CS551: Security and Privacy on the Internet, Fall 2000
Manifest: Monday 2 October 2000
Assignments Due 4 October Full Project Proposal 11 October Problem Set 3
Today: Guest lecture by Paco Hope, from Chain Mail, Inc.
Before 4 October: Stallings, 12.1, 14.2, 14.3.
Before 9 October:
- Stallings, 5.4.
- John Kelsey, Bruce Schneier, and Niels Ferguson. Yarrow-160: Notes on the Design and Analysis of the Yarror Cryptographic Pseudorandom Number Generator, August 1999.
- (Optional, but fun) Brad Arkin, et. al., How we Learned to Cheat in Online Poker: A Study in Software Security, September 1999.
Why did NIST select Rijndael to propose for the AES?
When considered together, Rijndael's combination of security, performance, efficiency, ease of implementation and flexibility make it an appropriate selection for the AES.
Specifically, Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. Rijndael's very low memory requirements make it very well suited for restricted-space environments, in which it also demonstrates excellent performance. Rijndael's operations are among the easiest to defend against power and timing attacks.
Additionally, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.
From ADVANCED ENCRYPTION STANDARD (AES) Questions and Answers
University of Virginia
Department of Computer Science
CS 551: Security and Privacy on the Internet