The advanced encryption standard was published by the __________ in 2001.

Graphic: The Advanced Encryption Standard, or AES, is the modern gold standard for data encryption. We'll answer your frequently asked questions and tell you everything you need to know in this definitive AES question-and-answer guide.

Table of Contents

You're storing or transmitting secret or top-secret information. You're tasked with ensuring that sensitive information relevant to national security is concealed from nation-state actors attempting to steal it. Or, maybe, you're just a security-conscious person or business owner who wants to keep their data and correspondence away from prying eyes. Regardless, the Advanced Encryption Standard (AES) contains the algorithm for the job.

The AES algorithm transforms data and makes it indecipherable to hackers and other individuals attempting to access your data without authorization. In this blog post, we're answering your frequently asked questions (FAQs) about AES encryption and AES algorithms, how the encryption process works, the differences between AES key lengths, and much more.

At the end, we'll explain how your program or application can benefit from AES encryption, as well as how to use it to secure your sensitive information, assuming you aren't doing so already.

Graphic: AES encryption is based on the Rijndael family of block ciphers.

What is AES encryption?

AES encryption is a cybersecurity technology refers to the process of concealing electronic data using an approved 128-bit, 192-bit, or 256-bit symmetric encryption algorithm from the Advanced Encryption Standard (AES), also known as FIPS 197. The AES is a computer security standard for cryptographically securing electronic information, usually secret and top-secret government information. The standard is published and maintained by the National Institute for Standards and Technology (NIST).

The AES is one of many NIST-issued Federal Information Processing Standards (FIPS), which are approved by the U.S. Secretary of Commerce before publication to ensure their legal alignment with the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987. It is the only publicly available block cipher approved by the National Security Agency (NSA) for transmission and encryption of secret and top-secret information and intelligence.

The AES, authored by Morris Dworkin, Elaine Barker, James Nechvatal, James Foti, Lawrence Bassam, Edward Roback, and James Dray Jr., was published on Nov. 26, 2001, and adopted by the U.S. government in 2002. The AES algorithm, specifically, is also known as Rijndael, having been derived from the Rijndael family of encryption algorithms, developed by Belgian cryptographers Vincent Rijmen and Joan Daemen.

It is a well-known fact that the AES algorithm cannot yet be cracked, at least not in this lifetime. It would take billions – yes, billions – of years for a supercomputer to crack even a 128-bit AES key. Quantum computers can break AES algorithms quicker, but, according to some sources, it would still take a quantum computer roughly six months to exhaust the possibilities of a 128-bit AES key.

Since their publication, AES algorithms, because of their virtual impenetrability to brute-force attacks, have become the cryptographic gold standard worldwide for securely encrypting and preventing unauthorized access to electronic data, including, but not limited to, sensitive information, controlled unclassified information (CUI), and classified information.

Federal government departments and agencies, as well as non-government entities and commercial businesses and organizations, use AES encryption daily to protect their sensitive data. Even consumers, oftentimes unknowingly, use devices that implement AES encryption.

The federal government has processes in place to determine whether sensitive information, such as controlled unclassified information (CUI) and classified information, warrants cryptographic protection using the AES algorithm, but AES encryption is also used in a litany of consumer-level devices, applications, and networks, including solid-state drives (SSDs), self-encrypting drives (SEDs), Google Cloud storage, internet browsers like Mozilla Firefox and Opera, and website security certificates.

Users can download a copy of the AES by accessing the NIST’s Computer Security Resource Center, clicking “FIPS,” and navigating to “FIPS 197.” The AES is publicly available information, so there’s no charge to access it.

The NIST isn’t too concerned with adversaries studying the AES, either, because, well, it’s all but impossible to crack using current technology.

Graphic: In this illustration showcasing how the AES algorithm works, a sender sends a plaintext file to an encryption server, where an AES secret key is used to encrypt it, or turn it into ciphertext. The receiver of the encrypted file can only read the contents of the file once that same secret key is used to decrypt the contents of the file.

How does AES encryption work?

According to the AES, the AES algorithm uses a 128-bit symmetric, or single-key, block cipher that encrypts and decrypts information. The AES encryption process creates ciphertext, which is an unreadable, effectively indecipherable conversion of plaintext data, the version of information that humans can read and understand. The output of the encryption process, the AES ciphertext, cannot be read until a secret AES key is used to decrypt it.

The encryption and decryption processes can use 128-, 192-, and 256-bit key lengths to convert plaintext into ciphertext and ciphertext into plaintext. These processes are known as encryption and decryption, respectively.

In AES-encrypted communications, a sender and recipient are given the same AES secret key, which is used to convert information into ciphertext as well as into readable plaintext. If this information were to be intercepted by a hacker, he or she wouldn’t be able to read it without the AES secret key, which, hopefully, would only be known by the users sending and receiving encrypted information.

Here’s a concrete example of what AES encryption ciphertext actually looks like:

Plaintext message: The acting president was diagnosed with a potentially terminal illness.

Ciphertext message: bWhVOg5IxuiUw1TKrEjFD4CCw9r30KcSp8LU49JXX89i5+K/Z55QeNgPnEoDtK90bbUjpbQZ/yaQGOdXlbZS9/Ntd/mfxnK6GAhyKmtHUUk=

Good luck trying to extrapolate from the ciphertext that the acting president might be dying. You’d need to have an AES secret key to decrypt it.

So, in this example, only a sender or recipient with the AES secret key, assuming a hacker is unable to steal or learn the contents of the key through other means, would be able to learn that the acting president has been diagnosed with a potentially terminal illness.

How AES Encryption Works

Video: This quick and informative video by Satel describes how AES encryption works.

Here’s the simplest explanation of how the AES encryption process works:

To begin, information is divided into blocks, which are 128 bits in size, or four-by-four columns of 16 bytes. There are eight bits in a byte, and 16 multiplied by eight creates a block size of 128 bits.

You're still with me, right? I hope so. You might need to buckle up going forward. We've simplified the AES encryption process as much as possible and included an infographic to help readers better understand what's happening. 

During AES encryption, after the data is divided into blocks of 128 bits, it undergoes the following modifications:

AES Algorithm Description

1. Key expansion, which creates new keys, known as round keys, for each subsequent round of encryption, using Rijndael’s key schedule.
2. Round key addition, during which the initial round key is added to the mix of data that has been divided.
3. Byte substitution, which substitutes every byte with a different byte based on the Rijndael S-box substitution box.
4. Row shifting, which moves every row of the divided data one space to the left for the second row, two spaces to the left for the third row, and three spaces to the left for the fourth row.
5. Column mixing, which uses a pre-established matrix to multiply the divided data’s columns and create a new block of code.
6. Round key addition, during which another round key is added to the mixture of columns.

After this initial round, the process is repeated nine, 11, or 13 times, depending on whether the AES algorithm is using a key length of 128 bits, 192 bits, or 256 bits. 128-bit AES encryption undergoes 10 transformation rounds; 192-bit AES encryption undergoes 12 transformation rounds; and 256-bit AES encryption undergoes 14 transformation rounds. The steps listed above constitute one round, so there are nine, 11, and 13 rounds left to go for 128-bit AES encryption, 192-bit AES encryption, and 256-bit AES encryption, respectively.

AES encryption can also be combined with other NIST-issued cryptographic algorithms to enhance and strengthen the encryption protections for a business’ or organization’s sensitive or classified information, creating an impenetrable cryptographic cocktail that parries independent and nation-state actors attempting to access sensitive and classified information.

Graphic: An example of how 256-bit AES encryption converts a plaintext message into ciphertext.

What are some examples of AES encryption?

AES encryption is used to encrypt data at rest and data in transit in many of today’s frequently used devices, applications, and networks. Many solid-state drives (SSDs) on the market today already employ AES encryption algorithms, ensuring that your data is encrypted and protected the moment the SSD leaves the factory.

An example of a storage device that uses AES encryption is the Crucial MX500 SATA SSD. According to Micron, which owns the Crucial brand, the MX500 SATA SSD is equipped with 256-bit AES hardware-based encryption that keeps hackers at bay.

Another example a storage device that uses AES encryption is the TCG-Opal-compliant Samsung 860 EVO SSD. This drive also uses a key length of 256 bits.

A third example of AES encryption in action is WhatsApp messages, which, like many of today's secure communications, are encrypted using 256-bit AES encryption.

Google Cloud is another great example of AES encryption in action. of Google Cloud is encrypted using 256-bit AES encryption by default. Google uses 256-bit AES encryption because it is recommended by the National Institute of Standards and Technology (NIST) and satisfies customers’ storage compliance requirements.

Microsoft Windows’ BitLocker encryption technology uses 128-bit and 256-bit AES encryption by default.

Trusted Computing Group (TCG) Opal self-encrypting drives also use AES encryption algorithms.

The National Security Agency (NSA) and many other U.S. government entities, including the military, use AES encryption for encrypted communications and secure data storage daily. 

LastPass, a password management service, uses AES encryption to keep its users’ passwords safe from hackers and even LastPass employees.

Speaking of AES encryption examples, here's another example of what a 256-bit, AES-encrypted message might would look like:

• Plaintext example, before 256-bit AES encryption is applied: We at Trenton Systems take cybersecurity seriously.
• Ciphertext, after 256-bit AES encryption is applied: yJXijxO47dH9TMKXTG3a+ZJZWRLdbof9dU7P9lTVLFH47Uaf6n0qEft0RmrHPQN6ZOyjfBDfKXbQb6nBOvAQjA==
• Plaintext, when the 256-bit AES encryption process is reversed for decryption: We at Trenton Systems take cybersecurity seriously.

That’s pretty neat, right? Trenton Systems definitely takes cybersecurity seriously and is public about its efforts in this arena, but if we wanted to, for whatever reason, keep this fact a secret, you'd never be able to uncover it based on its ciphertext alone.

For the above example, Devglan’s AES Encryption and Decryption Online Tool in CBC mode with a 256-bit AES key size and a Base64 output text format was used to encrypt the following message: We at Trenton Systems take cybersecurity seriously. The following 32-character secret key was used for this example: TrentonMakesComputingSolutions89.

Definitely check out Devglan’s AES tool to generate your own AES encryption examples for fun and to learn more about how the AES encryption process works.

Graphic: 192-bit AES encryption is approved by the NSA to protect secret but not top-secret government information.

What is 128-bit AES encryption?

128-bit AES encryption refers to the process of concealing plaintext data using an AES key length of 128 bits. 128-bit AES encryption uses 10 transformation rounds to convert plaintext into ciphertext and is approved by the National Security Agency (NSA) to protect secret but not top-secret government information.

128-bit AES encryption may also refer to the fixed block size of the AES encryption algorithm in general. Although AES key lengths – 128, 192, and 256 bits – may change, the block size of the data encrypted with AES is always 128 bits in size.

Out of 128-bit, 192-bit, and 256-bit AES encryption, which progressively use more rounds of encryption for improved security, 128-bit AES encryption is technically the least secure. This is not to say that 128-bit AES encryption is not secure or a great choice for encrypting your data, however; remember, it would take billions of years to crack even the 128-bit AES key. Plus, it's used to encrypt secret government information, so you can believe that it's impenetrable.

Graphic: 192-bit AES encryption is approved by the NSA to protect secret and top-secret government information.

What is 192-bit AES encryption?

192-bit AES encryption refers to the process of concealing plaintext data using an AES key length of 192 bits. 192-bit AES encryption uses 12 transformation rounds to convert plaintext into ciphertext and is approved by the National Security Agency (NSA) to protect both secret and top-secret government information.

Out of 128-bit, 192-bit, and 256-bit AES encryption, 192-bit AES encryption is the second-most secure, and it, along with 256-bit AES encryption, is the only key length size approved for encrypting top-secret information.

At this point, you might be asking: If 128-bit AES encryption alone is secure and would take billions of years for a supercomputer to break, why is it even necessary to have 192-bit AES encryption, or 256-bit AES encryption, for that matter?

For most users, 128-bit AES encryption is more than sufficient for securing sensitive information, but when top-secret information enters the equation, even if the likelihood of a breach is, at this point in time, highly improbable, even a potential breach of top-secret data is a risk that federal government entities are not willing to take. So, they opt for longer AES key lengths, which offer greater protection and a wider brute-force search space, especially in the context of growing industry concerns over quantum computing attacks.

Nowadays, 256-bit AES encryption is the standard encryption method you'll see most often, as many developers and manufacturers, including IBM and others, default to 256-bit AES encryption.

Graphic: Like 192-bit AES encryption, 256-bit AES encryption is approved by the NSA to protect both secret and top-secret government information.

What is 256-bit AES encryption?

256-bit AES encryption refers to the process of concealing plaintext data using the AES algorithm and an AES key length of 256 bits. In addition, 256 bits is the largest AES key length size, as well as its most mathematically complex. It is also the most difficult to crack. AES 256-bit encryption uses 14 transformation rounds to convert plaintext into ciphertext and, because it's nearly impossible to break, is approved by the National Security Agency (NSA) to protect both secret and top-secret government information.

Out of 128-bit, 192-bit, and 256-bit AES encryption, 256-bit AES encryption is technically the most secure because of its key length size. Some go as far as to label 256-bit AES encryption overkill because it, based on some estimations, would take trillions of years to crack using a brute-force attack.

Nonetheless, many federal government entities and defense-industrial base manufacturers encrypting controlled unclassified and classified information opt for 256-bit AES encryption because it is technically more difficult to crack and possesses the greatest impenetrability of the three AES key length sizes.

Graphic: AES encryption is a symmetric encryption algorithm because it uses one key for encryption and decryption.

Is AES encryption symmetric or asymmetric?

AES is a symmetric encryption algorithm because it uses one key to encrypt and decrypt information, whereas its counterpart, asymmetric encryption, uses a public key and a private key.

Okay, let’s break that down. With symmetric encryption, only one secret key is used for both encryption and decryption, so if the key is not known, then AES-encrypted data cannot be read or understood. If the key becomes known, even to hackers, then AES-encrypted data can be read or understood.

In simple terms, the AES symmetric key is the mechanism that both creates and reveals ciphertext.

Alternative: Asymmetric Encryption

Graphic: This is a simplified illustration of the asymmetric encryption process.

A deep dive on asymmetric cryptography is outside the scope of this blog post, but in brief, it involves using a unique public key, for encrypting data, and a unique private key, for decrypting data.

To learn more about asymmetric encryption, visit the NIST's asymmetric cryptography glossary listing in its Computer Security Resource Center. You'll find plenty of additional educational resources there.

How secure is AES encryption?

AES is the one of the most, if not the most, secure encryption algorithms available for implementation, according to Chris Sheppard, a software engineer at Trenton Systems who has experience with AES.

But still, many ask, how can encryption algorithms like AES and others remain secure when they’re publicly available to hackers and adversaries who wish to exploit and circumvent them?

Consider the Nazi’s ENIGMA cryptography machine during World War II. When the Allied Powers cracked the code, the Germans had no evidence that it had been cracked. There were many intercepted messages. Also, the Axis Powers could only leverage the skill of Axis scientists when creating the system. Now, consider public cryptography standards. These standards leverage the skills of experts around the world, and we all trust that it works because, unlike ENIGMA, we all use it. If we see the government or hackers shy from it, then we know something is likely broken.

     Chris Sheppard, Software Engineer, Trenton Systems

Photo: AES encryption secures data in devices, applications, and networks virtually everywhere, and is favored by government entities and especially the military, hence why AES is sometimes referred to as "military-grade encryption."

Where is AES encryption used?

Where isn’t AES used is a better question.

AES encryption is used to secure numerous devices, applications, and networks in use today, including solid-state drives (SSDs), hard disk drives (HDDs), WiFi in local area networks (LANs), securely designed firmware images, cloud computing storage, internet browsers, and website TSL/SSL certificates, which are used to encrypt internet browser connections and transactions.

One example of where AES encryption is used is your internet browser. If you visit a website with “https” in its URL, it’s likely secured by a TSL/SSL certificate employing AES encryption to maintain the security and integrity of your session and any actions you take on that website.

The military and many other federal government departments and agencies employ FIPS 140-2 and TCG-Opal self-encrypting drives (SEDs), which use AES encryption algorithms to secure classified information and controlled unclassified information at rest.

Graphic: AES keys are typically generated using a cryptographic random number generator (RNG) or a key derivation function.

How are AES keys generated?

There are quite a few programs that implement the AES standard, and these programs can encrypt, decrypt, and randomly generate AES keys.

The most popular by far is the open-source project OpenSSL. If you install it and run it with the correct parameters, the key generation process takes five minutes. That said, there are so many options, and OpenSSL supports so many security features like AES and DES that figuring out what those correct parameters are can take a day or so. In my experience, there seems to be countless options out there, but by the time you narrow them down to the latest standards and figure out how you want to balance decryption speed and paranoia, the decision is quickly narrowed down to a handful.

     Chris Sheppard, Software Engineer, Trenton Systems

Graphic: AES is better than DES mainly because the former employs longer key lengths, making AES significantly more difficult to break.

Is AES better than the Data Encryption Standard (DES)?

AES is objectively better and more secure than the NIST’s now-outdated Data Encryption Standard (DES) primarily because of one key feature: key size. AES has longer keys, and longer keys are more secure. A common way to break a cipher is to look for patterns. The longer the keys, the fewer the patterns, and the less likely a hacker is to gain entry.

Like AES, DES, published in 1997 as FIPS 46-3, is a symmetric block cipher, meaning it uses a single secret key to encrypt and decrypt data. DES is less secure than AES, however, mainly because it uses a 56-bit key length, whereas AES uses 128 bits, 192 bits, or 256 bits.

As of 2005, DES is no longer in use or recommended by the NIST for securing sensitive information. The NIST has officially withdrawn DES, and AES has become the NIST’s gold standard for encryption. Even triple DES, the supposedly more-secure big brother of DES, can fall victim to brute-force attacks easily when compared to AES, which is why the NIST, in 2023, is , too.

Graphic: The AES was developed to replace the increasingly vulnerable Data Encryption Standard (DES).

Why was AES developed?

In 1997, the NIST began collaborating with industry and cryptography experts in a three-year competition to develop an encryption algorithm, which we now know as the AES, that was “capable of protecting sensitive government information well into the 21st century.”

Once final, this standard will serve as a critical computer security tool supporting the rapid growth of electronic commerce. This is a very significant step toward creating a more secure digital economy. It will allow e-commerce and e-government to flourish safely, creating new opportunities for all Americans.

- Norman Mineta, U.S. secretary of commerce at the time, from the official AES press release

But the main reason the AES was developed was to replace the aging, outdated, and vulnerable Data Encryption Standard (DES), which, by that point, had been the gold-standard symmetric encryption algorithm for the public and private sectors for 20 years. Basically, the DES was starting to become increasingly vulnerable to brute-force attacks, and the NIST needed a newer and more secure gold standard.

During the NIST’s three-year competition, algorithms were submitted by cryptographers from around the world, and the NIST eventually narrowed the submissions down to five of the best: MARS, RC6, Rijndael, Serpent, and Twofish.

In October of 2000, it was announced that Rijndael was the winner of the competition. The NIST chose Rijndael over the other finalists because, according to the NIST, Rijndael had the best combination of security, performance, efficiency, implementability, and flexibility.

Good security was the primary quality required of the winning formula, but factors such as speed and versatility across a variety of computer platforms also were considered. In other words, the algorithms must be able to run securely and efficiently on large computers, desktop computers and even small devices such as smart cards.

- From the official AES press release

Graphic: AES secures information in a way that causes hackers to run for the hills, or at least toward a more vulnerable system. If everyone adopted, purchased devices, or incorporated technology that uses AES encryption, the cyberspace would be a much more resilient place to store data and conduct official business.

Why is AES important?

AES is important because it is a ubiquitous means by which we encrypt information. It is important for all the same reasons that encryption itself is important, which includes finding ways to better secure one’s sensitive information to keep hackers from using it to cause harm.

AES is also important because it standardizes a highly effective data encryption algorithm to ensure that everyone – mainly the military and other federal government entities – are on the same page of data encryption and implementation when it comes to securing classified and controlled unclassified information, the disclosure of which could have disastrous national security consequences.

Think about how we build physical things: standard screw heads and standard screwdrivers, standard measures of screw threads and diameters and length, standard wood measurements, and so on. Imagine building things without standards like the AES. Conceive your own joiners. Design your own tools. Software uses standards similarly. We call it abstraction. Without abstraction and standards, we would have to reinvent everything every time we build or develop a project. I would guess that the largest project you might accomplish without abstraction would be a 1970s calculator, maybe. This is why open-source software is so important. Given how ‘open’ all computer systems are, how can you ever trust any anything in a computer system? Enter AES encryption. It bolsters, if not altogether ensures, your ability to keep people from tampering with your firmware image, or the data on your device, or an email conversation, or web traffic. Basically, anywhere encryption is important, AES is also important.

     Chris Sheppard, Software Engineer, Trenton Systems

Photo: A Trenton Systems rugged computer with a storage drive exposed

Trenton Systems uses AES encryption.

If you're looking for an AES-encrypted, high-performance computing solution for your program or application, Trenton Systems has the right hardware and software solutions that can solve your problem.

We can incorporate solid-state drives, hard disk drives, and self-encrypting drives that use 128-bit AES encryption, 192-bit AES encryption, or 256-bit AES encryption via software or hardware mechanisms. Which key length size you prefer will depend, of course, on your security preferences and program or application requirements.

We also partner with FUTURA Cyber for their Crypto Management Platform (FC-CMP), which enables the management of encryption keys for storage devices, as well as other types of devices within the Internet of Things (IoT), and, ultimately, helps keep your sensitive information safe.

For more information about our AES encryption capabilities and solutions, don't hesitate to reach out.

Who developed the Advanced Encryption Standard?

Who published AES?

What year was the new encryption scheme published?

In what year was AES approved as a US federal standard?