The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has released a study that estimates a $250 billion economic impact from the development of its Advanced Encryption Standard (AES) over the past 20 years.
AES is a cryptographic algorithm used to encrypt and decrypt electronic information. It was approved for use by the federal government in November 2001 and has since been widely adopted by private industry. Today, AES protects everything from classified data and bank transactions to online shopping and social media apps.
According to the new study, NIST’s investment in AES has been repaid many times over, with economy-wide benefits exceeding its costs. The study’s most conservative estimate shows a 29-to-1 benefit-to-cost ratio for the AES program. The estimated benefit-to-cost ratio for the whole economy is 1,976-to-1. The assessment covers the period from 1996-2017.
“This outstanding return on investment exemplifies the economic value of federal research and development, for the private sector and for the broader American economy,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “It also demonstrates how bringing together the private and public sectors effectively to address a challenge can result in positive impacts on U.S. commerce.”
The new report, prepared for NIST by RM Advisory Services, relied on a survey of government and private sector consumers of encryption systems and private integrators who develop and produce encryption hardware or software.
“AES has been tremendously successful at helping to establish trust in IT systems around the world,” said Charles Romine, director of NIST’s Information Technology Laboratory. “We are pleased with how it has stood the test of time in its ability to provide security in a wide range of commercial products and public and private systems.”
In 1997, NIST launched its effort to identify a new standard encryption algorithm for the federal government after recognizing that the Data Encryption Standard (DES), adopted 20 years earlier, “was growing vulnerable in the face of advances in cryptanalysis and the exponential growth in computing power.”
Following a three-year, open international competition, on October 2, 2000, NIST announced its proposal for the replacement standard: Rijndael (pronounced Rhine-doll), an algorithm that was submitted by two cryptographers from Belgium. The unclassified, publicly disclosed encryption algorithm is available royalty-free, worldwide and is used by the U.S. federal government in its Federal Information Processing Standard (FIPS) and voluntarily by private organizations worldwide.
The development process involved the collaboration of the worldwide cryptography community. The authors noted that, as a result of the global reach of the effort, “the AES program has continued to create economic value by transferring its know-how—in many forms (e.g., the development and promulgation of ‘Special Publications’ that specify, maintain, and revise cryptographic modes of operation)—into the network of communications and transactions.”