M.Vincent Rijmen, co-auteur de l’Advanced Encryption Standard (AES) and Khaouja (Lte.ma).
The National School of Computer Science and Systems Analysis (ENSIAS), in partnership with the General Directorate of Information Systems Security (DGSSI), co-organized the 16th edition of the international conference AfricaCrypt on July 21–23, 2025, in Rabat. AfricaCrypt has established itself as a leading international scientific event in the fields of cryptology and information security, bringing together researchers, experts, and practitioners from around the world. LTE Magazine actively participated in this major event, notably by conducting an exclusive interview with Mr. Vincent Rijmen, professor at KU Leuven (Belgium) and the University of Bergen (Norway), a prominent figure in modern cryptography and co-designer of the AES algorithm, now the global standard for data encryption.
LTE MAGAZINE (LM): Despite constant advancements in cryptography, cyberattacks regularly target large companies. In your opinion, are these vulnerabilities mainly related to limitations in the cryptographic algorithms themselves, to their poor implementation, or do they stem more from broader cybersecurity gaps?
Vincent Rijmen (VR): In my opinion the advances in cryptography have been mostly mathematical in nature. The current algorithms are mathematically more secure than the previous ones. However, the correct use of cryptographic algorithms is still quite difficult for everyone except a few experts. We need more advances to make cryptography user-friendly. I compare this often to the advancements in automobiles. Throughout most of the 20th century, cars became bigger, faster, more economical, but not much easier to use. Only in the last decades, we see that car manufacturers try to make the driving experience easier. We see something similar with cryptography. Many attacks are based on human mistakes, but cryptography needs to be further developed in order to reduce or to avoid the possibility of mistakes.
LM : End-to-end encryption generally relies on mechanisms implemented at the transport layer (level 4) or sometimes at the presentation layer (level 6) of the OSI model. In your opinion, is this level of protection sufficient to ensure the confidentiality of communications in modern networks, especially against state or industrial threats?
VR : End-to-end encryption is the prefect way to protect secrecy and correctness of messages. However, in order to protect privacy and anonymity, or to avoid traffic analysis or other threats, we need also mechanisms implemented at lower layers of the stack.
LM : Could the widespread use of asymmetric encryption (with a key pair) in our digital exchanges, in your opinion, constitute a robust response to the current security challenges on the Internet? Or do its limitations (performance, key management, etc.) restrict its applicability?
VR : I am a symmetric-encryption person I think that asymmetric encryption has not been able to deliver most of its promises. In fact, this technology is most useful in some idealized anarchistic worldview without central authorities and where everyone has received a perfect education in all aspects of cryptography. This is not the world that we live in and hence asymmetric encryption is often a kind of solution for a problem that we don’t have. I think it would be an interesting research project to design a security system using symmetric cryptography only. By the way, symmetric cryptography can easily be made secure against quantum computers.
LM : You have often emphasized the need for rigorous cryptanalysis before any widespread adoption of post-quantum algorithms. Could you clarify what you mean by ‘thorough cryptanalysis’ in this context? And what do you see as the main risks of premature adoption?
VR : There is a boutade stating that the security of many cryptographic systems is based on the fact that most people would rather eat liver than do mathematics. This is certainly the case for many of the post-quantum algorithms. They often rely on advanced mathematical concepts that few people have a deep understanding of. This has been illustrated by a series of attacks on proposed post-quantum standards. In my opinion at this time it is good to prepare the infrastructure for a switch to some post-quantum algorithms, but it is too early to make the switch to any post-quantum algorithm.
LM : Given the current limitations of quantum cryptography based on entanglement, particularly distance and the lack of quantum amplifiers, do you think these technologies could actually replace classical cryptographic systems in large-scale exchanges one day?
VR : I think that we are still very far from that day. Note also that we probably won’t need quantum cryptography in order to be post-quantum secure.
LM : What are your current priority research areas in the field of cryptography or computer security?
VR : Since there is a renewed interest in the design of new block ciphers for specialized applications like Fully Homomorphic Encryption (FHE) and modern Zero-Knowledge (ZK) systems, or ciphers that are efficient on AI processors, I am looking again at the design of new block ciphers. I am also still interested in the development of new techniques to make secure implementations of cryptography (i.e., resistant against side-channel attacks).
LM : With the anticipated rise of quantum computing, some are proclaiming the end of cryptography as we know it. Do you share this view? Does cryptography still have a future in a quantum world?
VR : I don’t see cryptography losing importance. We’ll probably soon see the end of systems based on RSA, though.
LM : Finally, one last question related to the training of engineers, given that the AfricaCrypto 2025 event is held at an engineering school (ENSIAS Rabat Morocco): To become a recognized expert in cryptography, do you think it is essential to have advanced training in mathematics, computer science, or a combination of both? What skills are currently the most critical in this field?
VR : For post-quantum algorithms or FHE algorithms, one definitely needs advanced training in mathematics. For more application-oriented aspects, knowledge of computer science and a little electronics engineering is important. If one plans to work alone, then one must possess all these skills. Nowadays, most research happens in teams and one can split up the tasks. The most important is still the ability to “think like a hacker”, to be able to design a system that is not only secure against accidental faults, but also against people who deliberately try to cause malfunctioning.
LTE Magazine LTE MAGAZINE 2025
