AES Basics
Block cipher, 128-bit blocks, and why ECB leaks.
AES Basics
AES (Advanced Encryption Standard) is the block cipher the world settled on. It was born from an open NIST competition in the late 1990s — Rijndael won — and since 2001 it's been the default symmetric primitive in everything from TLS to filesystem encryption.
"Symmetric" means one key is used for both encryption and decryption. That one shared secret keeps the message private.
Analogy
Think of an industrial document shredder that only accepts documents of a very specific size — say, exactly sixteen sheets stapled together. You feed in a uniform stack and out comes a uniform pile of confetti; the same machine, running in reverse with the same serial-number key card, reassembles the confetti into the original pages. Two parties holding identical key cards can shred and unshred to their hearts' content, but anyone grabbing the confetti from the bin sees nothing but paper dust. That stack-of-sixteen requirement is AES's 128-bit block; the serial-number key card is the shared symmetric key.
The block
AES encrypts fixed-size 128-bit blocks (16 bytes) at a time. Always. The block size never changes — only the key size does.
plaintext block: 16 bytes → [ AES ] → 16 bytes of ciphertext
What varies is the key:
| Variant | Key size | Rounds |
|---|---|---|
| AES-128 | 128 bits | 10 |
| AES-192 | 192 bits | 12 |
| AES-256 | 256 bits | 14 |
Each round applies four steps: SubBytes (byte substitution through an S-box), ShiftRows (byte shuffle), MixColumns (linear mixing over GF(2⁸)), and AddRoundKey (XOR with a round-specific subkey). After the last round, MixColumns is skipped.
You don't need to memorise the inner steps. You do need to remember: 16-byte block, 10/12/14 rounds.
AES-128 is plenty
All three key sizes are approved by NIST. AES-128 is the practical minimum today; AES-256 is common where the extra margin is cheap. AES-192 exists but is rarely chosen.
Why "AES-ECB" is still a trap
AES only encrypts one block. To encrypt a longer message you need a mode that glues blocks together. The naïve mode — encrypt each block independently — is called ECB (Electronic Codebook).
ECB breaks an important guarantee: identical plaintext blocks produce identical ciphertext blocks.
If two 16-byte chunks of the plaintext repeat (and for anything structured — images, JSON, fixed-width records — they will), the ciphertext reveals that repetition. The classic demo is the "ECB penguin": encrypting a bitmap of Tux with AES-ECB leaves the outline of the penguin visible in the ciphertext. Same plaintext block → same ciphertext block → pattern preserved.
This violates semantic security: an attacker who sees the ciphertext should learn nothing about the plaintext except its length. ECB fails that bar.
The fix isn't to use a different cipher — AES is fine. The fix is to use a proper mode (CBC, CTR, GCM — next lesson).
Real-world use
- TLS (HTTPS) uses AES-GCM or AES-CCM, never ECB.
- Full-disk encryption (BitLocker, FileVault, LUKS) uses AES-XTS.
- ZIP/7z encryption uses AES-CTR or AES-CBC with an HMAC.
The Web Crypto API, Node's crypto module, libsodium, and PyCryptodome all expose AES. None of them expose ECB by default as a first-class option — for good reason.
Takeaways
- AES has a fixed 16-byte block.
- Key sizes: 128, 192, 256 bits → 10, 12, 14 rounds.
- Never use AES-ECB for real data.
- Pick a mode that randomises each block (that's the next lesson).