AES 256 Ciphertext Length versus Input String length
AES Ciphertext Length Explained
1️⃣ AES Block Size
AES always operates on 128-bit blocks (16 bytes). The key size (128/192/256 bits) does not affect the block size.
AES encrypts data in multiples of 16 bytes.
2️⃣ Padding
If your plaintext is not a multiple of 16 bytes, AES must pad it before encryption.
- PKCS#7 padding is common
- If plaintext = 20 bytes → pad with 12 bytes → total = 32 bytes
- If plaintext = 32 bytes → add 16 bytes padding → total = 48 bytes
So the ciphertext length is usually ≥ plaintext length, rounded up to the next 16-byte block.
3️⃣ Modes of Operation
| Mode | Ciphertext length vs plaintext | Notes |
|---|---|---|
| ECB / CBC | Multiple of 16 bytes (padding applied) | Deterministic / requires IV for CBC |
| CTR / GCM | Same length as plaintext | Stream cipher mode, no padding needed |
| CFB / OFB | Same length as plaintext | Operates like a stream cipher |
Note: CBC and ECB require padding → ciphertext may be longer. CTR, GCM, CFB, OFB → ciphertext = plaintext length (excluding authentication tag in GCM).
4️⃣ Example
- Plaintext:
Hello world!(12 bytes) - AES-256-CBC → padded to 16 bytes → ciphertext = 16 bytes
- AES-256-CTR → ciphertext = 12 bytes
Note: For AES-GCM, an authentication tag (usually 16 bytes) is appended to the ciphertext.
✅ Summary
- AES block size = 16 bytes, ciphertext = multiples of 16 bytes if using block modes with padding.
- Stream modes (CTR/GCM) → ciphertext ≈ plaintext length (tag aside).
Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.
Anuj Varma – who has written 1260 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.
Leave a Reply