NIST Announces Candidates For New Data Scrambling Standard

Candidates for a new information scrambling code for the 21st century made their debut at an international cryptography conference today.

The Commerce Department's National Institute of Standards and Technology announced the acceptance of 15 sophisticated encoding formulas as candidates for the new encryption standard. Mathematical formulas, called algorithms, are at the heart of computerized encryption systems.

Researchers from 12 different countries worked on developing the formulas unveiled today at the First Advanced Encryption Standard Candidate Conference sponsored by NIST's Information Technology Laboratory.

NIST is inviting the worldwide cryptographic research community to "attack" the formulas in an attempt to break the codes during the first evaluation period, which will end April 15, 1999. Additionally, NIST will evaluate the algorithms for factors such as security and speed.

Reducing the field to five or fewer finalists that will undergo more intensive scrutiny is the goal of this first round of evaluation efforts. Finalists will be identified by the end of the summer of 1999. NIST eventually will propose that one of the 15 algorithms be adopted as the Advanced Encryption Standard. However, detailed analysis is required before this can happen, and the process is structured to build confidence in the AES. Consequently, the process is unlikely to be completed before 2001.

The AES will provide security for encrypted data. It will be a public algorithm designed to protect sensitive government information well into the next century. The AES will replace the Data Encryption Standard currently used by many federal agencies and businesses. NIST adopted DES in 1977 as a Federal Information Processing Standard for use by federal agencies to encrypt sensitive information.

IBM Corp. developed DES, which is used by the federal government and has found widespread acceptance in the private sector, particularly the financial services
industry. Like DES, the AES will be available for private-sector use on a royalty-free basis.

NIST requested proposals for the AES on Sept. 12, 1997. A variety of organizations responded, and the 15 algorithms meeting NIST's minimum criteria were announced today at the conference in Ventura, Calif. Each of the 15 AES candidates supports key sizes of 128, 192 and 256 bits. At a 128 bit key size, there are approximately 340,000,000,000,000,000,000,000,000,000,000,000,000 (340 followed by 36 zeroes) possible keys.

The conference will run through Saturday, and each submitter of a candidate algorithm will provide a public briefing about its design and answer initial questions.

NIST has accepted the following algorithms as candidates. The list includes the algorithm name, algorithm submitters (and representative, if applicable) and submitter's country:

• CAST-256--Entrust Technologies (represented by Carlisle Adams), Canada
• CRYPTON--Future Systems Inc. (represented by Chae Hoon Lim), South Korea
• DEAL--Richard Outerbridge and Lars Knudsen, Canada and Norway
• DFC--Centre National pour la Recherche Scientifique (CNRS) (represented by Serge Vaudenay), France
• E2--Nippon Telegraph and Telephone Corp. (NTT) (represented by Masayuki Kanda), Japan
• FROG--TecApro Internacional S.A. (represented by Dianelos Georgoudis), Costa Rica
• HPC (Hasty Pudding Cipher)--Rich Schroeppel, U.S.A.
• LOKI97--Lawrie Brown, Josef Pieprzyk and Jennifer Seberry, Australia
• MAGENTA--Deutsche Telekom AG (represented by Klaus Huber), Germany
• MARS--IBM Corp. (represented by Nevenko Zunic), U.S.A.
• RC6--RSA Laboratories (represented by Matthew Robshaw), U.S.A.
• Rijndael--Joan Daemen and Vincent Rijmen, Belgium
• SAFER+--Cylink Corp. (represented by Lily Chen), U.S.A.
• SERPENT--Ross Anderson, Eli Biham and Lars Knudsen, U.K., israel and Norway
• TWOFISH--Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall and Niels Ferguson, U.S.A.

More information about the AES is available at http://www.nist.gov/aes.

Note to reporters and editors: Below is a list of press contacts at the organizations that have submitted candidate algorithms.

Advanced Encryption Standard Media Contacts for Candidate Algorithms

NOTE TO EDITORS: Many of the contacts on this list will be attending the First Advanced Encryption Standard Candidate Conference in Ventura, Calif., on Aug. 20-22, 1998. If you need assistance reaching these contacts during the conference, please call NIST Public and Business Affairs on (301) 975-2762.

CAST-256
Entrust Technologies (represented by Carlisle Adams)
Canada
Media contact: Carlisle Adams
Tel: 613 247 3180, Fax: 613 247 3690
Email: cadams [at] entrust.com (cadams[at]entrust[dot]com)

CRYPTON
Future Systems Inc. (represented by Chae Hoon Lim)
South Korea
Media contact: Chae Hoon Lim
Tel: +82 2 578 0581 (ext. 557), Fax: +82 2 578 0584
Email: chlim [at] future.co.kr (chlim[at]future[dot]co[dot]kr)

DEAL
Richard Outerbridge and Lars Knudsen
Canada and Norway
Media contact: Richard Outerbridge
Tel: 416 869 5078, Fax: 416 869 5080
Email: outer [at] interlog.com (outer[at]interlog[dot]com)

DFC
Centre National pour la Recherche Scientifique (CNRS) (represented by
Serge Vaudenay)
France
Media contact: Serge Vaudenay
Tel: +33 1 44 32 20 61, Fax: +33 1 44 32 20 80
Email: Serge.Vaudenay [at] ens.fr (Serge[dot]Vaudenay[at]ens[dot]fr)

E2
Nippon Telegraph and Telephone Corp. (NTT) (represented by Masayuki Kanda)
Japan
Media contacts: Shuuji Shino, Seiichi Kawana, Kazuhisa Sakakibara
Affiliation: R&D Public Relations, NTT R&D Management Department
Tel: +81 3 5359 4220, Fax : +81 3 5359 1190
Email: koho [at] rdh.ecl.ntt.co.jp (koho[at]rdh[dot]ecl[dot]ntt[dot]co[dot]jp)

FROG
TecApro Internacional S.A. (represented by Dianelos Georgoudis)
Costa Rica
Media contact: Dianelos Georgoudis
Tel (business): +506 2344400, or (direct) +506 2344406
Fax: +506 2344401
Email: dianelos [at] tecapro.com (dianelos[at]tecapro[dot]com)

(HPC) Hasty Pudding Cipher
Rich Schroeppel
U.S.A.
Media contact: Rich Schroeppel
Tel: 703 243 8073
Email: rcs [at] cs.arizona.edu (rcs[at]cs[dot]arizona[dot]edu)

LOKI97
Lawrie Brown, Josef Pieprzyk and Jennifer Seberry
Australia
Media contact: Lawrie Brown
Tel: +61 2 6268 8816, Fax: +61 2 6268 8581
Email: Lawrie.Brown [at] adfa.edu.au (Lawrie[dot]Brown[at]adfa[dot]edu[dot]au)

MAGENTA
Deutsche Telekom AG (represented by Klaus Huber)
Germany
Media contact: Klaus Huber
Tel.: + 49 6151 83 3568, Fax.: + 49 6151 83 4464
Email: huber [at] tzd.telekom.de (huber[at]tzd[dot]telekom[dot]de)

MARS
IBM Corp. (represented by Nevenko Zunic)
U.S.A.
Media contact: Gwen Cox
Affiliation: IBM Software Group Public Relations
Tel: 919 543 8855, Fax: 919 254 9132
Email: gwencox [at] us.ibm.com (gwencox[at]us[dot]ibm[dot]com)

RC6
RSA Laboratories (represented by Matthew Robshaw)
U.S.A.
Media contact: Patrick Corman
Affiliation: Patrick Corman Marketing & Communications
Tel: 650 326 9648, Fax: 650 322 0655
Email: patrick [at] cormancom.com (patrick[at]cormancom[dot]com)

Rijndael
Joan Daemen and Vincent Rijmen
Belgium
Primary media contact: Joan Daemen, PWI
Tel:+32 2 727 65 08, Fax: +32 2 727 62 50
Email: daemen.j [at] pwi.be (daemen[dot]j[at]pwi[dot]be)
Backup media contact: Vincent Rijmen, KULeuven
ESAT-COSIC
Tel. +32 16 32 18 62, Fax. +32 16 32 19 86

SAFER+
Cylink Corp. (represented by Lily Chen)
U.S.A.
Media contact: Gene Carozza, Sr. Public Relations Manager
Tel: 408 328 5175, Pager: 1 800 716 6434, Fax: 408 774 2522
Email: carozza [at] cylink.com (carozza[at]cylink[dot]com)

SERPENT
Ross Anderson, Eli Biham and Lars Knudsen
U.K., Israel and Norway
Media contact: Ross Anderson
Tel: +44 1223 334733, Fax: +44 1223 334678
Email: Ross.Anderson [at] cl.cam.ac.uk (Ross[dot]Anderson[at]cl[dot]cam[dot]ac[dot]uk)

TWOFISH
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall and
Niels Ferguson
U.S.A.
Media contact: Bruce Schneier
Tel: 612 823 1098, Fax: 612 823 1590
Email: schneier [at] counterpane.com (schneier[at]counterpane[dot]com)