The Advanced Encryption Standard (AES)

November 23, 2020 by Nitesh Malviya

Advanced Encryption Standard short formed as AES falls under the symmetric encryption category. Thus, in AES the sender and the recipient of the data uses the same key to encrypt and decrypt the data. AES is a FIPS-approved symmetric algorithm that can be used for protecting the data and maintaining confidentiality and integrity of the data. 

Since AES is a symmetric algorithm it encrypts data in blocks where the size of each block is 128 bits. The key used by the AES algorithm can be 128, 192 or 256 bits in length.

AES operation and working

In this section we will understand how AES operates over blocks of different sizes and in the next section we will see how encryption takes place

AES divides data into blocks of 16 bytes and applies the same operation on each block of the same length. Thus, AES operation is iterative in nature. 

AES consists of a series of operations which are linked to each other. Few operations involve replacement of specific input with specific output (substitutions) and few involve shuffling of bits around (permutations). Thus, AES is based on a “substitution permutation” network.

Encryption in AES

Let’s understand how encryption works in AES. Encryption in AES takes place in 4 stages. They are as follows: 

1. Byte substitution: AES uses Rijndael S-box as a lookup table in this step. The input 16 bytes are substituted as per the lookup table which results in a matrix of 4 rows and 4 columns.

2. Shiftrows: In this step, each row obtained from the first step is shifted to the left. Shifting takes place as follows:

  • No change is made to 1st row and it is not shifted
  • 2nd row is shifted 1 byte to the left
  • 3rd row is shifted 2 bytes to the left
  • 4th row is shifted 3 bytes to the left

This results in a new matrix of 16 bytes shifted with respect to each other.

3. MixColumns: In this step, operation is performed on columns where each column is transformed based on a special function. The function takes 4 bytes of each column and outputs 4 new bytes changing the original column completely. This step is not performed in the last round. 

4. Addroundkey: 16 bytes (128 bits) from the above matrix is XORed with the round key of 128 bits. This process is continued until the last round. The output of the first round is passed on to the next round until it reaches the last round and the output of the last round is the cipher text.

Decryption in AES

Decryption in AES is the exact reverse process of encryption

Steps are as follows:

  1. Add round key
  2. Mix columns
  3. Shift rows
  4. Byte substitution 


AES is a widely used and adopted symmetric key algorithm in the real world in both hardware and software. Also, till date since no practical cryptanalytics attacks has been discovered, this makes AES more fit to be used in the corporate environment. 


Posted: November 23, 2020
Nitesh Malviya
View Profile

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog - and Linkedin -