The candidates to replace the Data Encryption Standard have been whittled down to five, and will now be subjected to intense international scrutiny as the US National Institute for Standards and Technology (NIST) enters the penultimate stage of its competition to find the Advanced Encryption Standard (AES) for the 21st century.
NIST yesterday announced that the original field of 15 prospective replacements for its aging standard has been reduced to the MARS algorithm of IBM; RSA’s RC6; the Rijndael algorithm of Belgian researchers Vincent Rijmen and Joan Daemen; Serpent, developed by the UK, Israeli and Norwegian troika of Ross Anderson, Eli Biham and Lars Knudsen; and Twofish, a cooperative effort of six researchers closely linked with Counterpane Systems, Minneapolis.
NIST kicked off its search for a DES replacement in January 1997, and the case became an urgent one in January this year when the purpose built Deep Crack computer of the Electronic Frontier Foundation (EFF) cracked a 56-bit DES-encrypted message in just over 22 hours (CI No 3,579).
All of the five potential replacements are unlikely to succumb to cracking any time soon. Each is capable of supporting 128, 192, and 256-bit cryptographic keys, and clearly none of these [shortlisted algorithms] had security attacks, or they wouldn’t have been picked said Ed Roback, acting deputy chief assistant of NIST’s computer security division.
Tough security, said Roback, was the chief criteria by which NIST had asked commentators to help it whittle down its shortlist. Between now and May, when the final series of comments will be called for from the computer industry, and from other sectors with a special interest in the new AES such as banking, the five will be subjected to further attacks.
But with their security credentials already established, the winners and losers in the last series of evaluations will likely be judged on issues of efficiency, cost and implementation, Roback said. In particular, commentators are expected to consider the suitability of each candidate with regard to form factor, and ideally a winner will emerge which will be equally effective, easy to implement and cost-effective, on a smartcard as on a mainframe computer.
However, according to Roback, it is very possible that a single clear winner will not emerge, and that NIST will be faced with building its AES standard around two different algorithms. We would end up with one standard, but there would be two algorithms in it he said.
Whether one, two, or even three prospective AES algorithms emerge from the next evaluation phase in May, NIST is committed to completing its final ratification process by the middle of 2001. In the interim, with DES increasingly vulnerable to the efforts of groups like EFF, NIST is recommending that the US Federal Government and hence, effectively, the rest of the world, sticks with Triple DES as its standard encryption algorithm.
