ENCYCLOPEDIA OF Espionage, Intelligence, and Security Volume ...

Encryption of Dataprotection of computer data during transmission and dormantstorage” in 1973 (Federal Register 38, No. 93, May15, 1973). An algorithm developed by German-Americancryptographer Horst Feistel, then working for IBM, waseventually chosen as the federal Data Encryption Standard(DES) on July 15, 1977. All information about the DEScipher algorithm is public and no licensing fees need bepaid by anyone who wishes to incorporate it into a product.Thus, from 1977 to the present, DES has been builtinto thousands of data products, becoming among themost widely used cipher in history.DES is a block cipher, meaning that it chops themessage bitstream into blocks or sequences of 64 bitseach, then produces a 64-bit ciphertext block by processingthe message block through an algorithm (series ofmathematical operations) governed by a key (secret number,in this case a 56-bit binary number). The ciphertextblock appears to be a random string of bits; to recover theoriginal message block, the 56-bit key that was used toencipher it must be given, stolen, or guessed.When first implemented, DES was effectively unbreakable—except,probably, by the NSA, which reportedlylobbied the National Bureau of Standards to keep thekey length down to a level that NSA supercomputerscould cope with. Key length is a basic aspect of ciphersecurity because any cipher can in theory be cracked bythe brute-force method known as exhaustion, that is, thetrying out of every possible key. In the case of DES, thereare 2 56 > 72,000,000,000,000,000 (72 x 10 16 ) possible keys.For many years, DES-enciphered data were safe becausefew organizations possessed the computing power to test72 x 10 16 keys in a reasonable time, but this ceased to betrue several years ago. In July, 1998, a team of cryptographerscracked a DES-enciphered message in 3 days by theexhaustion method, and in 1999 a network of 10,000desktop PCs cracked a DES-enciphered message in lessthan a day. DES was clearly no longer invulnerable, but areplacement was not yet in view; users therefore switchedto an algorithm termed “triple DES.” Triple DES encrypts aplaintext block using one 56-bit key, re-encrypts the resultingciphertext block using a second 56-bit key, and then rere-encryptsthe result of the second encryption using athird 56-bit key. However, cryptographers have determinedthat triple DES is unsatisfactory as a long-termsolution, and in 1997, the National Institute of Standardsand Technology (NIST) solicited proposals for a cipher toreplace DES entirely, the Advanced Encryption Standard(AES).An algorithm named Rijndael (pronounced RAIN doll),created by Belgian cryptographers Vincent Rijmen andJoan Daemen, was announced as the AES in December,2001 (Federal Information Processing Standard 197). AESis structurally similar to DES—both are block ciphers, forexample—but AES uses blocks and keys that are 128, 192,or 256 bits long (at the user’s discretion—longer blocksand keys entail slower processing), rather than a mere 56bits long as in the original DES. According to the NIST, acomputer that could try out all possible 56-bit DES keys inone second would require approximately 1.49 x 10 14 yearsto try out all possible 128-bit AES keys. Triple DES is stillthe most commonly-used cryptosystem for the encryptionof data and will remain an approved cryptographic standardfor the foreseeable future; however, AES has startedappearing in commercial products.Encryption scientists expect that AES will remainsecure for at least twenty years. However, in September2002, two cryptographers—Nicolas Courtois of France,and Josef Pieprzyk of Australia—announced that they haddesigned an attack on AES that would reduce the numberof calculations to crack the cipher from order 2 256 (for thelongest key option) to order 2 100 . This remains beyond thecapabilities of present-day computers, but raises concernfor the long-term security of AES.Both DES and AES are symmetrical-key cryptosystems,meaning that both the sender and receiver must be inpossession of an identical secret key to encrypt and decryptmessages to each other. Systems based on publickeycryptography have also become important in thelast decade or so, especially the RSA system (named forits inventors, Ronald Rivest, Adi Shamir, and LeonardAdleman). Public-key systems are widely favored for occasionaltransmissions among networks of users, ratherthan for dedicated links. RSA has been licensed to themakers of Web browsers such as Netscape and Explorer,allowing their users to employ public-key cryptographyfor sending encrypted e-mails, making online purchases,and doing online banking (most often without knowingthat they are employing cryptography at all). RSA has alsobeen used, without authorization, in the freeware programknown as PGP (pretty good privacy). PGP can bedownloaded for free from a number of Web sites forpersonal use.❚ FURTHER READING:BOOKS:Meyer, Carl H., and Stephen M. Matyas, Cryptography: ANew Dimension in Computer Data Security. New York:John Wiley & Sons, 1982.Singh, Simon. The Code Book. New York: Doubleday,1999.PERIODICALS:“Race to Pick a Better Cipher.” Science no. 5382 (1998):1411.Seife, Charles. “Crucial Cipher Flawed, CryptographersClaim.” Science no. 5590 (2002): 2193.ELECTRONIC:National Institute of Standards and Technology. “AdvancedEncryption Standard: Questions and Answers.” ComputerResource Security Center. March 5, 2001. (November16, 2002).Nechvatal, James, et al. “Report on the Developmentof the Advanced Encryption Standard.” National Instituteof Standards and Technology. October 2, 2000.396 Encyclopedia of Espionage, Intelligence, and Security