A worldwide competition to develop a new encryption technique that can be used to protect computerized information ended today when Secretary of Commerce Norman Y. Mineta named the Rijndael data encryption formula as the winner of a three-year competition involving some of the world's leading cryptographers.
"Once final, this standard will serve as a critical computer security tool supporting the rapid growth of electronic commerce," Mineta said. "This is a very significant step toward creating a more secure digital economy. It will allow e-commerce and e-government to flourish safely, creating new opportunities for all Americans," he said.
Computer scientists at the National Institute of Standards and Technology, an agency of the Commerce Department's Technology Administration, organized the international competition in a drive to develop a strong information encryption formula to protect sensitive information in federal computer systems. Many businesses are expected to use the AES as well.
The proposed selection of Rijndael as the AES will be formally announced in the Federal Register in several months, and NIST then will receive public comments on the draft Federal Information Processing Standard for 90 days.
Researchers from 12 different countries worked on developing advanced encoding methods during the global competition.
NIST invited the worldwide cryptographic community to "attack" the encryption formulas in an effort to break the codes.
After narrowing the field down from 15 formulas to five, NIST invited cryptographers to intensify their attacks on the finalists. The agency and the world cryptographic community also evaluated the encoding formulas for factors such as security, speed and versatility.
The Rijndael developers are Belgian cryptographers Joan Daemen (pronounced Yo'-ahn Dah'-mun) of Proton World International and Vincent Rijmen (pronounced Rye'-mun) of Katholieke Universiteit Leuven. Both are highly regarded experts within the international cryptographic community.
NIST organized and managed the competition with considerable private-sector cooperation.
The competing AES candidates were sophisticated mathematical formulas called algorithms. Algorithms are at the heart of computerized encryption systems, which encode everything from electronic mail to the secret personal identification numbers, or PINs, that people use with bank teller machines.
When approved, the AES will be a public algorithm designed to protect sensitive government information well into the 21st century. It will replace the aging Data Encryption Standard, which NIST adopted in 1977 as a Federal Information Processing Standard used by federal agencies to protect sensitive, unclassified information.
DES and a variant called Triple DES are used widely in the private sector as well, especially in the financial services industry.
The effort to establish the AES reflects the dramatic transformation that cryptography has undergone in recent years.
Just a few decades ago the science of cryptography was an esoteric endeavor employed primarily by governments to protect state and military secrets. Today, millions of Americans use cryptography, often without knowing it. Most people who use automated teller machines have used cryptography because the secret PINs required by the machines are encrypted before being sent to a computer that makes sure the number matches the card.
Others use information encryption when they make a purchase over the Internet. Their credit card numbers are encrypted when they place an order.
Hundreds of encryption products currently employ DES or Triple DES, and such systems have become almost ubiquitous in the financial services industry. Consequently, the selection of the AES may affect millions of consumers and businesses.
NIST requested proposals for the AES on Sept. 12, 1997, and a variety of organizations around the world responded with enthusiasm. Each of the candidate algorithms was required to support key sizes of 128, 192 and 256 bits. For a 128-bit key size, there are approximately 340,000,000,000,000,000,000,000,000,000,000, 000,000 (340 followed by 36 zeros) possible keys.
NIST evaluated the candidate algorithms and received invaluable assistance from cryptographers at computer security companies and universities around the world. Good security was the primary quality required of the winning formula, but factors such as speed and versatility across a variety of computer platforms also were considered. In other words, the algorithms must be able to run securely and efficiently on large computers, desktop computers and even small devices such as smart cards.
NIST and leading cryptographers from around the world found that all five finalist algorithms had a very high degree of security. Rijndael was selected because it had the best combination of security, performance, efficiency, implementability and flexibility.
The AES competition was organized by computer scientists in NIST's Information Technology Laboratory. A lengthy technical analysis of the AES candidates is being posted on NIST's web site today at www.nist.gov/aes.
After the public comment period, NIST will revise the proposed standard—if appropriate—and submit it to the Secretary of Commerce for adoption as an official federal standard. This process is expected to be complete by the spring of 2001.