Rijndael and Serpent are the candidates with the best performance in

hardware implementations, with a slight advantage going to Rijndael due to

its better performance in output and cipher feedback modes.

The report offers further criteria that contributed to the decision in favor of

Rijndael, which are collected into a closing summary (see [NIST], Section 7):

There are many unknowns regarding future computing platforms

and the wide range of environments in which the AES will be

implemented. However, when considered together, Rijndael's

combination of security, performance, efficiency, implementability,

and flexibility make it an appropriate selection for the AES for use in

the technology of today and in the future.

Given the openness of the selection process and the politically interesting fact that

with Rijndael an algorithm of European vintage was selected, one might expect

future speculation about secret properties, hidden trap doors, and deliberately

built-in weaknesses to be silenced, which never quite succeeded with DES.

Before we get involved with the functionality of Rijndael, we would like as

preparation to go on a brief excursion into the arithmetic of polynomials over

finite fields, which leans heavily on the presentation in [DaRi], Section 2.

11.1 Arithmetic with Polynomials

F 2 n , the finite field with 2 n

We start by looking at arithmetic in the field

2 n is represented as a polynomial f ( x )=

a n − 1 x n − 1 + a n − 2 x n − 2 + ··· + a 1 x + a 0 with coefficients a i in

F

elements, where an element of

F 2 (which

F 2 n can be represented

simply as an n -tuple of polynomial coefficients, each representation offering

its own advantages. The polynomial representation is well suited for manual

calculation, while the representation as a tuple of coefficients corresponds well to

a computer's binary representation of numbers. To demonstrate this, we notate

F 2 3 as a sequence of eight polynomials and again as eight 3-tuples with their

associated numerical values (see Table 11-1).

Addition of polynomials proceeds by adding the coefficients in

Z 2 ). Equivalently, an element of

is isomorphic to

F

2 :If

f ( x ):= x 2 + x and g ( x ):= x 2 + x +1 , then f ( x )+ g ( x )=2 x 2 +2 x +1=1 ,

since 1+1=0 in

F 2 3 column by

column. We see, then, for example, that the sum of (1 1 0) and (111) is (001) :

F 2 . We can carry out addition of 3-tuples in

110

⊕

111

001