Twofish: A 128-Bit Block Cipher
نویسندگان
چکیده
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8-bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 chosen plaintexts and 2 effort.
منابع مشابه
Further Observations on the Key Schedule of Twofish
Twofish is a 128-bit block cipher submitted as an AES candidate [SKW+98]. Mirza and Murphy [MM99] recently noted two interesting properties in the Twofish key schedule for 128-bit keys: there is a non-uniform distribution of 128-bit whitening keys, and the 64-bit round subkeys are non-uniformly distributed over each subset of keys that fixes the S-boxes. This paper extends these results and exp...
متن کاملTrawling Twofish (revisited) NES/DOC/UIB/WP3/004/a
Twofish is a 128-bit block cipher submitted as a candidate for the Advanced Encryption Standard (AES). It has a structure related to the Feistel structure and runs in 16 rounds. In this paper we consider mainly differentials of Twofish and show that there are differentials for Twofish for up to 16 rounds, predicting at least 32 bits of nontrivial information in every round. In addition, it hold...
متن کاملPerformance Analysis of RC6, Twofish and Rijndael Block Cipher Algorithms
In this paper, Performance analysis of RC6, Twofish and Rijndael block cipher algorithms have been done on the basis of execution time and resource utilization. CPU utilization and memory utilization both are considered for determining resource utilization. These algorithms are parameterized algorithm and were designed to meet the requirements of the Advanced Encryption Standard (AES) competiti...
متن کاملCamellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis
We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of security. It is confirmed that Camellia provides strong securi...
متن کاملCamellia: A 128-Bit Block Cipher Suitable for Multiple Platforms
We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of security. It is confirmed that Camellia provides strong securi...
متن کامل