What Is AES Encryption? (Advanced Encryption Standard)
AES (Advanced Encryption Standard) is the most widely used symmetric encryption algorithm in the world. Selected by NIST in 2001 to replace DES, AES encrypts data in fixed 128-bit blocks using a key of 128, 192, or 256 bits. It protects everything from disk encryption and HTTPS traffic to payment card data and government classified information.
How AES Works
AES uses a substitution-permutation network operating on a 4×4 matrix of bytes (the 'state'). Each round applies four transformations: SubBytes (non-linear substitution), ShiftRows (cyclic row shifts), MixColumns (column mixing), and AddRoundKey (XOR with round key). AES-128 runs 10 rounds; AES-192 runs 12; AES-256 runs 14.
AES-128 vs AES-192 vs AES-256
All three variants are considered secure against brute force — even AES-128 has 2^128 possible keys. AES-256 provides the largest security margin and is recommended for data requiring long-term confidentiality (decades). AES-128 is faster and sufficient for most applications. Choose AES-256 for sensitive applications unless performance is critical.
Block Cipher Modes (ECB, CBC, GCM)
AES alone encrypts one 128-bit block. A mode determines how multiple blocks are chained. ECB (Electronic Codebook) encrypts each block independently — the same plaintext always produces the same ciphertext, making patterns visible. CBC (Cipher Block Chaining) XORs each block with the previous ciphertext. GCM (Galois/Counter Mode) provides both encryption and authentication (AEAD) and is the current recommended mode.
Where AES Is Used
AES-256-GCM is used in TLS 1.3 (HTTPS), Apple's FileVault and iOS encryption, Android full-disk encryption, BitLocker, 1Password and other password managers, WhatsApp and Signal end-to-end encryption, and the WPA3 Wi-Fi security protocol.