An Irish school girl has stunned the world of ecommerce and electronic banking by creating a new and faster way to protect computer data. The timing couldn't be more appropriate given the rapid growth of banking, business and virtual shopping now proliferating over the Internet.

Sarah Flannery, 16, devised a faster way to decode information moving between computers. Her own tests indicated that her new method was about 22 times faster than the existing international standard, RSA, but without giving anything away in terms of its security.

"It's quite remarkable," says Brendan Supple, manager of the information and communications products division at Siemens. "What she has done is come up with an algorithm she believes is as secure as RSA but much faster.

"The existing RSA algorithm, even when running on the fastest computer, takes about 80 seconds. By using her algorithm, which is at least 22 times faster, you get that down to a few seconds," he says.

The judges were not the only ones to be impressed. Sarah and her family have been on the phone in their Blarney home constantly since her win was announced. She has already had offers from companies seeking rights to her work, computer firms have offered access to their research departments and universities have been on the line asking her to come to them after she graduates next year from Scoil Mhuire Gan Smal.

Sarah has done nothing less than challenge the world's leading encryption system. RSA is the current international standard for data encryption. It was developed by three students, Rivest, Shamir and Adleman whose initials gave it its name. It was released in 1977 and is used in more than 100,000 computer sites worldwide.

The original method used to encrypt data, "classical cryptography," has been in use since Roman times and is based on the sender and the receiver of the information both holding the keys which code and then decode the data. This system works well provided that the keys don't fall into the wrong hands.

Classical cryptography was found to be unsuitable for the modern information age, however, where there might be 10,000 individuals on a wide area computer network who all need to hold the coding and decoding keys. If only one person lost or gave away the key then the security of the entire network would be compromised.

RSA was the first of the "public key" encryption systems which are based on giving anyone who wants it the method for putting information into a coded form. This public key is useless for those trying to decode the information however without the use of the "private key" which unscrambles the data.

While classical encryption systems can be simple or complex as the situation demands, public key systems are inherently complex and are based on using mathematical formulas to code and decode information. RSA and Sarah's code, Cayley-Purser, are based on using the product of two large prime numbers to produce a code based on a 200-digit number. Only the private key holder knows the two prime numbers and, so, is the only one able to decode the information. The public keyholders, however, can use the 200-digit number to encode their data without having to know the private key.

The security of this coding method is based on the tremendous difficulty in factoring large numbers. Because any two of thousands of prime numbers could be used to produce the public key, anyone trying to break the code would have a massive factoring job on their hands to try to break it down.

When the RSA private key decodes the information it uses "exponentiation" to break it down, but this is a slow process even for a computer. Sarah's algorithm is designed to exploit "matrix multiplication" which is much faster and is akin to ordinary multiplication.

As part of her project, Sarah ran RSA and her Cayley-Purser algorithms side by side to test for speed and security. A security flaw might yet emerge - RSA has had 22 years to demonstrate the quality of its security - but Sarah found none.

However, she did note that her algorithm completed its task much more quickly and, ironically, as the number selected for the public key got bigger, the faster it ran. In terms of security, the bigger the number, the greater the security. The algorithm is named after Arthur Cayley, the mathematician who invented mathematical matrices in the last century, and Dr Michael Purser, Trinity lecturer and founder of Baltimore Technologies. Sarah did work experience with Purser last year during her Transition Year and he suggested various ideas which Sarah used to develop her algorithm.

"If someone can explain a complex thing to me simply, they really understand it," says Supple. "Sarah's command of mathematics is so awe-inspiring at that age and she is completely in control of the vocabulary of mathematics. This is not the last we have heard of her."

UCD's Dr Tony Scott, a Young Scientist judge for 30 years, also praised Sarah's work. "It's up with the best I've ever seen with the mathematical projects," he said.

"Not only was it a superb project but, as a competitor, she was superb with the judges. She was totally rounded in her subject. There was not a corner of her project that she didn't understand."