The United States Federal Government is now deemed an international leader in cryptographic development. The reasons why are complicated and hard to discern. In this article I make my attempt to explain why that's the case.
The United States hosts open competitions to determine which cryptographic primitives are declared standard. One of the best documented cases of this is the standardization of Data Encryption Standard and Advanced Encryption Standard.
Let me start with the history of the National Security Agency. The National Security Agency (NSA) verifies that all cryptographic implementations that protect national secrets are effective. Every organization that programs ciphers such as Advanced Encryption Standard that is mean to be used by people that work with the federal government in some way must reach out to the NSA and allow the NSA to test if their implementation is sufficiently resistant to attack and fast enough to satisfy demands.
The NSA was formed by US President Harry S Truman. To better understand why the NSA matters for standardizing cryptography--let me expand on that--to better understand why anything matters--you should research its history.
The NSA plays a role in overseeing the development of cryptography for purposes supervised by the federal government. Financial, government, healthcare, and all tech organizations that work with such organizations comply with federal laws regulating how cryptography is developed.
Why do people care so much about what the federal government thinks on how you should protect your secrets?
People care because the fiercest tests on whether these cryptosystems work is in the military battlefield. Throughout history, federal governments and their militaries had the most impact in the development, standardization, and adoption of cryptography. The story of cryptography documented in history goes back to Roman Times starting with the Caesarian cipher. This trend throughout history has remained true for thousands of years--and the US's success applying cryptography in World War II pivoted the US as the most powerful military, the most powerful federal government, and the most influential economy in the world.
All these factors played a role in landing the US as the international authority on cryptographic development. Two main reasons why people trust US cryptographic standards is because people believe that the United States is currently the most powerful military. This has to do with the history of militaries using cryptography throughout history. People that are serious about protecting their secrets are generally aware that the fiercest of attacks against one's cryptosystem take place in warfare--especially to crack military intelligence. Military intelligence is the practice of collecting and applying information to help military leaders make strategic decisions in a conflict with another nation.
Throughout history entire nations have risked victory in a battle because they failed to keep their military battle plans a secret. On September 13, 1862, soldiers of the Union army discovered Robert E Lee's battle plans--wrapped in a cigar. Think about how hillarious that is. The battle plans for the military general of the Confederate Army were found wrapped in a cigar. This is why encryption exists. In case a foreign adversary steals the plans they will not be able to read or understand what you are saying.
I will give you a second major case of military intelligence being breached. During the height of World War II the Allied Forces were trying to crack Germany's military intelligence. By World War II nations were wise enough to encrypt all messages sent through telecommunication and not send nor store them in plaintext as Union troops found wrapped in that cigar I talked about. However, the Germans made a major mistake--they focused more on keeping the design and implementation of their encryption a secret--less so keeping the secret difficult to crack. I encourage you to pause this video and watch the film "The Imitation Game"--a great movie depicting how Alan Turing made a machine to crack Germany's most fiendish war code--Enigma.
Historians argue that the successful cracking of Enigma shortened the duration of World War II and possibly saved millions of lives.
I hope these two real life cases make clear why the US military and federal government invest heavily in protecting military intelligence. Nations throughout history compete for brains, for natural resources, for land, and it is crucial that someone unfriendly does not hear their plans to guarantee their spot or it will be taken away from them. This important fact-of-life is why the United States invests so heavily in cryptography.
I began this video explaining the importance of protecting secrets in military operations. Of course--you should now understand why--the biggest motivation to advance cryptography is to protect national secrets. Always was. Still is. That is yet to change.
This is why the National Security Agency was formed. Its history goes as far back as World War I. Its official formation was in 1952 when US President Harry S Truman approved of its formation. The NSA's original task was to crack codes much like Alan Turing did to break Enigma. The US is aware that being able to decipher encrypted communication of foreign nations will give them an advantage against said nation in case there is a conflict. The NSA is infamous for even gathering information on its own citizens.
In this video I will focus on how the NSA attempts to standardize cryptography to protect national and business secrets. I will start with how the NSA played a role in the standardization of Data Encryption Standard in 1975--the first cipher designed to protect national secrets transmitted using digital computers. The NSA slightly modified the design of DES to be weaker than the original design made at IBM. The NSA did this so they could crack the cipher in case a foreign adversary was using it.
For those of you that are security engineers you may have dealt with cryptographic software at your job.
What I am talking about is actually designing computer hardware that directly executes Data Encryption Standard. What do I mean by that? Consider your Computer Processing Unit. This is main microprocessor in your computer that executes programs. CPUs contain an organized set of circuits known as logic gates. Logic gates help make computers make decisions.
Logic gates can be extended to perform advanced computation. You can even express entire programs using logic gates. Designers of CPUs even implement entire cryptographic algorithms as logic gates in the CPU. These are called hardware implementations of cryptosystems. The scientific field of designing and implementing hardware implementations of cryptosystems is hardware cryptography. Throughout history militaries have made use of hardware to crack ciphers.
But it was not until the invention of the Integrated Circuit that hardware cryptography was a commercial possibility. Integrated Circuits, which was based on semiconductor technology, allowed computers to fit in small spaces, were faster, and were cheaper to mass-produce. Prior to the invention of integrated circuits computers were the size of rooms. If you watch "The Imitation Game" as I asked you to you will notice that machine Turing used took up the whole room.
Today we are now using commercial CPUs in our machines that contain hardware implementations of federal-government cryptosystems--such as Intel AES-NI, Raspberry Pi 5 and future models will support ARM cryptographic extensions, etc. There are also companies selling dedicated commercial hardware such as Hardware Security Modules. Some of the major companies include Yubikey, Nitrokey, Thales, etc.
What I want you to remember is that all of this hardware cryptography tech began with the US federal government mandate on what cryptosystems people that work with the government must use. If you want to work with anyone that is from the US federal government or who works for the US Federal Government you must in protecting secrets using cryptography you must use the cryptosystems the US Federal Government mandates.
This is the business reason why commercial hardware cryptography such as Intel AES-NI was invented. Intel, like other businesses, intend to profit from selling hardware (e.g. CPUs) that help organizations comply with US Federal guidelines to protect secrets. The official standard is known as FIPS 140-3. Since government agencies, financial companies, and healthcare industries are required to comply with FIPS compliance it makes business sense both for Intel and these organizations that must comply with FIPS standards to invest in hardware cryptography to protect secrets. That's the major reason why the entire world follows US Federal Government cryptographic standards. They are secure enough to survive the battlefield--yet even moreso it makes business sense to follow US Federal Government cryptographic guidelines. If you want to conduct commerce with the US--an economic powerhouse--you want to help them protect their secrets using the cryptography their federal government recommends.
So going back to the NSA's standardization of Data Encryption Standard--this was a major event. This allowed the US Federal Government to have a big say in how cryptography is used in the industry around the world. And one of the reasons why the NSA chose DES is that it its performance could be sped up using hardware.
This is a common pattern in how the US selects new cryptosystems. They want cryptosystems that can be sped up using hardware.
DES, however, was fraught with security problems.
Professional cryptographers criticized DES for its weaknesses. The max key size in DES is only a 56-bit key size. Even back then it would be realistic for a computer to crack that. And just to prove it the Electronic Frontier Foundation and distributed.net worked together in 1999 to crack DES in only 22 hours. 22 hours. That is not a big ask for a determined military working against you to pull off. To break DES Deep Crack tried every possible key until it stumbled on the correct key that cracked the secret.
Paul Kocher was tasked with the design of the machine--named Deep Crack. Paul Kocher is a name you must remember. Not only did he design the Deep Crack machine to crack DES. He also published the first papers on conducting side-channel attacks against encryption to steal the secret. He also was the architect for Transport Layer Security (also known as Secure Sockets Layer 3.0).
Let's go back to Deep Crack. In 1976, Whitfield Diffie and Martin Hellman, the co-inventors of public-key cryptography, predicted that it would only take $20 million 1976 dollars to crack DES since it only had a 56-bit key. Now let's talk about why 56-bit keys are too weak. A 56-bit key means there are only 2^56 possible keys to choose from. What's important about the $20 million remark is that the NSA back in 1976 had the financial capital to develop a machine designed to crack DES. Well, Diffie-Whitfield and Martin Hellman both were on the right track because by 1998 Deep Crack was made for a mere $250,000 USD in 1998 dollars. In today's money that's ~$480,000+ dollars in 2025. That's why the EFF and distributed.net were able to afford making this--that's not hard even for a nonprofit that gets funding from others.
The EFF had to deal with a legal issue in educating the public about Deep Crack. In the 1990s the US Federal Government banned the export of all cryptographic designs and implementations. Even now in 2025 the US restricts the export of cryptographic software and hardware to other countries. The US Federal Government believes their sole knowledge of how this technology gives them an advantage over other nations during an international conflict.
To circumvent this the EFF published the source code as a printed book--not in any digital form. There were no laws banning this at that time.
Unsurprisingly by 1999, the US Federal Government started recommending Triple DES--which supports up to 112 bits of security instead. So far in 2025 no one has managed to brute force even a 128-bit key yet. However, a major vulnerability in the design of both DES and 3DES was discovered in 2016. These two reasons led the US Federal Government to host an open competition to select a brand new cipher for the Advanced Encryption Standard.
I want to take time here to explain major lessons the US Federal Government standardizing AES. They are life lessons on how to influence people to trust managing secrets with them. In the beginning the US was determined to use a cryptosystem whose design was closed to the public: SKIPJACK. US government agencies argued offering encryption that was unbreakable could prevent law enforcement or federal governments from dealing with criminals or foreign adversaries, respectively. However, if government agents wanted to see the data they were required to earn permission from US courts first.
The academic community did not trust it. Experienced cryptographers were not impressed with the switch from DES--whose design was available for scrutiny by the public--to a new cipher whose design was not known to the public. The US tried to convince cryptographers that the design was well-built by allowing five chosen cryptanalytic experts publish a report explaining that SKIPJACK could not be broken through cryptanalysis. Cryptographers were not moved. People outside the US did not trust SKIPJACK since the US could abuse the key escrow system to leak their secrets. US companies wanted to make commercial products featuring cryptography that they could sell throughout the world. And it would not do the US any favors if its commercial use could be enjoyed only in the US. And to make matters worse AT&T Bell Labs published a report explaining a security vulnerability in the key escrow system. The report was published by Matt Blaze. By 2001 the US federal government abandoned the key escrow system due to lack of public support. Let this be a lesson. If you are serious about designing a new cryptosystem--fellow cryptographers expect you to release your design to the public for scrutiny.
The US tried to earn public trust back in 1998 by releasing the design of SKIPJACK to the public. Even this effort failed since SKIPJACK only allowed 80 bits of security. By 2015 it was feasible for an organization to build a computer strong enough to crack keys that have 80 bits of security. And that is why the NIST discouraged its use.
The US Federal Government already realized they would not earn the public's trust in using SKIPJACK and it was time to develop a brand new one for Advanced Encryption Standard. Unlike SKIPJACK the US made up their mind to host an open and international competition where anyone was allowed to submit their cipher as the next US Federal standard for encryption.
The AES Competition involved the attention of cryptographers from academia, including notable cryptographers around the world such as Bruce Schneier and Ronald Rivest, US government officials, and industry professional that use cryptography. It took five years of cooperation amongst the US Federal Government, cryptographers from academia, and industry professionel, from 1994 - 2001, to standardize AES as we know it today.
By 2001, the National Institute of Standards and Technology chose Rijndael, proposed by Joan Daemen and Vincent Rijmen, as the official cipher for AES. Rijndael did not have the strongest security against attack. Twofish and Serpent had stronger security. Yet Rijndael had good enough security--offering 256 bits of security--and was fast in hardware, software, firmware, and smart card implementations. In other words Rijndael was a speedy cipher that could be run anywhere. That's why the US chose it. This what the US looks for in cryptosystems--they are secure enough against known attacks--are expected to be secure against future, expected attacks (e.g. Quantum attacks), and the cryptosystem can run quickly in any environment.
The wild success of AES is obvious. We use it to encrypt all communications ranging from our commercial website traffic to encrypting entire storage drives.
What's important to remember is that the US succeeded in convincing the world to use AES by allowing any professionel in the world--regardless of their nationality--to contribute to the development of AES as long as they had the relevant experience to contribute. This ensured the rest of the globe was willing to trust and work with the United States in managing secrets using the AES cipher the US recommended. And this worked much better than the US trying to convince the world to use a cryptosystem whose design only the US knew.
The NIST admits the open nature of the development of AES made it more resilient to attack and capable of performing well enough to satisfy business demands even in the most obscure of environments.
The US continues to host open, international competitions to choose their next cryptosystems. This was done for AES, SHA-3, the Post-Quantum Safe Cryptosystems standardized in 2022, and the recent Ascon family of ciphers to encrypt data in embedded devices that have very small system resources.
Kommentare