Advanced Encryption Standard (AES) Explained

written by

Jack Foster

last updated

September 30, 2020

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

In many of my VPN reviews, you’ll notice I mention AES-256 encryption. In fact, if you’re doing any kind of research into VPNs, or internet privacy, you’re probably going to come across this term quite a lot. I’m going to explain what Advanced Encryption Standard (AES) actually is (as simply as I can).

AES is used by technology giants everywhere. Whether it’s Microsoft, Apple, etc. AES is the most fundamental cryptographic algorithm around. However, I imagine right now none of that makes any sense to you! Read on to find out what AES is and how to use it on a daily basis.

What is AES?

Originally known as Rijndael, the Advanced Encryption Standard (AES) was created by the U.S. National Institute of Standards and Technology in 2001. It’s a fast and secure form of encryption used for electronic data.

Encryption messages used to be fairly simple. Whether the code would use the next letter in the alphabet to create a series of scrambled messages, or something else. However, this made it too easy for hackers to crack the code. All you’d need is some patience and time and “Bob’s your uncle”.

Because cracking code was becoming easier, new more sophisticated methods had to be developed. In the 1970s the US National Bureau of Standards (NBS) starting to search for a ‘standard’ to encrypt secure and private government information. Data Encryption Standard (DES) was developed by IBM and was used for a good 2 decades.

DES has a 56-bit key (compared to 256 in AES). As technology advanced, so did the ease in which code could be cracked. The first DES message to be cracked was in 1977 by the DESCHALL project. The following year the Electronic Frontier Foundation built a crack for DES. This could brute force a key in just 2 days.

Where Did AES Come From?

AES was designed to replace DES, which was created in the 1970s at IBM. Unfortunately, some twenty years later, it was discovered that DES could quite easily be cracked and attacked. There was quite a lot of suspicion surrounding DES and the NSA.

Because of DES’s weaknesses, NIST launched a 5 year programme to replace it, which we now know as AES. Cryptographers, Vincent Rijmen and Joan Daemen submitted their suggestion to NIST.

Against around 15 other submissions, AES was chosen as the replacement (with a few tweaks and adjustments). In 2002 it was approved and has been in use ever since.

How Does AES Work?

AES is a block cipher algorithm. A block of plain text is taken and alternating rounds of substitution and permutation boxes are applied to it. These boxes are in 128, 192 or 256 bits; this determines the strength of the encryption.

AES encryption and AES decryption

During the substitution-permutation process, an encryption key is generated. This allows the data to be deciphered by who is supposed to receive it. If you tried to read the data without the key, the data would be a complete mess and unreadable.

AES Encryption Blocks

The first thing that happens is that your plain text (your data or information) is separated into blocks. These blocks are 128-bits as standard. There are 8 bits in a byte; the blocks are separated into 4×4 columns containing 16 bytes (16×8 = 128).

AES Encryption Key Expansion

Key expansion is where one key is taken and used to create a series of other keys. Each time this happens a new round key is created using 128-bit round key format. Rijndael’s key schedule is used to create keys from a structured process.

AES Key Expansion

The keys may look pretty random, but as stated above, they are created from a structured process. This is just a small part of AES encryption, and hopefully explains why it’s so secure and hard to crack.

AES Round Keys

Image credit: Moserware

In the AES algorithm, keys are expanded by something called key schedule round. The output of this is known as round key. Using XOR encryption, or XOR cipher, the output of each 10 rounds of original plain text is used to make the next input.

AES Round Key

AES Key Schedule and Key Expansion

Whether you’re using AES-128, AES-192, or AES-256, they all use similar algorithms. They are generally distinguished by the number of rounds. Rounds are often identical but with different subkeys. As described in the round keys section above, they are successive.

  • AES-128 (9 rounds)
  • AES-192 (11 rounds)
  • AES-256 (13 rounds)

Subkeys (key schedule or key expansion) differs between each level of AES. Larger keys output more subkeys as there are more rounds. Data will go through byte substitution, shift rows, mix columns, and round keys the number of rounds specified.

AES Encryption Process

To summarise how AES encryption process works, we’ve listed the steps out as follows:

  1. Key expansion
  2. Add round key
  3. Byte substition
  4. Shift rows
  5. Mix columns
  6. Add round key
  7. x9 rounds (AES-128), x11 rounds (AES-192), x13 rounds (AES-256)
  8. Byte substition
  9. Shift rows
  10.  Add round key

How Is AES Being Used In 2020?

  • VPNs: AES is commonly used by VPNs. A VPNs main purpose is to provide a secure and private internet connection, which can be supported by AES. This makes it almost impossible for anyone to know who you are or where you’re located. The best VPNs like ExpressVPN and NordVPN use AES-256 encryption (which is the highest encryption available). However, not all VPNs use it, so check out our reviews before choosing a VPN.
  • Compression tools: I’m sure you’ve all encountered a compressed file before. Often if you download a file from the internet, it will be in a compressed format. The file will be compressed into a smaller size so it can be downloaded quicker and take up less room on your device. Tools like 7Zip and WinZip can be used to compress (and decompress) files that are encrypted with AES.
  • File sharing: When you use file sharing software like FileZilla, you’ll hopefully be using a HTTPS (secure) connection. In most cases, AES will be keeping your data and files safe during the transfer process. This stops attackers from intercepting your files and being able to access them.

you may also like...

ibVPN Review

TurboVPN offers a free service, but is it worth your time? Read my thoughts in…
Read more

PureVPN Review

Based in Hong Kong, PureVPN has been running for over 13 years now and has…
Read more

VPN.ac Review

One name that is usually overlooked is VPN.ac. Should you be paying attention to this…
Read more

VPNArea Review

Is VPNArea a good choice? Discover more about this vPN provider, which is based in…
Read more

Secure VPN Review

SecureVPN boasts a kill switch and supports torrenting. Discover more about this VPN solution.
Read more

Hide My IP Review

Hide My IP has servers in 123 different countries around the world. Discover whether this…
Read more

FrootVPN Review

If you are looking for a low-cost, basic VPN, FrootVPN is certainly worth considering. Find…
Read more

BTGuard Review

Boasting high levels of security, BTGuard is a VPN well worth considering, but is it…
Read more

Browsec Review

From security to speed; discover everything you need to know about Browsec VPN.
Read more

Avira Review

Known for their antivirus product, Avira brought a VPN out in 2016. Read my full…
Read more

vpn.ht Review

Vpn.ht was created back in 2014 by the company known as Wicked Technology. is it…
Read more

VPN.S Review

VPN.S, also known as VPNSecure, is a solution worth considering if you are looking for…
Read more

SaferVPN Review

SaferVPN describes itself as the fastest and simplest VPN on the market. Bold claims! Does…
Read more

IVPN Review

Incorporated in Gibraltar, IVPN has a small server network. However, it comes with some great…
Read more

Proton VPN Review

ProtonVPN is based in the friendly jurisdiction of Switzerland. A great start, but does the…
Read more

PrivateVPN Review

PrivateVPN is a user-friendly VPN that is good for streaming purposes and combines effective encryption…
Read more

Tiger VPN Review

Based in Slovakia, TigerVPN has more than 300 servers across 42 countries. Is it right…
Read more

Ivacy Review

Ivacy has been around for quite some time now, and it certainly offers some great…
Read more

OpenVPN Review

OpenVPN is an open-source software application that many VPN providers use today. Discover more.
Read more

TorGuard Review

TorGuard is based in the United States, but can we get passed this poor jurisdiction?…
Read more

Buffered Review

Buffered VPN was recently absorbed into encrypt.me. From speeds to security, I assess this VPN…
Read more

HIDE me Review

Hide.me is a VPN that ticks a lot of boxes, especially in terms of streaming.…
Read more

AVG Review

AVG is a brand that is known around the world for its antivirus product, and…
Read more

AirVPN Review

KeepSolid offers robust VPN services for both the business and also the individual user. Delivering…
Read more

AceVPN Review

Acevpn has servers across more than 50 locations worldwide, but is it worth downloading?
Read more

ZenMate Review

ZenMate is a German VPN provider that will allow you to safely browse the internet…
Read more

IPVanish Review

IPVanish boasts an impressive line up of over 1000 servers across 60 countries. They’re by…
Read more

VyprVPN Review

A solid VPN that offers insanely good security and anonymity. From only £3.63 per month,…
Read more

NordVPN Review

NordVPN is a Panama-based VPN allowing you to connect to 4,952 servers worldwide. It’s well…
Read more