Serpent Holds the Key to Internet Security

Finalists in world-wide encryption competition announced

(University of Cambridge press release, 1600, 9/8/1999; press archive here)

The US National Institute for Standards and Technology has today announced the finalists in a competition for an encryption algorithm for the 21st century. One of the five finalists is Serpent, designed in an international collaborative effort by Ross Anderson at the Cambridge University Computer Laboratory, Eli Biham of the Computer Science Department at the Technion, Haifa, and Lars Knudsen of the Institutt for Informatikk at the University of Bergen, Norway.

At present, billions of pounds=D5 worth of electronic transactions are protected using the Data Encryption Standard (DES), which was developed in the 1970s. DES is no longer secure enough for important applications as the keys are too short and it is possible to break the cipher using just a few thousand personal computers for a few weeks. As computers become faster, attacks are becoming easier and more systems will be at risk of fraud. DES is currently used in a huge range of systems, including operating emergency traffic bollards, protecting electronic transactions between banks and authenticating cash machine transactions.

The US government began a competition several years ago to find a replacement for DES, to be called the Advanced Encryption Standard or AES. The first round had fifteen candidate algorithms, proposed by a range of computer companies and academic researchers. After a period in which the world's best code-breakers have been attacking the candidates, finding flaws in many of them, five remaining candidates now enter the second round. One of them is Serpent. Serpent has been designed to provide users with the highest possible level of assurance that no attack will be found and is aimed to protect information for a hundred years. As more and more business is done on the net, data encryption mechanisms will become more and more critical.

Serpent designer Ross Anderson said: `Encryption may well be one of the key enabling technologies for the information age. We are delighted that our algorithm, Serpent, has been chosen as a finalist in the competition to find the next generation encryption standard. We believe it is the most secure of all the candidates.'

Notes for Editors

For further information, please contact Ross Anderson.