For the past three years,the National Institute of Standards and Technology (NIST) has been working to develop a new encryption standard to keep government information secure.The organization is in the final stages of an open process of selecting one or more algorithms,or data-scrambling formulas,for the new Advanced Encryption Standard (AES) and plans to make adecision by late summer or early fall.The standard is slated to go into effect next year.
AES is intended to be a stronger,more efficient successor to Triple Data Encryption Standard (3DES),which replaced the aging DES,which was cracked in less than three days in July 1998.
“Until we have the AES,3DES will still offer protection for years to come.So there is no need to immediately switch over,”says Edward Roback, acting chief of the computer security division at NIST and chairman of the AES selection committee.“What AES will offer is a more efficient algorithm.It will be a federal standard,but it will be widely implemented in the IT community.”
According to Roback,efficiency of the proposed algorithms is measured by how fast they can encrypt and decrypt information,how fast they can present an encryption key and how much information they can encrypt.
The AES review committee is also looking at how much space the algorithm takes up on a chip and how much memory it requires.Roback says the selection of a more efficient AES will also result in cost savings and better use of resources.
“DES was designed for hardware implementations,and we are now living in a world of much more efficient software,and we have learned an awful lot about the design of algorithms,”says Roback.“When you start multiplying this with the billions of implementations done daily,the saving on overhead on the networks will be enormous.”
The process of selecting the algorithm for AES has been notable for its openness and transparency.This is a marked departure from the government's past inclination toward secrecy in discussing encryption standards,which led to the public cracking of DES after critics questioned the government's assertion that the standard was still secure.
NIST kicked off the selection process in September 1997.Conferences were held in August 1998 and March 1999 ;cryptographers from around the world discussed the algorithm candidates and helped narrow the list to 15 and then to five finalists:IBM's MARS;RSA Laboratories* RC6 ;Joan Daemen and Vincent Rijmen's Rijndael;Ross Andersen,Eli Baham and Lars Knudsen's Serpent;and Counterpane Labs* Twofish.
While most evaluators of the algorithms want to avoid complexity by selecting one to serve as a standard,there's a minority that wants to select more than one.
在過(guò)去三年中,(美國(guó))國(guó)家標(biāo)準(zhǔn)與技術(shù)局(NIST)已在研究開(kāi)發(fā)一種新的加密標(biāo)準(zhǔn),以確保政府的信息安全。該組織目前正處于為新的先進(jìn)加 密標(biāo)準(zhǔn)(AES)選擇一個(gè)或幾個(gè)算法或數(shù)據(jù)打亂公式的開(kāi)放過(guò)程的最后階段,并計(jì)劃在夏末或秋初作出決定。此標(biāo)準(zhǔn)內(nèi)定明年實(shí)施。
AES預(yù)定為比三層數(shù)據(jù)加密標(biāo)準(zhǔn)(3DES)更強(qiáng)、更高效的后續(xù)標(biāo)準(zhǔn),3DES替代了老化的DES加密標(biāo)準(zhǔn),DES在1998年7月在不到三天的時(shí)間內(nèi)就 被破譯了。
NIST計(jì)算機(jī)安全部的代理主管兼AES選擇委員會(huì)主席Edward Roback說(shuō) :“在我們擁有AES之前,3DES還將在今后幾年提供保護(hù)。所以沒(méi)有必要馬上轉(zhuǎn)換。AES所提供的是一種更有效的算法。它將是一項(xiàng)聯(lián)邦標(biāo)準(zhǔn),但它將在IT界 廣泛實(shí)施。”
據(jù)Roback稱,提議中的算法的效率是通過(guò)對(duì)信息加密和解密有多快、給出加密密鑰有多快以及能對(duì)多少信息加密等幾個(gè)方面進(jìn)行測(cè)量的。
AES評(píng)價(jià)委員會(huì)也要看算法占據(jù)芯片上多少空間和需要多少內(nèi)存。Roback說(shuō),選擇一個(gè)更高效的AES也會(huì)帶來(lái)成本的節(jié)省和資源的更好利用。
Roback說(shuō):“DES是為硬件實(shí)現(xiàn)而設(shè)計(jì)的,而我們現(xiàn)在處于軟件更高效的世界,我們對(duì)算法的設(shè)計(jì)有極多的了解。當(dāng)我們開(kāi)始大規(guī)模使用此算法,每天實(shí)現(xiàn)幾十億次的加密時(shí),(算法帶來(lái)的)網(wǎng)絡(luò)開(kāi)銷的節(jié)省將是巨大的。”
為AES選擇算法的過(guò)程是以其公開(kāi)性和透明度稱著。這標(biāo)志著政府從以往討論加密標(biāo)準(zhǔn)時(shí)傾向于保密的做法一刀兩斷,它導(dǎo)致了政府在斷言DES 標(biāo)準(zhǔn)仍是安全時(shí)被公開(kāi)破譯。
NIST在1997年9月開(kāi)始這個(gè)選擇過(guò)程。1998年8月和 1999年3月召開(kāi)了會(huì)議,來(lái)自全世界的密碼專家討論了候選的算法,幫助把算法縮小到15 個(gè),最后到了5個(gè):IBM的MARS算法,RSA實(shí)驗(yàn)室的RC6算法、Joan Daemen和Vincent Rijmen兩人的Rijndael算法、Eli Baham和Lars Knudsen兩人的Serpent算法以及Counterpane 實(shí)驗(yàn)室的Twofish算法。
大多數(shù)算法鑒定者都選擇一個(gè)作標(biāo)準(zhǔn)以避免復(fù)雜性,但也有一小部分人要選擇多個(gè)算法。