|
|
AES: the Advanced Encryption Standard
The goal of the Advanced Encryption Standard (AES) competition was to specify
"an unclassified, publicly disclosed encryption algorithm capable of
protecting sensitive government information well into the next century".
The AES competition was organized
by the United States National Institute of Standards and Technology (NIST).
Requirements
Each AES submission was required to be a block cipher
supporting a block length of 128 bits
and key lengths of 128, 192, and 256 bits.
The call for proposals specified the following evaluation criteria:
- Security ("the most important factor in the evaluation"):
- "Actual security of the algorithm compared to other submitted algorithms";
- "The extent to which the algorithm output is indistinguishable from a random permutation
on the input block";
- "Soundness of the mathematical basis for the algorithm's security";
- "Other security factors raised by the public during the evaluation process,
including any attacks which demonstrate that the actual security of
the algorithm is less than the strength claimed by the submitter".
- Cost:
- "Licensing requirements" ("AES shall be available on a worldwide, non-exclusive, royalty-free basis");
- "Computational efficiency";
- "Memory requirements".
- "Algorithm and implementation characteristics":
- "Flexibility" (e.g., additional key sizes, additional block sizes, wide variety of platforms, stream cipher, MAC generator, PRNG, hash);
- "Hardware and software suitability";
- "Simplicity".
Timeline
- M-17, 1997.01.02: NIST announces AES competition.
- M-14, 1997.04.15: AES Evaluation Criteria/Submission Requirements Workshop. Gaithersburg.
- M-9, 1997.09.12: NIST issues call for algorithms.
- M0, 1998.06.15: Deadline for submissions.
- M2, 1998.08.20: First AES Candidate Conference. NIST announces 15 AES candidates.
- M9, 1999.03.22–23: Second AES Candidate Conference.
- M14, 1999.08.09: NIST announces its selection of 5 AES finalists.
- M22, 2000.04.13–14: Third AES Candidate Conference.
- M23, 2000.05.15: End of comment period.
- M28, 2000.10.02: NIST announces its selection of AES.
Candidates
winner | finalist | round 1 | candidate | designers |
|---|
yes | yes | yes | Rijndael | Vincent Rijmen, Joan Daemen |
| yes | yes | MARS | Carolynn Burwick, Don Coppersmith, Edward D'Avignon, Rosario Gennaro, Shai Halevi, Charanjit Jutla, Stephen M. Matyas, Luke O'Connor, Mohammad Peyravian, David Safford, Nevenko Zunic |
| yes | yes | RC6 | Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin |
| yes | yes | Serpent | Ross Anderson, Eli Biham, Lars Knudsen |
| yes | yes | Twofish | Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson |
| | yes | CAST-256 | Carlisle Adams, Stafford Tavares, Howard Heys, Michael Wiener |
| | yes | CRYPTON | Chae Hoon Lim |
| | yes | DEAL | Lars Knudsen |
| | yes | DFC | Henri Gilbert, Marc Girault, Philippe Hoogvorst, Fabrice Noilhan, Thomas Pornin, Guillaume Poupard, Jacques Stern, Serge Vaudenay |
| | yes | E2 | Masayuki Kanda, Shiho Moriai, Kazumaro Aoki, Hiroki Ueda, Miyako Ohkubo, Youichi Takashima, Kazuo Ohta, Tsutomu Matsumoto |
| | yes | FROG | Dianelos Georgoudis, Damian Leroux, Billy Simón Chaves |
| | yes | HPC | Richard Schroeppel |
| | yes | LOKI97 | Lawrence Brown, Josef Pieprzyk, Jennifer Seberry |
| | yes | MAGENTA | Michael Jacobson Jr., Klaus Huber |
| | yes | SAFER+ | James Massey, Gurgen Khachatrian, Melsik Kuregian |
Version:
This is version 2014.01.27 of the aes.html web page.
|