Advanced Encryption Standard (AES) Explained
In many of my VPN reviews, you’ll notice I mention AES-256 encryption. In fact, if you’re doing any kind of research into VPNs, or internet privacy, you’re probably going to come across this term quite a lot. I’m going to explain what Advanced Encryption Standard (AES) actually is (as simply as I can).
AES is used by technology giants everywhere. Whether it’s Microsoft, Apple, etc. AES is the most fundamental cryptographic algorithm around. However, I imagine right now none of that makes any sense to you! Read on to find out what AES is and how to use it on a daily basis.
What is AES?
Originally known as Rijndael, the Advanced Encryption Standard (AES) was created by the U.S. National Institute of Standards and Technology in 2001. It’s a fast and secure form of encryption used for electronic data.
Encryption messages used to be fairly simple. Whether the code would use the next letter in the alphabet to create a series of scrambled messages, or something else. However, this made it too easy for hackers to crack the code. All you’d need is some patience and time and “Bob’s your uncle”.
Because cracking code was becoming easier, new more sophisticated methods had to be developed. In the 1970s the US National Bureau of Standards (NBS) starting to search for a ‘standard’ to encrypt secure and private government information. Data Encryption Standard (DES) was developed by IBM and was used for a good 2 decades.
DES has a 56-bit key (compared to 256 in AES). As technology advanced, so did the ease in which code could be cracked. The first DES message to be cracked was in 1977 by the DESCHALL project. The following year the Electronic Frontier Foundation built a crack for DES. This could brute force a key in just 2 days.
Where Did AES Come From?
AES was designed to replace DES, which was created in the 1970s at IBM. Unfortunately, some twenty years later, it was discovered that DES could quite easily be cracked and attacked. There was quite a lot of suspicion surrounding DES and the NSA.
Because of DES’s weaknesses, NIST launched a 5 year programme to replace it, which we now know as AES. Cryptographers, Vincent Rijmen and Joan Daemen submitted their suggestion to NIST.
Against around 15 other submissions, AES was chosen as the replacement (with a few tweaks and adjustments). In 2002 it was approved and has been in use ever since.
How Does AES Work?
AES is a block cipher algorithm. A block of plain text is taken and alternating rounds of substitution and permutation boxes are applied to it. These boxes are in 128, 192 or 256 bits; this determines the strength of the encryption.
During the substitution-permutation process, an encryption key is generated. This allows the data to be deciphered by who is supposed to receive it. If you tried to read the data without the key, the data would be a complete mess and unreadable.
AES Encryption Blocks
The first thing that happens is that your plain text (your data or information) is separated into blocks. These blocks are 128-bits as standard. There are 8 bits in a byte; the blocks are separated into 4×4 columns containing 16 bytes (16×8 = 128).
AES Encryption Key Expansion
Key expansion is where one key is taken and used to create a series of other keys. Each time this happens a new round key is created using 128-bit round key format. Rijndael’s key schedule is used to create keys from a structured process.
The keys may look pretty random, but as stated above, they are created from a structured process. This is just a small part of AES encryption, and hopefully explains why it’s so secure and hard to crack.
AES Round Keys
In the AES algorithm, keys are expanded by something called key schedule round. The output of this is known as round key. Using XOR encryption, or XOR cipher, the output of each 10 rounds of original plain text is used to make the next input.
AES Key Schedule and Key Expansion
Whether you’re using AES-128, AES-192, or AES-256, they all use similar algorithms. They are generally distinguished by the number of rounds. Rounds are often identical but with different subkeys. As described in the round keys section above, they are successive.
- AES-128 (9 rounds)
- AES-192 (11 rounds)
- AES-256 (13 rounds)
Subkeys (key schedule or key expansion) differs between each level of AES. Larger keys output more subkeys as there are more rounds. Data will go through byte substitution, shift rows, mix columns, and round keys the number of rounds specified.
AES Encryption Process
To summarise how AES encryption process works, we’ve listed the steps out as follows:
- Key expansion
- Add round key
- Byte substition
- Shift rows
- Mix columns
- Add round key
- x9 rounds (AES-128), x11 rounds (AES-192), x13 rounds (AES-256)
- Byte substition
- Shift rows
- Add round key
How Is AES Being Used In 2019?
- VPNs: AES is commonly used by VPNs. A VPNs main purpose is to provide a secure and private internet connection, which can be supported by AES. This makes it almost impossible for anyone to know who you are or where you’re located. The best VPNs like ExpressVPN and NordVPN use AES-256 encryption (which is the highest encryption available). However, not all VPNs use it, so check out our reviews before choosing a VPN.
- Compression tools: I’m sure you’ve all encountered a compressed file before. Often if you download a file from the internet, it will be in a compressed format. The file will be compressed into a smaller size so it can be downloaded quicker and take up less room on your device. Tools like 7Zip and WinZip can be used to compress (and decompress) files that are encrypted with AES.
- File sharing: When you use file sharing software like FileZilla, you’ll hopefully be using a HTTPS (secure) connection. In most cases, AES will be keeping your data and files safe during the transfer process. This stops attackers from intercepting your files and being able to access them.