Main Page | See live article | Alphabetical index

Advanced Encryption Standard process

On January 2, 1997 the National Institute of Standards and Technology, or NIST, called for cryptographers to propose a new standard block cipher for United States Government use in non-classified but sensitive applications. (Knowledge of what is used for classified applications is itself classified.) The Advanced Encryption Standard, or AES was intended to replace the Data Encryption Standard. The primary motivation for a new standard was the fact that the DES had a relatively small 56-bit key which was becoming vulnerable to brute force attacks. In addition the DES was designed primarily for hardware and was slow when implemented in software.

Since the specification for AES were not secret, it is expected that AES will also see much use in non-government applications, and outside the US. This was the case for its predecessor DES.

The requirements for the new standard were quite tough. A block size of 128 bits was specified, and key sizes of 128, 192, and 256 bits have to be possible. It was also required to be extremely secure, and speed was considered important. It had to be capable of running in extremely small embedded systems with only a few kiloBytes of ROM and 64 bytes of RAM.

Fifteen different designs were submitted, from several different countries. They were, in alphabetical order: CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS RC6, Rijndael, SAFER+, Serpent, and Twofish. Some were found to be less secure than required. Others were deemed uncompetitive in other ways, and a short list of five designs was selected for Round 2 of the selection process: MARS, RC6, Rijndael, Serpent, and Twofish.

On October 2, 2000, NIST announced that Rijndael had been selected as the proposed AES, and underwent the process of being made the official standard. On November 26, 2001, NIST announced that AES was approved as FIPS PUB 197.

See also: