You can understand AES
Hey you! Yes, you! You can understand AES, and you WILL understand it by the end of this short post!
Some of the basics
In case you are a complete begginner, I will gloss over some of the basics:
A cryptographic algorithm is an algorithm or a mathematical function that takes an input (a plaintext) and scrambles it into an output (the ciphertext) given a key. The ciphertext MUST NOT be decipherable without the key.
We do this when we want to keep a piece of data secret. For example, Bob wants to send a letter to Alice but doesn’t want the mailman to see the contents of the message because it’s too flirtatious! He could make use of encryption to keep the message hidden from the mailman, given both him and Alice manage to agree on a key beforehand.
Plaintext is the message you want to encrypt, the one that must remain hidden; the ciphertext is the scrambled version of the plaintext, unreadable without the key; the key is a big number that is used for encryption/decryption.
AES, specifically, is the Advanced Encryption Standard. It is the most widely used symmetric cryptographic algorithm, adopted as a standard by the United States government and used globally to protect and encrypt sensitive data on networks, devices, and digital platforms. Your WhatsApp and iMessage chats are protected by AES.
With those simple definitions, I hope you understand some of the basic ideas behind encryption! Let’s get right to it:
How does AES work?
AES takes a block of plaintext and processes it through multiple rounds of mathematical transformations using a secret key to output secure ciphertext.
In cryptography, a block is a fixed-size chunk of data that a cipher treats as a single unit. Instead of encrypting your data letter-by-letter or bit-by-bit, a block cipher such as AES chops the plaintext up into identical, standardized pieces. AES usually uses 128 bits, or 16 bytes.
This is why AES itself only works at the block level. We will be learning how AES handles the encryption of an individual block, as encrypting real-world variable-length plaintexts requires leveraging operation modes (GCM, CBC, CTR…) which are out of the scope of this post.
For encryption, the mathematical function is:
$$f(P, K) = C$$
And for decryption, you use the inverse function:
$$f^{-1}(C, K) = P$$
Where $P$ is plaintext, $K$ is the key, and $C$ is the ciphertext.
Preparation work
1. Key Expansion
The original secret key is mathematically expanded into a set of multiple round keys so a fresh key can be used for every single step of the process.
This step allows our 32-byte key to expand into the entire block.
2. Add Round Key
The initial plaintext block is combined with the first round key using a simple bitwise operation. We have now given our ciphertext entropy with our key, the ciphertext is officially a ciphertext! It is still vulnerable to high school linear algebra, though, so let’s address that real quick!
Round
1. Sub Bytes (Substitution)
Every single byte of the data is swapped out for a completely different byte using a fixed lookup table that we call the S-Box. Every S-Box in the world has the exact same values.
Though the substitution is simple, the values from the S-Box come from very complex math. They aren’t any trivial numbers, but the result of a very elegant mathematical formula that, in plain English, is the most chaotic, non-linear mathematical operation possible for 8-bit numbers.
It does something very important: it is the only non-linear step in the entire AES algorithm. In cryptography, linearity means that if you change the input by a certain amount, the output will also change by a predictable amount as a result. This means that our ciphertext is no longer vulnerable to basic linear algebra!
This step is very easily reversible by doing a reverse lookup of the S-Box.
2. Shift Rows (Permutation)
The bytes are arranged in a four-by-four grid, and the rows are shifted horizontally by different offsets (0 for the first row, 1 for the second, 2 for the third, and 3 for the fourth) to scramble the position of the data.
Shift Rows ensures that any pattern or structure present in your plaintext is violently disrupted and dispersed before it can pass through the next round of encryption. It is a huge contributor towards the avalanche effect: a minute modification to the input must trigger a drastic, cascading transformation in the output, rendering the two results completely uncorrelated.
This step is, also, easily reversible.
3. Mix Columns (Diffusion)
This is the most mathematically complicated steps, thus I won’t go into much detail. The columns of the grid are mathematically multiplied and mixed together so that changing a single byte randomizes the entire column.
It does this by looking at each individual column individually as the input for a function.
This step is easily reversible, but things
4. Add Round Key
Remember this step? We did it during prep! The data we just scrambled is combined with that specific round’s key via xor, and this entire loop.
This step is not easily reversible, and the reason why is fascinating: it IS easily reversible, just not given this specific input. Because the attacker doesn’t know the key. If you don’t know K, you are looking at one equation with two unknowns ($P \oplus K = C$).
The scrambled version of the block that this step received could have been reversed with some simple math and some manual descrambling. As a matter of fact, as mentioned, this very step was insecure when we first used it. Then how come using it now suddenly makes the process harder to reverse?
Because security is an emergent property in AES. No individual step of a round is secure but each step of the round protects your block against a specific kind of attack.
More importantly, the steps removed any correlation between input and output, making it extremely hard to easily see correlations between different inputs and outputs. Changing as much as a single byte would scramble the resulting ciphertext into a completely different and seemingly unrelated mess.
So, we now add the round key again to make it impossible to mathematically reverse those steps without knowledge of the key. Reversing the key would simply not be possible, as the input this step has received is practically random.
Rinse & Repeat
Then comes my favorite part of every cryptographic algorithm: we hit the block with a hammer until it’s unrecognizeable! We will put the result of this round through more rounds (from 10 to 14 depending on the size of the key).
By the end of the last round, the ciphertext will have gone through so much scrambling, any semblance of correlation between it and the plaintext or key would be a total coincidence. All while still being reversible by the holder of the key.
How good is it?
For you to get an idea of the effectiveness of this algorithm, let’s make a thought experiment: I will turn every atom on earth into a supercomputer capable of doing trillions of AES decryptions per second.
Try to guess how long it would take for this cosmic cluster to brute-force an AES-128 block just by guessing keys.
…
The answer is: never. The entire universe would run out of energy and collapse into cold, dead iron before you reached even a fraction of a percent of all possible key combinations.
With our current understanding of physics, breaking AES-128 in a vacuum is simply impossible. Understanding the security of AES-128 is genuinely difficult for our limited human brains.
… But also, sometimes we use AES-256 which is 2^128 times more secure. To really wrap your head around 2^128 as a number, you have to completely abandon human intuition:
Imagine you want to count every single grain of sand on Earth. You walk through every single beach, every desert, and the floor of every ocean. There are roughly $7.5 \times 10^{18}$ grains of sand on the planet. That is 7.5 quintillion grains.
Now, imagine that every single one of those grains of sand contains an entire duplicate planet Earth inside it; and then, you count every grain of sand on all of those duplicate Earths.
You still aren’t even close to 2^128! In fact, you’d have to repeat this process multiple times.
Hope you came out of here with a very basic idea of how AES works.
I’m really not committing to my plan of short and digestible blog posts.
Published on 2026-06-15