Experts approve of new encryption standard
Experts approve of new encryption standard
By William Jackson
The selection of the Rijndael algorithm as the heir apparent to the government's Data Encryption Standard has gotten good reviews from cryptographic experts.
They praised the National Institute of Standards and Technology's open process in selecting the new Advanced Encryption Standard, as well as Rijndael's compact size, speed and flexibility.
'NIST's AES effort has broken the mold in terms of collaboration with the cryptographic community,' said Susan Langford, senior cryptologic engineer at Certicom Corp. of Hayward, Calif.
A three-year public examination of the code is likely to encourage public acceptance of AES, Langford said.
'Rijndael is already widely acknowledged as a sensible balance of security and efficiency,' she said.
'The extensive scrutiny of the AES evaluation procedure has helped instill confidence in the security of Rijndael,' said Bruno Couillard, chief technology officer of Chrysalis-ITS Inc. of Ottawa.
Companies began announcing security products using the new algorithm within hours of the NIST announcement early this month, although it will take several more months before Rijndael becomes a new Federal Information Processing Standard.Not required
Commerce Secretary Norman Y. Mineta announced selection of Rijndael Oct. 2, but formal notice in the Federal Register probably will not appear until November. A 90-day public comment period will follow. After NIST makes any necessary changes to the algorithm, it will be submitted to the Commerce secretary as a FIPS. Final approval is expected by spring.
Although AES will be authorized for government unclassified use, agencies will not be required to use it. DES is now approved only on legacy systems, but Triple DES will remain an approved algorithm for the foreseeable future, NIST officials said.
DES, the government standard for encrypting sensitive but unclassified information since 1977, has seen wide use in government and commercial applications. By the late 1990s, however, the algorithm's 56-bit encryption keys had become inadequate. NIST issued a call for what would become AES in September 1997 and received 15 submissions. It invited encryption users to attack the formulas, then narrowed the field to five finalists and conducted a second round of tests.
Although security was the primary criterion for AES, NIST also considered speed and versatility.
'All five algorithms appear to have adequate security,' the NIST final report said. Rijndael also was a consistently good performer across a range of hardware and software computing platforms, it said.
Researchers from 12 countries worked on the AES candidates. Belgian cryptographers Joan Daemen and Vincent Rijmen developed Rijndael. Because their complete specifications have been available to NIST for study for more than two years, government officials have said the algorithm's foreign origin is not a concern.
Some industry observers believe the fact that Rijndael was developed outside the United States could speed the standard's adoption outside government. Its Belgian origin might squelch fear of back doors being built into the algorithm by the U.S. government, they have said.
Rijndael, like DES, is a symmetric algorithm that uses the same key to encrypt and decrypt data. This speeds up encryption but requires transmitting the secret key to the receiver of the message.
Symmetric cryptography can be used with public-private key systems. The secret key needed to decrypt a message can itself be encoded using a public-private key pair.
The small amount of memory Rijndael needs could make it convenient for the rapidly expanding mobile computing market, dominated by handheld devices with limited memory capacity. Despite its small size, NIST officials said, Rijndael packs a lot of security.
AES must generate 128-, 192- and 256-bit keys, making the number of possible keys astronomical.
A DES cracker developed in the late 1990s could recover a 56-bit DES encryption key in several hours. NIST estimates that if a computer could crack a DES key in one second, the same computer would take about 149 trillion years to crack a 128-bit AES key.
NIST does not claim Rijndael is unbreakable. But 'even with future advances in technology, AES has the potential to remain secure well beyond 20 years,' the NIST report said.