Group theoretic properties of Rijndael-like ciphers

We provide conditions for which the round functions of an ℓℓ-bit Rijndael-like block cipher generate the alternating group on the set {0,1}ℓ{0,1}ℓ. These conditions show that the class of Rijndael-like ciphers whose round functions generate the alternating group on their message space is large, and includes both the actual Rijndael and the block cipher used by the compression function of the Whirlpool hash function. The result indicates that there is no trapdoor design for a Rijndael-like cipher based on the imprimitivity of the group action of its proper round functions which is difficult to detect.