A Beginner's Guide to AES Encryption

Updated on June 8, 2026

Let me tell you about the invisible shield that's been protecting your bank transfers, WhatsApp messages, and Netflix account — probably every single day — without you ever noticing. It's called AES, and it's one of those technologies that quietly does the heavy lifting while the rest of the internet pretends it doesn't exist.

By the end of this article, you'll actually understand how it works. Not the math-PhD version — the "explain it to a curious twelve-year-old" version. Which, honestly, is more useful for most people.

What Even Is Encryption?

Before we touch AES specifically, let's nail down what encryption actually does.

Imagine you want to pass a note to your friend across a crowded classroom. You don't want anyone else reading it. So instead of writing "Meet me at 3pm," you and your friend have agreed on a secret code where every letter shifts forward by 3 positions. So "Meet me at 3pm" becomes "Phhw ph dw 3sp."

Anyone who intercepts the note sees gibberish. Your friend decodes it instantly because they know the rule (shift back by 3).

That's encryption at its most basic. AES is the same idea, just criminally more sophisticated.

AES Stands For... What, Exactly?

AES is short for Advanced Encryption Standard. It was selected by the U.S. National Institute of Standards and Technology (NIST) back in 2001 after an open competition where cryptographers from around the world submitted algorithms and tried to break each other's work. The winner was a Belgian algorithm called Rijndael, created by Joan Daemen and Vincent Rijmen. NIST adopted it, renamed it AES, and the rest of the internet basically said "yeah, okay, this one."

Two decades later, it still hasn't been broken. That's not nothing.

Symmetric Encryption: One Key to Rule Them All

AES is what's called symmetric encryption. That word "symmetric" just means both sides — the person locking the data and the person unlocking it — use the same key.

Think of a padlock you buy with two identical physical keys. You lock your luggage with one, give the other to a trusted friend. Same key, both directions. That's symmetric.

The alternative is asymmetric encryption (like RSA), where you have a public key and a private key — but that's a different rabbit hole for a different day. AES stays on the symmetric side, and there are good reasons for that: it's fast. Absurdly fast. Hardware manufacturers have literally baked AES instructions directly into modern processors. Your CPU can encrypt data faster than it can write it to disk, which is why AES is everywhere.

Block Ciphers: Chopping Data Into Chunks

Here's where it gets a little more interesting. AES is a block cipher. It doesn't encrypt your data as one continuous stream — it chops it into fixed-size blocks and encrypts each block.

Specifically, AES always works on 128-bit blocks. That's 16 bytes. So if your message is 1,000 bytes long, AES mentally divides it into roughly 62 blocks and processes each one through a series of mathematical transformations.

Those transformations involve:

  • SubBytes — Replacing each byte with a different byte using a lookup table (called an S-Box). It's like having a codebook where every possible byte value gets swapped for something else.
  • ShiftRows — Rearranging the bytes in a grid in a specific pattern, like shuffling rows of a Rubik's cube.
  • MixColumns — A matrix multiplication step that spreads information across the block so that flipping one input bit scrambles the entire output.
  • AddRoundKey — XOR-ing the block with a portion of the key. This is where your secret key actually gets mixed in.

These four steps get repeated multiple times — called "rounds." AES-128 does 10 rounds. AES-256 does 14. Each round makes the ciphertext increasingly indistinguishable from random noise.

AES-128 vs AES-192 vs AES-256

You've probably seen "AES-256" mentioned in marketing copy for VPNs, password managers, and messaging apps. The number refers to the key length in bits.

  • AES-128: 128-bit key — 2128 possible combinations. Already so astronomically large that brute-forcing it is effectively impossible with any technology that exists or will likely ever exist.
  • AES-192: 192-bit key — rarely used in practice. A middle ground nobody really asked for.
  • AES-256: 256-bit key — the gold standard. 2256 possible combinations. If every atom in the observable universe were a computer running since the Big Bang, you still couldn't brute-force it.

Here's the honest truth: AES-128 is already overkill for almost every real-world threat. AES-256 is chosen mostly because it sounds better in marketing materials and because it provides extra headroom against theoretical future attacks — including potential quantum computing threats. For government and financial applications, AES-256 is the standard. For your encrypted zip file? Either works.

GCM Mode: Why AES Alone Isn't Enough

Here's something they don't tell beginners early enough: AES by itself, without a "mode of operation," is actually dangerous to use.

The basic form is called ECB (Electronic Codebook) mode. In ECB, every identical 16-byte block encrypts to the same ciphertext. If your image file has a large solid-color region, those identical pixel blocks will encrypt identically — and the encrypted file will actually preserve the visual pattern of the original. There's a famous example where a Linux penguin logo encrypted with AES-ECB still looks like a penguin.

That's bad. That's very bad.

So cryptographers developed modes of operation — ways of chaining blocks together so that identical plaintext blocks produce different ciphertext. The current best-practice mode is GCM (Galois/Counter Mode).

GCM does two important things:

  1. Randomizes encryption using a nonce (a one-time number) so that encrypting the same data twice produces completely different output.
  2. Authenticates the ciphertext by appending an authentication tag. This means if anyone tampers with the encrypted data — even flipping a single bit — decryption will fail and you'll know the data was modified.

That second property has a name: AEAD (Authenticated Encryption with Associated Data). It means AES-GCM doesn't just hide your data, it guarantees its integrity. Without this, an attacker could modify encrypted data and you'd have no way to detect it.

When someone says they're using "AES-256-GCM," they're using AES with a 256-bit key in Galois/Counter Mode. That's the full sentence. That's what Signal uses. That's what your HTTPS connection likely uses right now.

Why Do Banks and Apps Trust AES So Much?

Trust in cryptography comes from two places: mathematical proof and time.

AES has both. The mathematical foundations of Rijndael have been analyzed by thousands of cryptographers worldwide. No practical attack has been found that meaningfully reduces the effort required to break it compared to brute force. The best known theoretical attack against AES-128 reduces the search space by a negligible amount — and it requires computational resources that don't exist.

Then there's the time argument. AES has been the standard for over 20 years. Every intelligence agency in the world has presumably tried to break it (and reportedly uses it themselves). Banks run transaction data through it billions of times daily. If there were a meaningful weakness, we'd probably know by now — either through academic disclosure or through someone noticing their bank getting drained.

It's also fast in hardware. Modern Intel and AMD CPUs have a set of instructions called AES-NI (AES New Instructions) that perform AES operations in hardware — typically in just a few CPU cycles per block. On a modern laptop, you can encrypt multiple gigabytes per second. That's why full-disk encryption with AES-256 adds essentially zero noticeable slowdown to daily computer use.

Where You're Using AES Right Now (Without Knowing It)

Here's a quick tour of where AES is silently working in your life:

  • HTTPS connections — When your browser shows a padlock, TLS is using AES (after an asymmetric handshake establishes the key).
  • WhatsApp and Signal — End-to-end encrypted messages use AES-256-GCM as part of the Signal Protocol.
  • Your phone's storage — Both Android and iOS encrypt on-device storage with AES-256 by default.
  • Password managers — 1Password, Bitwarden, and others encrypt your vault with AES-256 before storing it anywhere.
  • Wi-Fi (WPA2/WPA3) — Your home network uses AES to encrypt wireless traffic.
  • BitLocker and FileVault — Windows and macOS full-disk encryption, both AES-based.
  • Banking apps — Every API call your banking app makes travels over TLS with AES encryption.

One Thing to Actually Remember

If you walk away from this article understanding just one thing, make it this: AES is only as strong as your key management.

The algorithm itself is unbreakable in practice. What gets broken is everything around it — weak passwords used to derive keys, keys stored in plaintext, reused nonces in GCM mode, implementation bugs in code. The wall is solid; it's the door that gets left open.

So when a company says they use AES-256 encryption, the right follow-up questions are: Where are the keys stored? How are they derived? Who has access? That's where the real security lives.

AES is the bedrock. Everything built on top of it is what makes it safe or sloppy in practice.

And now you know more about it than most developers who use it daily. That's not a joke — plenty of engineers treat AES as a black box. Understanding even at this level puts you ahead of the curve.