Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.

AES Encryption Explained: What Is AES & How Does It Work?

JP Jone's profile image

JP Jones is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process.

Fact-checked by Simon Migliano

Our Verdict

The Advanced Encryption Standard (AES) is a highly-secure symmetric block cipher used by governments, banks, and security software to encrypt sensitive data. AES-256, the most secure version of AES, is also considered “quantum secure”. The complexity of its cryptography and the number of possible key variations means it would take billions of years to decrypt AES-encrypted data using brute force alone.

AES Meaning

AES encryption was established by the U.S. National Institute of Standards and Technology (NIST) in 2001 as a replacement for the Data Encryption Standard (DES).

Since then, AES has evolved into the data security industry standard that allows companies worldwide to protect their most sensitive data.

Quick Summary: What Is AES Encryption?

  • AES is a symmetric encryption cipher used by the government, the military, and global corporations to secure their data in storage and transmission.
  • AES includes three block ciphers: AES-128, AES-192, and AES-256. AES-256 is the most secure.
  • AES is functionally unbreakable, even with quantum computing. It would take millions of years to brute force the decryption key.
  • The AES algorithm is used in a wide variety of applications, from securing Whatsapp messages and online banking to encrypting all the data transmitted via certain VPN services.

This article will explain exactly what AES means, how AES encryption actually works, and what that means for your sensitive data.

What is the Advanced Encryption Standard (AES)?

The Advanced Encryption Standard (AES) is a symmetric encryption algorithm used by governments, corporations, and security software to protect highly-sensitive data.

AES encryption converts plain text or data into encrypted and secure ciphertext. The data is encrypted by the sender and can only be decrypted by the intended recipient.

AES is a symmetric cipher, which means it uses the same key for both encryption and decryption. AES is considered the industry standard for symmetric cipher encryption because it is fast and basically unbreakable.

If data that’s encrypted using AES is intercepted during transmission, it can’t be read or used without the encryption key.

AES Design

How the AES algorithm is designed.

AES was developed by The National Institute of Standards and Technology (NIST) to replace the Data Encryption Standard (DES) after it became vulnerable to modern brute force attacks.

The National Security Agency (NSA) then approved the AES encryption algorithm to protect the most sensitive government data.

Here’s a comparison of AES and DES based on their most important attributes:

Attributes AES DES
Year of Introduction 2001 1977
Key Length 128, 192, 256 bits 56 bits
Block Size 128 bits 64 bits
Structure Substitution–permutation network Feistel cipher
Security Considered secure for most purposes Vulnerable to brute-force attacks
Performance Slower than DES due to larger block size, but more secure Faster but less secure
Use Cases Broad use in government, commercial sectors for secure data Limited use, often replaced by AES or 3DES
Developed By National Institute of Standards and Technology (NIST), USA National Bureau of Standards, USA
Known Attacks Side-channel attacks, Related-key attacks (under certain conditions) Brute force, Differential cryptanalysis, Linear cryptanalysis

The Different Types of AES: Key Lengths Explained

In cryptography, “key length” refers to the size of the secret key used in an encryption algorithm. The key is measured in “bits” and determines the output of the encryption function.

Key length is directly related to the strength of the security provided by the encryption algorithm.

In general, the longer the key, the more secure the encrypted data. A longer key means that there are more possible keys that an attacker would have to try in order to break the encryption.

AES makes use of three different encryption key lengths:

  • 128-bit key length
  • 192-bit key length
  • 256-bit key length

At the simplest level, these three key lengths represent increasingly more robust levels of encryption, with AES-256 being the most secure.

The numbers 128, 192, and 256 represent the number of plaintext blocks the algorithm can turn into ciphertext. For example, AES-256 can turn 256 plaintext blocks into 256 ciphertext blocks, applying different cryptographic keys to each block.

When the AES algorithm converts data into ciphertext, the conversion is done in rounds; 10 rounds for the 128-bit key length, 12 for the 192-bit, and 14 rounds for 256-bit.

Here’s a diagram explaining this process:

How AES encryption process works.

How the AES key schedule algorithm works.

The more rounds of encryption the plaintext goes through, the more difficult it is for someone without the correct decryption key to access the encrypted data. That’s what makes 256-bit the most secure version of AES.

Where Is AES Encryption Used, and What For?

AES is an open standard, which means it is freely available for use by public and private companies for both commercial and non-commercial use.

Originally, AES was established by The National Institute of Standards and Technology (NIST) and ratified by the NSA to secure government and military data marked Secret or Top Secret.

Since it’s an open standard, it has since been adopted by a wide range of companies and organizations, including major corporations, VPN services, global banks, national security organizations, and the military. Companies like Google, AWS, Oracle, and IBM all use AES to secure their data.

AES is also commonly used to protect customer payment data and other sensitive information in mobile apps. WhatsApp, Snapchat, and Facebook messages are all encrypted using AES.

As of 2023, AES encryption has now become the standard for secure encrypted browsing and general file encryption.

Is AES the Best Encryption Method?

There’s a lot to consider when comparing AES to other encryption methods, including performance, compatibility, and the specific requirements of a given application.

Generally speaking, AES is considered to be one of the most secure and practical options in most cases. The “most secure” cipher can depend on the specific use-case, but the gold standard for symmetric-key encryption is generally AES-256.

AES-256 has become the industry-standard for encryption because it remains impervious to brute-force attacks, even after over 20 years.

AES is also easy to implement, making it popular with businesses and developers. It requires less computational power than most alternatives, which means it’s exceptionally efficient at encrypting large amounts of data.

Other commonly used algorithms include 3DES and RSA, but these serve different purposes. Here’s a table comparing the AES algorithm to other similar forms of encryption:

Encryption Algorithm Type Key Sizes Applications Pros Cons
AES (Advanced Encryption Standard) Symmetric 128-bit, 192-bit, 256-bit Secure storage, Secure data transmission, U.S. Government for encrypting classified information Very secure, Fast, Efficient, Approved for sensitive government data Vulnerable to side-channel attacks in certain implementations
3DES (Triple Data Encryption Standard) Symmetric 168 bits (effectively 112 bits due to meet-in-the-middle attacks) Finance, Some Microsoft offerings More secure than DES Slower than AES, Less secure than AES, Set to be retired
RSA (Rivest–Shamir–Adleman) Asymmetric (public key) Up to 4096 bits SSL/TLS, Digital signatures, Secure email Can be used for encryption and digital signatures, Doesn’t require key sharing Slower than symmetric algorithms, Large key sizes
ECDSA (Elliptic Curve Digital Signature Algorithm) Asymmetric (public key) Variable, based on the chosen curve SSL/TLS, Bitcoin and other cryptocurrencies, SSH More efficient than RSA at equivalent security levels More complex, Potential issues if curve parameters aren’t chosen carefully

3DES — or “Triple DES” — is another symmetric key algorithm that was developed as a more secure version of DES. It works by running the data through the DES algorithm three times with three different keys.

3DES is slower than AES and is no longer considered as secure. While it’s still used in some sectors like finance, it’s expected to be retired soon.

RSA, on the other hand, is a public-key encryption algorithm and is used in different contexts compared to AES. It’s typically used for secure data transmission rather than data encryption at rest. The gold standard for public-key encryption is RSA-4096.

It’s important to note that the security of these algorithms also depends heavily on proper implementation and key management. AES, for instance, is considered secure, but various implementations have been subject to side-channel attacks.

It’s worth noting that this is a simplified comparison, and it does not cover all aspects of these encryption methods. Their actual security and performance can depend heavily on the circumstances of how each algorithm is implemented and used — the “best” method often depends on the specific requirements of the application in question.

The Features of AES Encryption

To fully understand how AES encryption works, you’ll need to understand its various features and how they work together. In this section, we break them down in detail:

Substitution-permutation network (SPN)

To encrypt your data, AES uses a series of linked mathematical operations called a Substitution-Permutation Network (SPN).

As we’ve already mentioned, the different levels of AES use one or more “rounds” of encryption.
During these rounds, AES uses substitution boxes and permutation boxes to change the blocks of plaintext into ciphertext blocks.

Substitution boxes act as a substitution cipher, while permutation boxes work as a transposition cipher, shifting and mixing blocks and columns to diffuse the data.

AES-256 uses 14 rounds of transposition, substitution, and mixing to turn plaintext into ciphertext, making it an incredibly secure method of encrypting sensitive data.

Key expansion

Key expansion is connected to the use of a substitution-permutation network. It uses the initial key to generate a new key for each round, called a round key.

New round keys are generated for each round of modification, with each successive round making the encryption harder to crack.

Byte Substitution

AES employs byte substitution to further increase the complexity of its encryption process.

Byte substitution works by substituting every byte in the initial data with a code generated by a pre-established Rijndael S-box table. This nonlinear modification of the plaintext hides any relationship between it and the ciphertext.

Key length

There are three different lengths of AES encryption keys, each with its own possible number of key combinations:

  • 128-bit key length: 3.4 x 1038
  • 192-bit key length: 6.2 x 1057
  • 256-bit key length: 1.1 x 1077

The number of possible key combinations comes into play during a brute-force attack, where a bad actor attempts to check all possible key combinations to guess the correct encryption key.

The keys used in AES-256 encryption have 1077 possible combinations, which would take around a billion years to brute-force with current computers.

How Does AES Work to Encrypt Your Data?

Now that we’ve explained some of the AES algorithm’s key features, we can explain how it actually works to encrypt your data step-by-step:

  1. Block creation: The first step of AES encryption is dividing the information into blocks. Each block consists of 128 bits or 16 bytes (every byte contains 8 bits).

    Once these 128-bit blocks have been created, the AES algorithm arranges them into a 4×4 grid, often referred to as “columns.” Each column is 4 bytes long, and there are 4 of these columns in a block.

    The purpose of this step is to prepare the data for the various transformations that the AES algorithm will apply during the encryption process.

  2. Key expansion and addition: Using Rijndael’s key schedule, AES then uses the first key to create multiple round keys. The round key data is then added to the data held in the 128-bit blocks.
  3. Substitution: In this step, each byte of data in the block is substituted with another byte of data from the same block.
  4. Row shifting: The AES algorithm then shifts the rows of the 4×4 columns, with bytes on the second row shifted one space to the left, those on the third row shifted two spaces, and those on the fourth row shifted 3 spaces.
  5. Column mixing: AES then mixes the columns in the data blocks using a pre-established matrix.
  6. Back to step two: The algorithm then moves back to step two, creating another round key and working through the process again for the number of rounds set by the initial key. In the case of AES-256, it repeats this process 14 times.

On the very last round, step 5 is omitted, as its output does not add any further security and is considered wasteful processing.

AES Encryption in Virtual Private Network (VPN) Services

One common use of AES is the encryption of web traffic via a Virtual Private Network (VPN).

The very best VPN services use AES encryption as part of their tunneling protocols because it is considered the most secure encryption standard on the market. This is one of the reasons it’s uncommon for VPN services to be hacked.

When a user connects to their VPN client, that client establishes an encrypted tunnel to their chosen VPN server.

The user’s requests (to visit a website, for example) are actioned by that server, and the data gathered is encrypted and sent via the tunnel to the client, where it is decrypted. You can find a basic overview of this process in our guide explaining how VPNs work.

Here’s a general description of how AES works in the context of a VPN service:

  1. Key Generation and Distribution: When you connect to a VPN server, the VPN client and the server negotiate a shared secret key that will be used for encryption and decryption of the data.

    This key is generated for each VPN session, and is securely exchanged using a protocol like the Diffie-Hellman key exchange. The key length (128, 192, or 256 bits) can often be configured in the VPN’s settings menu.

  2. Encryption: Once the shared key is established, the VPN client starts encrypting the data from your device using the AES algorithm and the established key.

    AES then performs a series of transformations on each block of data that we outlined in the sections above, including substitution, permutation, mixing, and round key addition.

  3. Transmission: The encrypted data is then transmitted over the internet inside VPN packets. These packets contain not just the encrypted data, but also metadata necessary for the functioning of the VPN protocol and the correct decryption of the data at the other end.
  4. Decryption: The VPN server receives the packets and decrypts the data using the same shared key and the AES algorithm in reverse.
  5. Destination: The decrypted data is then forwarded to its final destination on the internet.
  6. Response: Any response from the internet destination is similarly encrypted by the VPN server before being sent back to your device, where it is decrypted and processed.

The use of AES in this context provides a very high level of security. Because AES is a symmetric key encryption standard, both the VPN client and the VPN server use the same key for encrypting and decrypting data. This key is unique for each VPN session and is securely exchanged at the start of the session.

In practice, this means that if a malicious actor was able to intercept your requests and the data therein, all they would get is jumbled and unusable ciphertext.

It’s also worth noting that the use of AES is just one part of a VPN’s overall security model. Other important components include the secure exchange of the encryption key, the use of secure tunneling protocols, and different authentication methods.

How Secure is AES Encryption?

Put simply, AES encryption is functionally unbreakable in most cases. Because of the sheer number of key combinations, the time and resources needed to guess all the key combinations are astronomical.

Add in the nonlinear way in which AES scrambles the plaintext into ciphertext in multiple rounds, using a discrete key for each round, and the ciphertext is impossible to decode without the decryption key.

Using the highest standard of current computing, it would take 36 quadrillion years to brute-force a 128-bit AES encryption key — the lowest level of AES encryption. By comparison, cracking DES (the standard that AES replaced) using the same machine would take just 362 seconds.

Can AES Be Decrypted?

It’s theoretically possible to decrypt AES-encrypted data. If you had infinite time and resources, it is mathematically possible to try every key combination and eventually identify the right one.

The process of AES encryption

AES encryption can only be decrypted with the correct decryption key.

However, it’s practically impossible. Unless you’ve got a billion years to keep trying different code combinations, AES can’t be decrypted without the correct decryption key.

AES-256 is also believed to be quantum resistant, which means even quantum computers can’t reduce the time taken by enough to crack the encryption. It’s important to note that this only applies to AES-256, not AES-192 or 128.

However, there are ways that malicious actors can circumvent the protection offered by AES encryption, which we’ll explain in the next section.

Possible Attacks on AES Encryption

There are three possible attacks that are considered effective at bypassing AES encryption:

  • Side-channel attacks: Side-channel attacks monitor incorrectly-implemented computer systems for data on how an encryption algorithm is used. Data such as power consumption, number of cache accesses, computation timing, and other factors can be used to break cryptography.
  • Related-key attacks: Related-key attacks occur when the hacker knows the difference between two different keys. This type of attack has been unsuccessfully tried before and resulted in the complexity of the AES key schedule being upgraded.
  • Known-key attacks: Known-key attacks require the hacker to know the encryption key, which is highly unlikely. Even then, tests of a known key attack only worked on 8 out of the 10 rounds of encryption used by 128-bit key length AES, which is the lowest security form of the algorithm.

How to Ensure the Security of AES Encryption Keys

Most of the attacks that have the potential to bypass AES encryption rely on getting access to secure data, like encryption keys.

The good news is that there are simple steps you can take to prevent this from happening:

  • Use strong passwords: NIST recommends that passwords should be at least 12 characters long and include a mix of upper-case letters, lower-case letters, numbers, and special characters.
  • Use hardware tokens: These physical devices store the AES encryption keys, which can only be unlocked with a specific PIN or biometric authentication. This prevents the keys from being accessed by non-authorized personnel.
  • Use password managers: Password managers are software programs that store AES encryption keys in an encrypted form and require a single master password to access them. This is a convenient and secure way to protect your AES encryption keys.
  • Use multi-factor authentication: Multi-factor authentication (MFA) requires users to provide two or more pieces of evidence to verify their identity. This can include things like fingerprints, voice recognition, SMS verification codes, and other forms of biometric authentication.
  • Deploy firewalls and anti-malware software: These security measures can help protect against outside attacks and malicious software. Firewalls can block access to specific IPs, while anti-malware software can scan for malware and prevent it from entering the system.
  • Security awareness training for employees: Encryption keys should never be shared with anyone, and all employees should understand the importance of security best practices when it comes to handling sensitive data. Security awareness training can help ensure that everyone is aware of the risks and how to protect against them.