View and vote on the article here: Symmetric Block Ciphers: An Analytic Approach
Symmetric Block Ciphers: An Analytic Approach| Category | | | Summary | | This article will provide an analysis on current symmetric ciphers used in the wild by comparing and contrasting strengths, weaknesses, and differences. There are far too many ciphers, both symmetric and asymmetric to include in the scope of this article, |
| | Body | DES
The Data Encryption Standard (DES), originally of the name Lucifer, is perhaps the most widely used symmetric cipher of the past thirty years. Gaining it?s reputation from fulfilling The Nation Bureau of Standard?s (now NIST) call for a secure, efficient, and scalable cryptosystem to declare as the data encryption standard. Although once popular, DES has very limited implementations in today?s security world due to the waning source of security that this cipher provides.
DES is a symmetric block cipher; it encrypts data in 64 bit blocks. The key length used for this cipher is 56 bits, though typically expressed as a 64 bit number, using every 8?th bit only as a parity check. There are no limitations on the 56 bit number key, and in compliance with NIST?s requirements, all security rests within the key. At it?s basis, this cipher uses a substitution followed by a permutation on the plaintext, based on the key. This is known as a round. DES has 16 rounds, so it applies the same pair of techniques on the plaintext 16 times. It has been found that the number of rounds is exponentially proportional to the amount of time required to find the key using a brute-force attack.
Blowfish
Designed by the well-known Bruce Schneier to be: fast, compact, simple, and variably secure, Blowfish is considered a trustable cipher to date. Blowfish has a variable key length (32 to 448 bits) and is optimized for applications where the key does not often chance. This cipher also runs much faster than both DES and IDEA and has been added to the mainline Linux kernel, starting with version 2.5.47.
The algorithm consists of key expansion and data encryption. The first part of this algorithm converts a key of up to 448 bits into several subkey arrays totalling 4168 bytes. The second part of this algorithm is based on a simple function iterated 16 times. Each round consists of a key-dependant permutation, and a key- and data-dependant substitution. All operations are additions and XORs on 32 bit words.
Over the years there has been an array of cryptanalysis done on Blowfish and not a large amount of published results, as it is steadily gaining acceptance as a strong encryption algorithm. Serge Vaudenay studied weak keys in Blowfish and it was found that in 14 rounds or less there is a class of weak keys that can be detected, although not broken, and is completely ineffective against 16 round Blowfish. Vincent Rijmen completed his Ph.D. thesis with a second-order differential attack on 4-round Blowfish that cannot be extended to more rounds.
GOST
An acronym for Gosudarstvennyi Standard, or Government Standard ? GOST is the former Soviet Union?s counterpart to DES though it is still unclear which types of communications GOST would be used for. GOST, like DES in many ways is a 64-bit block algorithm but unlike DES it has a much larger, 256 bit, key. The GOST algorithm iterates a simple encryption algorithm for 32 rounds.
Major differences between GOST and DES:
- GOST has a straightforward way of generating it?s subkeys from the original keys, while the DES procedure for doing so is much more complicated.
- GOST employs a much larger key than DES (256 bit as opposed to 56) and if you count secret S-box permutations it brings GOST?s total key size to 610 bits.
- GOST has twice the number of that DES does (32 in total)
- GOST uses an 11-bit left circular shift while DES employs a ?P-box? ? an irregular permutation.
- Both algorithms have the same number of S-boxes while the size of each is smaller in GOST compared to those in DES.
The largest difference between the two ciphers seems to be GOST?s shift as opposed to DES?s permutation. While better suited for software implementation, and even with GOST?s larger key it still remains unclear as to whether or not the GOST algorithm is stronger than DES? though in respect to linear and differential analysis GOST most likely comes out on top.
IDEA
The brainchild of Xuejia Lai and James Massey, it appeared on the scene in 1990 originally of the name PES (Proposed Encryption Standard), and then IPES (Improved Proposed Encryption Standard) when the cipher was improved against Biham and Shamir?s demonstrated differential cryptanalysis. In 1992 the name was changed again from IPES to the current IDEA (International Data Encryption Algorithm). IDEA is included in the PGP package and in Bruce Schneier?s ?Applied Cryptography? it was stated that in his opinion it was the best and most secure block algorithm available at the time.
Like DES, IDEA operates on data blocks of 64 bits, but the key is 128 bit long. The given 64 bit data block is divided into four sub-blocks each 16 bits. IDEA goes over 8 rounds performing several XOR, addition modulo 216, and multiplication 216 + 1 operations on the sub-blocks and six 16-bit sub-keys. A final output transformation combines the four resulting sub-blocks with four sub-keys to form the cipher text block.
It was discovered at there are a class of weak keys by Joan Daemen in the sense that if they are used, an attacked can easily identify them in a chosen-plaintext attack though the chances of generating such a weak key is one in 79228162514264337593543950336 (2^96). Other significant cryptanalysis of the IDEA cipher include Biham?s claim that his related-key cryptanalytic attack does not work against IDEA. Also, Willi Meier pointed out that the three algebraic operations of IDEA, though incompatible, can sometimes be simplified in such a way that allows one to facilitate cryptanalysis though less efficient than a brute force for 3-round IDEA or higher. At 8 rounds, IDEA is safe.
Twofish
As the need for a replacement for the aged and dying DES, NIST held a competition to work toward developing an AES (Advanced Encryption Standard) to achieve this. A number of ciphers were developed and submitted for this very reason, including the Twofish cipher developed by Counterpane Labs.
The Twofish block cipher is Counterpane Labs' candidate for the new Advanced Encryption Standard. Twofish was designed to meet NIST?s design criteria for an AES (Advanced Encryption Standard), specifically: A 128-bit symmetric block cipher, variable keylength (including 128, 192, and 256 bits), no weak keys, and a flexible, efficient and simple design. Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson.
The cipher is a16-round Feistel network in the main algorithm, to ensure maximum security. Over 1000 hours has been spent on cryptanalyzing the Twofish algorithm by Counterpane Labs, and no attacks have been found that can break the full 16 round version of the algorithm. Against a 5 round version of Twofish attacks have been found however they are limited to just 5 rounds. In terms of speed Twofish has the edge on the other AES candidates. Twofish sacrifices smaller memory requirements for a greater encryption speed.
References:
Bruce Schneier. Applied Cryptography. The United States of America: Wiley & Sons: 1996.
DES Encryption. March 21, 2005 : http://www.tropsoft.com/strongenc/des.htm
Encryption Technology. March 21, 2005 : http://security.resist.ca/crypt.shtml
Blowfish. March 21, 2005 : http://www.schneier.com/blowfish.html
Strong Encryption Package, Twofish. March 21, 2005 : http://www.tropsoft.com/strongenc/twofish.htm
IDEA. March 21, 2005 http://jce.iaik.tugraz.at/products/01_jce/documentation/javadoc/iaik/security/cipher/IDEA.html
This article has been written as a contribution from CPPAD.
|
|
This article was imported from zZine. (original author: FiberOptix)
There are no replies to this post yet.
|