Slashdot Mirror

← Back to Stories (view on slashdot.org)

AES Algorithm Coming Soon

Posted by michael on from the cracking-attempts-coming-soon-after dept.

Anonymous Coward writes: "The National Institute of Standards and Technology (NIST) will announce the winner of the Advanced Encryption Standard competition on Oct. 2 at 11:00 am (Eastern Standard Time). This algorithm is going to be the new government standard, so it's worth checking the page out. Following the announcement a report on the AES development efforts will be released on the NIST AES webpage. The NIST Advanced Encryption Standard page can be found at http://www.nist.gov/aes."

8 of 41 comments (clear)

  1. Re:Twofish by nweaver · · Score: 3

    Correct, the formal winner is requried to give up all patent rights. It was not stated what would be the case with multiple winners (dear God NO, that would be worse than selecting Mars), but I would imagine that if NIST selected multiple winners, they would be from the set of Rijndael, serpent, and Twofish which are all unencumbered by patent restrictons. Bruce Schneier put it well during the panel presentation: "Take Rijndael with extra rounds [1], Serpent, and Twofish, and flip a three sided coin, and you will have a good AES algorithm". All of the 3 have good subkey generation properties, are fast in hardware (although serpent is bigger), have good software properties, etc. Also, serpent seems to be getting faster and faster in software, as the s-boxes are tweaked for specific architectures. Both Mars and RC6 have some VERY bad properties: They rely on 32 bit multiplication, and run very poorly on any other device (including the IA64 when/if it gets built) and require way too much in hardware. The both have very poor subkey generation mechanisms. And MARS has the most baroque structure: I don't think anyone has actually succeded in doing subkey generation independenty of the reference code. As for power attacks on smartcards, those should be solved at the system, not the circuit level, making the algorithm moot. Note: I am not completely independant. I had a paper at the 3rd aes conference, where I advocated rijndael, serpent, or twofish. Although having an office down the hall from David Wagner's old office does make me a little biased.


    Nicholas C Weaver
    nweaver@cs.berkeley.edu

    --
    Test your net with Netalyzr
  2. They forgot one... by Mike1024 · · Score: 3
    Hey,

    They forgot one encryption stansard: Slashdot trolls!

    It is an exciting new algorithm that automatically selects a random number from 1 to 5 then maps a phrase to it from memory:

    1 - Natalie Portman
    2 - Hot grits
    3 - Beowulf cluster
    4 - Penis bird
    5 - F1rst P057!

    Because it uses the innovative security precaution of making the output irrelevent to the input data, there is absolutely no risk of decryption, even if nobody intercepts the message in transit, and the recipient has the passphrase. Here is an example:

    INPUT: AES algorithm coming soon!
    OUTPUT: F1rst P057!

    INPUT: Alpha system with 256GB Ram!
    OUTPUT: But how meny Penis birds does it support?

    etc, etc...

    Michael

    ...another comment from Michael Tandy.

    --
    "Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
  3. Open Standards Seting Activity by Cire+LePueh · · Score: 3

    As it was reported before and the notice is big and bold....

    NIST reminds all interested parties that the adoption of AES is being conducted as an open standards-setting activity....it may seek redress under the antitrust laws of the United States against any party in the future who might seek to exercise patent rights against any user of AES that have not been disclosed to NIST in response to this request for information.

  4. Algorithm(s) by Mike+Connell · · Score: 3

    NIST appears to have left the possibility of multiple algorithms, so there may be more than one winner. General opinion seems to be that this is unlikely to occur though (thankfully).

    Likely winners:
    Twofish (fast in s/w)
    Serpent (solid)
    Rijndael

    Unlikely (IMHO)
    MARS (eugh!)
    RC6 (weak)

    Whoever wins *should* be a net win for us all. These are all meant to be free and exportable (importable in some cases as they aren't all US ciphers ;). However, despite the fact that all entries are meant to be free of restrictions, note that Hitatchi (and perhaps others), have claimed patent right that cover a number of the entries...

    best wishes,
    Mike.

    --
    Tales from behind the Lagom Curtain
  5. Re:Twofish by Admiral+Burrito · · Score: 5

    Twofish seems a nice system.

    It is. That would be my second choice, after Rijndael.

    From what I've read, Twofish doesn't stand up do differential power analysis as well as Rijndael does, and is not quite as smartcard-friendly. Rijndael may also work better on future parallel computers. Rijndael is slightly smaller, faster, etc, etc. AFAICS Rijndael slightly edges out Twofish in nearly every category.

    Twofish is American though, which may make a difference.

    Serpent would be my third choice, but it's too slow compared to the others. Mars is too complex. RC6 is too dependant on rotations.

    Its good that it is completely open, so there can be no patenting problems.

    I can't remember the details, but whoever wins is not allowed to milk it even if they have patents. It's one of the stipulations for all AES candidates (but it only applies to the one that wins).

    Of course, it's possible they might select more than one algorithm...

  6. AES in OpenPGP by XNormal · · Score: 4

    An algorithm ID is already defined for AES in OpenPGP (RFC2440).

    It might be nice publicity stunt to release a special version of GnuPG (1.0.4?) with AES support within seconds of the official announcement.

    ----

    --
    Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
  7. Note to Digital Convergence by blogan · · Score: 3

    Your entry is not winning. You have no need to free up your calendar.

  8. Re:Twofish by Mike+Connell · · Score: 4

    > That's not exactly an unbiased source.

    It's completely irrelevant how biased they are - I wasn't referencing their work as a groundless opinion. I was reference their paper "The Twofish Team's Final Comments on AES Selection" submitted in the round 2 comments stage which you should read. This isn't a question of the Blowfish team saying "la la la - Rijndael sucks", it's a case of them doing the analysis and showing why they think it has problems and publishing the results and the reasoning.

    I agree that with modifications Rijndael can be made more secure. In fact, why not just scrap all the entries and say "let's start all over again with more secure versions"? it could go on forever. I think NIST should be choosing the most secure algorithms *entered*, and that isn't Rijndal.

    my 0.02,
    Mike.

    --
    Tales from behind the Lagom Curtain