## The Design of Rijndael: AES - The Advanced Encryption StandardRijndael was the surprise winner of the contest for the new Advanced En cryption Standard (AES) for the United States. This contest was organized and run by the National Institute for Standards and Technology (NIST) be ginning in January 1997; Rijndael was announced as the winner in October 2000. It was the "surprise winner" because many observers (and even some participants) expressed scepticism that the D.S. government would adopt as an encryption standard any algorithm that was not designed by D.S. citizens. Yet NIST ran an open, international, selection process that should serve as model for other standards organizations. For example, NIST held their 1999 AES meeting in Rome, Italy. The five finalist algorithms were designed by teams from all over the world. In the end, the elegance, efficiency, security, and principled design of Rijndael won the day for its two Belgian designers, Joan Daemen and Vincent Rijmen, over the competing finalist designs from RSA, IBM, Counterpane Systems, and an EnglishjIsraelijDanish team. This book is the story of the design of Rijndael, as told by the designers themselves. It outlines the foundations of Rijndael in relation to the previous ciphers the authors have designed. It explains the mathematics needed to and the operation of Rijndael, and it provides reference C code and underst test vectors for the cipher. |

### What people are saying - Write a review

#### Review: The Design of Rijndael: AES - The Advanced Encryption Standard

User Review - Mike - GoodreadsThe model behind AES encryption standards Read full review

### Contents

I | 1 |

IV | 2 |

V | 3 |

VI | 4 |

X | 5 |

XII | 6 |

XIII | 7 |

XV | 9 |

CXXIII | 104 |

CXXIV | 105 |

CXXV | 106 |

CXXVI | 108 |

CXXVIII | 109 |

CXXIX | 111 |

CXXX | 113 |

CXXXII | 114 |

XVI | 10 |

XVIII | 11 |

XIX | 13 |

XXI | 14 |

XXII | 15 |

XXIII | 16 |

XXIV | 17 |

XXVI | 19 |

XXVIII | 20 |

XXIX | 21 |

XXX | 22 |

XXXII | 23 |

XXXIII | 24 |

XXXIV | 25 |

XXXV | 27 |

XXXVIII | 28 |

XXXIX | 29 |

XLI | 31 |

XLIV | 33 |

XLVI | 34 |

XLVII | 37 |

XLVIII | 38 |

XLIX | 40 |

L | 41 |

LI | 43 |

LIV | 45 |

LVI | 46 |

LVII | 48 |

LVIII | 50 |

LIX | 53 |

LXII | 54 |

LXIII | 55 |

LXIV | 56 |

LXV | 59 |

LXVI | 60 |

LXVII | 61 |

LXIX | 62 |

LXXI | 63 |

LXXIV | 64 |

LXXVIII | 65 |

LXXX | 66 |

LXXXII | 67 |

LXXXIII | 68 |

LXXXVI | 69 |

LXXXVII | 70 |

LXXXIX | 71 |

XC | 72 |

XCI | 73 |

XCIII | 74 |

XCIV | 76 |

XCVI | 77 |

XCVIII | 78 |

XCIX | 79 |

C | 81 |

CII | 83 |

CIII | 85 |

CIV | 87 |

CV | 89 |

CVII | 90 |

CIX | 91 |

CX | 93 |

CXI | 94 |

CXIII | 95 |

CXIV | 96 |

CXVI | 98 |

CXVII | 99 |

CXVIII | 100 |

CXIX | 101 |

CXX | 102 |

CXXI | 103 |

CXXXIII | 115 |

CXXXV | 117 |

CXXXVIII | 118 |

CXXXIX | 119 |

CXLII | 120 |

CXLIII | 122 |

CXLIV | 123 |

CXLVII | 125 |

CXLVIII | 126 |

CL | 127 |

CLI | 129 |

CLII | 130 |

CLIII | 131 |

CLIV | 133 |

CLVI | 134 |

CLVIII | 136 |

CLX | 137 |

CLXI | 138 |

CLXII | 142 |

CLXIII | 143 |

CLXIV | 145 |

CLXVI | 147 |

CLXVIII | 149 |

CLXXI | 150 |

CLXXIII | 152 |

CLXXIV | 153 |

CLXXVII | 154 |

CLXXX | 155 |

CLXXXI | 156 |

CLXXXIII | 157 |

CLXXXVII | 158 |

CLXXXVIII | 160 |

CLXXXIX | 161 |

CXCII | 162 |

CXCIII | 163 |

CXCIV | 165 |

CXCV | 171 |

CXCVII | 172 |

CXCIX | 173 |

CCII | 175 |

CCIII | 176 |

CCIV | 177 |

CCVI | 179 |

CCVII | 180 |

CCVIII | 181 |

CCIX | 182 |

CCXII | 183 |

CCXIII | 184 |

CCXVI | 185 |

CCXVII | 186 |

CCXIX | 187 |

CCXX | 190 |

CCXXI | 192 |

CCXXII | 195 |

CCXXIII | 196 |

CCXXIV | 199 |

CCXXV | 200 |

CCXXVI | 202 |

CCXXVII | 204 |

CCXXVIII | 205 |

CCXXX | 207 |

CCXXXI | 211 |

CCXXXIII | 212 |

CCXXXV | 215 |

CCXXXVI | 217 |

CCXXXVII | 221 |

229 | |

235 | |

### Common terms and phrases

active bundles active bytes active columns active S-boxes AddRoundKey affine transformation applied binary Boolean functions block cipher block length Boolean permutation bundle weight Chap cipher key ciphertext components computed correlation contribution correlation matrix criteria cryptographic decryption algorithm defined denoted difference pattern difference propagation probability differential and linear differential branch number differential cryptanalysis differential trail efficient elements encryption expanded key finite field for(i for(j four rounds GF(p GF(pn given Hence implementation independent inverse InvMixColumns key addition key expansion key length key schedule key-alternating cipher linear branch number linear codes linear cryptanalysis linear expressions linear over GF(2 linear trails linear transformation lower bounded maximum MixColumns mixing step multiplication NIST non-linear step number of active number of rounds operation output parity pairs plaintext polynomial related-key attacks representation round key round transformation Sect sequence specified structure SubBytes symmetry Theorem two-round Twofish upper bound weak keys word8