In this interview Vincent Rijmen talks about the development of the Rijndael algorithm, his selection as the NIST algorithm of choice for AES, thoughts on Linux and security, and the future of Internet security.

Recently I had an opportunity to speak with Vincent Rijmen, co-author of the Rijndael ("Rhine Dahl") proposed AES algorithm. Rijndael was selected on October 2, 2000 from fifteen candidates submitted to the National Institute of Standards and Technology in 1997.

Rijndael takes its name from its creators' last names, and beat out finalists including those from IBM, RSA, Counterpane, and the Serpent algorithm developed by a group of European cryptographers. AES will soon replace DES as the standard algorithm for encrypting sensitive data. It has been reported that even a machine capable of breaking the old DES standard in a second would take some 149 trillion years to crack the proposed AES's lowest level of security. Can you describe your background? What did you first do when you discovered your algorithm was selected?

Vincent Rijmen: I am an electronics engineer. I have a PhD in applied sciences. The NIST press release site has my bio.

When the phone call from NIST came, I told my wife and my collegues and we went out for a drink.

Like so many young boys, I was fascinated by computers. And then I happened to study at the university K.U.Leuven, which happened to have one of Europe's leading research groups in cryptography and I got the opportunity to get a scholarship there... It all happened without really considering all the consequences on my `career path'. What applications do you forsee it being used?

Vincent Rijmen: Many many applications. Protection of sensitive files of the US government (mandatory). Email encryption. Mobile phones. Smartcards. What makes it so suitable for such a wide variety of applications?

Vincent Rijmen: That is because of the design. We only use processor instructions that are available on all existing processors, and that are also fast on all processors. We have lots of parallellism that can be exploited by parallel platforms. How long did it take to develop the algorithm that will provide security for the digital economy well into the 21st century?

Vincent Rijmen: It depends on how you count. Our research is a continuous process, and it's not easy to say when we started on Rijndael. About a year or two, I would estimate. Did you develop the algorithm for the specific purpose of the NIST entry, or was it something you were working on previously and then submitted it?

Vincent Rijmen: We had previously made something that cam very close to the requirements listed in the NIST call, so we started changing it a bit and submitted that. What significance does this new encryption standard have on commerce on the Internet and security in general?

Vincent Rijmen: It's a very strong cornerstone, but it's not the complete answer. I sometimes compare it to a new engine that can be used in a car. But you also need brakes, a steering wheel, ... What do you mean here? What are the other specific pieces that are necessary for successful commerce?

Vincent Rijmen: You need an operating system that is less vulnerable to viruses and trojan horses. The best encryption won't help you if a hacker can read every key stroke you type. You need a system to distribute keys. You need to ensure that people don't use weak passwords. What is it about your algorithm that you think made the difference in the eyes of NIST? Certainly none of the finalists had a security weakness...

Vincent Rijmen: They indicate that the flexibility was an important factor. Incorporating Rijndael into applications comes at a low cost in terms of hardware resources, and still it's very efficient on most platforms. Rijndael gives you good security for a very low cost. Why isn't DES a suitable solution any longer?

Vincent Rijmen: Because the key length is too short, it becomes possible to try out all keys. Because the cost to do this search decreases every year, it makes no sense anymore to build in DES in new products. How "free" is the algorithm? Large-scale securing of open source systems with cryptography has been hindered until recently. This was due to the widespread use of the RSA algorithm, which was patented. Will there be any patents, copyright or other intellectual property issues with the Rijndael algorithm?

Vincent Rijmen: NIST specified that the AES candidate designers should release all IP claims. This has been done. Furthermore, NIST asked all interested parties to make any applicable patents known. No patent applying to Rijndael was invoked. To the best of my knowledge, the answer to your question is "no". Now that Rijndael has been selected as the winner, the amount of academics and also black hats scrutinizing the algorithm will surely skyrocket. How confident are you that the algorithm will survive this scrutiny without any issues?

Vincent Rijmen: I'm relatively confident, but in fact, I don't know. A designer inevitably has a biased view of his own algorithm, so Joan and I are not the persons you should ask to answer this question. How cool it must be to know you now have the admiration of the global computer security community. Have you had an opportunity to ever talk or meet with other applicants for AES?

Vincent Rijmen: I know many of them personally, because I met them at cryptographic conferences. There were also three AES conferences, attended by most of the submitters. How do you think the state of security on the Internet has changed since you first got involved? What do you think is going to change in the near future to protect the privacy and security of those of us on the Internet? (What do you see as the most significant trends or developments in computer security in the next few years?)

Vincent Rijmen: The security has been improved from "no security" to "a little bit security": there is now protection against casual hackers, but not yet against people determined to break in. An important trend is the spread of strong cryptographic primitives (e.g. with keys longer than 40 bits). However, more is needed to get a decent level of security. I understand you are an avid fan of Linux, based on some of the comments on your website. Do you think Linux has a place in the data center as a secure platform for commerce in the state that it's currently in?

Vincent Rijmen: I think Linux is among the best available platforms available today, also in the field of security and ecommerce. However, a Linux system needs to be managed by a competent administrator. What are some of the biggest challenges you face when dealing with security?

Vincent Rijmen: Me personally?
I think there is an important challenge in making the distinction between complexity and security. Some people still believe that added complexity increases automatically security. This belief should be erased. We should keep on working towards secure and simple systems, that are as easy to understand for the people as a door lock, a sealed envelope, etc. Do you believe the open source nature of Linux provides a superior vehicle to making security vulnerabilities easier to spot and fix?

Vincent Rijmen: Yes. Not only because more people can look at it, but, more importantly, because the model forces people to write more clear code, and to adhere to standards. This in turn facilitates security reviews. What is the Belgium government position on crypto export? What do you think of the restrictions the US government have placed on crypto export?

Vincent Rijmen: No comment. How was the process of choosing the applicants different for AES than it was in the past?

Vincent Rijmen: It was public. Have you written any other crypto algorithms that you consider noteworthy? What do you plan to do with cryptography in the future?

Vincent Rijmen: We also made `Square', the predecessor of Rijndael (this was the algorithms that we had when the NIST call came out, to which I referred previously). Given that most security systems fail for reasons rooted in implementation, would you comment on rfc2692 which says:

    An SPKI certificate should be described in as simple a method as
    possible, relating directly to the kind of structures a C or PASCAL
    programmer would normally write.

    No library code should be required for the packing or parsing of SPKI
    certificates.  In particular, ASN.1 is not to be used.

    A certificate should be signed exactly as it is transmitted.  There
    should be no reformatting called for in the process of checking a
    certificate's signature (although one might canonicalize white space
    during certificate input, for example, if the format is text).

    For efficiency, if possible, an SPKI certificate should be encoded in
    an LR(0) grammar.  That is, neither packing nor parsing of the
    structure should require a scan of the data.  Data should be read
    into the kind of structure a programmer would want to use without
    touching the incoming bytes more than once.

    For efficiency, if possible, an SPKI certificate should be packed and
    parsed without any recursion.

Vincent Rijmen: I have no comment. Thanks very much for the opportunity to speak with you, and wish you all the best.

Vincent Rijmen: You're welcome

Rijndael implementations are already available in NetBSD, the International Kernel Patch, and many commercial implementations.

Crypto Resources

  • Commercial Encryption Export Controls -- This is the Bureau of Export Administration U.S. Department of Commerce home page.
  • Advanced Encryption Standard home page -- Information on AES, Rijndael, Crypto whitepapers, and other AES entries.
  • RSA Security Cryptography FAQ -- This section provides some information on AES.
  • AES FAQ -- Answers to questions including information on NIST, the algorithm itself, implementation dates, more info on why Rijndael was selected, and export information.
  • The Rijndael Home Page -- Pointers to source code, description, quick FAQ, and more.
  • Linux Encryption HOWTO -- Information on implementing disk, network and kernel encryption.
  • Report on the Development of the Advanced Encryption Standard -- This document describes the AES and Rijndael in great detail, including the selection process and technical details.