-
NIST started thinking about the need to replace the Data Encryption Standard, or DES, in the early 1990s.
-
We publicly indicated that a replacement might be developed as early as the 1993 reaffirmation of DES.
-
Serious planning at NIST began in 1996, culminating in a public call for comments on draft AES requirements in January, 1997.
-
We held a public workshop just a few months later, which was significant because it helped to solidify the key sizes for AES at 128, 192 and 256 bits.
-
DES has a key size of 56 bits.
-
Also, almost all of the workshop participants agreed that the AES should be available on a royalty-free basis.
-
We published a call for candidate algorithms three years ago this month, and the response from the global cryptography community has been truly gratifying.
-
Leading cryptographers from around the world attended our conferences in California, Rome and New York. They contributed invaluably to the selection process.
-
We have received a great deal of help from individuals, academics, industry and government.
-
It has not been a short process.
-
But this was necessary in order to build trust in the encryption algorithm, because there is no simple way to determine if an algorithm is secure.
-
Of the original 15 candidate algorithms, five were primarily of American origin and the rest were from overseas.
-
We received submissions from places as diverse as Costa Rica, France, Japan, Korea and Norway.
-
NIST received comments from people in more than 40 countries during the AES public analysis period.
-
Each of the submitters provided a detailed description of their algorithm, and implementations in both the ANSI C and Java computer programming languages.
-
NIST made these available to reviewers worldwide, consistent with prevailing export regulations.
-
Each submitter also agreed in writing to make their algorithm available on a royalty free basis if it were selected for inclusion in the AES.
-
Many decided to make their inventions free regardless.
-
We ended up with five excellent candidates, any one of which could have provided the security we require for AES.
-
More than 800 pages of public analysis of these candidates is posted on our Web site at www.nist.gov/aes.
-
Our Information Technology Laboratory formed a cross-disciplinary team to review the comments.
-
The team has drafted a lengthy technical paper describing the selection process and the reasons for our selection. This paper will go up on our Web site later today.
-
The performance of the candidates varied considerably, depending on whether it was implemented in hardware, software or on platforms with limited processing and memory capabilities, such as smart cards.
-
We have remained carefully objective.
-
This process has been an amazing, truly global competition, reflecting the worldwide nature of information security needs.
-
And it is a reflection of our long tradition of work in the computer security arena.
-
In the next month or so, we will formally publish a draft of the AES standard in the Federal Register for public review and comment.
-
We expect analysis of the encryption algorithm to continue, a process which should help to build even more public confidence in the standard.
-
Now, with great appreciation, I would like to thank Joan Daemen and Vincent Rijmen of Belgium for their submission of the winning algorithm.
-
Even though they have only recently learned of their selection, if this "old" telephone technology works, I would like to offer them the chance to say a few words.
