Who said “32 round Rijndael” in the third AES Conference
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
This is a historical question. In the third AES Conference of NIST (AES3), April 13-14, 2000, New York, near the end of the conference, one representative for each of the last 5 candidates sit on a table and people asked questions to them.
One interesting question was;
- Except for your proposal for AES, what is your candidate?
As far as I can remember, the representative of Rijndael was the last to answer, was sitting on the right end. The first 3 were simply said The Rijndael
. But, the 4. person said I want 32-round Rijndael
- Was he Bruce Schneier? See his
suggest
on his Blog. - What was the choice of the representative of Rijndael?
aes rijndael history
add a comment |
up vote
6
down vote
favorite
This is a historical question. In the third AES Conference of NIST (AES3), April 13-14, 2000, New York, near the end of the conference, one representative for each of the last 5 candidates sit on a table and people asked questions to them.
One interesting question was;
- Except for your proposal for AES, what is your candidate?
As far as I can remember, the representative of Rijndael was the last to answer, was sitting on the right end. The first 3 were simply said The Rijndael
. But, the 4. person said I want 32-round Rijndael
- Was he Bruce Schneier? See his
suggest
on his Blog. - What was the choice of the representative of Rijndael?
aes rijndael history
4
I think it may have been the representative for the Serpent team (Ross Anderson?); however it's been a while...
– poncho
yesterday
1
So, you were there, too?
– kelalaka
yesterday
2
Yup...…..………...
– poncho
yesterday
@kelalaka Rijndael cipher was selected by NIST (==NSA), Serpent had 32 rounds and a high security margin. why Rijndael with 10-14 rounds?? Ask NSA!
– 0skar
7 hours ago
@0skar we are not talking about why 10 round. I want to remember historical part of the conference. It is 10 round because the designers are sure about their design?. They even did not consider 16 rounds.
– kelalaka
7 hours ago
add a comment |
up vote
6
down vote
favorite
up vote
6
down vote
favorite
This is a historical question. In the third AES Conference of NIST (AES3), April 13-14, 2000, New York, near the end of the conference, one representative for each of the last 5 candidates sit on a table and people asked questions to them.
One interesting question was;
- Except for your proposal for AES, what is your candidate?
As far as I can remember, the representative of Rijndael was the last to answer, was sitting on the right end. The first 3 were simply said The Rijndael
. But, the 4. person said I want 32-round Rijndael
- Was he Bruce Schneier? See his
suggest
on his Blog. - What was the choice of the representative of Rijndael?
aes rijndael history
This is a historical question. In the third AES Conference of NIST (AES3), April 13-14, 2000, New York, near the end of the conference, one representative for each of the last 5 candidates sit on a table and people asked questions to them.
One interesting question was;
- Except for your proposal for AES, what is your candidate?
As far as I can remember, the representative of Rijndael was the last to answer, was sitting on the right end. The first 3 were simply said The Rijndael
. But, the 4. person said I want 32-round Rijndael
- Was he Bruce Schneier? See his
suggest
on his Blog. - What was the choice of the representative of Rijndael?
aes rijndael history
aes rijndael history
edited 10 hours ago
fgrieu
75.8k7155319
75.8k7155319
asked yesterday
kelalaka
2,864626
2,864626
4
I think it may have been the representative for the Serpent team (Ross Anderson?); however it's been a while...
– poncho
yesterday
1
So, you were there, too?
– kelalaka
yesterday
2
Yup...…..………...
– poncho
yesterday
@kelalaka Rijndael cipher was selected by NIST (==NSA), Serpent had 32 rounds and a high security margin. why Rijndael with 10-14 rounds?? Ask NSA!
– 0skar
7 hours ago
@0skar we are not talking about why 10 round. I want to remember historical part of the conference. It is 10 round because the designers are sure about their design?. They even did not consider 16 rounds.
– kelalaka
7 hours ago
add a comment |
4
I think it may have been the representative for the Serpent team (Ross Anderson?); however it's been a while...
– poncho
yesterday
1
So, you were there, too?
– kelalaka
yesterday
2
Yup...…..………...
– poncho
yesterday
@kelalaka Rijndael cipher was selected by NIST (==NSA), Serpent had 32 rounds and a high security margin. why Rijndael with 10-14 rounds?? Ask NSA!
– 0skar
7 hours ago
@0skar we are not talking about why 10 round. I want to remember historical part of the conference. It is 10 round because the designers are sure about their design?. They even did not consider 16 rounds.
– kelalaka
7 hours ago
4
4
I think it may have been the representative for the Serpent team (Ross Anderson?); however it's been a while...
– poncho
yesterday
I think it may have been the representative for the Serpent team (Ross Anderson?); however it's been a while...
– poncho
yesterday
1
1
So, you were there, too?
– kelalaka
yesterday
So, you were there, too?
– kelalaka
yesterday
2
2
Yup...…..………...
– poncho
yesterday
Yup...…..………...
– poncho
yesterday
@kelalaka Rijndael cipher was selected by NIST (==NSA), Serpent had 32 rounds and a high security margin. why Rijndael with 10-14 rounds?? Ask NSA!
– 0skar
7 hours ago
@kelalaka Rijndael cipher was selected by NIST (==NSA), Serpent had 32 rounds and a high security margin. why Rijndael with 10-14 rounds?? Ask NSA!
– 0skar
7 hours ago
@0skar we are not talking about why 10 round. I want to remember historical part of the conference. It is 10 round because the designers are sure about their design?. They even did not consider 16 rounds.
– kelalaka
7 hours ago
@0skar we are not talking about why 10 round. I want to remember historical part of the conference. It is 10 round because the designers are sure about their design?. They even did not consider 16 rounds.
– kelalaka
7 hours ago
add a comment |
1 Answer
1
active
oldest
votes
up vote
4
down vote
This answer is based on Morris Dworkin's report of the conference, so it ultimately relies on its accuracy (it is probably more reliable than memory, though).
Regarding the question "Except for your proposal for AES, what is your candidate?", the report states (page 15):
The panelists were asked which algorithm, other than their own, they
would choose for the AES. Rijmen liked RC6; the other four panelists
said Rijndael if it was extended to 18 or more rounds.
So this suggests that the representative for Rijndael (Vincent Rijmen) chose RC6.
During his presentation at the conference, Bruce Schneier is reported to have ended with the following suggestions (page 15 as well):
He [Schneier] recommended that NIST choose either Rijndael extended to 18
rounds, Serpent, or Twofish for the AES; he favored Twofish
for its efficiency across the board, its unique flexibility, and its
speed-security tradeoff.
Since he suggested 18 rounds here, it would surprise me if he would argue for 32 rounds later the same day.
So the representative who answered "Rijndael with 32 rounds" was either Shai Halevi (MARS), Ron Rivest (RC6) or Ross Anderson (Serpent).
My personal guess would be Ross Anderson (this would make sense because Serpent has 32 rounds). In fact, on page 16 of the report there is some weak evidence pointing in this direction:
Anderson responded to a suggestion to transfer some of
Serpent’s rounds to Rijndael by reiterating his support for 32 round
Serpent with 256 bit keys.
1
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
1
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
This answer is based on Morris Dworkin's report of the conference, so it ultimately relies on its accuracy (it is probably more reliable than memory, though).
Regarding the question "Except for your proposal for AES, what is your candidate?", the report states (page 15):
The panelists were asked which algorithm, other than their own, they
would choose for the AES. Rijmen liked RC6; the other four panelists
said Rijndael if it was extended to 18 or more rounds.
So this suggests that the representative for Rijndael (Vincent Rijmen) chose RC6.
During his presentation at the conference, Bruce Schneier is reported to have ended with the following suggestions (page 15 as well):
He [Schneier] recommended that NIST choose either Rijndael extended to 18
rounds, Serpent, or Twofish for the AES; he favored Twofish
for its efficiency across the board, its unique flexibility, and its
speed-security tradeoff.
Since he suggested 18 rounds here, it would surprise me if he would argue for 32 rounds later the same day.
So the representative who answered "Rijndael with 32 rounds" was either Shai Halevi (MARS), Ron Rivest (RC6) or Ross Anderson (Serpent).
My personal guess would be Ross Anderson (this would make sense because Serpent has 32 rounds). In fact, on page 16 of the report there is some weak evidence pointing in this direction:
Anderson responded to a suggestion to transfer some of
Serpent’s rounds to Rijndael by reiterating his support for 32 round
Serpent with 256 bit keys.
1
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
1
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
add a comment |
up vote
4
down vote
This answer is based on Morris Dworkin's report of the conference, so it ultimately relies on its accuracy (it is probably more reliable than memory, though).
Regarding the question "Except for your proposal for AES, what is your candidate?", the report states (page 15):
The panelists were asked which algorithm, other than their own, they
would choose for the AES. Rijmen liked RC6; the other four panelists
said Rijndael if it was extended to 18 or more rounds.
So this suggests that the representative for Rijndael (Vincent Rijmen) chose RC6.
During his presentation at the conference, Bruce Schneier is reported to have ended with the following suggestions (page 15 as well):
He [Schneier] recommended that NIST choose either Rijndael extended to 18
rounds, Serpent, or Twofish for the AES; he favored Twofish
for its efficiency across the board, its unique flexibility, and its
speed-security tradeoff.
Since he suggested 18 rounds here, it would surprise me if he would argue for 32 rounds later the same day.
So the representative who answered "Rijndael with 32 rounds" was either Shai Halevi (MARS), Ron Rivest (RC6) or Ross Anderson (Serpent).
My personal guess would be Ross Anderson (this would make sense because Serpent has 32 rounds). In fact, on page 16 of the report there is some weak evidence pointing in this direction:
Anderson responded to a suggestion to transfer some of
Serpent’s rounds to Rijndael by reiterating his support for 32 round
Serpent with 256 bit keys.
1
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
1
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
add a comment |
up vote
4
down vote
up vote
4
down vote
This answer is based on Morris Dworkin's report of the conference, so it ultimately relies on its accuracy (it is probably more reliable than memory, though).
Regarding the question "Except for your proposal for AES, what is your candidate?", the report states (page 15):
The panelists were asked which algorithm, other than their own, they
would choose for the AES. Rijmen liked RC6; the other four panelists
said Rijndael if it was extended to 18 or more rounds.
So this suggests that the representative for Rijndael (Vincent Rijmen) chose RC6.
During his presentation at the conference, Bruce Schneier is reported to have ended with the following suggestions (page 15 as well):
He [Schneier] recommended that NIST choose either Rijndael extended to 18
rounds, Serpent, or Twofish for the AES; he favored Twofish
for its efficiency across the board, its unique flexibility, and its
speed-security tradeoff.
Since he suggested 18 rounds here, it would surprise me if he would argue for 32 rounds later the same day.
So the representative who answered "Rijndael with 32 rounds" was either Shai Halevi (MARS), Ron Rivest (RC6) or Ross Anderson (Serpent).
My personal guess would be Ross Anderson (this would make sense because Serpent has 32 rounds). In fact, on page 16 of the report there is some weak evidence pointing in this direction:
Anderson responded to a suggestion to transfer some of
Serpent’s rounds to Rijndael by reiterating his support for 32 round
Serpent with 256 bit keys.
This answer is based on Morris Dworkin's report of the conference, so it ultimately relies on its accuracy (it is probably more reliable than memory, though).
Regarding the question "Except for your proposal for AES, what is your candidate?", the report states (page 15):
The panelists were asked which algorithm, other than their own, they
would choose for the AES. Rijmen liked RC6; the other four panelists
said Rijndael if it was extended to 18 or more rounds.
So this suggests that the representative for Rijndael (Vincent Rijmen) chose RC6.
During his presentation at the conference, Bruce Schneier is reported to have ended with the following suggestions (page 15 as well):
He [Schneier] recommended that NIST choose either Rijndael extended to 18
rounds, Serpent, or Twofish for the AES; he favored Twofish
for its efficiency across the board, its unique flexibility, and its
speed-security tradeoff.
Since he suggested 18 rounds here, it would surprise me if he would argue for 32 rounds later the same day.
So the representative who answered "Rijndael with 32 rounds" was either Shai Halevi (MARS), Ron Rivest (RC6) or Ross Anderson (Serpent).
My personal guess would be Ross Anderson (this would make sense because Serpent has 32 rounds). In fact, on page 16 of the report there is some weak evidence pointing in this direction:
Anderson responded to a suggestion to transfer some of
Serpent’s rounds to Rijndael by reiterating his support for 32 round
Serpent with 256 bit keys.
edited 10 hours ago
answered 10 hours ago
Aleph
904816
904816
1
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
1
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
add a comment |
1
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
1
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
1
1
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
It would be nice to hear from people who were at the conference whether or not this roughly corresponds to what they remember.
– Aleph
10 hours ago
1
1
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
It looks like consensus was on Rijndael extended to 18 rounds, and we got Rijndael with 10, 12 or 14 rounds. That's bait for conspiracy theorists.
– fgrieu
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu Well, I remember that people are not satisfied with the 10 rounds, considering the future security.
– kelalaka
10 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
@fgrieu The consensus among the authors of competing submissions ;). I can imagine a few reasons why they wouldn't have recommended Rijndael outright...
– Aleph
7 hours ago
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f63922%2fwho-said-32-round-rijndael-in-the-third-aes-conference%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
4
I think it may have been the representative for the Serpent team (Ross Anderson?); however it's been a while...
– poncho
yesterday
1
So, you were there, too?
– kelalaka
yesterday
2
Yup...…..………...
– poncho
yesterday
@kelalaka Rijndael cipher was selected by NIST (==NSA), Serpent had 32 rounds and a high security margin. why Rijndael with 10-14 rounds?? Ask NSA!
– 0skar
7 hours ago
@0skar we are not talking about why 10 round. I want to remember historical part of the conference. It is 10 round because the designers are sure about their design?. They even did not consider 16 rounds.
– kelalaka
7 hours ago