A worldwide competition to develop a new encryption technique
that can be used to protect computerized information ended today
when Secretary of Commerce Norman Y. Mineta announced the nation's
proposed new Advanced Encryption Standard.
Mineta named the Rijndael (pronounced Rhine-doll) data encryption
formula as the winner of a three-year competition involving
some of the world's leading cryptographers.
"Once final, this standard will serve as a critical computer
security tool supporting the rapid growth of electronic commerce,"
Mineta said. "This is a very significant step toward creating
a more secure digital economy. It will allow e-commerce and
e-government to flourish safely, creating new opportunities
for all Americans," he said.
Computer scientists at the National
Institute of Standards and Technology, an agency of the
organized the international competition in a drive to develop
a strong information encryption formula to protect sensitive
information in federal computer systems. Many businesses are
expected to use the AES as well.
The proposed selection of Rijndael as the AES will be formally
announced in the Federal Register in several months, and NIST
then will receive public comments on the draft Federal Information
Processing Standard for 90 days.
Researchers from 12 different countries worked on developing
advanced encoding methods during the global competition.
NIST invited the worldwide cryptographic community to "attack"
the encryption formulas in an effort to break the codes.
After narrowing the field down from 15 formulas to five, NIST
invited cryptographers to intensify their attacks on the finalists.
The agency and the world cryptographic community also evaluated
the encoding formulas for factors such as security, speed and
The Rijndael developers are Belgian cryptographers Joan Daemen
(pronounced Yo'-ahn Dah'-mun) of Proton World International
and Vincent Rijmen (pronounced Rye'-mun) of Katholieke Universiteit
Leuven. Both are highly regarded experts within the international
NIST organized and managed the competition with considerable
The competing AES candidates were sophisticated mathematical
formulas called algorithms. Algorithms are at the heart of computerized
encryption systems, which encode everything from electronic
mail to the secret personal identification numbers, or PINs,
that people use with bank teller machines.
When approved, the AES will be a public algorithm designed
to protect sensitive government information well into the 21st
century. It will replace the aging Data Encryption Standard,
which NIST adopted in 1977 as a Federal Information Processing
Standard used by federal agencies to protect sensitive, unclassified
DES and a variant called Triple DES are used widely in the
private sector as well, especially in the financial services
The effort to establish the AES reflects the dramatic transformation
that cryptography has undergone in recent years.
Just a few decades ago the science of cryptography was an
esoteric endeavor employed primarily by governments to protect
state and military secrets. Today, millions of Americans use
cryptography, often without knowing it. Most people who use
automated teller machines have used cryptography because the
secret PINs required by the machines are encrypted before being
sent to a computer that makes sure the number matches the card.
Others use information encryption when they make a purchase
over the Internet. Their credit card numbers are encrypted when
they place an order.
Hundreds of encryption products currently employ DES or Triple
DES, and such systems have become almost ubiquitous in the financial
services industry. Consequently, the selection of the AES may
affect millions of consumers and businesses.
NIST requested proposals for the AES on Sept. 12, 1997, and
a variety of organizations around the world responded with enthusiasm.
Each of the candidate algorithms was required to support key
sizes of 128, 192 and 256 bits. For a 128-bit key size, there
are approximately 340,000,000,000,000,000,000,000,000,000,000,
000,000 (340 followed by 36 zeros) possible keys.
NIST evaluated the candidate algorithms and received invaluable
assistance from cryptographers at computer security companies
and universities around the world. Good security was the primary
quality required of the winning formula, but factors such as
speed and versatility across a variety of computer platforms
also were considered. In other words, the algorithms must be
able to run securely and efficiently on large computers, desktop
computers and even small devices such as smart cards.
NIST and leading cryptographers from around the world found
that all five finalist algorithms had a very high degree of
security. Rijndael was selected because it had the best combination
of security, performance, efficiency, implementability and flexibility.
The AES competition was organized by computer scientists in
NIST's Information Technology Laboratory. A lengthy technical
analysis of the AES candidates is being posted on NIST's web
site today at www.nist.gov/aes.
After the public comment period, NIST will revise the proposed
standardif appropriateand submit it to the Secretary
of Commerce for adoption as an official federal standard. This
process is expected to be complete by the spring of 2001.
Press contacts for the Rijndael team:
Tel: +32 2 724 55 08, Fax: +32 2 724 50 60
Tel: +32 16 32 18 62, Fax: +32 16 32 19 86
As a non-regulatory agency of the U.S. Department of Commerce's
Administration, NIST strengthens the U.S. economy and improves
the quality of life by
working with industry to develop and apply technology, measurements
and standards through four partnerships: the Measurement and
Standards Laboratories, the Advanced Technology Program, the
Manufacturing Extension Partnership and the Baldrige National
- 30 -
For more information about NIST, see our web site at www.ta.nist.gov.