Jump to content

Twofish: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
VolkovBot (talk | contribs)
m robot Adding: tg:Twofish
wikilink
Line 24: Line 24:
}}</ref>
}}</ref>
}}
}}
In [[cryptography]], '''Twofish''' is a [[symmetric key algorithm|symmetric key]] [[block cipher]] with a [[block size (cryptography)|block size]] of 128 [[bit]]s and [[key size]]s up to 256 bits. It was one of the five finalists of the [[Advanced Encryption Standard process|Advanced Encryption Standard contest]], but was not selected for standardisation. Twofish is related to the earlier block cipher [[Blowfish (cipher)|Blowfish]].
In [[cryptography]], '''Twofish''' is a [[Symmetric-key algorithm|symmetric key]] [[block cipher]] with a [[block size (cryptography)|block size]] of 128 [[bit]]s and [[key size]]s up to 256 bits. It was one of the five finalists of the [[Advanced Encryption Standard process|Advanced Encryption Standard contest]], but was not selected for standardisation. Twofish is related to the earlier block cipher [[Blowfish (cipher)|Blowfish]].


Twofish's distinctive features are the use of pre-computed key-dependent [[substitution box|S-box]]es, and a relatively complex [[key schedule]]. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish borrows some elements from other designs; for example, the [[pseudo-Hadamard transform]] (PHT) from the [[SAFER]] family of ciphers. Twofish uses the same [[Feistel network|Feistel structure]] as [[Data Encryption Standard|DES]].
Twofish's distinctive features are the use of pre-computed key-dependent [[substitution box|S-box]]es, and a relatively complex [[key schedule]]. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish borrows some elements from other designs; for example, the [[pseudo-Hadamard transform]] (PHT) from the [[SAFER]] family of ciphers. Twofish uses the same [[Feistel network|Feistel structure]] as [[Data Encryption Standard|DES]].

Revision as of 21:52, 17 November 2007

Twofish
The Twofish algorithm
General
DesignersBruce Schneier
First published1998
Derived fromBlowfish, SAFER, Square
CertificationAES finalist
Cipher detail
Key sizes128, 192 or 256 bits
Block sizes128 bits
StructureFeistel network
Rounds16
Best public cryptanalysis
Truncated differential cryptanalysis requiring roughly 251 chosen plaintexts.[1]

In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation. Twofish is related to the earlier block cipher Blowfish.

Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. One half of an n-bit key is used as the actual encryption key and the other half of the n-bit key is used to modify the encryption algorithm (key-dependent S-boxes). Twofish borrows some elements from other designs; for example, the pseudo-Hadamard transform (PHT) from the SAFER family of ciphers. Twofish uses the same Feistel structure as DES.

On most software platforms Twofish is slightly slower than Rijndael (the chosen algorithm for Advanced Encryption Standard) for 128-bit keys, but somewhat faster for 256-bit keys.[2]

Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson; the "extended Twofish team" who met to perform further cryptanalysis of Twofish and other AES contest entrants included Stefan Lucks, Tadayoshi Kohno, and Mike Stay.

The Twofish cipher has not been patented and the reference implementation is placed in the public domain, free to use for anyone. The algorithm is available by choice in many different encryption packages, though has seen less widespread usage than Blowfish, which has been available for a longer period of time.

Cryptanalysis

As of 2007, the best published cryptanalysis on the Twofish block cipher is a truncated differential cryptanalysis of the full 16-round version. The paper claims that the probability of truncated differentials is 2-57.3 per block and that it will take roughly 251 chosen plaintexts (32 PiB worth of data) to find a good pair of truncated differentials.[1]

Bruce Schneier responds in a 2005 blog entry that this paper does not present a full cryptanalytic attack, but only some hypothesized differential characteristics. That is, from a practical perspective, Twofish isn't even remotely broken and there have been no extensions to these results since they were published in 2000.[3]

References

  1. ^ a b Shiho Moriai, Yiqun Lisa Yin (2000). "Cryptanalysis of Twofish (II)" (PDF). Retrieved 2006-08-13. {{cite journal}}: Cite journal requires |journal= (help)
  2. ^ Bruce Schneier, Doug Whiting (2000-04-07). "A Performance Comparison of the Five AES Finalists" (PDF/PostScript). Retrieved 2006-08-13. {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ Schneier, Bruce (2005-11-23). "Twofish Cryptanalysis Rumors". Schneier on Security blog. Retrieved 2006-11-28.


See also