AES is a block cipher that will replace DES, but it is anticipated that Triple DES will remain an approved algorithm for U.S. Government use. Triple DES and DES are specified in FIPS 46-3.

The AES initiative was announced in January 1997 by NIST, and candidate encryption algorithm submissions were solicited.

On August 29, 1998, a group of 15 AES candidates were announced by NIST.

In 1999, NIST announced five finalist candidates.

These candidates were MARS, RC6, Rijndael, Serpent, and Twofish. NIST closed Round 2 of public analyses of these algorithms on May 15, 2000.

On October 2, 2000, NIST announced the selection of the Rijndael Block Cipher, developed by the Belgian cryptographers Dr. Joan Daemen and Dr. Vincent Rijmen, as the proposed AES algorithm. Rijndael was formalized as the Advanced Encryption Standard (AES) on November 26, 2001, as Federal Information Processing Standard Publication (FIPS PUB 197). FIPS PUB 197 states that This standard may be used by Federal departments and agencies when an agency determines that sensitive (unclassified) information (as defined in P.L.100-235) requires cryptographic protection.

Other FIPS-approved cryptographic algorithms may be used in addition to, or in lieu of, this standard.Ž Depending upon which of the three keys is used, the standard might be referred to as AES-128,Ž AES-192,Ž or AES-256.Ž It is expected that AES will be adopted by other private and public organizations inside and outside the United States.

The Rijndael Block Cipher

The Rijndael algorithm was designed to have the following properties:

 Resistance against all known attacks  Design simplicity  Code compactness and speed on a wide variety of platforms

The Rijndael cipher can be categorized as an iterated block cipher with a variable block length and key length that can be independently chosen as 128, 192, or 256 bits. In decimal terms, there are approximately 3.4 × 1038 possible 128-bit keys, 6.2 × 1057 possible 192-bit keys, and 1.1 × 1077 possible 256-bit keys.

AES specifies three key sizes„128, 192, and 256 bits„with a fixed block size of 128 bits.

As a measure of the relative strength of the Rijndael encryption algorithm, if a computer could crack the DES encryption by trying 256 keys in one second, the same computer would require 149 trillion (149 × 1012) years to crack Rijn-dael.

For a comparison, the universe is estimated to be fewer than 20 billion (20 × 109) years old. Rijndael defines an intermediate cipher result as a State upon which the transformations that are defined in the cipher operate. Instead of a Feistel network that takes a portion of the modified plaintext and transposes it to another position, the Rijndael Cipher employs a round transformation that is comprised of three layers of distinct and invertible transformations.

These transformations are also defined as uniform, which means that every bit of the State is treated the same. Each of the layers has the following respective functions:

The non-linear layer.

The parallel application of S-boxes that have optimum worst-case non-linearity properties.

The linear mixing layer. Layer that provides a guarantee of a high diffusion of multiple rounds.

The key addition layer.

An Exclusive Or of the Round Key to the intermediate State.

Round keys are derived from the Cipher key through a key schedule, which consists of a key expansion and Round key selection„defined as follows in the Rijndael Block Cipher AES Proposal (AES Proposal: Rijndael, Joan Daemen and Vincent Rijmen, version 2, 9/8/99), submitted to NIST:

The total number of Round key bits is equal to block length multiplied by the number of rounds plus 1, (e.g., for a block length of 128 bits and 10 rounds, 1408 Round Key bits are needed.) The Cipher Key is expanded into an Expanded Key. Round Keys are taken from the Expanded Key . . . .

The number of rounds used in the Rijndael cipher is a function of the key size as follows:

 256-bit key  14 rounds  192-bit key  12 rounds  128-bit key  10 rounds

The Rijndael Block Cipher is suited for the following types of implementations:

 High-speed chips with no area restrictions  A compact co-processor on a smart card

Leave a Reply