U.S. unveils advanced encryption standard

U.S. unveils advanced encryption standard
By George Leopold, EE Times
December 10, 2001 (3:54 a.m. EST)
URL: http://www.eetimes.com/story/OEG20011205S0060

WASHINGTON — The Department of Commerce rolled out a new U.S. encryption standard for the federal government on Tuesday (Dec. 4) in hopes that industry will also embrace it.

The Advanced Encryption Standard (AES) relies on the Rijndael symmetric encryption algorithm to protect sensitive government information. "AES will help the nation protect its critical information infrastructures and ensure privacy for personal information about individual Americans," Commerce Secretary Don Evans told an industry group.

Evans' approval of the standard is the culmination of a four-year government effort to come up with a secure algorithm for AES. Researchers from 12 different countries submitted encryption algorithms as part of an international competition. The algorithm was selected by Commerce last October and incorporates the Rijndael encryption formula developed by two Belgian cryptogra phers.

The algorithm can be used without paying royalty fees, the Commerce Department said.

The AES competition required developers to submit algorithms that support key sizes of 128, 192 and 256 bits. For a 128-bit key size, U.S. officials said there are about 340 undecillion (340 followed by 36 zeroes) possible keys.

The government said products implementing AES are expected to reach the marketplace soon. It estimated that AES has the potential to remain secure from key exhaustion attacks, a method where attackers constantly search for possible key values, for at least 20 years. The previous government spec, the Data Encryption Standard, lasted about 20 years.

Government agencies will use AES to protect "sensitive, but unclassified" data. Industry and other private groups have been urged to use the standard but are not required to adopt AES. Other "block cipher" encryption algorithms are also available.

Industry groups have proposed closer cooperation with the government to solve secur ity threats to their networks. Companies "understand that protecting the nation's information infrastructure cannot be done in a vacuum," said Robert Holleyman, president and chief executive of the Business Software Alliance. "Government and the private sector must work together to develop effective solutions to a shared threat."