NIST logo
*

REMARKS BY RAY KAMMER
Director, National Institute of Standards and Technology
Advanced Encryption Standard announcement
Monday, October 2, 2000


  • NIST started thinking about the need to replace the Data Encryption Standard, or DES, in the early 1990s.

  • We publicly indicated that a replacement might be developed as early as the 1993 reaffirmation of DES.

  • Serious planning at NIST began in 1996, culminating in a public call for comments on draft AES requirements in January, 1997.

  • We held a public workshop just a few months later, which was significant because it helped to solidify the key sizes for AES at 128, 192 and 256 bits.

  • DES has a key size of 56 bits.

  • Also, almost all of the workshop participants agreed that the AES should be available on a royalty-free basis.

  • We published a call for candidate algorithms three years ago this month, and the response from the global cryptography community has been truly gratifying.

  • Leading cryptographers from around the world attended our conferences in California, Rome and New York.  They contributed invaluably to the selection process.

  • We have received a great deal of help from individuals, academics, industry and government.

  • It has not been a short process.

  • But this was necessary in order to build trust in the encryption algorithm, because there is no simple way to determine if an algorithm is secure.

  • Of the original 15 candidate algorithms, five were primarily of American origin and the rest were from overseas.

  • We received submissions from places as diverse as Costa Rica, France, Japan, Korea and Norway.

  • NIST received comments from people in more than 40 countries during the AES public analysis period.

  • Each of the submitters provided a detailed description of their algorithm, and implementations in both the ANSI C and Java computer programming languages.

  • NIST made these available to reviewers worldwide, consistent with prevailing export regulations.

  • Each submitter also agreed in writing to make their algorithm available on a royalty free basis if it were selected for inclusion in the AES.

  • Many decided to make their inventions free regardless.

  • We ended up with five excellent candidates, any one of which could have provided the security we require for AES.

  • More than 800 pages of public analysis of these candidates is posted on our Web site at www.nist.gov/aes.

  • Our Information Technology Laboratory formed a cross-disciplinary team to review the comments.

  • The team has drafted a lengthy technical paper describing the selection process and the reasons for our selection.  This paper will go up on our Web site later today.

  • The performance of the candidates varied considerably, depending on whether it was implemented in hardware, software or on platforms with limited processing and memory capabilities, such as smart cards.

  • We have remained carefully objective.

  • This process has been an amazing, truly global competition, reflecting the worldwide nature of information security needs.

  • And it is a reflection of our long tradition of work in the computer security arena.

  • In the next month or so, we will formally publish a draft of the AES standard in the Federal Register for public review and comment. 

  • We expect analysis of the encryption algorithm to continue, a process which should help to build even more public confidence in the standard.

  • Now, with great appreciation, I would like to thank Joan Daemen and Vincent Rijmen of Belgium for their submission of the winning algorithm.

  • Even though they have only recently learned of their selection, if this "old" telephone technology works, I would like to offer them the chance to say a few words.