The Frontiers of Knowledge Award Goes to the Creators of the Algorithm that Protects Millions of Connected Devices Worldwide

In 1997, the two Belgian researchers created an algorithm they called Rijndael, a portmanteau of their names, which not long after would become the international standard used to safeguard the security and privacy of websites, laptops, mobile phones, Wi-Fi connections, bank cards, and cloud data storage, among numerous other applications. So much so, says the committee, that over the last quarter century, the cryptographic system they devised “has become an intrinsic part of everyday life” in twenty-first-century global society.

Thanks to this algorithm, based on “profound research on the mathematical and algorithmic foundations of cryptography,” as the committee describes it, “our money stays in our bank accounts, our medical records remain private, and our messages only reach the people we intend.”

The committee also highlighted Daemen and Rijmen’s “critical” decision “to leave their algorithm freely open-source, which enabled not only global standardization but also transparency in the cryptographic community – it is taught in every computer security course worldwide and can be examined for vulnerabilities.”

For all these reasons, the committee concludes, the contribution of Daemen and Rijmen “stands as a prime example of how fundamental theory can lead to a world-changing technology and to practical applications affecting billions of people.”

When Daemen and Rijmen began their research careers in the 1990s, the systems used to encrypt confidential information were already showing significant weaknesses. After 20 years, the DES algorithm recommended by the National Institute of Standards and Technology (NIST) – the body that regulates cybersecurity in the U.S. – was becoming too insecure to do its work.

In response, the NIST launched a competition to develop a new, faster and more secure algorithm that would become the new standard, a challenge that favored the two researchers, since their doctoral work focused precisely on the mathematical foundations of cryptography. Rijndael emerged from this work and, after years of scrutiny by the scientific community, went on to win the competition, becoming in 2001 the U.S. standard for data encryption – the Advanced Encryption Standard or AES – and four years later the international standard.

How to protect ourselves against new attacks in the era of quantum computing

The Rijndael algorithm has also proven secure against attacks from a sufficiently powerful quantum computer. However, the awardees believe that to protect against a computer of this kind, a different type of cryptography would need to change: public-key cryptography, which is used, for example, to digitally sign documents.

The awardees are currently focused on perfecting the security of the devices that run their algorithm. “The AES is defined on a mathematical level and can be shown to be unbreakable,” says Rijmen. “But mathematical operations are performed on computers or chips that use a bit of power and heat up a little each time the algorithm executes. All these signals (the power used, the heat emitted) betray a bit of what is happening inside the chip in question, and if you can measure all these things, you gain an insight into the mathematical function which makes it a bit easier to break.”

To protect devices against this type of attack, the laureate is studying how to ensure that computation time, power consumption, heat emission and any other factor that might offer unwanted clues remain the same each time – or, at least, that small variations do not allow an attacker to derive the secret encryption key.

Daemen, meanwhile, is focusing on reducing the energy consumption of encryption algorithms, a key factor in ensuring their operation in ever smaller devices. “With the data explosion we have nowadays, if you want to encrypt terabytes of data per second, you need to minimize the amount of heat produced. But at the other end of the scale, you also want low energy consumption in battery-powered devices, so the charge lasts a long time,” he explains. “The typical example,” he continues, “is a pacemaker that communicates with the outside world, but also needs cryptographic protection so no one can hack it remotely.”