Understanding AES (Advanced Encryption Standard)

By Miklos Zoltan . 15 June 2024

Founder - Privacy Affairs

Fact-Checked this

As someone who deeply values online privacy and security, I frequently rely on AES, or the Advanced Encryption Standard, to protect my data.

AES is a symmetric encryption algorithm and is widely regarded as one of the most secure encryption methods available today.

Developed in response to the need for a stronger encryption standard than the aging DES (Data Encryption Standard), AES has become the cornerstone of secure communications worldwide.

What is AES?

AES was established by the National Institute of Standards and Technology (NIST) in 2001.

It’s a symmetric key algorithm, which means the same key is used for both encryption and decryption of data.

This contrasts with asymmetric encryption, which uses a pair of public and private keys.

AES was selected through a rigorous process where various encryption algorithms were submitted by cryptographers from around the world.

The Rijndael algorithm, designed by Belgian cryptographers Vincent Rijmen and Joan Daemen, was chosen for its combination of security, performance, efficiency, and flexibility.

Key Features of AES

1. Security:

AES is incredibly secure. It supports key sizes of 128, 192, and 256 bits, with the 256-bit version being the most secure.

To put this in perspective, breaking a 256-bit AES key using brute force would take more time than the age of the universe with current technology.

AES has been extensively analyzed and tested by security experts, and it has withstood the test of time.

Its robustness comes from its design, which includes multiple layers of security operations that transform the data in a way that is extremely difficult to reverse without the key.

2. Speed:

Despite its robustness, AES is also very fast, making it suitable for a wide range of applications, from encrypting files on a personal computer to securing data transmission over the internet.

The speed of AES is partly due to its efficiency in both software and hardware implementations. It is designed to perform well on a variety of platforms, from low-power devices like smartphones to high-performance servers.

3. Flexibility:

AES can be used in various modes of operation, such as CBC (Cipher Block Chaining), CFB (Cipher Feedback), and GCM (Galois/Counter Mode).

Each mode offers different balances between security and performance, allowing AES to be adapted to different needs.

These modes of operation provide additional security features. For example, GCM mode not only encrypts the data but also provides authentication, ensuring that the data has not been tampered with during transmission.

How Does AES Work?

AES works by repeatedly transforming blocks of data (each block is 128 bits) through several rounds of processing.

The number of rounds depends on the key size:

128-bit keys: 10 rounds
192-bit keys: 12 rounds
256-bit keys: 14 rounds

Each round consists of four main steps:

SubBytes: Each byte in the block is replaced with another byte using a substitution table (S-box). This step introduces non-linearity into the encryption process, making it more resistant to linear and differential cryptanalysis.
ShiftRows: The rows of the block are shifted cyclically. This step provides diffusion, ensuring that the influence of each input byte spreads across the entire block.
MixColumns: The columns of the block are mixed, combining the data in each column. This step further increases diffusion by mixing the bytes within each column.
AddRoundKey: The block is combined with a portion of the encryption key. This step introduces the key into the transformation process, ensuring that the encryption is dependent on the key

The combination of these steps ensures that the data is thoroughly encrypted, making it extremely difficult for unauthorized parties to decipher.

My Personal Experience with AES

As an avid user of online services and someone who often handles sensitive information, I rely on AES encryption to keep my data safe.

Whether I’m encrypting files on my laptop, securing emails, or using a VPN to protect my internet traffic, AES is my go-to choice.

Its proven security and efficiency give me confidence that my data is well-protected against potential threats.

For example, when I store sensitive documents on my computer, I use software like VeraCrypt, which employs AES-256 encryption to create secure, encrypted volumes.

This way, even if someone gains physical access to my computer, they cannot access the encrypted data without the correct key.

When I communicate sensitive information via email, I use encryption tools like GPG, which supports AES among other encryption standards, to encrypt the contents of my emails.

This ensures that only the intended recipient, who possesses the decryption key, can read my messages.

VPNs That Use AES

Many VPN services implement AES to ensure that users’ data is secure. Here are three VPNs I personally recommend that use AES encryption:

ExpressVPN:

ExpressVPN uses AES-256 encryption, ensuring top-notch security for all your internet activities. It’s one of the fastest and most reliable VPNs, with a strict no-logs policy, making it ideal for privacy-conscious users.

ExpressVPN also offers features like split tunneling, which allows you to choose which apps use the VPN connection, and a network lock (kill switch) that prevents data leaks if the VPN connection drops unexpectedly.

With servers in over 90 countries, ExpressVPN provides excellent global coverage and speed.

NordVPN:

NordVPN also employs AES-256 encryption and offers a range of advanced security features, including Double VPN, which routes your traffic through two servers for extra protection.

Its user-friendly interface and extensive server network make it a popular choice.

NordVPN goes beyond standard VPN security by offering features like CyberSec, which blocks ads and protects against malware, and Onion over VPN, which routes your traffic through the Tor network for enhanced anonymity.

NordVPN has over 5,000 servers in 60 countries, ensuring fast and reliable connections.

CyberGhost:

CyberGhost uses AES-256 encryption to keep your data safe. It’s particularly user-friendly and offers specialized servers for streaming and torrenting, providing a seamless and secure browsing experience.

CyberGhost also stands out for its transparency and commitment to privacy. It publishes regular transparency reports and has a strict no-logs policy.

With over 7,000 servers in 90 countries, CyberGhost ensures that you can find a fast and secure connection no matter where you are.

Conclusion

AES stands out as a robust, fast, and versatile encryption standard that I trust to secure my digital life.

Whether you’re looking to protect personal files, secure your internet connection, or ensure private communication, AES provides the level of security needed in today’s digital age.

If you’re considering using a VPN, choosing one that implements AES encryption, like ExpressVPN, NordVPN, or CyberGhost, is a step in the right direction toward safeguarding your online privacy.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.