The Problem: DES Was Dying

In 1997, the US government had a serious problem. The encryption standard it had been using since 1977, DES, was falling apart. Its 56-bit key was too short. The EFF built a machine called "Deep Crack" that broke a DES key in 22 hours. Cost: $250,000.

NIST needed a replacement. Instead of designing one behind closed doors (like the NSA wanted), they did something unprecedented: they asked the world for help.

The Biggest Competition in History

The rules were simple: submit an algorithm that supports 128, 192, and 256-bit keys. It has to be fast, secure, and open source.

The heavyweights entered:

• MARS, backed by IBM.
• RC6, from RSA Security (Ron Rivest himself).
• Twofish, led by Bruce Schneier.
• Serpent, by Anderson, Biham, and Knudsen.
• Rijndael, submitted by two academics from Belgium.

Two Guys From Belgium

Joan Daemen and Vincent Rijmen were researchers at KU Leuven. They didn't have IBM's budget. They had elegant math.

On October 2, 2000, NIST announced the results. Rijndael received 86 votes. Serpent got 59. MARS came last. The Belgians had won.

When the FBI Failed

In 2008, Brazilian police raided banker Daniel Dantas. They seized five hard drives encrypted with AES-256. The FBI tried for 12 months to crack them. They failed.

In 2016, the FBI paid over $1.3 million to hack an iPhone 5C because they couldn't break the encryption itself. They had to find a loophole in the software around it.

Nobody goes through AES-256. They go around it.

What Snowden Said

In 2013, Edward Snowden leaked thousands of NSA documents. He revealed PRISM, XKeyscore, and Bullrun. But about AES itself? Nothing.

"Encryption works. Properly implemented strong crypto systems are one of the few things you can rely on."
— Edward Snowden