SoK: Rijndael-256

Most symmetric modes of encryption that rely on PRP primitives are limited by the birthday bound over the block size (can’t encrypt more than $2^{n/2}$ blocks). This could be a severe limitation if current block width of 128 is used (can’t encrypt more than $2^{64}$ blocks) for cloud systems that transact a large amount of data. This limitation can be overcome by either realizing a mode of encryption based on a PRF (that doesn’t suffer from the birthday bound) or by using a wider block cipher li