RSA Data Security has thrown its hat into the competition to create the next generation data-encryption standard that the US government, among others, will use to protect sensitive information.
The Advanced Encryption Standard (AES) will be the successor to the widely-used Data Encryption Standard (DES), which was designed more than 20 years ago by IBM. DES is a baseline 64-bit encryption algorithm used by the US government to encrypt and decrypt non-classified documents, and is also used on a royalty-free basis by government and industry groups around the world. The AES standard, which will employ at least a 128-bit key size, is meant to be "secure" well into the next century, given the pace at which processors are evolving according to Moore's law.
"128 is projecting ahead 30 years, and still have some margin for error," said Burt Kaliski, the chief scientist at RSA's laboratories. "Eighty bits is sufficient these days -- that's the size around which digital signature standard was gauged, and 80 bits is typical for many applications designed nowadays."
The National Institute of Standards and Technology (NIST) has requirements that each submitter must meet, such as the key size and block size -- two of the measures that indicate the level of security an algorithm contains. To meet the requirements, algorithms must support key-block combinations with sizes of 128-128, 192-128, and 256-128 bits. Submitters must also sign a waiver indicating that if chosen, the AES algorithms will be freely licensable by any organization. Beyond those requirements, however, designers are left to their own devices to distinguish one cipher from the next.
"Today's security is as much art as science," said Kaliski. "Science keeps getting better -- we can say what we know is secure.... But still, what things are considered secure is often in the perspective of the designer. One company might prefer one type of mathematics or operations over another, but [there are] general design principles in common."
Aside from the marketing benefits that will accrue to the AES design winner, cryptographers are a fiercely competitive bunch, and are wont to argue the virtues of one algorithm, or security design, over another.
Since all of the submissions must support the same key and block sizes, NIST can evaluate them against the same type of attacks, one of the most crucial indications of an algorithm's ultimate effectiveness.
Thus far, RSA and Cylink have submitted proposals, but more are expected before the 15 June deadline. The final AES standard is not expected to be determined for several years.
