On January 2, 1997 the National Institute of Standards and Technology called for cryptographers to propose a new standard block cipher for United States government use in non-classified but sensitive applications. (It is unclear to people without security clearances what is used for classified applications: it is possible some of the same standards apply.)
Since the specification for AES will not be secret, it is expected that AES will also see much use in non-government applications, and outside the US. This was the case for its predecessor DES.
The requirements for the new standard were quite tough. A block size of 128 bits was specified, and key sizes of 128, 192, and 256 bits have to be possible. It was also required to be extremely secure, and speed was considered important. It had to be capable of running in extremely small embedded systems with only a few kiloBytes of ROM and 64 bytes of RAM.
Fifteen different designs were submitted, from several different countries. They were, in alphabetical order: CAST-256?, CRYPTON?, DEAL?, DFC?, E2?, FROG?, HPC?, LOKI97?, MAGENTA?, MARS? RC6?, Rijndael, SAFER+?, Serpent?, and Twofish?. Some were found to be less secure than required. Others were deemed uncompetitive in other ways, and a short list of five designs was selected for Round 2 of the selection process: MARS, RC6, Rijndael, Serpent, and Twofish.
On October 2, 2000, NIST announced that Rijndael had been selected as the proposed AES, and underwent the process of being made the official standard. On November 26, 2001, NIST announced that AES was approved as FIPS PUB 197.
Rijndael was developed by two Belgian cryptographers, [Joan Daemen]? and [Vincent Rijmen]?, and is pronounced somewhat like "Rhine doll". The inventors have stated that people should not object too strongly to the difficult pronounciation as they have several other -- much harder -- names ready to go.
Rijndael is fast, simple, runs in little memory, and seems to be flexible in its applicability, but some experts doubt that it is really as secure as it should be for important applications. However, no successful cryptanalysis is publicly known at this time.
Along with the cipher itself, a document concerning "modes of operation" is also expected to be made an official standard. For a general article on that topic (not specific to AES) see [Block cipher modes of operation]?.
See also:
![[Home]](wikipedia.png)