U.S. government picks next-generation encryption standard

The U.S. government has formally adopted its next-generation data encryption standard, aimed at better protecting government data transmission and storage.

Known as the Advanced Encryption Standard (AES), this new algorithm will replace one first adopted by the federal government in 1977. Two Belgian cryptographers, Joan Daemen and Vincent Rijmen, developed the new standard.

The U.S. government first selected the pair’s Rijndael algorithm to replace the two-decades-old Data Encryption Standard (DES) last year. A period of public comment and proposed revisions to the algorithm followed.

“Now it’s an official standard,” said Philip Bulman, an official at the National Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department. While there is no deadline for the government to switch over to AES, Bulman expects “federal agencies will start migrating” to the new algorithm shortly. In addition, it’s likely that many companies in the private sector, particularly in financial services, will consider adopting AES as well, he said.

U.S. government officials said last year that they chose Rijndael for their next-generation encryption standard because of its “combination of security, performance, efficiency, ease of implementation and flexibility.” Rijndael performed well on a variety of hardware and software platforms, they concluded. It uses relatively small amounts of memory, and it provides strong defence against several different kinds of attacks.

The new standard can support encryption key strength of 128, 192 and 256 bits, according to a government statement. More information about the standard is posted on the NIST Web site.