Secretary of Commerce Don Evans announced December 4, 2001, the approval of a new information technology encryption standard for the federal government.
The Advanced Encryption Standard, or AES, also is expected to be used widely in the private sector to protect sensitive computerized information and financial transactions, benefiting millions of consumers and businesses.
"The AES will help the nation protect its critical information infrastructures and ensure privacy for personal information about individual Americans," said Evans. "It also will promote the President's efforts to provide secure electronic government services to our citizens."
Phillip J. Bond, under secretary of commerce for technology, noted that finalization of the standard will benefit many individuals and companies besides federal agencies. "The Secretary's approval means that the AES will now be available to provide the next generation of encryption protection for both government and industry, maintaining America's leadership in the Information Age. We are very pleased that AES development has been successfully completed," said Bond.
The new standard contains a sophisticated mathematical formula known as an algorithm. Algorithms are at the heart of computerized encryption systems, which can be used to encode all kinds of digital information, from electronic mail to the secret personal identification numbers, or PINs, that people use with bank teller machines.
The announcement marks the culmination of a four-year effort by computer scientists at the Commerce Department's National Institute of Standards and Technology to achieve a highly secure algorithm for the AES.
This was done through an international competition, starting in September 1997, in which researchers from 12 different countries submitted encryption algorithms. Fifteen candidate formulas chosen by NIST in August 1998 were "attacked" for vulnerabilities and intensely evaluated by the worldwide cryptographic community to ensure that they met the AES criteria.
After the field was narrowed down to five in April 1999, NIST asked for intensified attacks and scrutiny on the finalists. Evaluations of the encoding formulas examined factors such as security, speed and versatility.
The algorithm selected for the AES in October 2000 incorporates the Rijndael (pronounced Rhine-doll) encryption formula. Belgian cryptographers Joan Daemen (pronounced Yo-ahn Dah-mun) of Proton World International and Vincent Rijmen (pronounced Rye-mun) of Katholieke Universiteit Leuven developed Rijndael. Both men are highly regarded experts within the international cryptographic community. They have agreed that their algorithm may be used without royalty fees.
Each of the algorithms submitted for the AES competition was required to support key sizes of 128, 192 and 256 bits. For a 128-bit key size, there are approximately 340 undecillion (340 followed by 36 zeros) possible keys.
NIST and leading cryptographers from around the world found that all five finalist algorithms had a very high degree of security. Rijndael was selected because it had the best combination of security, performance, efficiency and flexibility. The specifications for the Rijndael algorithm have now been formally incorporated into Federal Information Processing Standard 197.
The AES has been designed to protect sensitive government information well into the 21st century. It will replace the aging Data Encryption Standard, which NIST adopted in 1977 as a Federal Information Processing Standard used by federal agencies to protect sensitive, unclassified information. DES and a variant called Triple DES are used widely in the private sector as well, especially in the financial services industry.
The effort to establish the AES reflects the dramatic transformation that cryptography has undergone in recent years. Just a few decades ago, the science of cryptography was an esoteric endeavor employed primarily by governments to protect state and military secrets. Today, millions of Americans use cryptography, often without knowing it. Most people who use automated teller machines have used cryptography because the secret PINs required by the machines are encrypted. Others use information encryption when they make a purchase over the Internet; their credit card numbers are encrypted when they place an order.
Hundreds of encryption products currently employ DES or Triple DES, and such systems have become almost ubiquitous in the financial services industry.
The Secretary's formal approval action follows a 2001 request for public comments on the draft AES.
Products implementing the AES are expected to be available shortly in the marketplace. NIST also is completing arrangements so that vendors can have their implementations of AES validated under the Cryptographic Module Validation Program, jointly led by NIST and the Government of Canada's Communications Security Establishment.
The CMVP provides security testing against the specifications of FIPS 140-2, Security Requirements for Cryptographic Modules and individual federally recognized algorithms. Validation helps ensure that the complex AES algorithm has been implemented correctly.
Private-sector accredited laboratories conduct this testing, which then is validated by NIST and CSE.
For more details see http://csrc.nist.gov/cryptval/. Detailed information about the development of the AES, and the standard itself, is available at NIST's web site at http://www.nist.gov/aes.