AES Lounge
This website is a dissemination effort within ECRYPT, the Network of Excellence in Cryptology which is funded within the Information Societies Technology (IST) Programme of the European Commission's Sixth Framework Programme (FP6) under contract number IST-2002-507932 . It is maintained by members of the IAIK Krypto and VLSI groups as a joint activity in the "Secure and efficient implementations virtual lab" (VAMPIRE).
 |
 |
| Links |
In the year 2000, the US National Institute of Standards and Technology (NIST) announced that Rijndael was selected as Advanced Encryption Standard (AES). This selection was the result of a 3 year long selection process, which was started in September 1997 by NIST. The selection process itself was divided into several rounds with a public workshop at the end of each round. At the end of the first round, which was in August 1998, 15 algorithms were accepted as candidates. In the evaluation round thereafter, these algorithms were evaluatated for their security, cost and algorithm and implementation characteristics. In March 1999, the second workshop was held and it brought a whole load of results with respect to the candidates. In August 1999, 5 finalist algorithms were selected from the 15 candidates. Until April 2000, where the third AES workshop was held, the finalists were analysed in detail. At this conference, the results of this stage were presented and a questionnaire was handed out asking about the preference of the attendents. Rijndael turned out to be the favorite algorithm. On 2 October, 2000, NIST officially announced that Rijndael has been chosen as Advanced Encryption Standard (AES). |
| Rijndael | |
| AES Security | |
| AES Hardware Architectures | |
| High Speed AES Hardware Implementations | |
| Low Cost AES Hardware Implementations | |
| AES Software Implementations | |
| AES & Side-Channel Analysis | |
| AES & Fault Analysis | |
| AES & Instruction Set Extensions | |
Links
| NIST's old AES page which contains information about the AES process (conferences). | http://csrc.nist.gov/CryptoToolkit/aes/ |
| NIST's CSRC cryptographic toolkit web site which contains the AES specification | http://csrc.nist.gov/CryptoToolkit/tkencryption.html |
| Errata for the book "The Design of Rijndael" | local Link (pdf) |
Rijndael
Year |
Title |
Authors |
Where published |
|
| 2003 | National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Sysmtems and National Security Information | National Security Agency (NSA) | CNSS Website | |
| 2002 | The Design of Rijndael |  |
Joan Daemen and Vincent Rijmen |
Springer, ISBN 3-540-42580-2 |
| 2001 |
FIPS-197: Advanced Encryption Standard |
National Institute of Standards and Technology (NIST) | NIST Website | |
| To obtain the bibliography (or other information) for a paper, which is listed below, just copy the title of the article, or the authors and go to http://www.informatik.uni-trier.de/~ley/db/index.html. There, you can search there for article, authors or conference name. At the same site you find the link to the electronic version of a paper, if such a version is available. Papers, which are hosted on the eprint archive, can be found at http://eprint.iacr.org/. Papers, which have been presented at an AES conferences without Springer Proceedings, can be found on the NIST homepage (see Links). |
AES Security
The following table lists the best known short-cut attacks on each of the three AES variants.
Attack |
Year |
Paper |
AES-128 (10 Rounds) |
AES-192 (12 Rounds) |
AES-256 (14 Rounds) |
|
Related Key Boomerang
|
2009
|
Biryukov and Khovratovich, Related-key Cryptanalysis of the Full AES-192 and AES-256,
ePrint Archive: Report 2009/317
|
12 Rounds
|
14 Rounds
|
|
|
Related Key
|
2005
|
Biham et al., Related-Key Boomerang and Rectangle Attacks,
Advances in Cryptology - EUROCRYPT 2005, LNCS 3494, pages 507-525, Springer, 2005
|
9 Rounds
|
||
|
Truncated Differential
|
2003
|
Jakimoski et al., Related-Key Differential
Cryptanalysis of 192-bit Key AES Variants, SAC 2003, LNCS
Vol. 3006, pages 208-221, Springer, 2004
|
6 Rounds
|
||
|
Impossible - Differential Related-Key
|
2003
|
Jakimoski et al., Related-Key Differential
Cryptanalysis of 192-bit Key AES Variants, SAC 2003, LNCS
Vol. 3006, pages 208-221, Springer, 2004
|
8 Rounds
|
||
|
Impossible Differential
|
2001
|
Cheon et al., Improved Impossible Differential
Cryptanalysis of Rijndael and Crypton, ICISC 2001, LNCS Vol.
2288, pages 39-49, Springer
|
6 Rounds
|
||
|
Square Attack
|
2000
|
Lucks, Attacking seven rounds of Rijndael
under 192-bit and 256-bit keys. Proceedings of AES3, NIST
|
7 Rounds
|
7 Rounds
|
|
|
Square Attack
|
2000
|
Ferguson et al. Improved cryptanalysis of
Rijndael, FSE 2000, LNCS Vol. 1978, pages 213-230, Springer
|
7 Rounds
|
7 Rounds
|
9 Rounds
|
|
Collision Attack
|
2000
|
Gilbert et al., A collision attack on seven
rounds of Rijndael, Proceedings of AES 3, NIST
|
7 Rounds
|
7 Rounds
|
7 Rounds
|
AES Hardware Architectures
Year |
Title |
Authors |
Where published |
||
|
2005
|
State of the Art in Hardware Architectures. Note: Deliverable with a special focus on AES
hardware architectures. |
Martin Feldhofer, Kerstin Lemke, Elisabeth
Oswald, Francois-Xavier Standaert, Thomas Wollinger and Johannes
Wolkerstorfer
|
Deliverable No. D.VAM2 - State of the Art
in Hardware Architectures, September 2005, File
as pdf
|
||
|
2005
|
AES on FPGA: from the fastest to the smallest
|
Tim Good and Mohammed Benaissa
|
Proceedings of CHES 2005, pp. 427-440, LNCS
3659, Springer, 2005
|
||
|
2005
|
A 3.84 Gbits/s AES crypto coprocessor with
modes of operation in a 0.18-um CMOS Technology
|
Alireza Hodjat, David Hwang, Bo-Cheng Lai,
Kris Tiri, and Ingrid Verbauwhede
|
Proceedings of the 15th ACM Great Lakes Symposium
on VLSI 2005, pages 60--63. ACM, ACM Press, April 2005
|
||
|
2005
|
Efficient AES Implementations on ASICs and
FPGAs
|
Norbert Pramstaller, Stefan Mangard, Sandra
Dominikus, and Johannes Wolkerstorfer
|
Proceedings of the Fourth Workshop on the
Advanced Encryption Standard, AES4
- State of the Crypto Analysis, LNCS vol- 3373 2005. |
||
|
2004
|
A Universal and Efficient AES Co-Processor
for Field Programmable Logic Arrays
|
Norbert Pramstaller and Johannes Wolkerstorfer
|
FPL 2004, Proceedings, LNCS Vol. 3203, pp. 565--574 |
||
|
2004
|
Exploring Area/Delay Tradeoffs in an AES FPGA
Implementation.
|
Joseph Zambreno, David Nguyen, and Alok N.
Choudhary
|
FPL 2004, Proceedings, LNCS Vol. 3203, pp.
575-585
|
||
|
2003
|
Efficient Implementation of Rijndael Encryption
in Reconfigurable Hardware: Improvements and Design Tradeoffs
|
François-Xavier Standaert, Gaël
Rouvroy, Jean-Jacques Quisquater, Jean-Didier Legat
|
CHES 2003, LNCS Vol. 2779
|
||
|
2003
|
Design and Performance Testing of a 2.29 Gb/s
Rijndael Processor
|
Ingrid Verbauwhede and Patrick Schaumont and
Henry Kuo
|
IEEE Journal of Solid-State Circuits, pp.
569-572
|
||
|
2003
|
A Highly Regular and Scalable AES Hardware
Architecture
|
Stefan Mangard and Manfred Aigner and Sandra
Dominikus
|
IEEE Transactions on Computers, Vol. 52, pp. 483-491, 2003 |
||
|
2003
|
Very Compact FPGA Implementation of the AES
Algorithm
|
Pawel Chodowiec and Kris Gaj
|
CHES 2003, Proceedings, LNCS Vol. 2779,
pp. 319-333
|
||
|
2003
|
An Efficient AES Implementation for Reconfigurable
Devices
|
Norbert Pramstaller and Johannes Wolkerstorfer
|
Austrochip 2003, Proceedings, pp. 5-8
|
||
|
2002
|
An ASIC implementation of the AES SBoxes
|
Johannes Wolkerstorfer and Elisabeth Oswald
and Mario Lamberger
|
CT-RSA 2002, LNCS Vol. 2271, pp. 67-78
|
||
|
2001
|
Efficient Rijndael Encryption Implementation
with Composite Field Arithmetic
|
Atri Rudra and Pradeep K. Dubey and Charanjit
S. Jutla and Vijay Kumar and Josyula R. Rao and Pankaj Rohatgi
|
CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 171-184
|
||
|
2001
|
A Compact Rijndael Hardware Architecture with
S-Box Optimization
|
Akashi Satoh and Sumio Morioka and Kohji Takano
and Seiji Munetoh
|
ASIACRYPT 2001, Proceedings, LNCS Vol. 2248
, pp. 239-254
|
||
|
2001
|
Two Methods of Rijndael Implementation in
Reconfigurable Hardware
|
Viktor Fischer and Milos Drutarovsky
|
CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 77-92
|
||
| 2001 | Architectural optimization for a 1.82 Gbits/sec VLSI implementation of the AES Rijndael algorithm | H. Kuo and I. Verbauwhede | CHES 2001, Proceedings, LNCS Vol. 2162, pp. 51-64 | ||
High Speed Implementations
Year |
Title |
Authors |
Where published |
||
|
2005
|
A 21.54 Gbits/s Fully Pipelined AES Processor
on FPGA
|
Alireza Hodjat and Ingrid Verbauwhede
|
12th IEEE Symposium on Field-Programmable
Custom Computing Machines (FCCM 2004), pages 308-309, IEEE
Computer Society, 2004
|
||
|
2005
|
Minimum Area Cost for a 30 to 70 Gbits/s AES
Processor
|
Alireza Hodjat and Ingrid Verbauwhede
|
2004 IEEE Computer Society Annual Symposium
on VLSI (ISVLSI 2004), Emerging Trends in VLSI Systems Design,
pages 83--88, IEEE Computer Society, 2004
|
||
|
2004
|
High-Speed VLSI Architectures for the AES
Algorithm
|
Xinmiao Zhang and Keshab K. Parhiter
|
EEE Transactions on Very Large Scale Integration
(VLSI) Systems, 12(9):957--967, September 2004
|
||
|
2004
|
An Efficient FPGA Implementation of Advanced
Encryption Standard Algorithm
|
Shuenn-Shyang Wang and Wan-Sheng Ni
|
ISCAS 2004, Proceedings, Volume~2, pp. 597-600,
IEEE Computer Society, May 2004
|
||
|
2003
|
An FPGA-Based Performance Analysis of the
Unrolling, Tiling, and Pipelining of the AES Algorithm
|
Giacinto~Paolo Saggese, Antonino Mazzeo, Nicola
Mazzocca, and Antonio G.~M. Strollo
|
FPL 2003, Proceedings, LNCS Vo. 2778, pp.
292-302, 2003
|
||
|
2001
|
Fast implementations of secret-key block ciphers
using mixed inner- and outer-round pipelining
|
Pawel Chodowiec and Po Khuon and Kris Gaj
|
FPGA 2001, Proceedings, pp. 94-102 |
||
| 2001 | Architectural optimization for a 1.82 Gbits/sec VLSI implementation of the AES Rijndael algorithm | H. Kuo and I. Verbauwhede | CHES 2001, Proceedings, LNCS Vol. 2162, pp. 51-64 | ||
|
|
|||||
|
2001
|
High Performance Single-Chip FPGA Rijndael
Algorithm Implementations
|
M. McLoone and John V. McCanny
|
CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 65-76
|
Low Cost Implementations
Year |
Title |
Authors |
Where published |
||
|
2005
|
AES Implementation on a Grain of Sand
|
Martin Feldhofer, Johannes Wolkerstorfer,
and Vincent Rijmen
|
IEE Proceedings on Information Security, Volume 152, Issue 1, pp. 13-20
|
||
|
2005
|
A Very Compact S-Box for AES
|
D. Canright
|
Proceedings of CHES 2005, pp. 441-456, LNCS
3659, Springer, 2005
|
||
|
2005
|
A Systematic Evaluation of Compact Hardware
Implementations for the Rijndael S-Box
|
Nele Mentens, Lejla Batina, Bart Preneel and
Ingrid Verbauwhede
|
Proceedings of CT-RSA 2005, pp.323-333, LNCS
3376, Springer, 2005
|
||
| 2004 | Power-Efficient ASIC Synthesis of Cryptographic S-boxes | Guido Bertoni, Marco Macchetti, and Luca Negri | Proceeding of GLSVLSI, pp. 277-281, ACM Press. | ||
|
2004
|
Compact and Efficient Encryption/Decryption
Module for FPGA Implementation of AES Rijndael Very Well Suited
for Small Embedded Applications
|
Gaël Rouvroy, François-Xavier
Standaert, Jean-Jacques Quisquater, Jean-Didier Legat
|
ITCC 2004, IEEE Computer Society
|
||
|
2004
|
Strong Authentication for RFID Systems using
the AES Algorithm
|
Martin Feldhofer and Sandra Dominikus and
Johannes Wolkerstorfer
|
CHES 2004, LNCS Vol. 3156 |
||
|
2004
|
Design of AES Based on Dual Cipher and Composite
Field
|
Shee-Yau Wu and Shih-Chuan Lu and Chi-Sung
Laih
|
CT-RSA 2004, LNCS Vol. 2964
|
||
|
2002
|
An ASIC implementation of the AES SBoxes
|
Johannes Wolkerstorfer and Elisabeth Oswald
and Mario Lamberger
|
CT-RSA 2002, LNCS Vol. 2271, pp. 67-78
|
||
|
2001
|
Efficient Rijndael Encryption Implementation
with Composite Field Arithmetic
|
Atri Rudra and Pradeep K. Dubey and Charanjit
S. Jutla and Vijay Kumar and Josyula R. Rao and Pankaj Rohatgi
|
CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 171-184
|
||
|
2001
|
A Compact Rijndael Hardware Architecture with
S-Box Optimization
|
Akashi Satoh and Sumio Morioka and Kohji Takano
and Seiji Munetoh
|
ASIACRYPT 2001, Proceedings, LNCS Vol. 2248
, pp. 239-254
|
||
|
2001
|
An ASIC Implementation of the AES-MixColumn
operation
|
Johannes Wolkerstorfer
|
Austrochip 2001, pp. 129-132
|
AES Software Implementations
Year |
Title |
Authors |
Where published |
||
|
2008 |
A Fast and Cache-Timing Resistant Implementation of the AES |
Robert Könighofer |
CT-RSA 2008, to appear Implementation available |
||
|
2007 |
On the Power of Bitslice Implementation on Intel Core2 Processor |
Mitsuru Matsui, Junko Nakajima |
CHES 2007, Proceedings, LNCS 4727, pp. 121-134 |
||
|
2006 |
How Far Can We Go on the x64 Processors? |
Mitsuru Matsui |
FSE 2006, Revised Selected Papers, LNCS 4047, pp. 341-358 |
||
|
2005
|
How to Maximise Software Performance of Symmetric
Primitives on Pentium III and 4 Processors
|
Mitsuru Matsui and Sayaka Fukuda
|
FSE 2005, Revised Selected Papers, LNCS 3557,
pp.398-412
|
||
|
2003
|
Efficient Software Implementation of AES on
32-Bit Platforms
|
Guido Bertoni and Luca Breveglieri and Pasqualina
Fragneto and Marco Macchetti and Stefano Marchesin
|
CHES 2002, Revised Papers, LNCS Vol. 2523, pp. 159-171 |
AES & Side-Channel Analysis
Year |
Title |
Authors |
Where published |
||
|
2006 |
Higher-Order Masking of the AES |
Kai Schramm and Christoph Paar |
CT-RSA 2006, LNCS 3860, pp. 208-225, Springer, 2006 |
||
|
2006 |
Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. |
Elisabeth Oswald, Stefan Mangard, Christoph Herbst and Stefan Tillich |
CT-RSA 2006, LNCS 3860, pp. 192-207, Springer, 2006 |
||
|
2005
|
Successfully Attacking Masked AES Hardware
Implementations
|
Stefan Mangard, Norbert Pramstaller and Elisabeth
Oswald
|
CHES 2005, LNCS 3659, pp. 157-171, Springer,
2005
|
||
|
2005
|
A Side-Channel Analysis Resistant Description
of the AES S-box.
|
Elisabeth Oswald, Stefan Mangard, Norbert
Pramstaller and Vincent Rijmen
|
FSE 2005, Revised Selected Papers, LNCS 3557,
pp. 413-423, Springer, 2005
|
||
|
2004
|
Power Analysis of an FPGA Implementation of
Rijndael: Is Pipelining a DPA Countermeasure?
|
François-Xavier Standaert, Siddika
Berna Ors, Bart Preneel
|
CHES 2004, LNCS 3156, pp. 30-44, Springer,
2004
|
||
|
2004
|
A Collision-Attack on AES: Combining Side
Channel- and Differential-Attack
|
Kai Schramm and Gregor Leander and Patrick
Felke and
Christof Paar |
CHES 2004, LNCS 3156, pp. 163-175, Springer,
2004
|
||
|
2004
|
Two Power Analysis Attacks against One-Mask
Methods
|
M.-L. Akkar and R. Bevan and L. Goubin
|
FSE 2004, LNCS 3017, pp. 332-347, Springer, 2004 |
||
|
200X
|
Small Size, Low Power, Side Channel-Immune
AES Coprocessor: Design and Synthesis Results
|
Elena Trichina and Tymur Korkishko
|
Proceedings of the Fourth Conference on the
Advanced Encryption Standard (AES), 2004
|
||
|
2004
|
Provably Secure Masking of AES
|
Johannes Bloemer and Jorge Guajardo Merchan
and Volker Krummel
|
SAC 2004, LNCS 3357, pp. 69-83, Springer,
2004
|
||
|
2004
|
Secure and Efficient Masking of AES -- A Mission
Impossible?
|
Elisabeth Oswald and Stefan Mangard and Norbert
Pramstaller
|
Cryptology ePrint Archive, Report 2004/134
|
||
|
2004
|
Electromagnetic Side Channels of an FPGA Implementation
of AES
|
Vincent Carlier, Hervé Chabanne, Emmanuelle
Dottax and Hervé Pelletier
|
Cryptology ePrint Archive, Report 2004/145
|
||
|
2003
|
A Simple Power-Analysis (SPA) Attack on Implementations
of the AES Key Expansion
|
Stefan Mangard
|
ICISC 2002, Revised Papers, LNCS Vol. 2587
, pp. 343-358
|
||
|
2003
|
A Generic Protection against High-Order Differential
Power Analysis
|
Mehdi-Laurent Akkar and Louis Goubin
|
FSE 2003, Revised Papers, LNCS Vol. 2887
, pp. 192-205
|
||
|
2003
|
Multiplicative Masking and Power Analysis
of AES
|
Jovan D. Golic and Christophe Tymen
|
CHES 2002, Revised Papers, LNCS Vol. 2535
, pp. 198-212
|
||
|
2003
|
Simplified Adaptive Multiplicative Masking
for AES
|
Elena Trichina and Domenico De Seta and Lucia
Germani
|
CHES 2002, Revised Papers, LNCS Vol. 2535
, pp. 187-197
|
||
|
2001
|
An Implementation of DES and AES, Secure against
Some Attacks
|
Mehdi-Laurent Akkar and Christophe Giraud
|
CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 309-318
|
||
|
2000
|
On Boolean and Arithmetic Masking against
Differential Power Analysis
|
Jean-Sebastien Coron and Louis Goubin
|
CHES 2000, Proceedings, LNCS Vol. 1965,
pp. 231-237
|
||
AES & Fault Analysis
Year |
Title |
Authors |
Where published |
||
|
2003
|
A Differential Fault Attack Technique against
SPN Structures, with Application to the AES and KHAZAD
|
Gilles Piret, Jean-Jacques Quisquater
|
CHES 2003, LNCS Vol. 2779
|
||
|
2003
|
Differential Fault Analysis on AES Key Schedule
and Some Coutnermeasures
|
Chien-Ning Chen, Sung-Ming Yen
|
ACISP 2003, Proceedings, LNCS Vol. 2727, pp.
118-129 |
||
|
2003
|
Fault Based Cryptanalysis of the Advanced
Encryption Standard (AES)
|
Johannes Blömer, Jean-Pierre Seifert
|
FC 2004, Proceedings, LNCS Vol. 2742, pp 162-181
|
AES & Instruction Set Extensions
Year |
Title |
Authors |
Where published |
||
| 2005 | An Instruction Set Extension for Fast and Memory-Efficient AES Implementation | Stefan Tillich, Johann Großschädl, and Alexander Szekely | Communications and Multimedia Security (CMS), LNCS Vol. 3677, pp. 11-21, Springer Verlag. | ||
| 2005 | Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography | Stefan Tillich and Johann Großschädl | Computational Science and Its Applications (ICCSA), LNCS Vol. 3481, pp. 665-675, Springer Verlag. | ||
| 2004 | Extended Instructions for the AES Cryptography and their Efficient Implementation | Kouhei Nadehara, Masao Ikekawa, and Ichiro Kuroda | Proceedings of the 18th IEEE Workshop on Signal Processing Systems (SIPS 2004), pp. 152-157. IEEE Computer Society. |
This site was initially created by Elisabeth Oswald, and is now maintained by Christian Rechberger. Send comments on this site to Christian.Rechberger@iaik.tugraz.at
Disclaimer:
The information on this web site is provided as is, and no guarantee or warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.