Second AES Candidate Conference (AES2)

Last Modified: October 24, 2000

GENERAL
AES Home Page
Rijndael Information
Modes of Operation
Discussion Forum
Recent News
ROUND 2
(8/1999-5/2000)
Finalist Algorithms
Round 2 Analysis
Round 2 Comments
3rd AES Conference
ROUND 1
(8/1998-4/1999)
R1 Algorithms
R1 Announcement
R1 Comments
2nd AES Conference
1st AES Conference
Pre-ROUND 1
(1/1997-7/1998)
Call for Candidates
AES Beginnings

Second AES Candidate Conference (AES2)

Near the end of Round 1 of the AES Development Effort, the Second AES Candidate Conference (AES2) was held on March 22-23, 1999, in Rome, Italy. At AES2, Round 1 technical analysis was presented and discussed, along with views as to which candidates should be selected as finalists for Round 2.

AES2 was followed immediately by the Sixth Fast Software Encryption Workshop (FSE6), at the same location.

The final agenda for AES2 is available.


NIST Presentations

Papers

Here is the complete set of papers that were submitted to AES2, with a link to the submitters' home page (if provided). Please keep in mind that due to the short time schedule, NIST did not go through several rounds of submissions (i.e., not all papers will be "polished"). Links are provided to submitters' home pages, in case they have updated versions of their submissions.

AES2 Paper Submissions (presented in order of submission)
(*) = paper presented during the conference
(R) = paper presented during the "rump" session
Title Author(s) Size 
(KB)
Link
Key Schedule Classification of the AES Candidates G. Carter, E. Dawson, L. Nielsen  191 .
Pseudorandomness and Maximum Average of Differential Probability of Block Ciphers with SPN-Structures like E2 (*) M. Sugita, K. Kobara, H. Imai 287 .
Exploratory Candidate Algorithm Performance Characteristics In Commercial Symmetric Multiprocessing (SMP) Environments for the Advanced Encryption Standard (AES) L. Leibrock 7 .
An Observation on the Key Schedule of Twofish (*) F. Mirza, S. Murphy 57 .
The DFC Cipher:  an attack on careless implementations (R) I. Harvey 28 .
Future Resiliency:  A Possible New AES Evaluation Criterion (R) D. Johnson 51 .
Weaknesses in LOKI97 (*) L. Knudsen, V. Rijmen 158 .
On the Optimality of SAFER+ Diffusion (*) J. Massey 180 .
Report on the AES Candidates (*) O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern, S. Vaudenay 234 .
DFC Update (*) O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, R. Harley, A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern, S. Vaudenay 218 .
Key Schedule Weaknesses in SAFER+ (*) J. Kelsey, B. Schneier, D. Wagner 245 button
Performance Comparison of the AES Submissions (*) B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson 257 button
New Results on the Twofish Encryption Algorithm (*) (Same as previous paper) 275 button
AES Candidates:  A Survey of Implementations H. Lipmaa 43 .
Optimized Software Implementations of E2 (R) K. Aoki, H. Ueda 130 .
Cryptanalysis of Magenta (*) E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, A. Shamir 71 .
A Note on Comparing the AES Candidates (*) E. Biham 134 .
Implementation Experience with AES Candidate Algorithms (* invited, but could not attend) B. Gladman 46 .
Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals (*) J. Daemen, V. Rijmen 183 .
Power Analysis of the Key Scheduling of the AES Candidates (*) E. Biham, A. Shamir 111 .
cAESar results: Implementation of Four AES Candidates on Two Smart Cards (*) G. Hachez, F. Koeune, J.-J. Quisquater 208 .
A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards (*) S. Chari, C. Jutla, J.R. Rao, P. Rohatgi 280 .
On Differential Properties of Data-Dependent Rotations and Their Use in MARS and RC6 (*) S. Contini, Y.L. Yin 195 .
An Analysis of Serpent-p and Serpent-p-ns (R) O. Dunkelman 150 .
Cryptanalysis of Frog (*) D. Wagner, N. Ferguson, B. Schneier 219 button
Instruction-level Parallelism in AES Candidates (*) C. Clapp 86 .
Performance Analysis of AES candidates on the 6805 CPU core (*) G. Keating 26 button
AES JavaTM Technology Comparisons (*) A. Folmsbee 308 .
 



Technical contact: Morris Dworkin
Administrative/process questions: Elaine Barker, Bill Burr