Milestone-Proposal talk:Advanced Encryption Standard (AES)
Advocates and reviewers will post their comments below. In addition, any IEEE member can sign in with their ETHW login (different from IEEE Single Sign On) and comment on the milestone proposal's accuracy or completeness as a form of public review.
-- Administrator4 (talk) 20:04, 17 October 2023 (UTC)
Advocates’ Checklist
- Is the proposal for an achievement rather than for a person? If the citation includes a person's name, have the proposers provided the required justification for inclusion of the person's name?
- Was the proposed achievement a significant advance rather than an incremental improvement to an existing technology?
- Were there prior or contemporary achievements of a similar nature? If so, have they been properly considered in the background information and in the citation?
- Has the achievement truly led to a functioning, useful, or marketable technology?
- Is the proposal adequately supported by significant references (minimum of five) such as patents, contemporary newspaper articles, journal articles, or citations to pages in scholarly books? At least one of the references should be from a peer-reviewed scholarly book or journal article. The full text of the material, not just the references, shall be present. If the supporting texts are copyright-encumbered and cannot be posted on the ETHW for intellectual property reasons, the proposers shall email a copy to the History Center so that it can be forwarded to the Advocate. If the Advocate does not consider the supporting references sufficient, the Advocate may ask the proposer(s) for additional ones.
- Are the scholarly references sufficiently recent?
- Does the proposed citation explain why the achievement was successful and impactful?
- Does the proposed citation include important technical aspects of the achievement?
- Is the proposed citation readable and understandable by the general public?
- Will the citation be read correctly in the future by only using past tense? Does the citation wording avoid statements that read accurately only at the time that the proposal is written?
- Does the proposed plaque site fulfill the requirements?
- Is the proposal quality comparable to that of IEEE publications?
- Are any scientific and technical units correct (e.g., km, mm, hertz, etc.)? Are acronyms correct and properly upper-cased or lower-cased? Are the letters in any acronym explained in the title or the citation?
- Are date formats correct as specified in Section 6 of Milestones Program Guidelines? Helpful Hints on Citations, plaque locations
- Do the year(s) appearing in the citation fall within the range of the year(s) included at the end of the title?
- Note that it is the Advocate's responsibility to confirm that the independent reviewers have no conflict of interest (e.g., that they do not work for a company or a team involved in the achievement being proposed, that they have not published with the proposer(s), and have not worked on a project related to the funding of the achievement). An example of a way to check for this would be to search reviewers' publications on IEEE Xplore.
Independent Expert Reviewers’ Checklist
- Is suggested wording of the Plaque Citation accurate?
- Is evidence presented in the proposal of sufficient substance and accuracy to support the Plaque Citation?
- Does proposed milestone represent a significant technical achievement?
- Were there similar or competing achievements? If so, have the proposers adequately described these and their relationship to the achievement being proposed?
- Have proposers shown a clear benefit to humanity?
In answering the questions above, the History Committee asks that independent expert reviewers apply a similar level of rigor to that used to peer-review an article, or evaluate a research proposal. Some elaboration is desirable. Of course the Committee would welcome any additional observations that you may have regarding this proposal.
Submission and Approval Log
Submitted date: 30 December 2023
Advocate approval date: 14 November 2024
History Committee approval date:
Board of Directors approval date:
Comment to Proposers -- Tomohiro Hase (talk) 05:57, 12 February 2024 (UTC)
Dear Proposers.
ETHW Main Page describes as follows. "To be proposed as an IEEE Milestone, an achievement must be at least 25 years old." https://ieeemilestones.ethw.org/Main_Page
On the other hand, Abstract in NIST FIP197 describes as follows. "In 2000, NIST announced the selection of the Rijndael block cipher family as the winner of the Advanced Encryption Standard (AES) competition." https://csrc.nist.gov/pubs/fips/197/final
I think the AES deserves surely the IEEE Milestone. However, I think it will be 1-2 years before you can apply for the IEEE Milestone. It is reason why the design time frame is generally uncertain and therefore unsuitable for the IEEE Milestone.
- Best regards, Dr. Tomohiro Hase, IEEE Fellow.
Re: Comment to Proposers -- Wvetten (talk) 12:09, 20 June 2024 (UTC)
Dear Dr. Tomohiro Hase,
As you can see in the proposal the actual work on AES was done in the years 1995-1998. This time span was more than 25 years ago.
Best regards,
Wim van Etten, proposer
Original Citation Title and Text -- Administrator4 (talk) 17:16, 3 April 2024 (UTC)
Design of the Advanced Encryption Standard (AES) Rijndael 1995-1998
In 1995-1998, Joan Daemen and Vincent Rijmen designed a series of secure and innovative block ciphers. This culminated in Rijndael, their submission to the first worldwide open NIST contest: the AES competition. After winning this in 2000, Rijndael, now AES, became ubiquitous in providing data confidentiality and authenticity worldwide.
Reviewer #1 Comments -- Sselleri (talk) 12:26, 22 July 2024 (UTC)
Here are the comments of the first anonymous reviewer. Please note that some comments might seems aimed more to a specialistic aiudince, while milestones are intended for the general public.
Is suggested wording of the Plaque Citation accurate?
Yes
Is evidence presented in the proposal of sufficient substance and accuracy to support the Plaque Citation?
Yes. Note that for someone woking with cryptography and security it would have been enough to write "it's AES", and that would have been sufficient.
Does proposed milestone represent a significant technical achievement?
Absolutely yes
Were there similar or competing achievements? If so, have the proposers adequately described these and their relationship to the achievement being proposed?
Altough there were (and they are) numerous similar achievemnts in the field of cryptography, there is no doubt that AES is, after 25 years, still the de-facto reference architecture for symmeric data encryption. The proposal describes with ad adequate depth the importance of the milestone, and its relation with the pre-existing ones.
The only part that might me missing is the relationship between AES (a symmetric algorythm) with the asymmetric crypto algorythms. While this distinction is well known and obvious to anyone with a basic knowledge of the topic, it might not be obvious to the others.
Hence, I'd suggest to enhance the description with a note that, while asymmetric algorithms have been improved over the years, and are now subject to revision due to the risk of attacks due to quantum computing, AES, thanks to the symmetric structure, is still considered as the state of the art.
A last note: while the Rijndael algorithm was formally declared as a winner of the AES competition in 2000, its proposal was submitted earlier (1999), as documented in https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf. Hence, the 25-years requirement is perfectly fulfilled.
Reviewer #1 Comments -- Sselleri (talk) 08:37, 11 October 2024 (UTC)
Here are the comments of the second anonymous reviewer. Please note that some comments might seems aimed more to a specialistic aiudince, while milestones are intended for the general public.
Major comments:
The invention of Rijndael, which was adopted by NIST as the AES, is certainly a major development in information security, worthy of IEEE Milestone recognition. The proposed location, the University of Leuven (Katholieke Universiteit Leuven), where the development was done, is fitting.
In the citation I wonder if a deeper connection could be made to related major developments, especially ones already recognized by IEEE Milestones. For instance, AES, as a symmetric key cipher, could be contrasted with public-key cryptography, which has an IEEE Milestone plaque at Cheltenham, UK. https://ethw.org/Milestones:Invention_of_Public-key_Cryptography,_1969_-_1975
In my opinion:
○ The proposed wording for the plaque is accurate
○ The proposal shows significant evidence supporting the citation
○ The invention of Rijndael is a significant achievement, as evidenced by its selection as the AES.
○ There are no directly equivalent achievements of equal stature.
Minor items:
Abstract: 1. "Encryption is essential in protecting privacy of citizens in communication via…”
Suggest: “Encryption is essential in ensuring the privacy of communication via..”
Another approach could be to make reference to the 5 elements of information security: confidentiality (privacy), integrity, availability, authenticity and non-repudiation. AES arguably provides all but authentication and non-repudiation.
2. " after having been selected AES by NIST”
Suggest “after having been selected as the encryption algorithm for the NIST AES standard”
The Citation Needs Extensive Work / Justification Section is Inadequate -- Bberg (talk) 16:37, 11 October 2024 (UTC)
Citation Comments
The current citation is only 49 words in length, and about half of it relates to the NIST contest. There is very little technical content in the other half. Information as currently presented in the 3 background sections can be used for rewriting the citation so that it fulfills a key aspect of all Milestones: to educate the public.
Information on the order of what the www.NIST.gov website states should be included, e.g., "The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data." and "In 2000, NIST selected the Rijndael block cipher family as the winner of the AES competition." In addition, as AES is set forth in the Federal Information Processing Standards (FIPS) Publication 197, an abbreviated version of this fact could be included.
The citation should explain what happened at various points in time over the span of years included in the title. Note also that NIST should be followed by "(National Institute of Standards and Technology)" and that it should be shown to be a US entity. Also, describe what a cipher is. Since the name AES itself is explained in the title with "(Advanced Encryption Standard)," it is optional to also explain this acronym in the citation.
Note that the background information uses these 4 terms: Rijndael/AES, AES/Rijndael, AES and Rijndael. A single consistent name should be used instead. Also, the way "Rijndael" appears in the title is ambiguous.
I suggest that the proposer look at some of the citations of the 258 existing Milestones for guidance about writing a citation. Because of the widespread use of AES, this citation should both read dramatically and be educational.
Justification Section Comments
The "Justification for Inclusion of Names" requirement is inadequately met by way of the 2 brief sentences at the start of the "historical significance" section. There should be specific cites to documents that prove that it was these 2 people, no more and no less.
Thank you for your work on this. AES is very deserving!
Brian Berg, Milestones Subcommittee Chair
Comments about the New Proposed Citation, and the Title and Justification Section -- Bberg (talk) 23:00, 4 November 2024 (UTC)
Citation
I received a new proposal for the citation, but it is still quite short, and is still sparse on technical content. I thus propose the following 70-word citation:
In 1995-1998, Belgian cryptographers Joan Daemen and Vincent Rijmen created Rijndael, an innovative and computationally-efficient series of secure block ciphers for encrypting data and providing provable security against attacks. In 2000, their design won an international competition sponsored by the U.S. agency NIST (National Institute of Standards and Technology). Rijndael subsequently became the basis of the ubiquitous Advanced Encryption Standard (AES), thereby ensuring data security and authenticity in worldwide communications.
Title of Milestone
The current title is a little bit too long, and it leaves the word "Rijndael" in an awkward location. Also, since the 2000 date is critical for the Milestone, it should be included in the dates. As such, I propose this for the title:
Rijndael and the Advanced Encryption Standard (AES), 1995-2000
Justification for Inclusion of Names
The 1st paragraph of the "historical significance" section still only briefly provides justification for inclusion of the 2 names in the citation. I feel that the following does a more complete job of this:
Rijndael was developed by Joan Daemen and Vincent Rijmen as a result of the research work that they did during their PhD study at KU Leuven. As they were the only two people involved in its design, and since NIST selected their technique as the winner of its important international AES competition, their two names, and their two names only, are clearly worthy of inclusion in the citation.
Brian Berg, Milestones Subcommittee Chair
Re: Comments about the New Proposed Citation, and the Title and Justification Section -- Wvetten (talk) 15:54, 6 November 2024 (UTC)
- Reply to Brian Berg
We agree with the newly proposed title and citation. Same holds for justification for inclusion of names in the citation.
New Wording for Last Sentence in Citation, and the Need to Extend the Last Date to 2001 -- Bberg (talk) 13:49, 10 November 2024 (UTC)
Please note that I provided some suggestions in an email on November 7, and am reproducing those here.
Here is my suggestion for a new last sentence in the citation since (1) we only need to include "AES" since it is explained in the title, and (2) since we should also be more explicit about the features provided in AES by Rijndael:
Rijndael became the basis of AES in 2001, which led to its worldwide use for data security, encryption, and authentication.
The above new sentence makes the citation 69 words, and it requires that the date in the title be extended to include 2001 as in "1995-2001". I also noticed that the background information made no mention of the importance of the year 2000. Instead it only includes 2001:
An encryption standard has to meet formidable challenges to be effective. The NIST has set up a most thorough competition, evaluation and efforts at breaking the encryption scheme before awarding the Advanced Encryption Standard to Rijndael in 2001.
The above can be replaced with this paragraph:
An encryption standard has to meet formidable challenges to be effective. The US agency NIST (National Institute of Standards and Technology) initiated a five-year process during which fifteen competing designs were involved in a thorough competition and evaluation of efforts at breaking the encryption scheme in each design. In 2000, the Rijndael cipher was selected as the most suitable. When AES based on Rijndael was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001, AES became an international standard for use in data security, encryption, and authentication.
Brian
Re: New Wording for Last Sentence in Citation, and the Need to Extend the Last Date to 2001 -- Wvetten (talk) 12:38, 12 November 2024 (UTC)
- We agree with the proposed changes. So the new title and citation will be as follows.
In 1995-1998, Belgian cryptographers Joan Daemen and Vincent Rijmen created Rijndael, an innovative and computationally-efficient series of secure block ciphers for encrypting data and providing provable security against attacks. In 2000, their design won an international competition sponsored by the U.S. agency NIST (National Institute of Standards and Technology). Rijndael became the basis of AES in 2001, which led to its worldwide use for data security, encryption, and authentication.
Re: Re: New Wording for Last Sentence in Citation, and the Need to Extend the Last Date to 2001 -- Bberg (talk) 16:07, 12 November 2024 (UTC)
Thank you. I think that this is a tremendous proposal.
Brian Berg
Proposal Is Ready to Proceed in Approval -- Bberg (talk) 17:34, 13 November 2024 (UTC)
I confirm that this proposal looks to be ready to proceed. I have asked the Advocate to confirm this and proceed.
Brian Berg, Milestones Subcommittee Chair