Further Observations on the Key Schedule of Twofish
نویسندگان
چکیده
Twofish is a 128-bit block cipher submitted as an AES candidate [SKW+98]. Mirza and Murphy [MM99] recently noted two interesting properties in the Twofish key schedule for 128-bit keys: there is a non-uniform distribution of 128-bit whitening keys, and the 64-bit round subkeys are non-uniformly distributed over each subset of keys that fixes the S-boxes. This paper extends these results and explains why they do not affect the security of Twofish. First, it is shown that pairs of 64-bit subkeys in Twofish, including the whitening keys, actually have less than 117 bits of entropy, considerably less than predicted by [MM99], but that this fact is not at odds with the goal of the whitening keys. Second, it is shown that other block ciphers, notably DES and Triple DES, achieve far less uniform subkey distributions than Twofish over simiarly constructed subsets of keys, but this fact has never led to a known attack on these
منابع مشابه
Key Separation in Twofish
In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key schedule, and compare it with other block ciphers. While every block cipher has this property in some abstract sense, the specific structure of Twofish makes it an interesting property to consider. We explain why we don’t believe this property leads to any interesting attacks on Twof...
متن کاملA Simple Power Analysis Attack on the Twofish Key Schedule
This paper introduces an SPA power attack on the 8-bit implementation of the Twofish block cipher. The attack is able to unequivocally recover the secret key even under substantial amounts of error. An initial algorithm is described using exhaustive search on error free data. An error resistant algorithm is later described. It employs several threshold preprocessing stages followed by a combine...
متن کاملTwofish: A 128-Bit Block Cipher
Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. The cipher is a 16-round Feistel network with a bijective F function made up of four key-dependent 8-by-8-bit S-boxes, a fixed 4-by-4 maximum distance separable matrix over GF(2), a pseudo-Hadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish e...
متن کاملAlgebraic Side-Channel Attack on Twofish
While algebraic side-channel attack (ASCA) has been successful in breaking simple cryptographic algorithms, it has never been done on larger or more complex algorithms such as Twofish. Compared to other algorithms that ASCA has been used on, Twofish is more difficult to attack due to the key-dependent S-boxes as well as the complex key scheduling. In this paper, we propose the first algebraic s...
متن کاملVariations to the Cryptographics Algorithms AES and Twofish
The Cryptographics Algorithms AES and Twofish guarantee a high diffusion with the use of fixed MDS matrices of size 4 × 4. In this article variations to the Cryptographics Algorithms AES and Twofish are made. They allow that the process of cipher decipher come true with MDS matrices selected randomly from an algorithm that obtaining an MDS matrix of set of all the MDS matrices possible. A new S...
متن کامل