The block cipher Rijndael

Fourth conference on the Advanced Encryption Standard (AES4)

"Vincent lives now in Graz. Updates to the information on this page are here." Rijndael book cover

The Rijndael book is out !

We finally finished this book. Besides our algorithm, the book also contains a description of all the implementation tricks we know about, a thorough explanation of our design strategy and the underlying motivations, an overview of the cryptanalytic results on reduced versions of Rijndael, an overview of related ciphers, and some more. The book also contains some previously unpublished results on extending Matsui's linear cryptanalysis to ciphers defined in GF(256).

It's published by Springer-Verlag, ISBN 3-540-42580-2.

Rijndael becomes AES

You probably know it already, maybe it's the reason why you're here at this page. We happily refer you to the Rijndael fan page for more news. Flemish Personality Award

CaStaR - Personality of the year 2000

Because of Rijndael's selection as AES, we have been selected as (Flemish) personalities of the year 2000. As a consequence, we were rewarded with the piece of art you see on the right. The coloured specks on the skull and the bones are in fact the shields of a rare beetle. Some people say it symbolizes the DES (bird) being replaced by the AES (skull). Others think that the Flemish watch too much MTV. Anyway, if you're interested in obtaining (buying) this remarkable piece of art, you can always contact us.

What is Rijndael ?

Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the AES .
The cipher has a variable block length and key length. We currently specified how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with al length of 128, 192 or 256 bits (all nine combinations of key length and block length are possible). Both block length and key length can be extended very easily to multiples of 32 bits.
Rijndael can be implemented very efficiently on a wide range of processors and in hardware.

The design of Rijndael was strongly influenced by the design of the block cipher Square .

Publications

Besides the documents available from this web site, a number of (technical) Rijndael-related papers have been published. We give here an overview.

J. Daemen, V. Rijmen, ``The Block Cipher Rijndael,'' Smart Card Research and Applications, LNCS 1820, J.-J. Quisquater and B. Schneier, Eds., Springer-Verlag, 2000, pp. 277-284.
J. Daemen and V. Rijmen, ``Rijndael, the advanced encryption standard,'' Dr. Dobb's Journal , Vol.~26, No.~3, March 2001, pp.~137--139.

If you are looking for a Rijndael reference, then please use one of these.

Pictures and animations

Being not very at home in the graphical department, we refer you happily to the pictures made by John Savard. Enrique Zabala from Uruguay made a very nice animation (.exe format) showing the operation of Rijndael (error corrected on 29/03/2004).

Download

The following files are available for download:

Answer to the observations on the Rijndael diffusion layer, recently submitted to the NIST AES forum.
Updated documentation and complete specification , as required by NIST (Adobe PDF format). This version corrects the errors that were found in the original document. NOTE: after Rijndael was selected to become AES, it was decided to change the names of some subroutines. The new names have been used in all our subsequent publications (including the book). The paper here is provided for reasons of historical interest only. Please use the description available from NIST's website.
A more theoretic paper , detailing the design principles behind Rijndael (Adobe PDF format).
A document on efficient implementation of the S-box in hardware.
Java code , for use with the Cryptix toolkit .
Reference code in ANSI C v2.2.
Optimised C code v3.0 (provided by Paulo S.L.M. Barreto). This code was written in order to clarify the mathematical description, and to run the statistical test. The implementation of the tests is known to have bugs, but this package is no longer maintained. The Rijndael specific code is still maintained as part of Paulo's EAX++. package.
Testvalues (as required by NIST) . You can download information on the test vector format here .
A program that illustrates the working of Rijndael, by Jose de Jesus Angel.

Rijndael is available for free. You can use it for whatever purposes you want, irrespective of whether it is accepted as AES or not.

Other Implementations

C code from Brian Gladman's page.
A code size optimised version by Robert G. Durnal. Also available here. (Now also available for people outside the USA and Canada.)
Geoffrey Keating's page has a fast implementation on the Motorola 6805.
Mike Scott's implementation.
An 80186 assembly implementation, written by Rafael R. Sevilla (updated on August 21, 2000).
The v2.4 code, rewritten as a compact-easy-to-use C++ class by Szymon Stefanek.
Ada 95 code , by Michael Yoder.
NIST's pages have links to more implementations on various platforms.
It's in Wei Dai's Crypto++ library .
An implementation in Oberon-2, by Paulo Barreto.
A JAVA servlet implementation, by Cass Crockatt.
A Visual Basic implementation, by P. Fresle (updated on April 20, 2001).
An Emacs Lisp implementation, by Simon Jozefsson.
An implementation in C++, by Gerhard Wesp. (GNU Lesser Public License).
It's in the Catacomb crypto library, by Mark Wooding.
A free Delphi implementation by Eldos
A Perl module by Rafael R. Sevilla.
A Matlab implementation by J.J. Buchholz.
A port to the Symbian OS.
Python code .
AESLib for PalmOS by Stuart Eichert.
C by Christophe Devine.
An Atmal implementation by Sung Ha Kim. (Note that the documentation uses the old names for the subroutines, which are different from the names in the FIPS.)
Andre Barbosa implemented Rijndael in Actionscript. You can download the code and test it.
Jose Luis Gomez Pardo implemented Rijndael in Mathematica. Available here.

Rijndael is used in the digital lecture board, developed at the university of Mannheim. It is also used in a freeware file protection tool called FIVE.

More information and analysis

The NIST AES site contains a multitude of reports covering more topics of the AES/Rijndael than we would have thought possible. Prof. J. von zur Gathen organized two Rijndael seminars at the university of Paderborn (Germany). A lot of interesting material was developed, and is available here.

Rijndael FAQ

How is that pronounced ?
If you're Dutch, Flemish, Indonesian, Surinamer or South-African, it's pronounced like you think it should be. Otherwise, you could pronounce it like "Reign Dahl", "Rain Doll", "Rhine Dahl". We're not picky. As long as you make it sound different from "Region Deal".
Why did you choose this name ?
Because we were both fed up with people mutilating the pronunciation of the names "Daemen" and "Rijmen". (There are two messages in this answer.)
Can't you give it another name ? (Propose it as a tweak !)
Dutch is a wonderful language. Currently we are debating about the names "Herfstvrucht", "Angstschreeuw" and "Koeieuier". Other suggestions are welcome of course. Derek Brown, Toronto, Ontario, Canada, proposes "bob".

This page is no longer maintained.