Skip to content

47-Day Certificates Are Coming. Are You Ready?

Act Now →

What is AES? How does it work?

What-is-AES_-How-does-it-work_

AES (Advanced Encryption Standard) is a symmetric block cipher, standardized by NIST in FIPS 197 in 2001, that encrypts data in 128-bit blocks using keys of 128, 192, or 256 bits. 

AES encrypts and decrypts data with a single shared secret key. It processes data in fixed 128-bit blocks through multiple rounds of substitution, permutation, and mixing. Standardized by NIST as FIPS 197 in 2001 (from the Rijndael cipher), AES is the most widely used symmetric algorithm and remains secure, with AES-256 recommended for long-term and post-quantum protection.

Key Takeaways

  • AES is a symmetric block cipher standardized by NIST in FIPS 197 in 2001, based on the Rijndael algorithm. 
  • It uses one shared key in three sizes (128, 192, and 256 bits) over 10, 12, or 14 rounds. 
  • AES encrypts data in 128-bit blocks and secures TLS, VPNs, disk encryption, Wi-Fi, and messaging. 
  • AES remains secure in 2026; quantum computers do not break it, they only halve effective key strength via Grover’s algorithm. 
  • AES-256 gives about 128-bit security against a quantum attack and is required by CNSA 2.0 for high-security use. 

What is AES?

AES is a symmetric block cipher, meaning it uses one shared secret key and processes data in fixed-size blocks of 128 bits. It was standardized by NIST in FIPS 197 in 2001 and is the most widely deployed symmetric encryption algorithm in the world. For the broader picture of symmetric methods, see what symmetric encryption is. 

A Short History of AES

AES exists because its predecessor, DES, had become insecure. NIST launched an open competition in 1997 to find a replacement. After public analysis of the candidates, NIST selected the Rijndael cipher, designed by Belgian cryptographers Joan Daemen and Vincent Rijmen, in 2000. It was published as the Advanced Encryption Standard in FIPS 197 in 2001. The open, public selection process is a large part of why AES is so widely trusted. 

How AES Works

AES encrypts each 128-bit block through several rounds of transformation, using a key schedule derived from the original key. Each round applies four operations: SubBytes (byte substitution), ShiftRows (row shifting), MixColumns (column mixing), and AddRoundKey (combining with the round key). The number of rounds depends on the key size. 

Key size Rounds Relative use 
128-bit 10 Fast; common default for TLS and general use. 
192-bit 12Less common; middle ground. 
256-bit 14Highest margin; preferred for long-lived and high-security data. 
AES Algorithm Working

AES Modes of Operation

AES encrypts one block at a time, so a mode of operation defines how blocks are chained for larger messages. The mode matters as much as the cipher for real security. 

Mode Notes 
ECB Encrypts each block independently. Avoid it: identical plaintext blocks produce identical ciphertext, which leaks patterns. 
CBC Chains blocks with an initialization vector. Common, but needs separate integrity protection. 
GCM Authenticated encryption that provides both confidentiality and integrity. The preferred mode for TLS and modern systems. 

Is AES Secure in 2026?

AES remains secure. No practical attack breaks the full cipher, and it is the benchmark NIST uses to measure the strength of post-quantum algorithms. The common question is about quantum computers. 

Quantum computers do not break AES the way they break RSA and ECC. The relevant quantum attack, Grover’s algorithm, only halves the effective key strength, so AES-256 retains about 128 bits of security against a quantum adversary, which is still infeasible to break. For this reason, CNSA 2.0 mandates AES-256 for high-security applications. The practical guidance is to use AES-256 for data that must stay protected for many years.

Tailored Advisory Services

We assess, strategize & implement encryption strategies and solutions customized to your requirements.

Frequently Asked Questions

Is AES symmetric or asymmetric? 

AES is symmetric. The same secret key is used to both encrypt and decrypt data, which makes it fast and well suited to bulk encryption. Asymmetric algorithms such as RSA use a public and private key pair and are slower. In practice, asymmetric cryptography is often used to exchange an AES key, and AES then encrypts the actual data. 

Is AES-256 quantum-proof? 

AES-256 is considered safe against quantum computers for the foreseeable future. Quantum computers do not break AES the way they break RSA. Grover’s algorithm only halves the effective key strength, so AES-256 gives roughly 128 bits of security against a quantum attacker, which remains far beyond any practical capability. CNSA 2.0 requires AES-256 for high-security use. 

What is the difference between AES-128 and AES-256? 

The difference is key length and the number of encryption rounds. AES-128 uses a 128-bit key over 10 rounds, while AES-256 uses a 256-bit key over 14 rounds. Both are secure today. AES-256 offers a larger security margin, especially against future quantum attacks, at a small performance cost, which is why it is preferred for long-lived sensitive data. 

Has AES ever been broken? 

No practical attack has broken full AES. Researchers have published theoretical attacks that are slightly faster than brute force, but none are feasible against properly implemented AES. Real-world weaknesses come from implementation mistakes, such as weak key management or insecure modes, not from the cipher itself. AES remains the global standard for symmetric encryption. 

What is AES used for? 

AES protects data nearly everywhere: TLS/HTTPS connections, VPNs, Wi-Fi (WPA2 and WPA3), full-disk encryption such as BitLocker and FileVault, encrypted messaging, databases, and file storage. It is the default symmetric cipher for protecting data both in transit and at rest because it is fast, well analyzed, and widely supported in hardware. 

Get Your Encryption Right

Need help choosing key sizes, modes, and a path to quantum-resistant crypto? Talk to an Encryption Consulting encryption advisor, or explore post-quantum cryptographic services.Â