The Frontiers of Knowledge Award goes to Joan Daemen and Vincent Rijmen for designing the cryptographic system that protects the security of electronic devices and digital connections worldwide

In 1997, the two Belgian researchers created an algorithm they called Rijndael, a portmanteau of their names, which not long after – in 2001 in the U.S. and 2005 elsewhere – would become the international standard used to safeguard the security and privacy of websites, laptops, mobile phones, Wi-Fi connections, digital messaging systems, bank cards, and cloud data storage, among numerous other applications. So much so, says the committee, that over the last quarter century, the cryptographic system they devised “has become an intrinsic part of everyday life.”

Thanks to this algorithm, based on “profound research on the mathematical and algorithmic foundations of cryptography,” as the committee describes it, “our money stays in our bank accounts, our medical records remain private, and our messages only reach the people we intend.”

Cryptography, it continues, “forms the backbone of trust in the digital world. It ensures information confidentiality, integrity, and authenticity in everything from personal messages and credit card transactions to global financial systems. Indeed without this foundational technology “we would lose trusted digital identities, cloud services and connected devices, and, effectively, would no longer have a modern society.”

The committee also highlighted Daemen and Rijmen’s “critical” decision “to leave their algorithm freely open-source, which enabled not only global standardization but also transparency in the cryptographic community – it is taught in every computer security course worldwide and can be examined for vulnerabilities.”

Their contribution stands as “a prime example of how fundamental theory can lead to a world-changing technology and to practical applications affecting billions of people.”

For Ron Ho, Corporate Vice President of R&D Hardware at Lattice Semiconductor (United States) and selection committee secretary, the continued global prevalence of the awardees’ cryptographic system “is a testament to the scientific rigor, the openness, the transparency of that algorithm and it really has underpinned everything we do today as an interconnected society. Every time you visit a website, every time you buy something, every time you go to a doctor, you’re using these core underlying principles. So I think it’s been very important to all of us.”

Committee member Joos Vandewalle, Emeritus Professor in the Department of Electrical Engineering at KU Leuven (Belgium) and an expert in cryptography, insists that the Rijndael algorithm “has withstood 25 years of attacks by famous researchers” trying to identify its weak points. “If you want to make a name in cryptography, you try to break the advanced encryption standards,” he explains. “But so far it hasn’t happened, and there are good prospects that it will not happen in the near-term future.”

Javier López, Professor of Cybersecurity at the University of Málaga takes up this last point, insisting that in 25 years, “not one has managed to seriously weaken” the algorithm created by the two awardees, which, “as well as being secure, is fast, highly versatile, and flexible, because it supports the use of variable key lengths, so can be adapted to different security levels.” Professor López, who coincided with Rijmen at Graz University of Technology (Austria) and invited him to speak at a 2024 cryptography congress in Málaga, sees the winning contribution as testifying to the strength of the European cryptographic community: “Europe may be trailing behind in other areas of technology but not in this one, where the true potential lies in researchers’ conceptual ingenuity.”

A competition to find the fastest, most secure algorithm

By the 1990s, when Daemen and Rijmen were starting out in research, the way confidential data was encrypted was looking increasingly flawed. After 20 years, the DES algorithm recommended by the National Institute of Standards and Technology (NIST) – the body that regulates cybersecurity in the U.S. – was becoming too insecure to do its work. The NIST launched a competition to find a new, faster and more secure algorithm that would become the new international standard. The submission deadline was tight, but “Joan [Daemen] and I were lucky,” Rijmen recalls, “because our PhDs had been exactly on that topic.”

Their doctoral theses had dealt with mathematical aspects of cryptology that could be applied directly to developing a better encryption algorithm. So the NIST call was the chance to make the translation from math to practical usability. Like all its competitors, the algorithm they submitted under the name Rijndael was subjected to years of attacks by the entire research community in order to test its security. Rijndael emerged triumphant and in 2001 was adopted as the U.S. standard – the Advanced Encryption Standard or AES – for data encryption. Four years later, it became the international standard and remains so to this day.

“Compared to other competitors – Rijmen continues – we had a very good mathematical reasoning behind us, whereas other people had just a few months to design a whole algorithm from scratch. So we had a little bit of luck, though, as they say, luck comes to those who are prepared to use it. And we were prepared.”

The Rijndael algorithm: secure, fast and mathematically elegant

The Rijndael algorithm is used to encrypt data, that is, to transform a message readable by anyone into a string of seemingly random and therefore incomprehensible characters. To achieve this, fragments of the original message are replaced with new ones using mathematical operations that dictate how to perform this substitution – which also relies for both its encryption and decryption on a key known only to the sender and the intended recipient.

For an encryption algorithm or cipher to be useful, it must firstly be secure, such that the message cannot possibly be encrypted or decrypted without knowledge of the key. But the fact that it will be in constant use means it must also run fast on any device. The Rijndael algorithm satisfies both these conditions. Not only that, to achieve an even higher speed, it is commonly integrated into the chips of the devices that protect our data and communications on a daily basis, be they computers, mobile phones, Wi-Fi access points or even remote-controlled doors and windows.

The fact that the cipher is everywhere is, in Daemen’s view, not without its downside, as it makes it harder to envisage switching to another encryption system. “As a researcher I hate that, because it could hold back scientific progress. But, of course, as a Rijndael co-author I’m more than happy.” In fact, he takes far more pride in the algorithm’s mathematical elegance than its eventual success. “It’s a beautiful algorithm, with a lot of symmetry. That’s what I’m trying to build in all my work: simplicity, symmetry and beauty, a little like Escher, who strove to draw something beautiful with a lot of symmetry, and made some amazing creations.”

Collective effort, the key to success in cryptography

In the data age, there is no denying the algorithm’s importance for society. “When people first got computers,” Rijmen reflects, “they used them essentially as typewriters. But then they started connecting to the internet, and suddenly everyone could access your machine. So to deal with that, security became all-important. As a result, the idea now is that it’s better to have one international standard whose security we can all check, rather than a multitude of standards where the effort is diluted. Our standard happens to be the one. And the reason it’s now used so heavily is that we rely more and more on digital data.”

Until the 1970s, information security was mainly of concern to the military and secret services, and it was only with the proliferation of electronic communications that a community of people came together dedicated to cryptography research. “That was when the field began to progress – says Daemen – because you had a community that shared ideas. Some people would propose something and others would break it, and the results just got better and better.”

This tradition has endured and, in Daemen’s view, has helped nurture a better understanding of cryptography: “Before you had all these isolated islands, with each country’s secret service developing their own tools. With that setup a lot of errors got repeated, whereas with one community you see that much less. Now, of course, the community has grown a lot and it’s impossible to read all the papers that appear. So there is a bit of fragmentation, but still things are far better than in the old days.”

It is precisely this concerted effort by a large community that has allowed the Rijndael algorithm to retain its potency. Much of this success owes to the lessons learned as the previous standard fell into obsolescence, helped by the fact that it was the first whose details were made open to the public. Significantly, it had become the standard before ever being used in practice, and vulnerabilities soon appeared. As Rijmen explains, “sometimes you think you have a good idea and mathematically it works. But then people start using it and you realize there are some things you haven’t thought of. That’s what happened with the old standard, and we were able to use that experience to make something better.”

How to protect ourselves against new attacks in the quantum era

The winning algorithm has successfully resisted attacks from a sufficiently powerful quantum computer. Although the proximity of this threat is a matter of debate, the NIST specifications of the 1990s provided margin enough for the AES to withstand any attempt to break it. What will need to change, the laureates concur, is the public key cryptography used, for instance, in electronic signatures. Following a new NIST contest, three standards were chosen in 2024 that will also protect this side of things against quantum attacks.

The awardees are currently focused on perfecting the security of the devices that run their algorithm. “The AES is defined on a mathematical level and can be shown to be unbreakable,” says Rijmen. “But mathematical operations are performed on computers or chips that use a bit of power and heat up a little each time the algorithm executes. All these signals (the power used, the heat emitted) betray a bit of what is happening inside the chip in question, and if you can measure all these things, you gain an insight into the mathematical function which makes it a bit easier to break.” To protect devices against this type of attack, the laureate is looking at ways to make sure that the computation time, the power consumed, the heat emitted and any other factor that might offer unwanted clues are the same each time – or, at least, that any small variations do not allow an attacker to derive the secret encryption key.

Daemen, meantime, is working on how to cut down cipher power consumption, vital to ensuring proper functioning in ever smaller devices. “With the data explosion we have nowadays, if you want to encrypt terabytes of data per second, you need to reduce the amount of heat produced. But for the low end, you also want low energy consumption in battery powered devices, so the charge lasts a long time.” He uses the example of a pacemaker to illustrate this point: “You want to have your pacemaker communicate with the outside world, but it also has to have some cryptographic protection so no one can hack it at a distance.”

Laureate bio notes

Joan Daemen (Achel, Limburg, Belgium, 1965) qualified as a Civil Engineer, Electronics at KU Leuven (Belgium), before going on to earn a PhD with the Computer Security and Industrial Cryptography (COSIC) research group at the same university in 1995. After a brief period at pharmaceuticals firm Janssen, he switched track to security engineering and architecture, firstly at Bacob Bank (1996) and then at Banksys (1996-1998), Proton World (1998-2003), and STMicroelectronics (2003-2018), where he was principal cryptographer. In 2015, he joined Radboud University (Nijmegen, The Netherlands) as Professor of Symmetric Cryptography in the Digital Security Group, which he has headed since 2019. His recent work includes the ESCADA project on the foundations of security in symmetric cryptography, funded with an ERC advanced grant, and the SCALAR project looking at the design of symmetric crypto optimally exploiting available multipliers, funded with a TOP Grant from the Dutch Research Council (NWO). Daemen will co-chair the scientific program of Eurocrypt 2026.

Vincent Rijmen (Leuven, Belgium, 1970), holds an electronics engineering degree from KU Leuven. He obtained his PhD in 1997 while studying with the Computer Security and Industrial Cryptography group (COSIC) in the same university’s Department of Electrical Engineering (ESAT), and continued to research there until 2001, when he moved to Graz University of Technology (Austria) to take up an appointment as Professor of Applied Cryptology. In 2007, he returned to KU Leuven, where he is currently a full professor attached to COSIC and the ESAT Department Chair, combining these positions with that of Adjunct Professor at the Selmer Center for Secure Communication at the University of Bergen (Norway). He has authored some 280 publications including three books, and is Editor-in-Chief of the Journal of Cryptology as well as a past editor of Information Processing Letters, IET Information Security, and Designs, Codes and Cryptography. Program Co-Chair at Eurocrypt 2018 and 2019 and other international conferences, he also served as Program Director on KU Leuven’s Master in Electrical Engineering. Among other distinctions, he is a Fellow of the Institute of Electrical and Electronics Engineers (IEEE) and the International Association for Cryptologic Research.

Nominators

A total of 38 nominations (36 candidates) were received in this edition. The awardee researchers were nominated by Michel Abdalla, Senior Research Scientist at Nexus, Senior Researcher at CNRS, and President of the International Association for Cryptologic Research (United States); Lejla Batina, Professor of Digital Security at Radboud University (The Netherlands); Guido Bertoni, the CEO of Security Pattern (Italy); Claude Carlet, Professor Emeritus of Mathematics at the University of Paris 8 (France); Tor Helleseth, Professor Emeritus in the Department of Informatics at the University of Bergen (Norway); Seth Hoffert, Software Development Engineer, Advisor II (United States); Bart Jacobs, Professor of Security, Privacy and Identity at Radboud University (The Netherlands); Yves Moulart, Director of the Software Design Center at STMicroelectronics (Belgium); Michaël Peeters, Senior Principal Security Engineer at STMicroelectronics (Belgium); Bart Preneel, Professor of Computer Security and Industrial Cryptography at KU Leuven (Belgium); Gilles Van Assche, Senior Principal Cryptographer at STMicroelectronics (Belgium); and Ronny Van Keer, Software Design Principal Engineer at STMicroelectronics (Belgium).

Information and Communication Technologies committee and evaluation support panel

The committee in this category was chaired by Oussama Khatib, Professor of Computer Science and Director of the Robotics Center at Stanford University (United States), with Ron Ho, Corporate Vice President, R&D Hardware at Lattice Semiconductor (United States) acting as secretary. Remaining members were Regina Barzilay, School of Engineering Distinguished Professor for AI and Health at the Massachusetts Institute of Technology (United States) and MacArthur Fellow; Georg Gottlob, Professor of Informatics at the University of Calabria (Italy) and Emeritus Professor of Informatics at the University of Oxford (United Kingdom); Rudolf Kruse, Emeritus Professor in the Faculty of Computer Science at Otto von Guericke University Magdeburg (Germany); Mario Piattini, Professor of Computer Languages and Systems at the University of Castilla-La Mancha (Spain); Daniela Rus, Director of the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (United States); Bernhard Schölkopf, Scientific Director of the ELLIS Institute Tübingen and Director of the Empirical Inference Department at the Max Planck Institute for Intelligent Systems (Germany); and Joos Vandewalle, Honorary President of the Royal Flemish Academy of Belgium for Science and the Arts and Emeritus Professor in the Department of Electrical Engineering (ESAT) at KU Leuven (Belgium).

The evaluation support panel was coordinated by Elena Cartea, Deputy Vice-President for Scientific-Technical Areas at the Spanish National Research Council (CSIC) and José Javier Ramasco Sukia, Research Professor at the Institute for Interdisciplinary Physics and Complex Systems (IFISC, CSIC-UIB), and formed by Luis Fonseca Chácharo, Research Professor and Director at the Institute of Microelectronics of Barcelona (IMB-CNM, CSIC); Alberto Ibáñez Rodríguez, Tenured Scientist at the Leonardo Torres Quevedo Institute of Physical and Information Technologies (ITEFI, CSIC); Felip Manyà Serres, Scientific Researcher and Vice-Director at the Artificial Intelligence Research Institute (IIIA, CSIC); and Teresa Serrano Gotarredona, Research Professor and Director of the Seville Institute of Microelectronics (IMSE-CNM, CSIC).