Cryptography Reference
In-Depth Information
4.1 Introduction
In 1999 the US National Institute of Standards and Technology (NIST) indicated
that DES should only be used for legacy systems and instead triple DES (3DES)
should be used. Even though 3DES resists brute-force attacks with today's technol-
ogy, there are several problems with it. First, it is not very efficient with regard to
software implementations. DES is already not particularly well suited for software
and 3DES is three times slower than DES. Another disadvantage is the relatively
short block size of 64 bits, which is a drawback in certain applications, e.g., if one
wants to built a hash function from a block cipher (cf. Sect. 11.3.2). Finally, if one
is worried about attacks with quantum computers, which might become reality in a
few decades, key lengths on the order of 256 bits are desirable. All these consider-
ation led NIST to the conclusion that an entirely new block cipher was needed as a
replacement for DES.
In 1997 NIST called for proposals for a new
Advanced Encryption Standard
(AES)
. Unlike the DES development, the selection of the algorithm for AES was
an open process administered by NIST. In three subsequent AES evaluation rounds,
NIST and the international scientific community discussed the advantages and dis-
advantages of the submitted ciphers and narrowed down the number of potential
candidates. In 2001, NIST declared the block cipher
Rijndael
as the new AES and
published it as a final standard (FIPS PUB 197). Rijndael was designed by two
young Belgian cryptographers.
Within the call for proposals, the following requirements for all AES candidate
submissions were mandatory:
block cipher with 128 bit block size
three key lengths must be supported: 128, 192 and 256 bit
security relative to other submitted algorithms
efficiency in software and hardware
The invitation for submitting suitable algorithms and the subsequent evaluation
of the successor of DES was a public process. A compact chronology of the AES
selection process is given here:
The need for a new block cipher was announced on January 2, 1997, by NIST.
A formal call for AES was announced on September 12, 1997.
Fifteen candidate algorithms were submitted by researchers from several coun-
tries by August 20, 1998.
On August 9, 1999, five finalist algorithms were announced:
Mars
by IBM Corporation
RC6
by RSA Laboratories
Rijndael
, by Joan Daemen and Vincent Rijmen
Serpent
, by Ross Anderson, Eli Biham and Lars Knudsen
Twofish
, by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris
Hall and Niels Ferguson
