Second AES Candidate Conference (AES2)
Near the end of Round 1 of the AES Development Effort, the Second AES
Candidate Conference (AES2) was held on March 22-23, 1999, in Rome, Italy.
At AES2, Round 1 technical analysis was presented and discussed, along
with views as to which candidates should be selected as finalists for
AES2 was followed immediately by the Sixth Fast Software Encryption
Workshop (FSE6), at the same location.
agenda for AES2 is available.
- At AES2, NIST made several presentations. Please understand that the
results presented at AES2 may vary (especially regarding the Java
timings) from the final
results obtained by NIST.
- Slides for several of the presentations are available
- List of speakers and titles from the Rump
- Miles Smid chaired a panel
of algorithm submitters, which generated a lot of discussion on
various AES issues. This panel included discussion of
Intellectual Property (IP) issues.
- NIST announced preliminary plans for the Third
AES Candidate Conference (AES3). Once again, the AES and FSE
conferences will be held back-to-back. More details will be made
available in the coming months.
- NIST presented future
plans for the AES process, including important information for AES
submitters about the transition from Round 1 to Round 2.
- NIST received feedback
from the AES2 attendees, regarding their thoughts on the candidate
PapersHere is the complete set of papers that were submitted to
AES2, with a link to the submitters' home page (if provided). Please keep
in mind that due to the short time schedule, NIST did not go through
several rounds of submissions (i.e., not all papers will be "polished").
Links are provided to submitters' home pages, in case they have updated
versions of their submissions.
AES2 Paper Submissions
(presented in order of submission)
(*) = paper
presented during the conference
(R) = paper presented during the
Schedule Classification of the AES Candidates
||G. Carter, E. Dawson, L. Nielsen
and Maximum Average of Differential Probability of Block Ciphers
with SPN-Structures like E2 (*)
||M. Sugita, K. Kobara, H. Imai
Candidate Algorithm Performance Characteristics In Commercial
Symmetric Multiprocessing (SMP) Environments for the Advanced
Encryption Standard (AES)
Observation on the Key Schedule of Twofish (*)
||F. Mirza, S. Murphy
DFC Cipher: an attack on careless implementations (R)
Resiliency: A Possible New AES Evaluation Criterion (R)
in LOKI97 (*)
||L. Knudsen, V. Rijmen
the Optimality of SAFER+ Diffusion (*)
on the AES Candidates (*)
||O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, A. Joux, P.
Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern,
||O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, R. Harley,
A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G.
Poupard, J. Stern, S. Vaudenay
Schedule Weaknesses in SAFER+ (*)
||J. Kelsey, B. Schneier, D. Wagner
Comparison of the AES Submissions (*)
||B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N.
Results on the Twofish Encryption Algorithm (*)
||(Same as previous paper)
Candidates: A Survey of Implementations
Software Implementations of E2 (R)
||K. Aoki, H. Ueda
of Magenta (*)
||E. Biham, A. Biryukov, N. Ferguson, L. Knudsen, B. Schneier, A.
Note on Comparing the AES Candidates (*)
Experience with AES Candidate Algorithms (* invited, but could
Against Implementation Attacks: A Comparative Study of the AES
||J. Daemen, V. Rijmen
Analysis of the Key Scheduling of the AES Candidates (*)
||E. Biham, A. Shamir
results: Implementation of Four AES Candidates on Two Smart
||G. Hachez, F. Koeune, J.-J. Quisquater
Cautionary Note Regarding Evaluation of AES Candidates on
||S. Chari, C. Jutla, J.R. Rao, P. Rohatgi
Differential Properties of Data-Dependent Rotations and Their Use in
MARS and RC6 (*)
||S. Contini, Y.L. Yin
Analysis of Serpent-p and Serpent-p-ns (R)
of Frog (*)
||D. Wagner, N. Ferguson, B. Schneier
Parallelism in AES Candidates (*)
Analysis of AES candidates on the 6805 CPU core (*)
JavaTM Technology Comparisons