Internet security has for some time been the buzzword in e-commerce. Over the past two years, with the proliferation of sites selling online, the need to ensure that that which has been encrypted stays encrypted has become one of the Holy Grails of the budding e-economy.
In response to this, the US government's National Institute of Standards and Technology has, following an international competition, announced the adoption of a new Advanced Encryption Standard (AES), or Rijndael (pronounced Rhine-dall), to replace the old Data Encryption Standard (DES) which has been in use since 1977.
The announcement of its adoption marks the culmination of a four-year effort involving the co-operation of the US government, private industry and academia from around the world to develop an encryption technique that has the potential to be used in the years to come by millions of people both commercially and privately.
So what is Rijndael? Rijndael is a public algorithm which encodes everything from electronic mail to PINs. It is designed to protect sensitive government and commercial information well into this century.
The Rijndael developers are Belgian cryptographers Joan Daemen of Proton World International and Vincent Rijmen of Katholieke Universiteit Leuven.
Into this rarefied world enters Dubliner Cassius Crockatt. Crockatt is a modest, 23-year-old student of Trinity College, Dublin, who, having developed an interest in the Rijndael project since the competition for a new encryption standard was announced, has become one of the public faces of the new code. Crockatt, who will join Sapient Technologies in London in September, developed a website to demonstrate to both computer experts and lay people exactly how Rijndael works. In fact, the site is so successful that the US government has included it on the official website of the National Institute of Standards and Technology.
The site explains and allows the browser to test Rijndael, which is based on three different types of encryption keys - as in keys to a code - which are of 128,192 or 256 bits.
In comparison, the older DES keys are 56 bits long, which means there are in the order of 1021 times more AES 128-bit keys than DES 56-bit keys. In order to understand the complexity of the task that Crockatt has accomplished, consider that in the late 1990s specialised "DES Cracker" machines could uncover a DES key after a few hours. In other words, by trying possible key values, the machine could determine which key was used to encrypt a given message. If one could build a machine that could uncover a DES key in a second (that is, try 2 to the power of 55 keys per second), it would take that machine approximately 149 thousand billion (149 trillion) years to crack a 128-bit AES key. (To put that into perspective, the universe is believed to be less than 20 billion years old.)
Crockatt developed the site as part of the coursework for the information and communications technology course taught by Dr Christian Jensen in TCD. However, it is only when he explains it himself that the difficulties involved become apparent.
"Rijndael is a symmetric cipher," Crockatt says. "This means that the same key is used to both encrypt and decrypt text. I based the algorithm on the official algorithm specification.
"Having implemented the algorithm, I tested it using the official test values from the Rijndael site. It returned the correct results at each stage and therefore completely meets the specification."
TCD has over the years been developing a closer relationship with industry and the fact that the NIST adopted Crockatt's site as a demonstration model for Rijndael is an example of that relationship, says Jensen. "Cass's project is really quite exceptional, not just for a student course, but would also be exceptional even for someone working in the field.
"That the NIST took it on board demonstrates the kind of relationship we are developing between teaching and the latest advances in research and technology in Trinity's computer science department."
To view the site, log on to the National Institute of Standards and Technology site at http://csrc.nist.gov/encryption/aes/rijndael and then click on OJava Servlet from Cass Crockatt