Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is the most widely used symmetric encryption algorithm, adopted as a US federal standard in 2001. It's a block cipher that encrypts data in 128-bit blocks using keys of 128, 192, or 256 bits.

Key Sizes

• AES-128: 10 rounds, fast, secure for most uses
• AES-192: 12 rounds, rarely used
• AES-256: 14 rounds, higher security margin

Modes of Operation

// ECB - Electronic CodeBook (AVOID)
Each block encrypted independently - reveals patterns

// CBC - Cipher Block Chaining
Blocks chained together, requires IV
Vulnerable to padding oracle if not careful

// CTR - Counter Mode
Turns block cipher into stream cipher
Parallelizable, no padding needed

// GCM - Galois/Counter Mode (RECOMMENDED)
CTR + authentication tag
Provides confidentiality AND integrity

Example Usage

// Python with cryptography library
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import os

key = AESGCM.generate_key(bit_length=256)
aesgcm = AESGCM(key)
nonce = os.urandom(12)
ciphertext = aesgcm.encrypt(nonce, plaintext, associated_data)
plaintext = aesgcm.decrypt(nonce, ciphertext, associated_data)

Security Considerations

• Always use authenticated modes (GCM) for data integrity
• Never reuse IVs/nonces with the same key
• Use secure random for key generation
• Store keys securely (HSM, key management service)

See Also

• Galois/Counter Mode (GCM)
• Cipher Block Chaining (CBC)
• Initialization Vector (IV)