Report on the AES

This document reports the activities of the AES working group organized at the Ecole Normale Sup erieure. Several candidates are evaluated. In particular we outline some weaknesses in the designs of some candidates. We mainly discuss selection criteria between the candidates , and make case-by-case comments. We nally recommend the selection of Mars, RC6, Serpent, ... and DFC. As the report is being nalized, we also added some new preliminary cryptanalysis on RC6 and Crypton in the Appendix which are not considered in the main body of the report. Designing the encryption standard of the rst twenty years of the twenty rst century is a challenging task: we need to predict possible future technologies, and we have to take unknown future attacks in account. Following the AES process initiated by NIST, we organized an open working group at the Ecole Normale Sup erieure. This group met two hours a week to review the AES candidates. The present document reports its results. Another task of this group was to update the DFC candidate submitted by CNRS 16, 17] and to answer questions which had been omitted in previous reports on DFC. 1 This issue is subject to another report. In order to compare the AES candidates, we had to agree on a platform. For this purpose NIST chose an \AES Evaluation Platform" based on a 200MHz Pentium Pro. Although we have to compare all candidates on the same platform, 1 Due to the signiicant overlap between the AES working group of ENS and the designers of DFC, the present report obviously favors DFC.