Have you heard off mine doll Ryan doll?

No, No.

Okay, so some people watching will have heard of Wine Doll.

I'm gonna talk about what that is today.

It's the album behind the advanced encryption standard.

It's everywhere, absolutely everywhere.

So it's being used to encrypt.

This video is being used to encrypt the connection from the service, which is producing the video, and so on is being used.

If using bit locker to encrypt your hard disk and so oneself from the list goes on, is being used everywhere.

Why is this one algorithm everywhere?

Why we know using lots of different our weapons and some are good.

Some are bad, you know.

You know, we talk about albums from time to time di extreme stuff.

Dykstra's good at certain jobs and no other jobs.

Why is it that everyone's using this one?

In the let's say eighties and early nineties, there was now women called Dez or the data encryption standard.

Now this was written by IBM, and we could talk about this in a different video.

But Dez had a few problems.

The moat, the biggest of which was that only had a 56 bit key.

You know, you might guess the key about halfway through research on average.

So if you're doing it at random, so that's maybe 2 to 55 operations now, in the eighties, that was probably quite difficult to do, but it became easier.

And actually, Dez got broken a few times by classes of computers and large, um, dedicated circuits and things like this.

So for a while, what happened?

Waas.

We used a process called Triple Days, which is where is three times with this, where instead of using 1 56 big key used three and you do days three times, right?

That's another thing we could talk about another time, but it's three times slower.

My So, yeah, it solved the problem of the short key.

It didn't solve the problem of the fact that actually quite slow.

So what we needed Waas.

You know, the Internet was coming on board that things were happening.

Encryption was getting more and more important.

We need something faster, right?

So so in 1997 the National Institute of Standards and Technology is in America, put out a call and said, we want a new encryption standard.

So instead of days for data encryption standard, we're going to go for the advanced encryption standard.

I mean the name dazzle.

It's better.

It's going to be better now.

There were a few things that they wanted so support for different for a specific block.

Length, 128 bits, different key sizes and things.

But the main thing they said was we wanted to be as secure as triple days, but much, much quicker and quicker or not just your fast penned him, but also on your smart card on your mobile phone and all the mobile phones in particular.

Big deal.

But then, But you're not here 33 10 or whatever it was you can imagine.

But this in the cryptographic community went down quite well.

They want to be.

They want to produce court ciphers.

They want to test out each of the ciphers and generate new our Williams.

And so it was gonna be a competition.

An open competition Days Waas, written by IBM on dth E with help from the NSA, shall we say on dhe was just announced as a standard.

This was gonna be a different process, We're gonna have a proper competition.

Anyone?

I mean, I was quite young at the time, so not me, but anyone who wanted to could submitted algorithm.

It will be sort of scrutinized.

And if it was judged to be the best among the others, then it would be made into the advanced encryption standard.

And it will become Phipps accredited, and it will get a lot of use now.

That time it would get sort of local use in America.

But as we've seen now, you know, worldwide use initial submission was closed in May 1998.

That was when the 15 submissions were sort of finalized.

And then we had a evaluation period where cryptographer from all over the world could try and attack the ciphers work out if they had vulnerabilities, how Farsi were, and there were a number of different criteria they were looking for.

Because I just not being able to break the cipher is actually not that it's only one part of it, right?

There's lots of things.

So, for example, low memory footprint efficient.

So not using up to and electricity too many CPU cycles fast, obviously, because that's gotta help the ability to deploy in hardware if the algorithm is totally unusable.

When you try and make a hardware dedicated chip to do it, no one could do that.

And that doesn't make any sense.

For in March 1999 they had another conference where they looked at what they found out so far.

So they had people talking about whether these albums were secure on how far say, well and people had tried implementing them on hardware and reported how that gone.

Five of them, um, issues were found with their security, such they were not secure enough.

So five of them were discounted, and then another five were discounted because off very selfish was like they had the same.

Security is one of the others, but were slower things like this.

And so in the end, this got narrow it down to five.

So there was Ryan Doll Serpent, which was written in part by Los Anderson, who's been on computer file before Mars, written by IBM RC six, written by the USA Organization, who also developed Arcee encryption on dhe to Fish bitten by Bhushan I and others.

Neil's Ferguson.

So it came down not just a which is more secure on DSO.

It wasn't that we picked the most secure one if there were lots of things too perfect to be thought about.

So, for example, Lined all performed very well on lots of different devices.

So that was a real positive serpent was probably the most secure in a sort of a strict crypt.

Sense of it had the fewest attacks make any progress on it all on dhe.

But it was just a little bit slower than mind off, for example, and software, so loss of decisions.

In the end, a vote was taken and it was somewhere around 80 something votes for Ryan doll and then 54 serpent and then some for the others.

So find are one.

Ryan doll was written by two Belgian photographers.

So yo and Darman, Andi Vincent, violin.

They were obviously in the cryptographic community.

But, you know, we had big hitters like IBM in this competition.

So it was in some things, a little bit of a coup, but that anyone But you know, one of the nice things about academia is that if you perform good work, people will notice that work and hopefully you know, it'll it'll cease.

Amuse, even if you're just starting out or you're not Was establishing some of the research is quite quite like that.

The nice thing about A s is that it is an SP network.

We already talked about SP Networks in the previous video.

And so in some sense, a Yes, it's actually quite similar.

Now there are some differences and we'll talk about those in another video.

But in general, what we've got is because Siri's of confusing substitution sze that make our life difficult of tracking back with what we had before on Cem.

Permutations were moving bites and bits around.

So that is difficult to keep track of where the key was and where, where the message waas on you do this a few times until the output bears no resemblance to the input it all the way that Randall work is.

Actually, it can have different blocks sizes so can have 128 big block sizes or 256 big block sizes.

For example, wth E A s specification only allows for 100 28 blocks with 128 or 192 or 256 bit keys and that that's what everyone had to adhere to.

So in some sense, I guess is a subset of line doll, but they're now interchangeable.

What?

One is the other.

So when we talk about A s we're talking about the album that was named Rhonda on has now become the advanced encryption standard.

Is that job done then?

I mean, we've chosen this.

Surely, you know, computer, get faster.

There'll be a point where maybe this is broken.

It will have to be another advanced, advanced encryptions, maybe eventually the vaccination question.

Because so each of these output has had what we would call a security margin, which is, I guess, how much better or we're gonna have to get attacking these things to break them on.

We're a long way off, as far as I can tell what they were some obscure attacks on things like related keys and where and but the amount of I mean some of some of them will require petabytes of data on dhe of encryptions and decryption sze to even slightly be brute force.

So none of these are practical, you know, there's no issue of breaking any time soon.

The brute force, a key on even 128 machine, is totally average to 220.

Operations is huge.

It would take some 100 trillion years for the world's fastest supercomputer, I think calculated as a while ago I could be out of date.

Now you get papers and other ciphers that come along.

So, for example, there's another cipher called Charge our 20 which is arguably slightly faster on very low cost devices.

So their albums that perhaps weren't in this competition that could see some use.

But there's a good reason to have standards.

They get attacked the most.

They get tested the most.

They get implemented the most.

So you soon realize what the problems are, and then you can rely on libraries.

Open it yourself.

I have a very, very good implementation for your needs.

So in some sense, something would have to really go wrong for us to want to change our with because of how establish it is and no, don't reinvent the wheel is we're taking our 128 bit message and we're just laying it out in this order like this, and then we're going to start using doing RSP.

Networks were gonna commute.

We're gonna substitute bites on.

Then we're gonna transform it into some way where an attacker can't read what the message used to be.