REMARKS BY RAY KAMMER
Director, National Institute of Standards and Technology
Advanced Encryption Standard announcement
Monday, October 2, 2000
- NIST started thinking
about the need to replace the Data Encryption Standard, or DES, in the
early 1990s.
- We publicly indicated
that a replacement might be developed as early as the 1993 reaffirmation
of DES.
- Serious planning
at NIST began in 1996, culminating in a public call for comments on
draft AES requirements in January, 1997.
- We held a public
workshop just a few months later, which was significant because it helped
to solidify the key sizes for AES at 128, 192 and 256 bits.
- DES has a key
size of 56 bits.
- Also, almost all
of the workshop participants agreed that the AES should be available
on a royalty-free basis.
- We published a
call for candidate algorithms three years ago this month, and the response
from the global cryptography community has been truly gratifying.
- Leading cryptographers
from around the world attended our conferences in California, Rome and
New York. They contributed invaluably to the selection process.
- We have received
a great deal of help from individuals, academics, industry and government.
- It has not been
a short process.
- But this was necessary
in order to build trust in the encryption algorithm, because there is
no simple way to determine if an algorithm is secure.
- Of the original
15 candidate algorithms, five were primarily of American origin and
the rest were from overseas.
- We received submissions
from places as diverse as Costa Rica, France, Japan, Korea and Norway.
- NIST received
comments from people in more than 40 countries during the AES public
analysis period.
- Each of the submitters
provided a detailed description of their algorithm, and implementations
in both the ANSI C and Java computer programming languages.
- NIST made these
available to reviewers worldwide, consistent with prevailing export
regulations.
- Each submitter
also agreed in writing to make their algorithm available on a royalty
free basis if it were selected for inclusion in the AES.
- Many decided to
make their inventions free regardless.
- We ended up with
five excellent candidates, any one of which could have provided the
security we require for AES.
- More than 800
pages of public analysis of these candidates is posted on our Web site
at www.nist.gov/aes.
- Our Information
Technology Laboratory formed a cross-disciplinary team to review the
comments.
- The team has drafted
a lengthy technical paper describing the selection process and the reasons
for our selection. This paper will go up on our Web site later
today.
- The performance
of the candidates varied considerably, depending on whether it was implemented
in hardware, software or on platforms with limited processing and memory
capabilities, such as smart cards.
- We have remained
carefully objective.
- This process has
been an amazing, truly global competition, reflecting the worldwide
nature of information security needs.
- And it is a reflection
of our long tradition of work in the computer security arena.
- In the next month
or so, we will formally publish a draft of the AES standard in the Federal
Register for public review and comment.
- We expect analysis
of the encryption algorithm to continue, a process which should help
to build even more public confidence in the standard.
- Now, with great
appreciation, I would like to thank Joan Daemen and Vincent Rijmen of
Belgium for their submission of the winning algorithm.
- Even though they
have only recently learned of their selection, if this "old" telephone
technology works, I would like to offer them the chance to say a few
words.
|