-7 for 9, 11, or 13 times depending on key length
  9. Inverse add round key

After performing all the steps above, we should end up with our original text fragment, ‘addictivetips.com’.

Is AES encryption secure?

AES encryption examples

One of the most pressing questions when it comes to all encryption standards (not only AES) is if it can provide you with an optimum level of security. In this case, the question would be: is AES encryption secure?

Although you could see for yourself that this encryption standard deploys a huge number of steps, each of which scrambles the original text and twists it beyond recognition, this didn’t seem to stop attackers from designing potential ways to circumvent these means of protection.

Note that in a real-life situation, an attacker (commonly known as a hacker or cracker) won’t go after the tallest, thickest wall in its attempt to invade the virtual fortress that is your PC, database, archive, or whatever you’re trying to protect.

Instead, they will circle the proverbial walls several times trying to find any cracks worth exploiting, and then start drilling there. In our situation, attackers may want to spot any vulnerabilities in the AES encryption process and start working their way up from there.

Thankfully, cryptography researchers constantly try to find vulnerabilities with the AES encryption process, so as to be able to prevent a potential attack from someone who discovers the flaws first and (obviously) doesn’t share them with the whole world.

Up until now, the researchers have been able to identify a series of attacks that could compromise AES, but these are either purely theoretical, side-channel attacks, or cracking attempts with a known security key, as you’ll soon learn from the following sections.

1. Known-key distinguishing attack

An attack that used a known key was designed by cryptography researchers and observed in action, and it showed some promising results. The attack was introduced in 2007 by Vincent Rijmen and Lars Knudsen.

While that’s not exactly great for the AES encryption method, this attack had two flaws that make it unlikely to be used in a real-life scenario: the fact that it used a known key, and that it was tested against a seven-round version of AES-128.

Considering that most of the time the key is not known to the attacker (unless they happen to just stumble upon it with precise instructions regarding its purpose) and that AES-128 has 10 rounds of encryption, everyday AES-128 can rest assured that the attack is not likely to occur.

The fact that most services that offer AES-128 also feature native support for AES-256 means that boosting your encryption couldn’t be easier in case you’re worried about being targeted by a known-key distinguishing attack.

2. Related key attack

Related key attacks are more of a category, as they represent all forms of cryptanalysis where attackers can analyze the way a cipher works under multiple keys. In this type of attack, the attacker doesn’t know the values of the keys used in the cipher.

However, although unknown, the keys also have some sort of mathematical relation one to another, which the attacker does know. One of the simplest examples would be that the attacker knows that the first 16 bits of the keys are always the same, but has no idea what the bits actually are.

Although related key attacks could be successful if applied correctly, they are of no real concern in the real world. In order for such an attack to work, an attacker would need to successfully persuade a cryptographer to encrypt data using various secret keys that are connected to each other mathematically, then share the secret with the attacker.

Thus, this type of attack servers merely as a reminder that human error could contribute to putting some kinks in the AES armor by being subject to poor implementation of this encryption standard.

3. Side-channel attack

Although AES is, at the time being, virtually uncrackable, there have been many attempts to design theoretical attacks that could demonstrate some of this encryption standard’s vulnerabilities.

Even if it’s been 20 years since AES has been introduced, and technology has made some huge advancements over these past 20 years, the amount of computing power needed to brute-force AES is still not enough, and we’d still need billions of years to be able to crack it.

However, a different breed of attempts to break the security of AES encryption is the side-channel attack. This type of attack combines multiple types of data leaks to extract enough data from an algorithm that it can be cracked.

For instance, attackers could focus on power consumption, electromagnetic radiation, the time it takes various computations to be performed, and even the sounds produced during computation to extract more information about the algorithm.

There are several classes of side-channel, including:

  • Timing attacks
    • Timing attacks revolve around measuring the time it takes for certain computations to be performed (for instance comparing a known password against an unknown one).
  • Cache attacks
    • These attacks are only viable if the attacker can access some of the victim’s caches in various environments, whether it’s virtualization environments (virtual machines), shared physical systems, or cloud services we’re talking about.
  • Electromagnetic attacks
    • Electromagnetic attacks are based on electromagnetic radiation leaks, which can be used to extract various bits of information. Measuring electromagnetic radiation leaks can sometimes lead to discovering cryptographic keys.
  • Power-monitoring attacks
    • Attackers monitor the power consumption of the hardware during certain computation steps in order to extract information about the algorithm.
  • Acoustic cryptanalisis
    • Similar to the power-monitoring attacks, but attackers listen to and analyze the sounds that hardware makes when performing certain computation steps and extract information from these findings.
  • Data remanence
    • This type of attack revolves around sensitive data that can still be accessed and read even after being deleted.
  • Optical analysis
    • In this complex type of attack, high-resolution cameras are used to capture secrets or sensitive data (such as analyzing hard disk activity indicators or transistors switching states).
  • Differential fault analysis
    • This type of attack is based on discovering secrets by inputting faults in computation in order to trigger an error.

Although you can agree that these side-channels are nothing short of creative and their authors can use them to turn even the most seemingly insignificant detail into a veritable piece of information, they only work if the system being audited is leaking information.

For that reason, avoiding side-channel attacks can be easily achieved either by making sure that the systems that could be attacked don’t leak any data or by ensuring that there’s no association between the algorithmic processes and leaked data, regardless of its nature.

4. Key recovery attacks

Last, but not least, the key recovery attacks are a tough contestant when it comes to efficient ways to crack AES encryption. In 2011, such an attack was attempted to prove its efficacy against the AES encryption mechanism.

This type of attack is not exactly likely to occur, seeing as it involves the attacker getting its hands on at least a pair of encrypted and decrypted messages from the soon-to-be-compromised system.

The attack showed promising results, as it was approximately four times as fast as brute-forcing. However, considering that a brute-force attack would take literally billions of years to complete, key recovery attacks are still far from being ideal, which makes them unlikely to be used in an attack.

Furthermore, even if it took a shorter amount of time to complete, changing the security key often could render the pair of encrypted and decrypted messages useless.

Is AES secure?

Considering everything you’ve learned by going through this guide, we think that you can be the judge of whether or not AES is a safe encryption standard.

AES has been around since 2001, and since its introduction, there were numerous attempts to break it, which makes it safe to say that it stood the test of time, and it’s still a solid choice when it comes to encryption algorithms.

The sheer amount of steps the algorithmic process goes through in order to make the data unreadable is tremendous, and it would take literally billions of years to crack AES, even with today’s computation power and technology advancements.

So, to answer your question considering all of the above: yes, AES is secure. Even AES-128 proved to be downright impossible to crack, not to mention its more powerful counterparts, AES-192, and AES-256.


All things considered, after reading our extensive guide we hope you learned more about AES, including how it works, what processes it goes through during the encryption process, where it can be used, and how it could be (at a theoretical level) compromised.

The fact that 20 years after its introduction it’s still fast, secure, and can be implemented on a huge variety of hardware and software environments makes it truly deserve its title of being the “gold standard” of encryption techniques.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.