Skip to main content
main-content

Über dieses Buch

Rijndael was the surprise winner of the contest for the new Advanced En­ cryption Standard (AES) for the United States. This contest was organized and run by the National Institute for Standards and Technology (NIST) be­ ginning in January 1997; Rijndael was announced as the winner in October 2000. It was the "surprise winner" because many observers (and even some participants) expressed scepticism that the D.S. government would adopt as an encryption standard any algorithm that was not designed by D.S. citizens. Yet NIST ran an open, international, selection process that should serve as model for other standards organizations. For example, NIST held their 1999 AES meeting in Rome, Italy. The five finalist algorithms were designed by teams from all over the world. In the end, the elegance, efficiency, security, and principled design of Rijndael won the day for its two Belgian designers, Joan Daemen and Vincent Rijmen, over the competing finalist designs from RSA, IBM, Counterpane Systems, and an EnglishjIsraelijDanish team. This book is the story of the design of Rijndael, as told by the designers themselves. It outlines the foundations of Rijndael in relation to the previous ciphers the authors have designed. It explains the mathematics needed to and the operation of Rijndael, and it provides reference C code and underst test vectors for the cipher.

Inhaltsverzeichnis

Frontmatter

1. The Advanced Encryption Standard Process

Abstract
The main subject of this book would probably have remained an esoteric topic of cryptographic research — with a name unpronounceable to most of the world — without the Advanced Encryption Standard (AES) process. Therefore, we thought it proper to include a short overview of the AES process.
Joan Daemen, Vincent Rijmen

2. Preliminaries

Abstract
In this chapter we introduce a number of mathematical concepts and explain the terminology that we need in the specification of Rijndael (in Chap. 3), in the treatment of some implementation aspects (in Chap. 4) and when we discuss our design choices (Chaps. 5–9).
Joan Daemen, Vincent Rijmen

3. Specification of Rijndael

Abstract
In this chapter we specify the cipher structure and the building blocks of Rijndael. After explaining the difference between the Rijndael specifications and the AES standard, we specify the external interface to the ciphers. This is followed by the description of the Rijndael structure and the steps of its round transformation. Subsequently, we specify the number of rounds as a function of the block and key length, and describe the key schedule. We conclude this chapter with a treatment of algorithms for implementing decryption with Rijndael. This chapter is not intended as an implementation guideline. For implementation aspects, we refer to Chap. 4.
Joan Daemen, Vincent Rijmen

4. Implementation Aspects

Abstract
In this chapter we discuss issues related to the implementation of Rijndael on different platforms. Most topics apply also to related ciphers such as Square, Anubis and Crypton that are discussed in Chap. 11. We have grouped the material of this chapter into sections that deal with the most typical issues for one specific platform each. However, several of the discussed issues are relevant to more than one platform. If you want to squeeze out the best possible performance, we advise reading the whole chapter, with a critical mindset.
Joan Daemen, Vincent Rijmen

5. Design Philosophy

Abstract
In this chapter we motivate the choices we have made in the process of designing Rijndael and its predecessors. We start with discussing the criteria that are widely considered important for block ciphers such as security and efficiency. After that, we introduce the criterion of simplicity that plays such an important role in our design approach. We explain what we mean by it and why it is so important. A very effective way to keep things simple is by the introduction of symmetry. After discussing different ways of introducing symmetry, we motivate the choice of operations in Rijndael and its predecessors and our approach to security. This is followed by a discussion of what we think it takes to design a block cipher that satisfies our criteria. We conclude this chapter with a discussion on the generation and usage of round keys.
Joan Daemen, Vincent Rijmen

6. The Data Encryption Standard

Abstract
In this chapter we given a brief description of the block cipher DES [33]. Both differential cryptanalysis and linear cryptanalysis were successfully applied to the DES: differential cryptanalysis was the first chosen-plaintext attack, and linear cryptanalysis was the first known-plaintext attack that was theoretically more efficient than an exhaustive key search for the DES. Resistance against these two attacks is the most important criterion in the design of Rijndael.
Joan Daemen, Vincent Rijmen

7. Correlation Matrices

Abstract
In this chapter we consider correlations over Boolean functions and iterated Boolean transformations. Correlations play an important role in cryptanalysis in general and linear cryptanalysis in particular.
Joan Daemen, Vincent Rijmen

8. Difference Propagation

Abstract
In this chapter we consider difference propagation in Boolean functions. Difference propagation plays an important role in cryptanalysis in general and in differential cryptanalysis in particular.
Joan Daemen, Vincent Rijmen

9. The Wide Trail Strategy

Abstract
In this chapter we explain the strategy that underlies many choices made in the design of Rijndael and its related ciphers.
Joan Daemen, Vincent Rijmen

10. Cryptanalysis

Abstract
The resistance of Rijndael against linear and differential crypt analysis has been treated extensively in Chaps. 7 to 9. In this chapter we discuss the resistance of Rijndael against various other cryptanalytic attacks. None of these attacks poses a threat to Rijndael, not in an academic, theoretical sense, and certainly not in a practical sense. We also touch briefly on the topic of implementation attacks.
Joan Daemen, Vincent Rijmen

11. Related Block Ciphers

Abstract
We did not design Rijndael from scratch. In fact, prior to the design of Rijndael, we had already published three block ciphers that are similar to Rijndael. Each of these ciphers inherits properties from its predecessor and enriches them with new ideas. Moreover, since the publication of Rijndael and its predecessors, a substantial number of cryptographers have based block cipher designs on ideas that were introduced in the Rijndael family. Hence, Rijndael can be seen as a step in an evolution, with predecessors and successors.
Joan Daemen, Vincent Rijmen

Backmatter

Weitere Informationen