AES Lounge
This website is a dissemination effort within ECRYPT, the Network of Excellence in Cryptology which is funded within the Information Societies Technology (IST) Programme of the European Commission's Sixth Framework Programme (FP6) under contract number IST2002507932 . It is maintained by members of the IAIK Krypto and VLSI groups as a joint activity in the "Secure and efficient implementations virtual lab" (VAMPIRE).
Links 
In the year 2000, the US National Institute of Standards and Technology (NIST) announced that Rijndael was selected as Advanced Encryption Standard (AES). This selection was the result of a 3 year long selection process, which was started in September 1997 by NIST. The selection process itself was divided into several rounds with a public workshop at the end of each round. At the end of the first round, which was in August 1998, 15 algorithms were accepted as candidates. In the evaluation round thereafter, these algorithms were evaluatated for their security, cost and algorithm and implementation characteristics. In March 1999, the second workshop was held and it brought a whole load of results with respect to the candidates. In August 1999, 5 finalist algorithms were selected from the 15 candidates. Until April 2000, where the third AES workshop was held, the finalists were analysed in detail. At this conference, the results of this stage were presented and a questionnaire was handed out asking about the preference of the attendents. Rijndael turned out to be the favorite algorithm. On 2 October, 2000, NIST officially announced that Rijndael has been chosen as Advanced Encryption Standard (AES). 
Rijndael  
AES Security  
AES Hardware Architectures  
High Speed AES Hardware Implementations  
Low Cost AES Hardware Implementations  
AES Software Implementations  
AES & SideChannel Analysis  
AES & Fault Analysis  
AES & Instruction Set Extensions  
Links
NIST's old AES page which contains information about the AES process (conferences).  http://csrc.nist.gov/CryptoToolkit/aes/ 
NIST's CSRC cryptographic toolkit web site which contains the AES specification  http://csrc.nist.gov/CryptoToolkit/tkencryption.html 
Errata for the book "The Design of Rijndael"  local Link (pdf) 
Rijndael
Year 
Title 
Authors 
Where published 

2003  National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Sysmtems and National Security Information  National Security Agency (NSA)  CNSS Website  
2002  The Design of Rijndael  Joan Daemen and Vincent Rijmen 
Springer, ISBN 3540425802 

2001 
FIPS197: Advanced Encryption Standard 
National Institute of Standards and Technology (NIST)  NIST Website 
To obtain the bibliography (or other information) for a paper, which is listed below, just copy the title of the article, or the authors and go to http://www.informatik.unitrier.de/~ley/db/index.html. There, you can search there for article, authors or conference name. At the same site you find the link to the electronic version of a paper, if such a version is available. Papers, which are hosted on the eprint archive, can be found at http://eprint.iacr.org/. Papers, which have been presented at an AES conferences without Springer Proceedings, can be found on the NIST homepage (see Links). 
AES Security
The following table lists the best known shortcut attacks on each of the three AES variants.
Attack 
Year 
Paper 
AES128 (10 Rounds) 
AES192 (12 Rounds) 
AES256 (14 Rounds) 
Related Key Boomerang

2009

Biryukov and Khovratovich, Relatedkey Cryptanalysis of the Full AES192 and AES256,
ePrint Archive: Report 2009/317

12 Rounds

14 Rounds


Related Key

2005

Biham et al., RelatedKey Boomerang and Rectangle Attacks,
Advances in Cryptology  EUROCRYPT 2005, LNCS 3494, pages 507525, Springer, 2005

9 Rounds


Truncated Differential

2003

Jakimoski et al., RelatedKey Differential
Cryptanalysis of 192bit Key AES Variants, SAC 2003, LNCS
Vol. 3006, pages 208221, Springer, 2004

6 Rounds


Impossible  Differential RelatedKey

2003

Jakimoski et al., RelatedKey Differential
Cryptanalysis of 192bit Key AES Variants, SAC 2003, LNCS
Vol. 3006, pages 208221, Springer, 2004

8 Rounds


Impossible Differential

2001

Cheon et al., Improved Impossible Differential
Cryptanalysis of Rijndael and Crypton, ICISC 2001, LNCS Vol.
2288, pages 3949, Springer

6 Rounds


Square Attack

2000

Lucks, Attacking seven rounds of Rijndael
under 192bit and 256bit keys. Proceedings of AES3, NIST

7 Rounds

7 Rounds


Square Attack

2000

Ferguson et al. Improved cryptanalysis of
Rijndael, FSE 2000, LNCS Vol. 1978, pages 213230, Springer

7 Rounds

7 Rounds

9 Rounds

Collision Attack

2000

Gilbert et al., A collision attack on seven
rounds of Rijndael, Proceedings of AES 3, NIST

7 Rounds

7 Rounds

7 Rounds

AES Hardware Architectures
Year 
Title 
Authors 
Where published 

2005

State of the Art in Hardware Architectures. Note: Deliverable with a special focus on AES
hardware architectures. 
Martin Feldhofer, Kerstin Lemke, Elisabeth
Oswald, FrancoisXavier Standaert, Thomas Wollinger and Johannes
Wolkerstorfer

Deliverable No. D.VAM2  State of the Art
in Hardware Architectures, September 2005, File
as pdf


2005

AES on FPGA: from the fastest to the smallest

Tim Good and Mohammed Benaissa

Proceedings of CHES 2005, pp. 427440, LNCS
3659, Springer, 2005


2005

A 3.84 Gbits/s AES crypto coprocessor with
modes of operation in a 0.18um CMOS Technology

Alireza Hodjat, David Hwang, BoCheng Lai,
Kris Tiri, and Ingrid Verbauwhede

Proceedings of the 15th ACM Great Lakes Symposium
on VLSI 2005, pages 6063. ACM, ACM Press, April 2005


2005

Efficient AES Implementations on ASICs and
FPGAs

Norbert Pramstaller, Stefan Mangard, Sandra
Dominikus, and Johannes Wolkerstorfer

Proceedings of the Fourth Workshop on the
Advanced Encryption Standard, AES4
 State of the Crypto Analysis, LNCS vol 3373 2005. 

2004

A Universal and Efficient AES CoProcessor
for Field Programmable Logic Arrays

Norbert Pramstaller and Johannes Wolkerstorfer

FPL 2004, Proceedings, LNCS Vol. 3203, pp. 565574 

2004

Exploring Area/Delay Tradeoffs in an AES FPGA
Implementation.

Joseph Zambreno, David Nguyen, and Alok N.
Choudhary

FPL 2004, Proceedings, LNCS Vol. 3203, pp.
575585


2003

Efficient Implementation of Rijndael Encryption
in Reconfigurable Hardware: Improvements and Design Tradeoffs

FrançoisXavier Standaert, Gaël
Rouvroy, JeanJacques Quisquater, JeanDidier Legat

CHES 2003, LNCS Vol. 2779


2003

Design and Performance Testing of a 2.29 Gb/s
Rijndael Processor

Ingrid Verbauwhede and Patrick Schaumont and
Henry Kuo

IEEE Journal of SolidState Circuits, pp.
569572


2003

A Highly Regular and Scalable AES Hardware
Architecture

Stefan Mangard and Manfred Aigner and Sandra
Dominikus

IEEE Transactions on Computers, Vol. 52, pp. 483491, 2003 

2003

Very Compact FPGA Implementation of the AES
Algorithm

Pawel Chodowiec and Kris Gaj

CHES 2003, Proceedings, LNCS Vol. 2779,
pp. 319333


2003

An Efficient AES Implementation for Reconfigurable
Devices

Norbert Pramstaller and Johannes Wolkerstorfer

Austrochip 2003, Proceedings, pp. 58


2002

An ASIC implementation of the AES SBoxes

Johannes Wolkerstorfer and Elisabeth Oswald
and Mario Lamberger

CTRSA 2002, LNCS Vol. 2271, pp. 6778


2001

Efficient Rijndael Encryption Implementation
with Composite Field Arithmetic

Atri Rudra and Pradeep K. Dubey and Charanjit
S. Jutla and Vijay Kumar and Josyula R. Rao and Pankaj Rohatgi

CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 171184


2001

A Compact Rijndael Hardware Architecture with
SBox Optimization

Akashi Satoh and Sumio Morioka and Kohji Takano
and Seiji Munetoh

ASIACRYPT 2001, Proceedings, LNCS Vol. 2248
, pp. 239254


2001

Two Methods of Rijndael Implementation in
Reconfigurable Hardware

Viktor Fischer and Milos Drutarovsky

CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 7792


2001  Architectural optimization for a 1.82 Gbits/sec VLSI implementation of the AES Rijndael algorithm  H. Kuo and I. Verbauwhede  CHES 2001, Proceedings, LNCS Vol. 2162, pp. 5164  
High Speed Implementations
Year 
Title 
Authors 
Where published 

2005

A 21.54 Gbits/s Fully Pipelined AES Processor
on FPGA

Alireza Hodjat and Ingrid Verbauwhede

12th IEEE Symposium on FieldProgrammable
Custom Computing Machines (FCCM 2004), pages 308309, IEEE
Computer Society, 2004


2005

Minimum Area Cost for a 30 to 70 Gbits/s AES
Processor

Alireza Hodjat and Ingrid Verbauwhede

2004 IEEE Computer Society Annual Symposium
on VLSI (ISVLSI 2004), Emerging Trends in VLSI Systems Design,
pages 8388, IEEE Computer Society, 2004


2004

HighSpeed VLSI Architectures for the AES
Algorithm

Xinmiao Zhang and Keshab K. Parhiter

EEE Transactions on Very Large Scale Integration
(VLSI) Systems, 12(9):957967, September 2004


2004

An Efficient FPGA Implementation of Advanced
Encryption Standard Algorithm

ShuennShyang Wang and WanSheng Ni

ISCAS 2004, Proceedings, Volume~2, pp. 597600,
IEEE Computer Society, May 2004


2003

An FPGABased Performance Analysis of the
Unrolling, Tiling, and Pipelining of the AES Algorithm

Giacinto~Paolo Saggese, Antonino Mazzeo, Nicola
Mazzocca, and Antonio G.~M. Strollo

FPL 2003, Proceedings, LNCS Vo. 2778, pp.
292302, 2003


2001

Fast implementations of secretkey block ciphers
using mixed inner and outerround pipelining

Pawel Chodowiec and Po Khuon and Kris Gaj

FPGA 2001, Proceedings, pp. 94102 

2001  Architectural optimization for a 1.82 Gbits/sec VLSI implementation of the AES Rijndael algorithm  H. Kuo and I. Verbauwhede  CHES 2001, Proceedings, LNCS Vol. 2162, pp. 5164  


2001

High Performance SingleChip FPGA Rijndael
Algorithm Implementations

M. McLoone and John V. McCanny

CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 6576

Low Cost Implementations
Year 
Title 
Authors 
Where published 

2005

AES Implementation on a Grain of Sand

Martin Feldhofer, Johannes Wolkerstorfer,
and Vincent Rijmen

IEE Proceedings on Information Security, Volume 152, Issue 1, pp. 1320


2005

A Very Compact SBox for AES

D. Canright

Proceedings of CHES 2005, pp. 441456, LNCS
3659, Springer, 2005


2005

A Systematic Evaluation of Compact Hardware
Implementations for the Rijndael SBox

Nele Mentens, Lejla Batina, Bart Preneel and
Ingrid Verbauwhede

Proceedings of CTRSA 2005, pp.323333, LNCS
3376, Springer, 2005


2004  PowerEfficient ASIC Synthesis of Cryptographic Sboxes  Guido Bertoni, Marco Macchetti, and Luca Negri  Proceeding of GLSVLSI, pp. 277281, ACM Press.  
2004

Compact and Efficient Encryption/Decryption
Module for FPGA Implementation of AES Rijndael Very Well Suited
for Small Embedded Applications

Gaël Rouvroy, FrançoisXavier
Standaert, JeanJacques Quisquater, JeanDidier Legat

ITCC 2004, IEEE Computer Society


2004

Strong Authentication for RFID Systems using
the AES Algorithm

Martin Feldhofer and Sandra Dominikus and
Johannes Wolkerstorfer

CHES 2004, LNCS Vol. 3156 

2004

Design of AES Based on Dual Cipher and Composite
Field

SheeYau Wu and ShihChuan Lu and ChiSung
Laih

CTRSA 2004, LNCS Vol. 2964


2002

An ASIC implementation of the AES SBoxes

Johannes Wolkerstorfer and Elisabeth Oswald
and Mario Lamberger

CTRSA 2002, LNCS Vol. 2271, pp. 6778


2001

Efficient Rijndael Encryption Implementation
with Composite Field Arithmetic

Atri Rudra and Pradeep K. Dubey and Charanjit
S. Jutla and Vijay Kumar and Josyula R. Rao and Pankaj Rohatgi

CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 171184


2001

A Compact Rijndael Hardware Architecture with
SBox Optimization

Akashi Satoh and Sumio Morioka and Kohji Takano
and Seiji Munetoh

ASIACRYPT 2001, Proceedings, LNCS Vol. 2248
, pp. 239254


2001

An ASIC Implementation of the AESMixColumn
operation

Johannes Wolkerstorfer

Austrochip 2001, pp. 129132

AES Software Implementations
Year 
Title 
Authors 
Where published 

2008 
A Fast and CacheTiming Resistant Implementation of the AES 
Robert Könighofer 
CTRSA 2008, to appear Implementation available 

2007 
On the Power of Bitslice Implementation on Intel Core2 Processor 
Mitsuru Matsui, Junko Nakajima 
CHES 2007, Proceedings, LNCS 4727, pp. 121134 

2006 
How Far Can We Go on the x64 Processors? 
Mitsuru Matsui 
FSE 2006, Revised Selected Papers, LNCS 4047, pp. 341358 

2005

How to Maximise Software Performance of Symmetric
Primitives on Pentium III and 4 Processors

Mitsuru Matsui and Sayaka Fukuda

FSE 2005, Revised Selected Papers, LNCS 3557,
pp.398412


2003

Efficient Software Implementation of AES on
32Bit Platforms

Guido Bertoni and Luca Breveglieri and Pasqualina
Fragneto and Marco Macchetti and Stefano Marchesin

CHES 2002, Revised Papers, LNCS Vol. 2523, pp. 159171 
AES & SideChannel Analysis
Year 
Title 
Authors 
Where published 

2006 
HigherOrder Masking of the AES 
Kai Schramm and Christoph Paar 
CTRSA 2006, LNCS 3860, pp. 208225, Springer, 2006 

2006 
Practical SecondOrder DPA Attacks for Masked Smart Card Implementations of Block Ciphers. 
Elisabeth Oswald, Stefan Mangard, Christoph Herbst and Stefan Tillich 
CTRSA 2006, LNCS 3860, pp. 192207, Springer, 2006 

2005

Successfully Attacking Masked AES Hardware
Implementations

Stefan Mangard, Norbert Pramstaller and Elisabeth
Oswald

CHES 2005, LNCS 3659, pp. 157171, Springer,
2005


2005

A SideChannel Analysis Resistant Description
of the AES Sbox.

Elisabeth Oswald, Stefan Mangard, Norbert
Pramstaller and Vincent Rijmen

FSE 2005, Revised Selected Papers, LNCS 3557,
pp. 413423, Springer, 2005


2004

Power Analysis of an FPGA Implementation of
Rijndael: Is Pipelining a DPA Countermeasure?

FrançoisXavier Standaert, Siddika
Berna Ors, Bart Preneel

CHES 2004, LNCS 3156, pp. 3044, Springer,
2004


2004

A CollisionAttack on AES: Combining Side
Channel and DifferentialAttack

Kai Schramm and Gregor Leander and Patrick
Felke and
Christof Paar 
CHES 2004, LNCS 3156, pp. 163175, Springer,
2004


2004

Two Power Analysis Attacks against OneMask
Methods

M.L. Akkar and R. Bevan and L. Goubin

FSE 2004, LNCS 3017, pp. 332347, Springer, 2004 

200X

Small Size, Low Power, Side ChannelImmune
AES Coprocessor: Design and Synthesis Results

Elena Trichina and Tymur Korkishko

Proceedings of the Fourth Conference on the
Advanced Encryption Standard (AES), 2004


2004

Provably Secure Masking of AES

Johannes Bloemer and Jorge Guajardo Merchan
and Volker Krummel

SAC 2004, LNCS 3357, pp. 6983, Springer,
2004


2004

Secure and Efficient Masking of AES  A Mission
Impossible?

Elisabeth Oswald and Stefan Mangard and Norbert
Pramstaller

Cryptology ePrint Archive, Report 2004/134


2004

Electromagnetic Side Channels of an FPGA Implementation
of AES

Vincent Carlier, Hervé Chabanne, Emmanuelle
Dottax and Hervé Pelletier

Cryptology ePrint Archive, Report 2004/145


2003

A Simple PowerAnalysis (SPA) Attack on Implementations
of the AES Key Expansion

Stefan Mangard

ICISC 2002, Revised Papers, LNCS Vol. 2587
, pp. 343358


2003

A Generic Protection against HighOrder Differential
Power Analysis

MehdiLaurent Akkar and Louis Goubin

FSE 2003, Revised Papers, LNCS Vol. 2887
, pp. 192205


2003

Multiplicative Masking and Power Analysis
of AES

Jovan D. Golic and Christophe Tymen

CHES 2002, Revised Papers, LNCS Vol. 2535
, pp. 198212


2003

Simplified Adaptive Multiplicative Masking
for AES

Elena Trichina and Domenico De Seta and Lucia
Germani

CHES 2002, Revised Papers, LNCS Vol. 2535
, pp. 187197


2001

An Implementation of DES and AES, Secure against
Some Attacks

MehdiLaurent Akkar and Christophe Giraud

CHES 2001, Proceedings, LNCS Vol. 2162,
pp. 309318


2000

On Boolean and Arithmetic Masking against
Differential Power Analysis

JeanSebastien Coron and Louis Goubin

CHES 2000, Proceedings, LNCS Vol. 1965,
pp. 231237


AES & Fault Analysis
Year 
Title 
Authors 
Where published 

2003

A Differential Fault Attack Technique against
SPN Structures, with Application to the AES and KHAZAD

Gilles Piret, JeanJacques Quisquater

CHES 2003, LNCS Vol. 2779


2003

Differential Fault Analysis on AES Key Schedule
and Some Coutnermeasures

ChienNing Chen, SungMing Yen

ACISP 2003, Proceedings, LNCS Vol. 2727, pp.
118129 

2003

Fault Based Cryptanalysis of the Advanced
Encryption Standard (AES)

Johannes Blömer, JeanPierre Seifert

FC 2004, Proceedings, LNCS Vol. 2742, pp 162181

AES & Instruction Set Extensions
Year 
Title 
Authors 
Where published 

2005  An Instruction Set Extension for Fast and MemoryEfficient AES Implementation  Stefan Tillich, Johann Großschädl, and Alexander Szekely  Communications and Multimedia Security (CMS), LNCS Vol. 3677, pp. 1121, Springer Verlag.  
2005  Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography  Stefan Tillich and Johann Großschädl  Computational Science and Its Applications (ICCSA), LNCS Vol. 3481, pp. 665675, Springer Verlag.  
2004  Extended Instructions for the AES Cryptography and their Efficient Implementation  Kouhei Nadehara, Masao Ikekawa, and Ichiro Kuroda  Proceedings of the 18th IEEE Workshop on Signal Processing Systems (SIPS 2004), pp. 152157. IEEE Computer Society. 
This site was initially created by Elisabeth Oswald, and is now maintained by Christian Rechberger. Send comments on this site to Christian.Rechberger@iaik.tugraz.at
Disclaimer:
The information on this web site is provided as is, and no guarantee or warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.