Open In App

Advanced Encryption Standard (AES)

Last Updated : 22 May, 2023
Like Article

Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S National Institute of Standards and Technology (NIST) in 2001. AES is widely used today as it is a much stronger than DES and triple DES despite being harder to implement.

Points to remember

  • AES is a block cipher.
  • The key size can be 128/192/256 bits.
  • Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text as output. AES relies on substitution-permutation network principle which means it is performed using a series of linked operations which involves replacing and shuffling of the input data.

Working of the cipher :
AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

  • 128 bit key – 10 rounds
  • 192 bit key – 12 rounds
  • 256 bit key – 14 rounds

Creation of Round keys :
A Key Schedule algorithm is used to calculate all the round keys from the key. So the initial key is used to create many different round keys which will be used in the corresponding round of the encryption.


Encryption :
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major arrangement.

[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps :

  • SubBytes
  • ShiftRows
  • MixColumns
  • Add Round Key

The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns performs the permutation in the algorithm.

SubBytes  :
This step implements the substitution.

In this step each byte is substituted by another byte. Its performed using a lookup table also called the S-box. This substitution is done in a way that a byte is never substituted by itself and also not substituted by another byte which is a compliment of the current byte. The result of this step is a 16 byte (4 x 4 ) matrix like before.

The next two steps implement the permutation.

ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.

  • The first row is not shifted
  • The second row is shifted once to the left.
  • The third row is shifted twice to the left.
  • The fourth row is shifted thrice to the left.

(A left circular shift is performed.)

[ b0  | b1  | b2  | b3  ]         [ b0  | b1  | b2  | b3  ]
| b4  | b5  | b6  | b7  |    ->   | b5  | b6  | b7  | b4  |
| b8  | b9  | b10 | b11 |         | b10 | b11 | b8  | b9  |
[ b12 | b13 | b14 | b15 ]         [ b15 | b12 | b13 | b14 ]

MixColumns :
This step is basically a matrix multiplication. Each column is multiplied with a specific matrix and thus the position of each byte in the column is changed as a result.

This step is skipped in the last round.

[ c0 ]         [ 2  3  1  1 ]  [ b0 ]
| c1 |  =      | 1  2  3  1 |     | b1 |
| c2 |      | 1  1  2  3 |     | b2 |
[ c3 ]      [ 3  1  1  2 ]     [ b3 ]

Add Round Keys :
Now the resultant output of the previous stage is XOR-ed with the corresponding round key. Here, the 16 bytes is not considered as a grid but just as 128 bits of data.

After all these rounds 128 bits of encrypted data is given back as output. This process is repeated until all the data to be encrypted undergoes this process.

Decryption :
The stages in the rounds can be easily undone as these stages have an opposite to it which when performed reverts the changes.Each 128 blocks goes through the 10,12 or 14 rounds depending on the key size.

The stages of each round in decryption is as follows :

  • Add round key
  • Inverse MixColumns
  • ShiftRows
  • Inverse SubByte

The decryption process is the encryption process done in reverse so i will explain the steps with notable differences.

Inverse MixColumns :
 This step is similar to the MixColumns step in encryption, but differs in the matrix used to carry out the operation.

[ b0 ]         [ 14  11  13  9  ]  [ c0 ]
| b1 |  =      | 9   14  11  13 |     | c1 |
| b2 |      | 13  9   14  11 |     | c2 |
[ b3 ]         [ 11  13  9   14 ]     [ c3 ]

Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are substituted during decryption.


AES is widely used in many applications which require secure data storage and transmission. Some common use cases include:

  • Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to ensure data confidentiality and prevent unauthorized access.
  • Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This helps protect personal information, financial records, and other confidential data from unauthorized access in case of a data breach.
  • Secure communications: AES is widely used in protocols like such as internet communications, email, instant messaging, and voice/video calls.It ensures that the data remains confidential.
  • Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and other storage media, protecting it from unauthorized access in case of loss or theft.
  • Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the communication between a user’s device and a remote server. It ensures that data sent and received through the VPN remains private and cannot be deciphered by eavesdroppers.
  • Secure Storage of Passwords: AES encryption is commonly employed to store passwords securely. Instead of storing plaintext passwords, the encrypted version is stored. This adds an extra layer of security and protects user credentials in case of unauthorized access to the storage.
  • File and Disk Encryption: AES is used to encrypt files and folders on computers, external storage devices, and cloud storage. It protects sensitive data stored on devices or during data transfer to prevent unauthorized access.

Summary : 
AES instruction set is now integrated into the CPU (offers throughput of several GB/s)to improve the speed and security of applications that use AES for encryption and decryption. Even though its been 20 years since its introduction we have failed to break the AES algorithm as it is infeasible even with the current technology. Till date the only vulnerability remains in the implementation of the algorithm.

Previous Article
Next Article

Similar Reads

Difference Between AES and RSA Encryption
Pre-requisites: AES, RSA Encryption in cryptography is a process by which a plain text or a piece of information is converted into cipher text or a text which can only be decoded by the receiver for whom the information was intended. Advanced Encryption Standard (AES)AES, a symmetric key encryption method developed by Belgian cryptographers Joan Da
2 min read
Difference between Software Encryption and Hardware Encryption
1. Software Encryption: Software Encryption, as the name suggests, is a process of keeping data safe using the software. In this, the software is generally installed in the host computer that encrypts and decrypts data. It is more cost-effective for smaller companies. In this, the password is the key that one needs to have access to data. It usuall
5 min read
Strength of Data encryption standard (DES)
Data encryption standard (DES) is a symmetric key block cipher algorithm. The algorithm is based on Feistel network. The algorithm uses a 56-bit key to encrypt data in 64-bit blocks. There are mainly two categories of concerns about the strength of Data encryption standard. They are: Concerns about the particular algorithm used. Concerns about the
2 min read
Simplified Data Encryption Standard Key Generation
Simplified Data Encryption Standard (S-DES) is a simple version of the DES Algorithm. It is similar to the DES algorithm but is a smaller algorithm and has fewer parameters than DES. It was made for educational purposes so that understanding DES would become simpler. It is a block cipher that takes a block of plain text and converts it into ciphert
3 min read
Simplified Data Encryption Standard | Set 2
Prerequisite - Simplified Data Encryption Standard | Set 1 Simplified Data Encryption Standard is a simple version of Data Encryption Standard having a 10-bit key and 8-bit plain text. It is much smaller than the DES algorithm as it takes only 8-bit plain text whereas DES takes 64-bit plain text. It was developed for educational purpose so that und
13 min read
Difference between AES and DES ciphers
What is AES? It stands for Advanced Encryption Standard, developed in 2001. As triple-DES was found to be slow, AES was created and is six times faster than the triple DES. It is one of the most widely used symmetric block cipher algorithm used nowadays. It works on bytes rather than bits. What is DES? It stands for Data Encryption Standard, develo
2 min read
Difference Between RC4 and AES
RC4 is a stream cipher and variable-length key algorithm.The main difference between RC4 and AES is that AES is a block cipher and RC4 is a stream cipher. Symmetric algorithm classes include block encryption and stream encryption. A block cipher encodes plain text in block sizes, whereas a stream cipher encodes bit by bit, simulating the flow of a
3 min read
Difference Between Aes and Twofish
AES and Twofish are two widely used symmetric key block ciphers, which are encryption algorithms used in modern cryptography. They play a vital role in safeguarding sensitive information across various applications. While they share some common features, they also have their own unique characteristics and differences. AES (Advanced Encryption Stand
5 min read
Why AES has Replaced DES, 3DES and TDEA?
The Advanced Encryption Standard (AES) has changed older encryption techniques like DES, 3DES, and TDEA because of its superior security, performance, and sturdy design. AES gives longer key lengths, making it more proof against attacks, and methods data more effectively. This transition reflects the want for more potent and greater reliable encryp
7 min read
RC4 Encryption Algorithm
RC4 is a stream cipher and variable-length key algorithm. This algorithm encrypts one byte at a time (or larger units at a time). A key input is a pseudorandom bit generator that produces a stream 8-bit number that is unpredictable without knowledge of input key, The output of the generator is called key-stream, is combined one byte at a time with
5 min read