After a three-year worldwide competition, the U.S. Department of Commerce this week announced that an encryption algorithm from Belgium has been proposed as the new Advanced Encryption Standard (AES) for the U.S.
The competition, which involved some of the world's leading cryptographers from 12 countries, was organized by the National Institute of Standards and Technology (NIST), an agency of the Commerce Department's Technology Administration. After a 90-day period for public comment, NIST will revise the proposed standard, if necessary, and submit it to the commerce secretary for adoption. The process is expected to be completed by spring.
While the proposed algorithm - called Rijndael - is intended to protect sensitive information in federal computer systems, it's expected to be adopted widely by the private sector, especially in the financial services industry.
Gen Rao, vice president of the eSpace Security Center at The Chase Manhattan Bank in New York, said the bank "is poised to implement, over time, through a network of the bank's new security product vendors, the NIST's new AES, which will bring about increased security, performance and flexibility."
Mark Bouchard, an analyst at Meta Group Inc. in Stamford, Conn., noted in the company's online newsletter that he expects the Rijndael algorithm to ultimately displace the Data Encryption Standard (DES) for both government and business applications. But he advised against adopting prestandard versions of the AES because they could pose potential interoperability problems. According to Bouchard, a fast switch to the new algorithm isn't warranted, "given continued suitability/strength of Triple DES."
Algorithms are mathematical formulas that form the central component of computer encryption systems used to secure e-mail, e-commerce transactions and other sensitive data. The AES will replace DES, which NIST adopted in 1977 to protect sensitive, unclassified information. A more secure variant of DES, called Triple DES, is now widely used in the private sector.
Rijndael was developed by Belgian cryptographers Joan Daemen at Proton World International and Vincent Rijmen at Katholieke Universiteit Leuven (Catholic University of Leuven).
Each candidate algorithm was required to support key sizes of 128, 192 and 256 bits. They were evaluated for the strength of their security, as well as for their speed and versatility across a variety of computer platforms.
According to NIST, Rijndael was selected because it had the best combination of security, efficiency, implementability and flexibility. A technical analysis of the AES candidates is posted on NIST's Web site.
"Rijndael showed exceptional performance on most platforms and has low memory requirements," said NIST director Raymond G. Kammer. He said development kits for the AES were expected to be available this week.
Kammer said analysis found that none of the algorithms under consideration had intellectual-property conflicts. Developers submitting algorithms for review were required to provide the algorithms free of royalty payments. Developers of the algorithms receive no remuneration for their work.
During the selection process, some evaluators suggested that two algorithms be selected as the AES. Kammer said that idea was rejected as impractical. He cautioned that encryption algorithms have limited life spans. "If Moore's Law continues and quantum computing does not manifest itself, this should have about a 30-year run," he said.