Radboud Universiteit
Zoek in de site...

Near-unbreakable algorithm protects almost all of your data

Datum bericht: 23 oktober 2020


Each day we continuously encounter the work of Joan Daemen. For example, when we open a secure website, when we send a message via WhatsApp, or when we store encrypted files. This researcher has had a major impact on the development of the building blocks of internet security.

This is thanks to the AES, or ‘Advanced Encryption Standard’, which is based on the Rijndael algorithm of Joan Daemen and Vincent Rijmen. AES was introduced at the end of 2000 and twenty years later, it has still not been cracked. While news about security leaks in databases, websites and consumer electronics is published on an almost daily basis, the Rijndael algorithm persists. Even though we never give it a moment’s thought, Daemen and Rijmen’s work protects billions of connected devices across the world. Now a well-known figure within the world of cryptography, Daemen himself has remained level-headed about his work: “Good encryption is a building block, like bricks in a house. It’s important that it’s there, but it’s not something that most people concern themselves with.”


Rijndael, which was developed by Daemen and Rijmen in the late 1990s, can be used for the application of end-to-end encryption. For this reason, it forms an important building block for the world’s most important method of computer security. It ensures that the original message can only be read by the sender and recipient. Sending a message with or without encryption can be compared with sending a postcard or a sealed letter.

Without encryption, it makes it a lot easier for your provider, for example, to read your message, not unlike the postman who is able to read the back of your postcard. The recipient and sender share a unique digital key, which is used to apply the encryption symmetrically. The same key that makes the text unreadable as soon as it has been sent by the sender also makes the text readable again for the recipient. Encrypted files that are stored on our own devices work in the same way: the contents of a file can only be unlocked by the owner of the key.

New global standard

The initial version of what would later become Rijndael was developed in the late 1990s by the two researchers who acted on their own initiative. But when the U.S. National Institute for Standardization and Technology (NIST) launched a competition for a new encryption standard in 1997, Daemen and Rijmen essentially got really lucky. The work that they had done corresponded surprisingly well with the needs and requirements that had been set down by the NIST. They submitted their design, and after a large number of preliminary rounds in which Rijndael was compared with the other entries, it emerged as the winning choice.

In a competition that also included tech giants like IBM, Daemen and Rijmen’s entry was selected on account of its efficiency, security and flexibility. These are basic requirements, seeing as this encryption method is applied to billions of devices across the globe that continuously send vast amounts of messages to each other. The fact is that this is a process that works flawlessly behind the scenes, without most of us ever thinking about it, and this shows just how big its impact is. In 2018, the NIST calculated that AES had had an economic impact of $250 billion in the past twenty years.

But nothing is completely unbreakable, especially in the computer world where computing power doubles every few years. Nevertheless, Daemen believes that it is unlikely that the Rijndael algorithm will be broken in the future. “Software also tends to have other vulnerabilities, which are much more interesting for hackers. AES can be viewed as the bricks of a house. Although these bricks offer complete security, if the front door of your house is unlocked, people will still be able to get in.”

Another win with ‘Keccak’

Subsequent to the AES competition, NIST organised a second international competition in 2006, this time for a new SHA algorithm. Sixty-four algorithms were submitted by researchers from across the world. This time round, Daemen collaborated with some other scientists and together they submitted ‘Keccak’. In 2012, NIST announced that Keccak had been chosen as the building block for SHA-3, marking the second time that Daemen had managed to beat a legion of cryptographers from around the globe.

SHA stands for Secure Hash Algorithm, which is an algorithm that can generate a secure hash. This kind of hash helps to determine the authenticity of a signed text or a transmitted file. Suppose that a landlord draws up two versions of a lease contract: an ordinary version that can be digitally signed by the tenant, and an alternative version that contains conditions that are favourable for the landlord, into which the signature can be pasted. A secure hash can be used to identify which of the two contracts is authentic and has actually been signed. SHA-1 was cracked at the beginning of the twenty-first century, which suddenly made it relatively easy to falsify seemingly authentic documents and files. SHA-2 soon followed, but it was based on the same underlying technology as its predecessor.

Although SHA-2 is expected to provide adequate security in the near future, the NIST already has SHA-3 waiting in the wings. Daemen and his team essentially built SHA-3 around a new method, which can best be compared to a digital sponge. Keccak absorbs the input data like a sponge, and the output is the ‘wrung out’ version: it is the same data, but it has been hashed. This also forms an important building block for a secure, encrypted internet. In addition to using a hash to determine the authenticity of digital documents, it can also be used to determine the authenticity of passwords, torrents and other files.

Lightweight cryptography

Daemen is currently working on lightweight cryptography, a method which offers security with a minimal footprint for the smallest, cheapest ‘connected devices’ in our midst. From smart lights to smart cards; nowadays almost everything is connected to the internet. Be that as it may, the security of the entire system is often only as strong as its weakest link. The NIST is now holding a new competition, and Daemen is involved in two of the thirty-two entries that have made it to the final round. The finalists will be announced at the end of December, but it’s safe to say that Daemen has already made a major impact on the security world.

Photo of Joan Daemen: Bert Beelen/Topmost photo:  Pexels