Encryption - The Development Of Encryption Standards

THE DEVELOPMENT OF ENCRYPTION STANDARDS

The NIST adopted the Data Encryption Standard (DES) in 1977. DES was designed in the realization that individuals, including those outside of the spying racket, needed to protect their sensitive information, even though it wasn't classified. Over time the private sector came to adopt DES and, especially, its younger and stronger cousin, Triple DES. DES earned its share of critics over the years. A common complaint was that the relatively short 56-bit key wasn't as strong as it could have been. The most cynical of such critics, according to Communications of the ACM, even surmised that the National Security Agency may have purposely left the encryption standard fairly easy to decrypt so that it could view DES-encrypted documents.

For many years encryption technology was the jurisdiction of the NSA. The U.S. government was, in fact, one of the biggest foes of the spread of strong encryption technology, and cryptographers battled with the government for years to open up the playing field. The main focus of this battle was over the length of encryption keys. A 1992 agreement between the government and industry groups allowed encryption algorithms utilizing no more than 40 bits to be exported, which ruled out those algorithms conforming to DES. As a result, the allowable encryption technologies were generally weaker than those that had become commonplace within the United States, and weaker than what most industry experts felt was necessary at the time to adequately safeguard information.

Particularly after the opening of the Internet, the 56-bit DES began to show its age, culminating in its cracking, as part of a test of DES, in 1998 by a computer built especially for the task by the Electronic Frontier Foundation. Two years earlier, the National Research Council report on cryptography called for the relaxation of export restrictions, but no action had been taken. Moreover, as a sign of its time, DES was geared more specifically toward use with hardware. NSA scientists had not anticipated the proliferation and importance of software.

Realizing that the old standard had realized its value, the Clinton administration used the occasion of DES's cracking to announce that the United States would at last relax the restrictions on the export of encryption technologies. In 1997, seeing the writing on the wall, NIST began seeking out a new encryption algorithm that could replace DES as the official encryption standard for government computers. The private sector, both inside and outside the United States, was expected to adopt the new standard as well.

In October 2000, NIST finally settled on its choice for the Advanced Encryption Standard (AES).The requirements for the AES competition, which involved dozens of contestants worldwide (a signal that the United States was committed to an open, international standard after years of protectionism under the NSA), demanded that the new standard incorporate 128-, 192-, and 256-bit encryption; demonstrate versatility and flexibility across platforms; consistently maintain high speeds of encryption and decryption; and exhibit an exceptionally high degree of impenetrability. The winning algorithm, called Rijndael, was designed by Belgian cryptographers Vincent Rijmen and Joan Daemen.