For 3 years, a digital demolition derby pitted teams of cryptographers against each other in a fierce battle of different schemes for protecting information from prying eyes.
Now, there is only one survivor: a data-scrambling technique called Rijndael (pronounced RHINE-doll). The name is patched together from those of its Belgian inventors, computer scientists Vincent Rijmen of the Katholieke Universiteit Leuven in Heverlee, Belgium, and Joan Daemen of Proton World International in Brussels, which develops smart-card technology.
Officials at the National Institute of Standards and Technology (NIST) in Gaithersburg, Md., which orchestrated the contest, announced the result this week. “This process has been an amazing, truly global competition, reflecting the worldwide nature of information-security needs,” says NIST Director Ray Kammer.
After a period of further public review, Rijndael is slated to become the federal government’s new formula—its Advanced Encryption Standard—for securing sensitive, unclassified information. It would replace the venerable Data Encryption Standard (DES), which has been widely used in government and business since its adoption in 1977.
Two years ago, a computer custom-built by researchers to crack DES required just hours to identify the numerical key used to scramble and then recover a secret message (SN: 8/1/98, p. 77). That key was a particular sequence of 56 1s and 0s out of 72 quadrillion possibilities.
Rijndael permits encryption keys that are 128, 192, or 256 bits long, which would take many times the age of the universe to find by trial and error, say NIST cryptographers. At the heart of Rijndael is a mathematical procedure that manipulates blocks of numbers by shifting rows and columns in ways that are impossible to discern without applying the correct numerical key.
NIST cryptographers and many experts outside the agency evaluated 15 competing encryption schemes for factors such as security, speed, and flexibility. Rijndael provides the best balance of robustness and versatility, Kammer says.
Rijndael is particularly easy to implement. It’s also compact enough for personal computers and smart cards, which incorporate microelectronic circuitry. Several products, including software for secure Internet access and for remote teaching or videoconferencing, already use the Rijndael system.
Rijmen and Daemen won’t get rich from their invention, however. By participating in the NIST contest, they agreed to make their algorithm freely available.