US government unveils protection policy

The US government has finalised a new data encryption standard which it believes will help the country to protect its critical information infrastructures, as well as provide secure electronic government services.

The Advanced Encryption Standard (AES) concludes a four-year effort by computer scientists at the US Commerce Department's National Institute of Standards and Technology (Nist).

AES is the new Federal Information Processing Standard publication that specifies a cryptographic algorithm for use by US government organisations to protect sensitive, unclassified information.

It will replace the Data Encryption Standard (DES), which the Nist adopted in 1977 as a standard used by federal agencies.

A replacement was needed because the relatively small cryptographic key sizes used by the DES - just 56 bits - left it vulnerable to attack from modern cracking techniques.

The algorithm selected for the AES incorporates the Rijndael encryption formula, which was developed by Belgian cryptographers Joan Daemen of Proton World International and Vincent Rijmen of Katholieke Universiteit Leuven.

Each of the algorithms submitted for the AES competition was required to support key sizes of 128, 192 and 256 bits.

US government officials said they chose Rijndael from among five finalists, in a process that took more than three years, because of its "combination of security, performance, efficiency, ease of implementation and flexibility".

Philip Bond, undersecretary of commerce for technology, and an official at Nist, said the approval means that the AES will now be available to provide the next generation of encryption protection for both government and industry.

Products implementing the AES are expected to be available shortly, and Cisco Systems and RSA Security have already said they intend to support it. They are expected to be widely deployed by 2004.