An observation on the Key Schedule of Twofish
نویسندگان
چکیده
The byte block cipher Two sh was proposed as a candidate for the Advanced En cryption Standard AES This paper notes the following two properties of the Two sh key schedule Firstly there is a non uniform distribution of byte whitening subkeys Sec ondly in a reduced xed Feistel round function Two sh with an byte key there is a non uniform distribution of any byte round subkey An example of two distinct byte keys giving the same round subkey is given Brief Description of Two sh Two sh is a block cipher on byte blocks under the action of a or byte key For simplicity we consider the version with a byte key Two sh has a Feistel type design Suppose we have a byte plaintext P PL PR and a byte key K KL KR Let F GF be the nite eld de ned by the primitive polynomial x x x x Two sh uses an invertible round function
منابع مشابه
Key Separation in Twofish
In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key schedule, and compare it with other block ciphers. While every block cipher has this property in some abstract sense, the specific structure of Twofish makes it an interesting property to consider. We explain why we don’t believe this property leads to any interesting attacks on Twof...
متن کاملFurther Observations on the Key Schedule of Twofish
Twofish is a 128-bit block cipher submitted as an AES candidate [SKW+98]. Mirza and Murphy [MM99] recently noted two interesting properties in the Twofish key schedule for 128-bit keys: there is a non-uniform distribution of 128-bit whitening keys, and the 64-bit round subkeys are non-uniformly distributed over each subset of keys that fixes the S-boxes. This paper extends these results and exp...
متن کاملTwofish: A 128-Bit Block Cipher
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish e...
متن کاملA Simple Power Analysis Attack on the Twofish Key Schedule
This paper introduces an SPA power attack on the 8-bit implementation of the Twofish block cipher. The attack is able to unequivocally recover the secret key even under substantial amounts of error. An initial algorithm is described using exhaustive search on error free data. An error resistant algorithm is later described. It employs several threshold preprocessing stages followed by a combine...
متن کاملAlgebraic Side-Channel Attack on Twofish
While algebraic side-channel attack (ASCA) has been successful in breaking simple cryptographic algorithms, it has never been done on larger or more complex algorithms such as Twofish. Compared to other algorithms that ASCA has been used on, Twofish is more difficult to attack due to the key-dependent S-boxes as well as the complex key scheduling. In this paper, we propose the first algebraic s...
متن کامل