Status Report on the First Round of the Development of the Advanced Encryption Standard

In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal information in furtherance of NIST’s statutory responsibilities. In 1998, NIST announced the acceptance of 15 candidate algorithms and requested the assistance of the cryptographic research community in analyzing the candidates. This analysis included an initial examination of the security and efficiency characteristics for each algorithm. NIST has reviewed the results of this research and selected five algorithms (MARS, RC6™, Rijndael, Serpent and Twofish) as finalists. The research results and rationale for the selection of the finalists are documented in this report. The five finalists will be the subject of further study before the selection of one or more of these algorithms for inclusion in the Advanced Encryption Standard.

[1]  Stefan Lucks On Security of the 128-Bit Block Cipher DEAL , 1999, FSE.

[2]  Morris J. Dworkin,et al.  Conference Report: FIRST ADVANCED ENCRYPTION STANDARD (AES) CANDIDATE CONFERENCE, Ventura, CA, August 20-22, 1998 , 1999 .

[3]  Don B. Johnson FUTURE RESILIENCY: A POSSIBLE NEW AES EVALUATION CRITERION , 2000 .

[4]  Bruce Schneier,et al.  Performance Comparison of the AES Submissions , 1999 .

[5]  A. Folmsbee AES Java Technology Comparisons , 1999 .

[6]  Antoine Joux,et al.  Report on the AES Candidates , 1999 .

[7]  Vincent Rijmen,et al.  On the Decorrelated Fast Cipher (DFC) and Its Theory , 1999, FSE.

[8]  Eli Biham A Note on Comparing the AES Candidates , 1999 .

[9]  Cryptanalysis of a Reduced Version of the Block Cipher E2 , 1999, FSE.

[10]  Juan Soto,et al.  Randomness Testing of the AES Candidate Algorithms , 1999 .

[11]  Morris J. Dworkin Second Advanced Encryption Standard Candidate Conference , 1999 .

[12]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[13]  Lawrence E. Bassham Efficiency Testing of ANSI C Implementations of Round 2 Candidate Algorithms for the Advanced Encryption Standard , 2000, AES Candidate Conference.

[14]  Brian R. Gladman Implementation Experience with AES Candidate Algorithms , 1999 .

[15]  Helger Lipmaa AES Candidates: A Survey of Implementations , 1999 .

[16]  Craig S. K. Clapp,et al.  Instruction-level Parallelism in AES Candidates , 1999 .

[17]  Johan Borst Weak Keys of CRYPTON , 1998 .

[18]  Bruce Schneier,et al.  Cryptanalysis of FROG , 1998 .

[19]  J. Fowler,et al.  Journal of Research of the National Institute of Standards and Technology INFORMATION TECHNOLOGY FOR ENGINEERING AND MANUFACTURING Gaithersburg , MD June 12-13 , 2000 , 2000 .

[20]  Lars R. Knudsen Some thoughts on the AES process , 1999 .

[21]  Vincent Rijmen,et al.  Attack on Six Rounds of Crypton , 1999, FSE.

[22]  B. Ramakrishna Rau,et al.  Instruction-level Parallelism , 2001 .

[23]  Morris J. Dworkin,et al.  FIRST ADVANCED ENCRYPTION STANDARD (AES) CANDIDATE CONFERENCEentura, CA , 1999 .