# The Advantages of AES

In documents coming out of an April 1997 AES Workshop, NIST listed these goals for AES:
Candidates were judged not only on how well they encrypted, but also how well they could be used in widely varying environments.
Candidates were judged by the following criteria:

A.1 AES shall be publicly defined.

A.2 AES shall be a symmetric block cipher.

A.3 AES shall be designed so that the key length may be increased as needed.

A.4 AES shall be implementable in both hardware and software.

A.5 AES shall either be a) freely available or b) available under terms consistent with the American National Standards Institute (ANSI) patent policy.

b) computational efficiency,

c) memory requirements,

d) hardware and software suitability,

e) simplicity,

f) flexibility, and

g) licensing requirements

- It should provide a strong cryptoalgorithm for government and commercial use.
- It should support Standard Codebook Modes.
*(Note: The DES algorithm turns a message block into a cipher block. If each block is encrypted individually, the mode of encryption is called Electronic Code Book (ECB) mode. There are two other modes of DES encryption, namely Chain Block Coding (CBC) and Cipher Feedback (CFB), which make each cipher block dependent on all the previous messages blocks through an initial XOR operation. Since each mode was in governmental/banking use, compatibility in how AES would handle information was desired.)* - It should be significantly more efficient than DES 3
- It should have a variable key size so that security could be increased when needed
- It should be selected in a fair and open manner
- It should be evaluable by (sufficiently expert) members of the public.

A.1 AES shall be publicly defined.

A.2 AES shall be a symmetric block cipher.

A.3 AES shall be designed so that the key length may be increased as needed.

A.4 AES shall be implementable in both hardware and software.

A.5 AES shall either be a) freely available or b) available under terms consistent with the American National Standards Institute (ANSI) patent policy.

*(Note: This meant that royalty-encumbered algorithms—the ones that would fall under ANSI policy—would also be considered . This was dropped, thereby making sure a non-encumbered (i.e., patent-free) algorithm would be the only one selectable)*A.6 Algorithms which meet the above requirements will be judged based on the following factors: a) security (i.e., the effort required to cryptanalyze),b) computational efficiency,

c) memory requirements,

d) hardware and software suitability,

e) simplicity,

f) flexibility, and

g) licensing requirements

*(Note: see A5 above)***Rijndael: The AES algorithm winner**In October 2000 NIST selected Rijndael as the AES algorithm. This does not replace DES 3—yet—as the way the government encrypts routinely because it still has to go through a vetting process where the "stakeholders" express their views. But it sure greases its path to do so. Rijndael is an iterated block cipher with a variable block length and a variable key length. The block length and the key length can be independently specified to 128, 192 or 256 bits. Several operations in Rijndael (pronounce it "rain doll" in English) are defined at byte level, with bytes representing elements in the finite field GF(2^8), which is representative of the 8 bits in a byte. Other operations are defined in terms of 4-byte words. Addition , as usual, corresponds with the simple bitwise EXOR at the byte level. In the polynomial representation, multiplication in GF(2^8) corresponds with multiplication of polynomials modulo an irreducible binary polynomial of degree 8. (A polynomial is irreducible if it has no divisors other than 1 and itself.) For Rijndael, this polynomial is called m( x ) and given by: m( x ) = (x^8 + x^4 + x^3+ x + 1) or 11B in hexadecimal representation. The result will be a binary polynomial of degree below 8. Unlike addition, there is no simple operation at the byte level.**Next page: A Better Round Transformation**
Loading Comments...