Commerce secretary announces new standard for global information security

December 07, 2001

Secretary of Commerce Don Evans announced December 4, 2001, the approval of a new information technology encryption standard for the federal government.

The Advanced Encryption Standard, or AES, also is expected to be used widely in the private sector to protect sensitive computerized information and financial transactions, benefiting millions of consumers and businesses.

"The AES will help the nation protect its critical information infrastructures and ensure privacy for personal information about individual Americans," said Evans. "It also will promote the President's efforts to provide secure electronic government services to our citizens."

Phillip J. Bond, under secretary of commerce for technology, noted that finalization of the standard will benefit many individuals and companies besides federal agencies. "The Secretary's approval means that the AES will now be available to provide the next generation of encryption protection for both government and industry, maintaining America's leadership in the Information Age. We are very pleased that AES development has been successfully completed," said Bond.

The new standard contains a sophisticated mathematical formula known as an algorithm. Algorithms are at the heart of computerized encryption systems, which can be used to encode all kinds of digital information, from electronic mail to the secret personal identification numbers, or PINs, that people use with bank teller machines.

The announcement marks the culmination of a four-year effort by computer scientists at the Commerce Department's National Institute of Standards and Technology to achieve a highly secure algorithm for the AES.

This was done through an international competition, starting in September 1997, in which researchers from 12 different countries submitted encryption algorithms. Fifteen candidate formulas chosen by NIST in August 1998 were "attacked" for vulnerabilities and intensely evaluated by the worldwide cryptographic community to ensure that they met the AES criteria.

After the field was narrowed down to five in April 1999, NIST asked for intensified attacks and scrutiny on the finalists. Evaluations of the encoding formulas examined factors such as security, speed and versatility.

The algorithm selected for the AES in October 2000 incorporates the Rijndael (pronounced Rhine-doll) encryption formula. Belgian cryptographers Joan Daemen (pronounced Yo-ahn Dah-mun) of Proton World International and Vincent Rijmen (pronounced Rye-mun) of Katholieke Universiteit Leuven developed Rijndael. Both men are highly regarded experts within the international cryptographic community. They have agreed that their algorithm may be used without royalty fees.

Each of the algorithms submitted for the AES competition was required to support key sizes of 128, 192 and 256 bits. For a 128-bit key size, there are approximately 340 undecillion (340 followed by 36 zeros) possible keys.

NIST and leading cryptographers from around the world found that all five finalist algorithms had a very high degree of security. Rijndael was selected because it had the best combination of security, performance, efficiency and flexibility. The specifications for the Rijndael algorithm have now been formally incorporated into Federal Information Processing Standard 197.

The AES has been designed to protect sensitive government information well into the 21st century. It will replace the aging Data Encryption Standard, which NIST adopted in 1977 as a Federal Information Processing Standard used by federal agencies to protect sensitive, unclassified information. DES and a variant called Triple DES are used widely in the private sector as well, especially in the financial services industry.

The effort to establish the AES reflects the dramatic transformation that cryptography has undergone in recent years. Just a few decades ago, the science of cryptography was an esoteric endeavor employed primarily by governments to protect state and military secrets. Today, millions of Americans use cryptography, often without knowing it. Most people who use automated teller machines have used cryptography because the secret PINs required by the machines are encrypted. Others use information encryption when they make a purchase over the Internet; their credit card numbers are encrypted when they place an order.

Hundreds of encryption products currently employ DES or Triple DES, and such systems have become almost ubiquitous in the financial services industry.

The Secretary's formal approval action follows a 2001 request for public comments on the draft AES.

Products implementing the AES are expected to be available shortly in the marketplace. NIST also is completing arrangements so that vendors can have their implementations of AES validated under the Cryptographic Module Validation Program, jointly led by NIST and the Government of Canada's Communications Security Establishment.

The CMVP provides security testing against the specifications of FIPS 140-2, Security Requirements for Cryptographic Modules and individual federally recognized algorithms. Validation helps ensure that the complex AES algorithm has been implemented correctly.
-end-
Private-sector accredited laboratories conduct this testing, which then is validated by NIST and CSE.

For more details see http://csrc.nist.gov/cryptval/. Detailed information about the development of the AES, and the standard itself, is available at NIST's web site at http://www.nist.gov/aes.

National Institute of Standards and Technology (NIST)

Related Algorithm Articles from Brightsurf:

CCNY & partners in quantum algorithm breakthrough
Researchers led by City College of New York physicist Pouyan Ghaemi report the development of a quantum algorithm with the potential to study a class of many-electron quantums system using quantum computers.

Machine learning algorithm could provide Soldiers feedback
A new machine learning algorithm, developed with Army funding, can isolate patterns in brain signals that relate to a specific behavior and then decode it, potentially providing Soldiers with behavioral-based feedback.

New algorithm predicts likelihood of acute kidney injury
In a recent study, a new algorithm outperformed the standard method for predicting which hospitalized patients will develop acute kidney injury.

New algorithm could unleash the power of quantum computers
A new algorithm that fast forwards simulations could bring greater use ability to current and near-term quantum computers, opening the way for applications to run past strict time limits that hamper many quantum calculations.

QUT algorithm could quash Twitter abuse of women
Online abuse targeting women, including threats of harm or sexual violence, has proliferated across all social media platforms but QUT researchers have developed a sophisticated statistical model to identify misogynistic content and help drum it out of the Twittersphere.

New learning algorithm should significantly expand the possible applications of AI
The e-prop learning method developed at Graz University of Technology forms the basis for drastically more energy-efficient hardware implementations of Artificial Intelligence.

Algorithm predicts risk for PTSD after traumatic injury
With high precision, a new algorithm predicts which patients treated for traumatic injuries in the emergency department will later develop posttraumatic stress disorder.

New algorithm uses artificial intelligence to help manage type 1 diabetes
Researchers and physicians at Oregon Health & Science University have designed a method to help people with type 1 diabetes better manage their glucose levels.

A new algorithm predicts the difficulty in fighting fire
The tool completes previous studies with new variables and could improve the ability to respond to forest fires.

New algorithm predicts optimal materials among all possible compounds
Skoltech researchers have offered a solution to the problem of searching for materials with required properties among all possible combinations of chemical elements.

Read More: Algorithm News and Algorithm Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.