Paul Koning wrote:
At 10:45 PM 7/8/98 +0100, Adam Back wrote:
This is necessary because for new algorithms, or new features etc.,
there may well be multiple proposals for the same algorithm. So
allocating #12 to the succesful AES candidate is in itself useless,
because there may be 2 or 3 incompatible implementations.
There's something odd about that.
If there is one AES but 2 incompatible implementations, then either
the standard is broken, or (at least) one implementation is. If the
standard is correctly specified, then implementations will be
compatible.
So it seems to me reasonable to assign a number to "AES" on the
assumption that the definers of AES will do their job properly.
While I agree that implementations of the same algorithm must
give the same results, there's still a reason for multiple numbers:
AES is defined by NIST to allow different key sizes: 128 bits,
192 bits, and 256 bits. I suppose we could standardize on the
256-bit version, just for definiteness, but perhaps it makes sense
to allow for all three expected standard sizes.
Jim Gillogly