AES: One of the most reliable encryption processes in the world
At the beginning of 1997, the US National Institute of Standards and Technology (NIST) announced an open worldwide competition: They were seeking the successor to DES (Data Encryption Standard). With a key length of just 56 bits, it was by then considered unreliable, and increasing the effective key length to 112 bits by applying DES three times reduced speed drastically.
The standard had furthermore long been under criticism due to the involvement of the National Security Agency (NSA) in its development. Especially the design of the so-called "S boxes" gave rise to speculation about possible back doors that may have been introduced by the NSA to be able to read messages encrypted by the process. For example Alan Konheim, who was involved in DES development, claims he sent the S boxes, which erase the relationship between plain text and secret text, to Washington and that they were then heavily modified. But ultimately it was the unreliability of the outdated standard that forced the NIST to post its invitation for submissions to the competition. And it's just as well they did, since DES can be cracked today with a brute-force attack (trying all possibilities) within three hours.
Criteria of AES
NIST set the following criteria that the new standard, the Advanced Encryption Standard (AES), had to meet:
- had to be a symmetrical algorithm, specifically a block cipher
- had to be able to use keys 128, 192, and 256 bits in length
- should be easy to implement in terms of both hardware and software and should have above average performance capabilities
- should be able to withstand all methods of cryptoanalysis
- should require limited resources and therefore little storage space
- had to be free of patent law claims so that anyone could use it free of charge.
Of the 15 algorithms that were submitted to NIST by August 1998, five reached the second round: MARS, RC6, Rijndael, Serpent, and Twofish. All five were uncrackable, but only the Rijndael algorithm demonstrated above average performance in terms of both hardware and software and made limited use of resources. Accordingly it was finally declared the winner in October 2000. The name is derived from its Belgian developers: Joan Daemen and Vincent Rijmen.