The

Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a varian ...

(AES), the symmetric block cipher ratified as a standard by

National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...

of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES. A new standard was needed primarily because DES has a relatively small 56-bit key which was becoming vulnerable to

brute-force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correc ...

s. In addition, the DES was designed primarily for hardware and is relatively slow when implemented in software. While Triple-DES avoids the problem of a small key size, it is very slow even in hardware, it is unsuitable for limited-resource platforms, and it may be affected by potential security issues connected with the (today comparatively small) block size of 64 bits.

Start of the process

On January 2, 1997, NIST announced that they wished to choose a successor to DES to be known as AES. Like DES, this was to be "an unclassified, publicly disclosed encryption algorithm capable of protecting sensitive government information well into the next century." However, rather than simply publishing a successor, NIST asked for input from interested parties on how the successor should be chosen. Interest from the open cryptographic community was immediately intense, and NIST received a great many submissions during the three-month comment period. The result of this feedback was a call for new algorithms on September 12, 1997. The algorithms were all to be block ciphers, supporting a block size of 128 bits and key sizes of 128, 192, and 256 bits. Such ciphers were rare at the time of the announcement; the best known was probably

Square In Euclidean geometry, a square is a regular quadrilateral, which means that it has four equal sides and four equal angles (90- degree angles, π/2 radian angles, or right angles). It can also be defined as a rectangle with two equal-length a ...

Rounds one and two

In the nine months that followed, fifteen designs were created and submitted from several countries. They were, in alphabetical order: CAST-256, CRYPTON, DEAL, DFC, E2,

FROG A frog is any member of a diverse and largely carnivorous group of short-bodied, tailless amphibians composing the order Anura (ανοὐρά, literally ''without tail'' in Ancient Greek). The oldest fossil "proto-frog" ''Triadobatrachus'' is ...

, HPC,

LOKI97 In cryptography, LOKI97 is a block cipher which was a candidate in the Advanced Encryption Standard competition. It is a member of the LOKI family of ciphers, with earlier instances being LOKI89 and LOKI91. LOKI97 was designed by Lawrie Brown, ...

MAGENTA Magenta () is a color that is variously defined as pinkish- purplish- red, reddish-purplish-pink or mauvish-crimson. On color wheels of the RGB (additive) and CMY (subtractive) color models, it is located exactly midway between red and blu ...

MARS Mars is the fourth planet from the Sun and the second-smallest planet in the Solar System, only being larger than Mercury. In the English language, Mars is named for the Roman god of war. Mars is a terrestrial planet with a thin at ...

RC6 In cryptography, RC6 (Rivest cipher 6) is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. ...

, Rijndael, SAFER+, Serpent, and Twofish. In the ensuing debate, many advantages and disadvantages of the candidates were investigated by cryptographers; they were assessed not only on security, but also on performance in a variety of settings (PCs of various architectures, smart cards, hardware implementations) and on their feasibility in limited environments (smart cards with very limited memory, low gate count implementations, FPGAs). Some designs fell due to cryptanalysis that ranged from minor flaws to significant attacks, while others lost favour due to poor performance in various environments or through having little to offer over other candidates. NIST held two conferences to discuss the submissions (AES1, August 1998 and AES2, March 1999), and in August 1999 they announced that they were narrowing the field from fifteen to five:

, Rijndael, Serpent, and Twofish. All five algorithms, commonly referred to as "AES finalists", were designed by cryptographers considered well-known and respected in the community. The AES2 conference votes were as follows: * Rijndael: 86 positive, 10 negative * Serpent: 59 positive, 7 negative * Twofish: 31 positive, 21 negative *

: 23 positive, 37 negative *

: 13 positive, 84 negative A further round of intense analysis and cryptanalysis followed, culminating in the AES3 conference in April 2000, at which a representative of each of the final five teams made a presentation arguing why their design should be chosen as the AES.

Selection of the winner

On October 2, 2000, NIST announced that Rijndael had been selected as the proposed AES and started the process of making it the official standard by publishing an announcement in the Federal Register on February 28, 2001 for the draft FIPS to solicit comments. On November 26, 2001, NIST announced that AES was approved as FIPS PUB 197. NIST won praises from the cryptographic community for the openness and care with which they ran the standards process.

Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...

, one of the authors of the losing Twofish algorithm, wrote after the competition was over that "I have nothing but good things to say about NIST and the AES process."

References

External links

A historical overview of the process
can be found on NIST's website. *On the sci.crypt newsgroup, there are extensive discussions about the AES process. {{Cryptography navbox, block Cryptography contests History of cryptography Advanced Encryption Standard National Institute of Standards and Technology

Start of the process

Rounds one and two

Selection of the winner

See also

References

External links