Rules “get in the way most of the time,” says cryptographer Vincent Rijmen. Last year the U.S.government chose the Belgian citizen’s encryption algorithm, Rijndael (pronounced rain-doll),as its new Advanced Encryption Standard. Rijndael replaced the aging, no longer unbreakable Data Encryption Standard, used since 1977 by U.S. government agencies and companies to safeguard everything from e-mail to phone calls. It beat submissions from many large competitors, including IBM, and will be widely used. Rijmen created Rijndael with Joan Daemen,36,a fellow postdoc at Katholieke Universiteit Leuven in Belgium. The duo pulled off the upset in part by throwing away what Rijmen calls a cryptography “rule”: to be secure, an encryption algorithm has to be exceedingly complex. Advanced computers would need trillions of years to decrypt information encrypted using Rijndael—yet the algorithm can run on devices like smart cards. Already, manufacturers plan to include Rijndael in cell phones, credit cards and Web browsers. “People will be using it without ever knowing,” says Rijmen, who recently became chief cryptographer at Cryptomathic, an Aarhus, Denmark, security firm.