The Advanced Encryption Standard (AES) is the global data security and encryption standard. The National Institute of Standards and Technology (NIST) approved it in 2001, and by May 2002 the US government had adopted it as the mandatory standard for protecting classified information. With current technology, properly configured AES is considered practically unbreakable. It safeguards top-level government secrets, financial databases, and the everyday online communication that flows through HTTPS, VPNs, and messaging apps.
What Is the Advanced Encryption Standard (AES)?
AES is an encryption algorithm and symmetric block cipher optimized for both software and hardware. Symmetric means it uses the same key for encryption and decryption, which makes it fast and efficient for protecting data at rest.
Because the same key is used for both directions, online communication needs an additional step. If the key is intercepted during exchange, an attacker could decrypt the traffic without ever attacking the AES algorithm itself. To solve this, developers pair AES with an asymmetric method.
The most common pairing is with RSA (Rivest-Shamir-Adleman). RSA uses two keys: data is encrypted with a public key and decrypted with a private key, and the two are never the same. Even if someone monitors the traffic, they cannot decrypt it without the private key. The trade-off is that RSA is much slower and more resource-intensive than AES.
In practice, the two methods are combined. RSA handles the initial key exchange securely; once both sides have the AES key, the faster AES takes over for the actual data transfer. This setup is called a hybrid cryptosystem, and it is the model used in HTTPS, modern VPN protocols, and end-to-end encrypted messaging.
How AES Encryption Works: Steps and Rounds
AES has four steps, repeated across multiple rounds. The key length determines the round count: AES-128 runs 10 rounds, AES-192 runs 12, and AES-256 runs 14.
Before encryption begins, AES breaks the data into 4×4 byte grids called the State matrix. Each round then runs through the following steps:
Step 1: SubBytes (substitution). Every byte is replaced with another byte using a fixed lookup table called the S-Box. This ensures that the relationship between the encryption key and the encrypted output is non-obvious; the key cannot be deduced from the mathematical functions AES performs.
Step 2: ShiftRows (permutation). The rows of the 4×4 byte grid are shifted to the left by different amounts. The first row stays put. The second row shifts by 1 byte, the third by 2 bytes, and the fourth by 3 bytes. This spreads each byte’s influence across the block.
Step 3: MixColumns (substitution). Each column is multiplied by a fixed mathematical matrix, producing new bytes. A change to one byte in a column affects every other byte in that column, which makes the encryption diffuse rapidly through the data. This step is skipped in the final round.
Step 4: AddRoundKey. The State matrix is combined with a sub-key derived from the main encryption key. This is the step where the actual secret key gets bound to the data. A different sub-key is used at every round.
All four steps repeat across each round, except the MixColumns step in the final round. The result is ciphertext that bears no statistical resemblance to the original input.
AES Key Sizes Explained: AES-128, AES-192, and AES-256
The three key lengths determine the security level, but they also affect the processing power required. This matters for low-power devices like entry-level smartphones or IoT hardware, where AES may not be the most efficient choice. In those cases, developers sometimes use lighter ciphers like ChaCha20 instead.
AES-128 is the fastest and lowest-resource option. It runs 10 rounds and offers roughly 3.4 × 10³⁸ possible key combinations. AES-192 runs 12 rounds with 6.2 × 10⁵⁷ possible combinations. AES-256 runs 14 rounds with 1.1 × 10⁷⁷ possible combinations – a number larger than the estimated count of atoms in the observable universe.
AES-128 is the default choice for most consumer applications and websites. It is highly secure and keeps resource consumption low for better performance.
AES-192 is used where regulators or compliance frameworks require a stronger layer than the standard.
AES-256 protects the most sensitive data: military secrets, medical and banking records, and classified government information. It is also considered resistant to Grover’s algorithm, the most prominent quantum attack against symmetric ciphers. Grover’s algorithm effectively halves the security of a symmetric cipher, which means AES-256 would offer roughly AES-128-equivalent security against a sufficiently powerful quantum computer. That still places it well above the practical attack threshold for the foreseeable future. Note that AES-256 is not absolutely quantum-proof in the way post-quantum algorithms like Kyber and Dilithium are designed to be, but it remains the strongest practical option in the AES family.
Benefits and Real-World Applications of AES Encryption
In day-to-day computing, AES is almost everywhere. Its biggest benefit is strong data security: any business or government using AES correctly can be confident their confidential information is hidden from anyone without the key.
AES is also fast and compatible with a wide range of hardware. Modern processors include built-in AES-NI hardware acceleration, which makes the process nearly instantaneous. And because it is a global standard, AES works the same on every major operating system. Here are some of its most common real-world uses:
- VPNs: the best VPNs use AES-256 to create encrypted tunnels for safe online communication.
- Disk encryption: Microsoft’s BitLocker and Apple’s FileVault both rely on AES to encrypt entire drives.
- File compression: WinZip, 7-Zip, and RAR all support AES-256 to encrypt the contents of archive files.
- Messaging apps: WhatsApp, Signal, and Facebook Messenger use AES as part of their end-to-end encryption.
- Password managers: LastPass, 1Password, and Bitwarden use AES-256 to protect the vault containing your credentials.
- HTTPS: modern TLS connections negotiate AES as the bulk encryption cipher for traffic between your browser and a website.
- Wi-Fi security: WPA2 and WPA3 both use AES to encrypt the traffic between your devices and the router.
- Games: some game engines, including Rockstar’s RAGE engine used in Grand Theft Auto, apply AES to prevent multiplayer cheating and tampering.
AES vs. DES vs. RSA: Key Differences
AES is often compared with DES (its predecessor) and RSA (the most common asymmetric companion). The three serve different roles and the differences explain why AES dominates modern encryption.
AES vs. DES. DES was the U.S. government’s encryption standard from 1977 until AES replaced it in 2001. DES uses a 56-bit key, which was broken publicly in 1999 by distributed.net and the Electronic Frontier Foundation in just over 22 hours. AES uses 128-, 192-, or 256-bit keys, with a 128-bit block size against DES’s 64-bit block. The shorter DES key is the core weakness: AES-128 has roughly 4.7 × 10²¹ times more possible keys than DES, and that gap grows exponentially at higher key sizes. AES is also significantly faster on modern hardware.
AES vs. RSA. The fundamental difference is symmetric versus asymmetric. AES uses one key for both encryption and decryption; RSA uses a public/private key pair. RSA needs much longer keys to reach security comparable to AES – RSA-2048 is roughly equivalent to AES-112, and RSA-3072 to AES-128. RSA is also far slower than AES, which is why the two are usually combined rather than chosen between: RSA handles the secure exchange of an AES key, then AES handles the actual bulk encryption of the data.
In short: DES is obsolete and no longer used for security. AES is the modern symmetric standard. RSA is the modern asymmetric standard, used alongside AES rather than instead of it.