The National Institute of Standards and Technology (NIST) used a set of criteria to evaluate the candidate ciphers for the Advanced Encryption Standard (AES). The final set of criteria, known as the Five Algorithm Finalists Criteria, consisted of the following:

• Security: The algorithm must demonstrate strong security against all known types of cryptographic attacks. It should withstand both mathematical and practical attacks, including differential and linear cryptanalysis, brute-force attacks, and related-key attacks.

• Efficiency: The algorithm should be computationally efficient, allowing for fast encryption and decryption operations. It should be suitable for implementation on various platforms, including both software and hardware.

• Implementation and Use: The algorithm should be easy to implement correctly and securely. It should not require excessive computational resources or complex programming techniques. The algorithm should be flexible and support a range of applications and environments.

• Intellectual Property: The algorithm should not be encumbered by any intellectual property restrictions or proprietary rights that would hinder its adoption or implementation as a standard.

• Analysis: The algorithm should have a strong mathematical foundation and extensive analysis by the cryptographic community. It should have undergone rigorous scrutiny, peer review, and public evaluation. The security claims of the algorithm should be well-founded and supported by the research community.

These criteria were used by NIST to assess the candidate algorithms for AES. After a comprehensive evaluation process that included public review and analysis, Rijndael was selected as the winner and became the Advanced Encryption Standard (AES) in 2001.