In today’s digital world, it is very important to protect our data. The Advanced Encryption Standard (AES) is one of the most used and trusted encryption methods for securing data or information. Whether you have to browse the internet, make online payments, or secure your personal files, AES helps you keep your information safe. It is designed to replace the outdated DES algorithm, which cannot be resistant to modern attacks due to modern systems.
In this article, we will discuss what you need to know about AES encryption, how it works, its types, applications, features, and how it compares to other encryption methods such as DES and RSA.
Table of Contents:
What is Advanced Encryption Standard?
AES stands for Advanced Encryption Standard. AES is a method that is used to secure digital information by converting the information into a format that no one can understand without the correct key. It is a type of symmetric encryption in which the same secret key is used to both encrypt (lock) and decrypt (unlock) the data. Due to this, AES is fast and efficient for securing information.
AES was developed to replace the older DES (Data Encryption Standard) and was officially adopted by the U.S. government in 2001. It is now used in various fields of the technical world, such as for secure online banking and shopping, securing Wi-Fi networks, files, and personal information, etc.
History and Development
Before AES, for information security, DES was used in that generation of computers. But with the development of modern computers, the need for a new encryption standard arose in the 1990s when DES was deemed insecure. In 1997, NIST initiated a public competition to develop a better and new encryption standard. After evaluating several candidates, the Rijndael algorithm, which was developed by Belgian cryptographers Vincent Rijmen and Joan Daemen, was selected as the foundation of AES. And then AES was officially published as FIPS PUB 197 in November 2001.
Key Features of AES
1. Symmetric Block Cipher: AES uses the same key for both encryption and decryption, which makes it faster and efficient.
2. Block Size: AES is fixed at 128 bits.
3. Key Sizes: It supports 128, 192, or 256 bits for different levels of security.
4. Number of Rounds:
- 10 for 128-bit keys
- 12 for 192-bit keys
- 14 for 256-bit keys
5. High Performance: It is efficient on a wide range of hardware and software.
6. Strong Security: AES is resistant to all known practical attacks when implemented correctly.
Cyber Security Course
This Cyber Security course, created by iHub IIT Roorkee and EC-Council, trains you to be a certified cybersecurity expert.
Types of AES
There are three main types of AES that are used in modern technology.
1. AES-128
The key and block sizes are 128 bits (16 bytes) each. It has 10 rounds of encryption. AES-128 is strong and trusted for most applications. It is fast and efficient on most hardware. It is commonly used in Wi-Fi encryption (WPA2), TLS/SSL, disk encryption, and secure communication protocols. AES-128 provides a good balance between security and speed, and is good for most everyday encryption needs in devices.
2. AES-192
The key size is 192 bits (24 bytes), and the block size is 128 bits (16 bytes). It has 12 rounds of encryption. AES-192 is stronger than AES-128 and provides higher resistance against brute-force attacks. It is slightly slower than AES-128 due to more rounds and a longer key size. It is used in devices that need higher security than AES-128 but only moderate performance. AES-192 provides good security and speed between AES-128 and AES-256.
3. AES-256
The key size is 256 bits (32 bytes), and the block size is 128 bits(16 bytes). It has 14 rounds of encryption. It has the highest security among AES variants and is extremely resistant to brute-force attacks. It is slower than both AES-128 and AES-192 due to more rounds and a larger key size. AES-256 is used in sectors that need high-security applications, such as government, military, and financial sectors. It provides the strongest encryption and is the most trusted version when maximum security is needed.
How does AES work?
AES works by converting readable and understandable data into unreadable code using a secret key. It encrypts data into fixed-size blocks of 128 bits. It uses a key depending on the security level. The process starts with expanding the secret key into multiple round keys. The data goes through an initial round where it is mixed with the first round key. AES works on a 4*4 matrix of bytes. There are several more rounds in which each byte goes through several rounds, such as substitution, shifting rows, mixing columns, and adding round keys. The final round completes the encryption without mixing columns.
To decrypt the data, the same steps are repeated in reverse order using the same secret key, and the result is that now the original data can be read with the key.
The steps that are followed in AES are:
- Sub-Bytes
- Shift Rows
- Mix Columns
- Add Round Key
Let’s understand its working with an example.
At first, let’s take an input and a secret key for understanding the working process step-by-step.
Input: “HELLO123WORLD456”
Secret key: “MYSECRETKEY12345”
Step 1: Convert Plaintext or Input into a 4×4 Byte Matrix (State)
Each character is converted into its ASCII byte value and arranged in a 4*4 matrix.
The input in hex is:
48 45 4C 4C 4F 31 32 33 57 4F 52 4C 44 34 35 36
And,
Key in hex is:
4D 59 53 45 43 52 45 54 4B 45 59 31 32 33 34 35
Now, the 4*4 input matrix is
And, the 4*4 key matrix is
Step 2: AddRoundKey (Initial Round 0)
Each byte of the state (input) matrix is XORed with the corresponding byte of the key matrix.
Let’s do this column by column.
For column 1:
Input |
Key |
XOR Result |
48 |
4D |
05 |
45 |
59 |
1C |
4C |
53 |
1F |
4C |
45 |
09 |
For column 2:
Input |
Key |
XOR Result |
4F |
43 |
0C |
31 |
52 |
63 |
32 |
45 |
77 |
33 |
54 |
67 |
For column 3:
Input |
Key |
XOR Result |
57 |
4B |
1C |
4F |
45 |
0A |
52 |
59 |
0B |
4C |
31 |
7D |
For column 4:
Input |
Key |
XOR Result |
44 |
32 |
76 |
34 |
33 |
07 |
35 |
34 |
01 |
36 |
35 |
03 |
Final Resulting Matrix (After AddRoundKey) is:
Now, this matrix becomes the new AES state that will be passed through the next stages (SubBytes, ShiftRows, etc.) for Rounds 1-10.
Step 3: 9 Main Rounds, where each round has 4 steps
Now the below 4 steps will be done for the 9 rounds.
Sub-Step 1: SubBytes
In this step, each byte is replaced by its corresponding value in the AES S-box.
AES S-box is a 16*16 matrix with the hex values.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
A |
B |
C |
D |
E |
F |
0 |
63 |
7C |
77 |
7B |
F2 |
6B |
6F |
C5 |
30 |
01 |
67 |
2B |
FE |
D7 |
AB |
76 |
1 |
CA |
82 |
C9 |
7D |
FA |
59 |
47 |
F0 |
AD |
D4 |
A2 |
AF |
9C |
A4 |
72 |
C0 |
2 |
B7 |
FD |
93 |
26 |
36 |
3F |
F7 |
CC |
34 |
A5 |
E5 |
F1 |
71 |
D8 |
31 |
15 |
3 |
04 |
C7 |
23 |
C3 |
18 |
96 |
05 |
9A |
07 |
12 |
80 |
E2 |
EB |
27 |
B2 |
75 |
4 |
09 |
83 |
2C |
1A |
1B |
6E |
5A |
A0 |
52 |
3B |
D6 |
B3 |
29 |
E3 |
2F |
84 |
5 |
53 |
D1 |
00 |
ED |
20 |
FC |
B1 |
5B |
6A |
CB |
BE |
39 |
4A |
4C |
58 |
CF |
6 |
D0 |
EF |
AA |
FB |
43 |
4D |
33 |
85 |
45 |
F9 |
02 |
7F |
50 |
3C |
9F |
A8 |
7 |
51 |
A3 |
40 |
8F |
92 |
9D |
38 |
F5 |
BC |
B6 |
DA |
21 |
10 |
FF |
F3 |
D2 |
8 |
CD |
0C |
13 |
EC |
5F |
97 |
44 |
17 |
C4 |
A7 |
7E |
3D |
64 |
5D |
19 |
73 |
9 |
60 |
81 |
4F |
DC |
22 |
2A |
90 |
88 |
46 |
EE |
B8 |
14 |
DE |
5E |
0B |
DB |
A |
E0 |
32 |
3A |
0A |
49 |
06 |
24 |
5C |
C2 |
D3 |
AC |
62 |
91 |
95 |
E4 |
79 |
B |
E7 |
C8 |
37 |
6D |
8D |
D5 |
4E |
A9 |
6C |
56 |
F4 |
EA |
65 |
7A |
AE |
08 |
C |
BA |
78 |
25 |
2E |
1C |
A6 |
B4 |
C6 |
E8 |
DD |
74 |
1F |
4B |
BD |
8B |
8A |
D |
70 |
3E |
B5 |
66 |
48 |
03 |
F6 |
0E |
61 |
35 |
57 |
B9 |
86 |
C1 |
1D |
9E |
E |
E1 |
F8 |
98 |
11 |
69 |
D9 |
8E |
94 |
9B |
1E |
87 |
E9 |
CE |
55 |
28 |
DF |
F |
8C |
A1 |
89 |
0D |
BF |
E6 |
42 |
68 |
41 |
99 |
2D |
0F |
B0 |
54 |
BB |
16 |
To substitute a byte (e.g., 0x4C):
- Take the first hex digit (4) as the row.
- Take the second hex digit (C) as the column.
- Look up the value at row 4, column C -> value is 0xB3.
So, SubBytes(0x4C) = 0xB3.
Sub-Step 2: ShiftRows
The rows are shifted by different positions in the matrix.
- 1st Row: No shift -> 6B 7E 72 38
- 2nd Row: Shift by 1 position to the left -> 85 67 C5 72
- 3rd Row: Shift by 2 positions to the left -> 2B 7C C0 F5
- 4th Row: Shift by 3 positions to the left -> 7B 01 85 21
After the row shifting, the state matrix is
Sub-Step 3: Mix Columns
Now, each column is transformed using Galois field multiplication. This is the most complex step mathematically, and it uses the fixed matrix:
This fixed matrix is then applied to each column of the matrix using XOR and multiplication operations in GF(2^3).
So, after the mix columns, the state matrix is
Sub-Step 4: AddRoundKey (Round 1 Key)
Now, take each byte and XOR it with the Round 1 Key (from the AES Key Expansion). For this explanation, we will use an example key column to illustrate how XOR works.
Example Round 1 Key:
Now, each byte is XORed with the current round key.
First Column:
12 ⊕ A1 = B3
7C ⊕ E5 = 99
35 ⊕ C3 = F6
E5 ⊕ D4 = 31
Second Column:
28 ⊕ B2 = 9A
35 ⊕ F6 = C3
E2 ⊕ 29 = CB
9B ⊕ 7E = E5
Third Column:
F5 ⊕ C3 = 36
3D ⊕ 07 = 3A
B8 ⊕ 4B = F3
82 ⊕ 5C = DE
Fourth Column:
32 ⊕ D4 = E6
F9 ⊕ 18 = E1
D8 ⊕ 8F = 57
8D ⊕ 90 = 1D
This is the state matrix at the end of Round 1.
The same process is repeated for rounds 2 to 9.
Step 4: Final Round (AES Round 10)
The 10th round of AES (for AES-128) is different from the previous 9 rounds because there is no Mix Columns in the final round. Thus, it involves only three steps: SubBytes, Shift Rows, and Add Round key.
So, the final matrix will be
Step 5: Output
After the complete 10 rounds, the state matrix is transformed into an encrypted output. The output is called as Ciphertext, which cannot be read without the same secret key.
The encrypted hexadecimal output is:
BA F9 FB 7C 8B 96 50 FA 86 3F 4A 72 4C 34 C5 7D
Get 100% Hike!
Master Most in Demand Skills Now!
Why is AES Important?
Here are a few reasons why AES is important:
- AES protects sensitive information from unauthorized access.
- It provides strong encryption, which is very difficult to break.
- It is fast and efficient, and works faster even on low-power devices.
- AES is used in banking, communication, and data storage.
- It is approved by the government and security organizations, thus, it is safe to use.
- It is the global standard for modern data encryption.
- AES is a type of symmetric encryption that makes it simple and fast.
Applications of AES
1. Encrypted Browsing: HTTPS encrypts websites using AES. It protects login credentials, banking, and personal information. It is used in all modern browsers for safe and secure communication.
2. Processor Security: The modern Intel and AMD CPUs support built-in AES for encryption or decryption at the hardware level.
3. Wireless Security: Wi-Fi encryption is done using WPA2 and WPA3 standards, which protect data transmitted over wireless networks. It is used in home routers, enterprise networks, and public hotspots.
4. General File Encryption: AES is also used to transfer encrypted files between associates. It secures data on laptops, USB drives, and external disks.
5. Mobile Device Encryption: Android and iOS use AES for full-device encryption because it protects contacts, messages, photos, and apps. It is enforced by default on most smartphones nowadays.
6. Password Managers: Apps such as 1Password, LastPass, etc., use AES to store login credentials in an AES-encrypted vault. It protects sensitive data with one strong password.
7. Financial Transactions: AES encrypts payment data in credit card terminals. It is used in EMV chips and mobile wallets such as Google Pay. It provides secure communication between terminals and banks.
8. Document Protection: The password-protected PDFs, Word, and Excel documents use AES to encrypt and decrypt contents and metadata. AES prevents unauthorized access, viewing, or editing.
Differences Between AES and DES
Feature |
AES (Advanced Encryption Standard) |
DES (Data Encryption Standard) |
Developed By |
NIST (2001) |
IBM, adopted by NIST (1977) |
Key Size |
128, 192, or 256 bits |
56 bits |
Block Size |
128 bits |
64 bits |
Security Level |
Very High |
Low (easily breakable today) |
Speed & Performance |
Fast and efficient |
Slower and outdated |
Rounds |
10, 12, or 14 (depends on key size) |
16 rounds |
Encryption Structure |
Substitution, thus, Permutation Network |
Feistel Network |
Resistance to Attacks |
Strong against brute-force & cryptanalysis |
Vulnerable to brute-force, differential cryptanalysis |
Hardware/Software Support |
Widely supported, including AES-NI |
Mostly historical or legacy systems |
Use Cases |
Modern encryption: Wi-Fi, VPNs, HTTPS, file encryption |
Legacy systems, historical reference |
Attacks on AES Encryption
1. Brute-Force Attack
A brute-force attack is an attempt to try every possible key. AES has such a large key space that a brute-force attack is practically impossible with the current technology.
2. Side-Channel Attacks
Side-channel attacks mainly target the implementation and not the AES algorithm. It measures power, timing, and electromagnetic leaks, and can reveal keys if AES is poorly implemented.
3. Related-Key Attacks
The related-key attack uses relationships between similar keys to find the encryption key. It only works on reduced-round versions of AES in theory and cannot be practically done.
4. Weak Key / Password Usage
This type of attack happens when predictable or reused passwords are used as encryption keys. This makes AES weak, and an attack occurs.
5. Fault Injection Attacks
Physically tampering with the devices to cause errors and leak key information is a fault injection attack. It also makes the AES weak due to some faults in hardware.
How to Prevent Attacks on AES Encryption
- Always use strong and random keys generated by secure cryptographic systems.
- Use password managers for secure storage of passwords.
- Never hard-code keys into applications.
- Enable AES-NI in your system to reduce side-channel risks.
- Use secure modes such as GCM or CBC.
- Restrict physical access to devices with the help of AES operations.
- Enable multifactor authentication in your system or device.
- Also, use a firewall or anti-malware software on your system.
AES vs RSA
Feature |
AES (Advanced Encryption Standard) |
RSA (Rivest-Shamir-Adleman) |
Type of Algorithm |
Symmetric key encryption |
Asymmetric key encryption |
Key Usage |
Same key for encryption and decryption |
Public key for encryption, private key for decryption |
Speed |
Very fast and efficient |
Slower, especially for large data |
Key Length |
128, 192, or 256 bits |
Typically 2048 or 3072 bits |
Security Basis |
Substitution, thus, is a permutation network |
Based on the difficulty of factoring large primes |
Use Case |
Encrypting bulk data, files, and communication |
Secure key exchange, digital signatures |
Computational Cost |
Low |
High |
Example Use |
Wi-Fi, VPNs, disk encryption |
SSL/TLS handshakes, email encryption |
Ethical Hacking Course - CEH v13 Certification
This Ethical Hacking Certification Course is an EC-Council accredited course led by industry experts
Conclusion
The Advanced Encryption Standard (AES) is one of the key aspects of modern digital security. AES offers good speed, efficiency, and robust encryption to keep your information protected. AES has been created as the replacement for the now-outdated DES algorithm. AES has three key sizes: 128, 192, and 256. Each level of encryption offers different security levels in the industry, from wireless to financial transactions. Although AES is strong and usable, there are some threats that are possible due to the wrong implementation of AES and weak user passwords in the system. Thus, understanding the AES, types of AES, how it works, its features, and prevention of attacks will help you use AES and secure your data better.
Advanced Encryption Standard (AES) – FAQs
Q1. What does AES do?
AES is used to encrypt data in a wide variety of applications, like secure web browsing, Wi-Fi networks, file encryption, mobile devices, and financial transactions, etc.
Q2. What are the different types of AES?
There are three types of AES: AES-128, AES-192, and AES-256. They differ in key size (bits), as well as security levels.
Q3. Is AES secure from hackers?
In practice, AES is extremely secure from practical attacks if correctly implemented using strong keys.
Q4. What is the difference between AES and DES?
AES uses larger key sizes than DES, has more rounds, and provides better security. DES is an older version that is also easily compromised by modern attacks.
Q5. Can AES be broken by brute force?
No. AES has longer key sizes than DES, and is practically immune to brute-force attacks using current technology.