What is AES

AES (Advanced Encryption Standard) is a symmetric encryption algorithm that encrypts and decrypts data using the same key. It was selected by NIST in 2001 to replace DES after a public competition. The winning algorithm, Rijndael, became AES and is now the most widely used cipher in the world.

How it works

AES is a block cipher. It encrypts data in fixed 128-bit (16-byte) blocks. Each block passes through multiple rounds of substitution, row shifting, column mixing, and key addition:

• AES-128: 10 rounds with a 128-bit key
• AES-192: 12 rounds with a 192-bit key
• AES-256: 14 rounds with a 256-bit key

Each round transforms the block using a different subkey derived from the original key through a process called key expansion. After all rounds complete, the 128-bit plaintext block has become a 128-bit ciphertext block.

To encrypt data larger than 128 bits, AES uses a mode of operation. AES-GCM (Galois/Counter Mode) is the most common: it encrypts each block with a counter and produces an authentication tag that detects tampering. AES-CBC is older and requires a separate HMAC for integrity.

Modern CPUs include dedicated AES-NI instructions that perform AES encryption in hardware, making it extremely fast — often exceeding 10 GB/s on a single core.

Why it matters

AES protects almost everything. TLS uses AES-GCM to encrypt HTTPS traffic. Full-disk encryption (BitLocker, FileVault, LUKS) uses AES. VPNs, SSH, password managers, and encrypted databases all use AES. When a system says data is "encrypted at rest" or "encrypted in transit," AES is almost certainly the cipher doing the work.

See How Symmetric Encryption Works for the full walkthrough.