The DES is dead. The AES will take its place.
The Commerce Department announced on Tuesday that the federal government is replacing its aging Data Encryption Standard for securing sensitive unclassified information, first adopted in 1977, with a powerful new “Advanced Encryption Standard.” The standard is expected to be widely adopted by the private sector as well, especially in the financial services sector.
“The AES will help the nation protect its critical information infrastructures and ensure privacy for personal information about individual Americans,” said Commerce Secretary Don Evans, speaking at a meeting of the Business Software Alliance. “It also will promote the Presidents efforts to provide secure electronic government services to our citizens.”
The AES was produced through an international competition that began in September 1997 under the aegis of the Commerce Departments National Institute of Standards and Technology (NIST), in which researchers from 12 different countries submitted encryption algorithms.
NIST narrowed down the list of candidates to fifteen finalists in August of 1998, which were then subjected to a first round of attacks for weaknesses by the worldwide cryptographic community. Five semifinalists were chosen and attacked again in April of 1999.
While the Commerce Department praised all five finalists Tuesday for a high degree of security, it selected its finalist, based on the Rijndael encryption formula it said, for possessing the best combination of “security, performance, efficiency and flexibility.”
Belgian cryptographers Joan Daemen of Proton World International and Vincent Rijmen of Katholieke Universiteit Leuven developed the Rijndael algorithm. They have agreed that their algorithm may be used without royalty fees.
Each of the algorithms submitted for the AES competition was required to support key sizes of 128, 192 and 256 bits. For a 128-bit key size, there are approximately 340 undecillion (340 followed by 36 zeros) possible keys, said the Commerce Department.
The specifications for the Rijndael algorithm have now been formally incorporated into Federal Information Processing Standard 197, said the Commerce Department. The Department said it expects the standard to hold up well into the 21st century.