What is AES Encryption & How does it Work?

AES encryption, known as Advanced Encryption Standard, is a category of encryption methods for electronic data. It is one of the hottest buzzwords in the cybersecurity community and has expanded to become the world’s leading encryption method.

AES spans across multiple platforms and services, including VPN services such as ExpressVPN, Surfshark, NordVPN and others. Communication pipelines such as Signal and WhatsApp; programs such as WinZip and VeraCrypt.

It runs on two definitive standards, namely, FIPS PUB 197: Advanced Encryption Standard and ISO/IEC 18033-3: Block Ciphers. Let us take a more in-depth look at the intricacies of AES encryption.

Types of AES Encryption Ciphers

The AES encryption is a symmetric block cipher, which means that it protects data against breach and theft by securing it. To do this securely, AES employs three distinct block ciphers, namely, AES-128, AES-192, and AES-256. Let us take a look at each type individually to get a better understanding.

  1. AES 256-bit
  2. AES 192-bit
  3. AES 128-bit

1. What is 256-bit Encryption?

The most intricate of the ciphers, AES-256, employs a 256-bit cryptographic key for the encryption and decryption of information. Its symmetrical nature makes it necessary for both sides of the data transmission channel to be well versed with the key if they are to view the data.

AES-256 keys work with fourteen rounds, which all strive to convert data from plaintext into ciphertext in a secure and effective way. Since AES-256 is the most elaborate of the AES encryption ciphers, it is often used for data that is of the top priority.

FAQ: Can 256-Bit AES Encryption be Broken?

If for any reason, you still doubt the reliability of 128-bit and 192-bit AES encryption to remain unbroken, then 256-bit AES encryption is the one for you. With a 256-bit AES encryption key length, the data would possess 2^256 combinations. Simply put, there is no human or machine that can crack through such an elaborate code, rendering 256-bit AES encryption unbreakable.

However, when talking about any of the three, that is, 128-bit, 192-bit, or 256-bit AES encryption, the focus of the matter is on the proper implementation of the encryption method. In cases where implementation is not given due heed, side-channel attacks can make encryption breaking a very real possibility.

2. What is 192-bit Encryption?

To smoothly process data encryption and decryption, AES-192 inhibits a 192-key length. It makes use of 192-bit cryptographic keys to secure data in 192-bit blocks. The matter of symmetrical encryption also applies to AES-192, which means that both the sender and receiver are required to be in the loop.

192-bit keys work with twelve rounds where each round comprises several encryption steps, all geared at modifying data from its plaintext form into the ciphertext form. AES-192 is where encryption services for top-secret classified information start since it holds stricter cybersecurity measures.

FAQ: Can 192-Bit AES Encryption be Broken?

192-bit AES encryption is a significantly stronger data protection step, serving as the marker for where coding for classified information starts. As such, it is impossible to break into while looking at human or even human-made technological capacity.

3. What is 128-bit Encryption?

AES-128 functions by making use of a 128-bit key length to carry out the encryption and decryption of data. Data is encrypted and decrypted in 128-bit blocks with the help of 128-bit cryptographic keys. In the case of symmetric AES-128 ciphers, it is necessary for both the person inputting the data as well as for the person receiving it to be aware of the codified key to access it.

128-bit keys function with ten rounds, with each round consisting of processing steps such as transposition, substitution, mixing the input plaintext, and transforming it into ciphertext.

FAQ: Can 128-Bit AES Encryption be Broken?

The fact of the matter is that with proper implementation, AES encryption is unbreakable. When talking about 128-bit AES encryption, consider the following scenario. If a trillion machines are employed, each of which can go through a billion keys in a second, then it would take over two billion years to break a 128-bit AES key. And mind you, this was before a further four rounds were added to the AES-128 system for added security.

Why was AES Developed?

Encryption has been around since the earliest times of history. It has taken on several forms, including visual cryptography or simply switching letters in a message. Although these methods did render the data undecipherable at first glance, breaking it down and reducing it to logical data did not take long.

Unsurprisingly, the need for better encryption grew with time as individuals became more advanced, and the need for protecting data grew exponentially. As individuals began to explore a new method of data encryption, they first came to develop the DES, or Data Encryption Standard, that came to display signs of concern after a few decades.

Once it became clear that the DES did not have much longer of a future, the US National Institute of Technology took matters into their own hands. Eventually, it was the culmination of five years of hard work that resulted in the AES encryption system complete with key varieties of 128-bit, 192-bit, and 256-bit. Thus, AES was developed to provide the people with a secure way of protecting their data by breaking it down into chunks and encrypting it.

How Does AES Encryption Work?

AES encryption comprises seven necessary steps, all of which are outlined below with the help of an example:

  1. The Data is Split into Blocks
  2. Key Expansion
  3. Round Key is Added
  4. Bytes are Substituted
  5. Shift Rows
  6. Mix Columns
  7. Round Key is Added, Again

1. The Data is Split into Blocks

When carrying out AES encryption, the individual starts out with plaintext, that is, the normal message that they wish to encrypt. First off, this plaintext is divided into blocks. To better understand this, let us look at an example.

Say we want to encrypt the following sentence using 128-bit encryption. “I like eggs.” Since the AES block size is 128-bit, the data would be arranged into four by four columns.

2. Key Expansion

The second step in AES encryption is key expansion, that is, making use of your plaintext to develop a brand-new set of keys. Typically, this is achieved with the use of Rijndael’s key schedule, which works to draw up new ciphers.

For example, the sentence, “The sun is yellow,” might be something like 18 h6 sj kr 43 gt rd, and so on once the key expansion is applied.

3. Round Key is Added

Once you are done with key expansion, the next stage is to add in your round key. This is essentially adding your initial key to the block of your message. In our example, this would mean combining, “I like eggs” with “The sun is yellow.” Round keys are added using the XOR cipher, which is basically an additive encryption medium.

4. Bytes are Substituted

The fourth step of your AES encryption process requires you to substitute bytes. This step makes use of a pre-established table that operates according to the set algorithm. For example, if we take the results of our previous key expansion of, “The sun is yellow,” which was 18 h6 sj kr 43 gt rd, 18 could become f5, sj could become n2 and so on.

5. Shift Rows

Next up on the agenda is the shift row step, which is as simple as the name goes. Here, the second row of your data is shifted one space to the left; the third row moves two spaces to the left, and so on.

6. Mix Columns

Now, this is where the mathematics part comes in. To explain it simply, each column of your data table undergoes manipulation by a mathematical equation to make it more complex. This would result in a new set of numbers and letters that would stand for your original data.

7. Round Key is Added, Again

The last step of the AES encryption method is a revisit to a step we have already gone over, adding in a round key. Here, we apply the round key that was initially constructed to the product of the mixed columns. And there, that is your AES encryption sorted, for now, that is.

This is just the process of a single round of AES encryption; these steps will then be repeated according to the method that is chosen, that is, 128-bit, 192-bit, or 256-bit.

The Importance of AES Encryption for a VPN

A VPN, or Virtual Private Network, allows for the exchange of data between a private and public network. Since a VPN facilitates the flow of data between networks, the potential of a data breach is all the more probable. Typically, VPN providers place their bets on 256-bit AES encryption as this is by far the most secure VPN encryption form out there.

It is clear then that the importance of AES encryption for a VPN lies in its ability to protect its data from ISPs, hackers, the government, or virtually any other unwanted presence. To get a clearer picture of this, let us look at some VPNs that employ AES encryption.

VPNs and AES Encryption

AES encryption has all but become a trademark of the VPN industry, and so naturally, any good VPN service provider will use AES encryption to make their channel secure. The go-to option is 256-bit AES encryption since this is the strongest and safest pick. Let us take a more detailed look at some VPNs that make use of 256-bit AES encryption.


Surfshark is one of the most inexpensive VPN providers in the industry, facilitating its users with 256-bit AES encryption with the option of additional ChaCha encryption for its Android customers. The company supports all three VPN encryption protocols.

With Surfshark, you do not need to worry about ISPs getting access to your online information as you can easily hide it from a clear view. To make our VPN secure at another level, we abide by our no logs policy, which means that even we do not have access to your data. After all, when there is no storage database, how can there be a leak?


ExpressVPN opts for 256-bit AES encryption to keep your data secure. In this encryption method, they employ a combination of AES 256-bit cipher, SHA-512 HMAC authentication, and 4096-bit RSA key to ensure top-notch security.

ExpressVPN gives users a ton of benefits. Not only can they roam the world wide web undocumented, that is, leaving no trace of their searches, but they can also access sites that are blocked in their region. And to top it off, ExpressVPN’s solid infrastructure lets you unblock popular streaming services with their VPN.


NordVPN makes use of the Next Generation Encryption method to secure its service. They employ a variety of security checks to make their system robust, including AES-256-GCM for encryption in the first phase.

At NordVPN, we make a promise to you, and that is that we will not keep any record of your stored data, online activities or browsing histories in our database. By simply letting information exist as it does and building protection so others cannot access it we believe that we are doing our job the right way.


At CyberGhost, they employ what is referred to as military-grade encryption. In other words, this is 256-bit AES cipher encryption complete with SHA256 authentication and a 4096-bit RSA key.

As is with any good VPN provider, CyberGhost maintains a strict no-log commitment meaning that they have no recollection of any of your data or online activities. We make sure your data is safe with our top-of-the-class no-spy servers and excellent encryption standards. CyberGhost runs on a strong no, censorship format which allows users to access sites no matter where they may be sitting.

So, there you have it, an extensive rundown of AES encryption complete with the nitty-gritty details. Now, go put all this knowledge to some good use!

About Sebastian Riley

Sebastian Riley is a cyberlibertarian activist and an internet freedom fighter who strongly believes in an unsegregated and uncensored internet. With a cybersecurity degree, Sebastian is a professional bug hunter and a freelance opensource penetration tester.