Advanced Encryption Standard (AES)
ADVANCED ENCRYPTION STANDARD (AES)
The Advanced Encryption Standard (AES) is the U.S. government-sponsored, data-coding, algorithmic system designed to protect electronic information on hardware and software from security breaches. By providing a basic framework for coding and scrambling sensitive information, AES facilitates easy electronic data sharing and protection across a wide variety of platforms as well as across borders.
The predecessor to AES, the Data Encryption Standard (DES), was adopted in 1977. By the mid-1990s, DES had begun to show its age. As new, more intensive security needs arose as a result of the proliferation of the Internet and home computers, the National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, announced in 1997 its plans to develop the Advanced Encryption Standard. When DES's five-year review came up in 1998, NIST reported that the 56-bit-key encryption was no longer capable of withstanding the kinds of attacks that would now threaten electronic data in the Internet world.
In short order, over a dozen groups were working on contenders for the new encryption standard, and NIST called for cryptographers all around the world to put the contestant algorithms to vigorous tests by applying various kinds of attacks. The contestants were judged on their performance in a number of areas, including speed, versatility (the encryption is to work across a variety of platforms, such as smart cards, satellite communications, and ATM networks, in addition to online information exchange), the amount of chip and memory space they consume, flexibility, and, of course, the strength of their security. In addition, the algorithms were to work with both hardware and software applications; DES, a product of its age, was geared more specifically toward hardware.
In October 2000, after three years spent wading through the various algorithms, the Department of Commerce finally declared the Rijndael system the winner. Developed by Joan Daemen of Proton World International and Vincent Rijmen of Katholieke Univiersiteit Leuven (Catholic University of Leuven) in Belgium, Rijndael is both much stronger and more flexible than its DES predecessor. While DES maintained an encryption key length of only 56 bits, the new AES was designed to support 128-, 192-, and 256-bit keys. Built on algebraic constructs, Rijndael undergoes a complex series of steps and operations to define, scramble, redefine, and mathematically encode data.
The AES specifications demanded that any standard adopted be available free of royalties anywhere in the world. The choosing of a Belgian model signaled the NIST's commitment to the internationalization of AES. (DES, by contrast, was developed under the purview of the U.S. National Security Agency.)
While federal computer systems will be the first to integrate AES upon final Commerce Department approval, expected sometime in 2001, the private sector, particularly financial services and similar industries, will certainly adopt the new encryption algorithm to safeguard the increasing number of online transactions.
FURTHER READING:
Harrison, Ann. "Advanced Encryption Standard." Computer-world. May 29, 2000.
——. "Feds Propose New Encryption Standard." Computer-world. October 9, 2000.
Hulme, George V. "Commerce Department Picks Rijndael Encryption Formula." InformationWeek. October 16, 2000.
Landau, Susan. "Designing Cryptography for the New Century." Communications of the Association for Computing Machinery. May 2000.
Loshin, Pete. "Cryptographic Turning Points." Computerworld. August 28, 2000.
SEE ALSO: Computer Security; Cryptography, Public and Private Key; Data Encryption Standard (DES); Encryption