*** Welcome to piglix ***

AES process


The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.

A new standard was needed primarily because DES has a relatively small 56-bit key which was becoming vulnerable to brute-force attacks. In addition, the DES was designed primarily for hardware and is relatively slow when implemented in software. While Triple-DES avoids the problem of a small key size, it is very slow even in hardware, it is unsuitable for limited-resource platforms, and it may be affected by potential security issues connected with the (today comparatively small) block size of 64 bits.

On January 2, 1997, NIST announced that they wished to choose a successor to DES to be known as AES. Like DES, this was to be "an unclassified, publicly disclosed encryption algorithm capable of protecting sensitive government information well into the next century." However, rather than simply publishing a successor, NIST asked for input from interested parties on how the successor should be chosen. Interest from the open cryptographic community was immediately intense, and NIST received a great many submissions during the three-month comment period.

The result of this feedback was a call for new algorithms on September 12, 1997. The algorithms were all to be block ciphers, supporting a block size of 128 bits and key sizes of 128, 192, and 256 bits. Such ciphers were rare at the time of the announcement; the best known was probably Square.

In the nine months that followed, fifteen different designs were created and submitted from several different countries. They were, in alphabetical order: CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, MARS, RC6, Rijndael, SAFER+, Serpent, and Twofish.

In the ensuing debate, many advantages and disadvantages of the different candidates were investigated by cryptographers; they were assessed not only on security, but also on performance in a variety of settings (PCs of various architectures, smart cards, hardware implementations) and on their feasibility in limited environments (smart cards with very limited memory, low gate count implementations, FPGAs).


...
Wikipedia

...