Want CNET to notify you of price drops and the latest stories?

15 enter crypto standard race

Fifteen companies and universities outline their submissions to become the next standard for encrypting U.S. government data.

3 min read
The usually staid world of cryptography is abuzz today as 15 companies and universities outline their submissions to become the next standard for encrypting U.S. government data.

The winner of the competition to create the new Advanced Encryption Standard will claim bragging rights as the world's top cryptographer. Even though the new standard will be available for free, being picked could carry commercial benefits.

"The biggest thing is the prestige of having your design selected," said encryption pioneer Philip Zimmermann, founder of Pretty Good Privacy, now part of Network Associates. "Prestige translates into dollars--if your company creates a design that gets selected, you'll probably realize a lot of business in cryptography."

The Advanced Encryption Standard is being selected to replace the widely used Data Encryption Standard (DES) that has been required since the 1970s for encryption products used by the federal government. Many private organization also use 56-bit DES, but today DES can be broken.

"DES can be broken cheaply and easily, and the industry needs to come up with a new standard that protects all the information that the federal government stores," said Lauren Hall, a lobbyist on encryption issues for the Software Publishers Association.

At a conference in coast-side Ventura in Southern California, sponsored by federal agency National Institute of Standards and Technology, the best cryptographers in the world are unveiling their proposals--and having them ripped to shreds if they're subpar.

Zimmermann, whose company did not submit an Advanced Encryption Standard proposal, calls the conference "energetic."

"There are 15 dogs in this fight, all in the same room, so the room is packed with very bright people," Zimmermann said, describing the interactions as "aggressive," unlike the normally reserved discussions at crypto gatherings. "Designs are getting torn apart during their presentations."

The Advanced Encryption Standard conference, which ends tomorrow, is part of a lengthy selection process that won't be completed for two more years, and it has drawn proposals from across the globe--United States, Canada, Israel, France, United Kingdom, and Germany. Among the companies participating are IBM, RSA Data Security, Cylink, Entrust Technologies, Deutsche Telekom, Nippon Telegraph and Telephone, and Counterpane Systems, headed by noted cryptographer Bruce Schneier.

Zimmermann calls the Advanced Encryption Standard "the most exciting thing in crypto for the last couple of years," noting that the open submissions and review process has produced high-quality entries from academic researchers as well as commercial firms.

"The best designs are using everything that has been learned about block ciphers and cryptoanalysis for the last few years," said Zimmermann, who was pursued by the U.S. government for years because he posted strong encryption on the Internet.

He also sees political elements in the Advanced Encryption Standard process.

"No one is going to be able to say that [ Advanced Encryption Standard] was done with some hidden back door for the NSA [National Security Agency]," he added.

"This [process] is going to relieve some tensions about the controversies over encryption," he added. "Part of the government wants to suppress crypto, and [National Institute of Standards and Technology] is now firmly in the camp of promoting strong crypto."