AES for GnuPG, on Mon Oct 2?

Michael H. Warfield mhw@wittsend.com
Sun, 1 Oct 2000 16:10:40 -0400 

On Sun, Oct 01, 2000 at 12:24:22PM -0700, Dale Harris wrote:

> On Sat, Sep 30, 2000 at 08:36:10PM -0700, Mark Atwood elucidated:

> > The National Institute of Standards and Technology (NIST) will

> > announce the winner of the Advanced Encryption Standard competition on

> > Oct. 2 at 11:00 am EST.



> > http://csrc.nist.gov/encryption/aes/



> > When will GPG incorporate the AES? I see in the OpenPGP that there are

> > slots reserved for the AES. What would be cool is if someone has

> > written "AES modules" for all 4 of the finalists, so that there can be

> > a GnuPG 1.0.4 release on Monday at 11:01 am EST.



> Personally, I think we'd have to see what the NIST chooses.  If they pick

> something that is patented, then I would think that it would be prudent for

> GnuPG to ignore it, or have optional support.  However if it was something 

> that is open and freely available for use, then I'd think that GPG would 

> support it, as long as it was deemed secure, and free of any backdoors.


	One of the stipulations of the AES competition was that the
algorithm must be free of encumberances.  That being said, apparently
Hitachi chimed in on at least one of the round two candidates claiming
that it was covered under one of their patents.  IMHO...  That was the
kiss of death.

	We do not have to wait for NIST to be prepared.  Someone has already
suggested that the final candidates could be ready for inclusion within
moments of the announcement.  There were only 5 round two candidates.

	We also have some "hints" as to what the announcement is going to
be (although it is a bit of conjecture).  Attached below is the relevant
message from coderpunks.  Take it for what it's worth.


> Dale


-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

===== Begin Attached Message =====

> From coderpunks-errors@toad.com  Sat Sep 30 17:22:55 2000

To: cypherpunks@openpgp.net, cryptography@c2.net, coderpunks@toad.com
Subject: Re: AES winner to be announced Monday.
Message-ID: <9a9074440a285dfd0fb89d90d50c91e4@dizum.com>
Date: Sat, 30 Sep 2000 21:50:04 +0200 (CEST)
Sender: owner-coderpunks@toad.com

On Fri, 29 Sep 2000 14:38:30 -0400, "Trei, Peter" <ptrei@rsasecurity.com> wrote:

> I can't get the web page myself, but the appended message

> is in sci.crypt today:

> 

> Peter Trei

> ------------------------

> From:  Jim Gillogly <jim@acm.org>

> 1:03 PM

> 

> Subject: Re: Deadline for AES...

> 

> Tim Tyler wrote:

> > No official announcement of the date has been posted yet on

> >   http://csrc.nist.gov/encryption/aes/

> 

> The new notice just went up at this site: announcement to be made

> 2 Oct with simultaneous webcast.  They (explicitly) won't say yet

> how many algorithms have been chosen as the AES.  There's no mention

> of new versions of SHA-* with appropriately longer hashes.

> -- 

>         Jim Gillogly

>         Sterday, 8 Winterfilth S.R. 2000, 17:00

>         12.19.7.10.12, 8 Eb 15 Chen, Fifth Lord of Night


Though NIST is being very secretive regarding the AES announcement,
they let the following rumors leak:

1. There is a single winner.
2. It is not an American design.

If so, this rules out MARS, RC6, and Twofish. But now comes the
third rumor:

3. The winner is not covered by any patent or patent claim
identified or disclosed to NIST by interested parties.

Assuming this is true, there is only one algorithm that is not
explicitly mentioned in Hitachi's claim: Rijndael.