Advertisement

Recent Developments in the Design of Conventional Cryptographic Algorithms

  • Bart Preneel
  • Vincent Rijmen
  • Antoon Bosselaers
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1528)

Abstract

This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing non-linearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.

Keywords

Hash Function Block Cipher Stream Cipher Very Long Instruction Word Cryptographic Primitive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    C.M. Adams, “Simple and effective key scheduling for symmetric ciphers,” Proceedings of SAC’94, Workshop on Selected Areas in Cryptography, pp. 129–133.Google Scholar
  2. 2.
    C.M. Adams, “Constructing symmetric ciphers using the CAST design procedure,” Designs, Codes, and Cryptography, Vol. 12, No. 3, November 1997, pp. 71–104.CrossRefGoogle Scholar
  3. 3.
    C.M. Adams, S.E. Tavares, “The structured design of cryptographically good S-boxes,” Journal of Cryptology, Vol. 3, No. 1, 1990, pp. 27–42.zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    C.M. Adams, S.E. Tavares, “Designing S-boxes for ciphers resistant to differential cryptanalysis,” Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, W. Wolfowicz, Ed., Fondazione Ugo Bordoni, 1993, pp. 181–190.Google Scholar
  5. 5.
    R. Anderson, E. Biham, “Tiger: a fast new hash function,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 89–97.Google Scholar
  6. 6.
    R. Anderson, E. Biham, “Two practical and provably secure block ciphers: BEAR and LION,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 113–120.Google Scholar
  7. 7.
    K. Aoki, K. Ohta, “Differential-linear cryptanalysis of FEAL-8,” IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E79-A, No. 1, January 1996.Google Scholar
  8. 8.
    E. Biham, A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  9. 9.
    M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, M. Wiener, “Minimal key lengths for symmetric ciphers to provide adequate commercial security,” January 1996.Google Scholar
  10. 10.
    J. Borst, L. R. Knudsen, V. Rijmen, “Two attacks on reduced IDEA,” Advances in Cryptology, Proceedings Eurocrypt’97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 1–13.Google Scholar
  11. 11.
    A. Bosselaers, R. Govaerts, J. Vandewalle, “Fast hashing on the Pentium,” Advances in Cryptology, Proceedings Crypto’96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 298–312.Google Scholar
  12. 12.
    A. Bosselaers, H. Dobbertin, B. Preneel, “The RIPEMD-160 cryptographic hash function,” Dr. Dobb’s Journal, Vol. 22, No. 1, January 1997, pp. 24–28.Google Scholar
  13. 13.
    A. Bosselaers, R. Govaerts, J. Vandewalle, “SHA: a design for parallel architectures?,” Advances in Cryptology, Proceedings Eurocrypt’97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 348–362.Google Scholar
  14. 14.
    A. Bosselaers, “Even faster hashing on the Pentium,” Presented at the rump session of Eurocrypt’97, Konstanz, Germany, May 12–15, 1997, and updated on November 13, 1997. Available from ftp://www.esat.kuleuven.ac.be/pub/COSIC/bosselae/pentiumplus.ps.gz.
  15. 15.
    L. Brown, M. Kwan, J. Pieprzyk, J. Seberry, “ Improving resistance to differential cryptanalysis and the redesign of LOKI,” Advances in Cryptology, Proceedings Asiacrypt’91, LNCS 739, H. Imai, R.L. Rivest, and T. Matsumoto, Eds., Springer-Verlag, 1993, pp. 36–50.Google Scholar
  16. 16.
    C. Charnes, L. O’Connor, J. Pieprzyk, R. Safavi-Naini, and Y. Zheng, “Comments on Soviet encryption algorithm,” Advances in Cryptology, Proceedings Eurocrypt’94, LNCS 950, A. De Santis, Ed., Springer-Verlag, 1995, pp. 433–438.Google Scholar
  17. 17.
    D. Chaum, J.-H. Evertse, “Cryptanalysis of DES with a reduced number of rounds — sequences of linear factors in block ciphers,” Advances in Cryptology, Proceedings Crypto’85, LNCS 218, H.C. Williams, Ed., Springer-Verlag, 1985, pp. 192–211.CrossRefGoogle Scholar
  18. 18.
    C.S.K. Clapp, “Optimizing a fast stream cipher for VLIW, SIMD, and superscalar processors,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 273–287.CrossRefGoogle Scholar
  19. 19.
    D. Cohen, “On holy wars and a plea for peace,” IEEE Computer, Vol. 14, No. 10, October 1981, pp. 49–54.Google Scholar
  20. 20.
    D. Coppersmith, D.B. Johnson, S.M. Matyas, “A proposed mode for triple-DES encryption,” IBM Journal of Research & Development, Vol. 40, 1996, pp. 253–261.CrossRefGoogle Scholar
  21. 21.
    T. W. Cusick, M. C. Wood, “The REDOC-II cryptosystem,” Advances in Cryptology, Proceedings Crypto’90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 545–563.Google Scholar
  22. 22.
    J. Daemen, “Cipher and Hash Function Design. Strategies Based on Linear and Differential Cryptanalysis,” Doctoral Dissertation, Katholieke Universiteit Leuven, 1995.Google Scholar
  23. 23.
    J. Daemen, R. Govaerts, J. Vandewalle, “Resynchronization weaknesses in synchronous stream ciphers,” Advances in Cryptology, Proceedings Eurocrypt’93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 159–169.Google Scholar
  24. 24.
    J. Daemen, R. Govaerts, J. Vandewalle, “A new approach to block cipher design,” Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 18–32.Google Scholar
  25. 25.
    J. Daemen, L.R. Knudsen, V. Rijmen, “The block cipher Square,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 149–165.CrossRefGoogle Scholar
  26. 26.
    J. Daemen, L.R. Knudsen, V. Rijmen, “The block cipher Square algorithm,” Dr. Dobb’s Journal, Vol. 22, No. 10, October 1997, pp. 54–57.Google Scholar
  27. 27.
    H. Dobbertin, A. Bosselaers, B. Preneel, “RIPEMD-160, a strengthened version of RIPEMD,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 71–82.Google Scholar
  28. 28.
    H. Feistel, “Cryptography and computer privacy,” Scientific American, Vol. 228, No. 5, May 1973, pp. 15–23.Google Scholar
  29. 29.
    FIPS 46, “Data Encryption Standard,” Federal Information Processing Standard (FIPS), Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., January 1977.Google Scholar
  30. 30.
    FIPS 180-1, “Secure Hash Standard,” Federal Information Processing Standard (FIPS), Publication 180-1, National Institute of Standards and Technology, US Department of Commerce, Washington D.C., April 1995.Google Scholar
  31. 31.
    H. Gilbert, P. Chauvaud, “A chosen plaintext attack of the 16-round Khufu cryptosystem,” Advances in Cryptology, Proceedings Crypto’94, LNCS 839, Y. Desmedt, Ed., Springer-Verlag, 1994, pp. 359–368.Google Scholar
  32. 32.
    J. Golić, “Linear statistical weakness of alleged RC4 keystream generator,” Advances in Cryptology, Proceedings Eurocrypt’97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 226–238.Google Scholar
  33. 33.
    S. Halevi, H. Krawczyk, “MMH: Software message authentication in the Gbit/second rates,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 172–189.CrossRefGoogle Scholar
  34. 34.
    H. Handschuh, H. Gilbert, “χ2 Cryptanalysis of the SEAL encryption algorithm,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 1–12.CrossRefGoogle Scholar
  35. 35.
    ISO/IEC 10116, “Information technology-Security techniques-Modes of operation of an n-bit block cipher algorithm,” IS 10116, 1991.Google Scholar
  36. 36.
    T. Jakobsen, L. Knudsen, “The interpolation attack on block ciphers,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 28–40.CrossRefGoogle Scholar
  37. 37.
    B. S. Kaliski, “The MD2 Message-Digest algorithm,” Request for Comments (RFC) 1319, Internet Activities Board, Internet Privacy Task Force, April 1992.Google Scholar
  38. 38.
    J. Kelsey, B. Schneier, D. Wagner, “Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES,” Advances in Cryptology, Proceedings Crypto’96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 237–252.Google Scholar
  39. 39.
    J. Kilian, P. Rogaway, “How to protect DES against exhaustive key search,” Advances in Cryptology, Proceedings Crypto’96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 252–267.Google Scholar
  40. 40.
    L.R. Knudsen, “Block ciphers-analysis, design and applications,” PhD. Thesis, DAIMI PB 485, Aarhus University, 1994.Google Scholar
  41. 41.
    L.R. Knudsen, “Block ciphers-a survey,” This Volume, pp. 19–49.Google Scholar
  42. 42.
    L.R. Knudsen, “A key-schedule weakness in SAFER-K64,” Advances in Cryptology, Proceedings Crypto’95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 274–286.Google Scholar
  43. 43.
    L.R. Knudsen, T.A. Berson, “Truncated differentials of SAFER,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 15–26.Google Scholar
  44. 44.
    L.R. Knudsen, W. Meier, “Improved differential attack on RC5,” Advances in Cryptology, Proceedings Crypto’96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 216–228.Google Scholar
  45. 45.
    L.R. Knudsen, “On the security of Bear & Lion & ladder-DES,” Presented at the rump session of the Fast Software Encryption Workshop, Haifa, Israel, January 20–22, 1997.Google Scholar
  46. 46.
    X. Lai, J.L. Massey, S. Murphy, “Markov ciphers and differential cryptanalysis,” Advances in Cryptology, Proceedings Eurocrypt’91, LNCS 547, D. W. Davies, Ed., Springer-Verlag, 1991, pp. 17–38.Google Scholar
  47. 47.
    R. Lee, “Subword parallelism with MAX-2,” IEEE Micro, Vol. 16, No. 4, August 1996, pp. 51–59.CrossRefGoogle Scholar
  48. 48.
    H. Lipmaa, “IDEA: A cipher for multimedia architectures?,” Selected Areas in Cryptography, LNCS, Springer-Verlag, 199Google Scholar
  49. 49.
    M. Luby, C. Rackoff, “How to construct pseudorandom permutations from pseudorandom functions,” SIAM Journal on Computing, Vol 17, No. 2, April 1988, pp. 373–386.zbMATHCrossRefMathSciNetGoogle Scholar
  50. 50.
    J.L. Massey, “SAFER-K64: A byte oriented block-ciphering algorithm,” Fast Software Encryption, LNCS 890, R. Anderson, Ed., Springer-Verlag, 1994, pp. 1–17.Google Scholar
  51. 51.
    J.L. Massey, “SAFER K-64: One year later,” Fast Software Encryption, LNCS 1008, B. Preneel, Ed., Springer-Verlag, 1995, pp. 212–241.Google Scholar
  52. 52.
    M. Matsui, “Linear cryptanalysis method for DES cipher,” Advances in Cryptology, Proceedings Eurocrypt’93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 386–397.Google Scholar
  53. 53.
    M. Matsui, “New block encryption algorithm MISTY,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 54–68.CrossRefGoogle Scholar
  54. 54.
    A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.Google Scholar
  55. 55.
    R.C. Merkle, Secrecy, Authentication, and Public Key Systems, UMI Research Press, Ann Arbor, Michigan, 1979.Google Scholar
  56. 56.
    R. Merkle, “Fast software encryption functions,” Advances in Cryptology, Proceedings Crypto’90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 476–501.Google Scholar
  57. 57.
    R. Merkle, “A fast software one-way hash function,” Journal of Cryptology, Vol. 3, No. 1, 1990, pp. 43–58.zbMATHCrossRefMathSciNetGoogle Scholar
  58. 58.
    “MIPS extension for digital media with 3D,” MIPS Technologies, Inc., March 12, 1997.Google Scholar
  59. 59.
    S. Miyaguchi, “The FEAL cipher family,” Advances in Cryptology, Proceedings Crypto’90, LNCS 537, S. Vanstone, Ed., Springer-Verlag, 1991, pp. 627–638.Google Scholar
  60. 60.
    S. Moriai, K. Aoki, K. Ohta, “The best linear expression search of FEAL,” IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E79-A, No. 1, January 1996.Google Scholar
  61. 61.
    M. Naor, O. Reingold, “On the construction of pseudo-random permutations: Luby-Rackoff revisited,” Security in Communication Networks, Amalfi (I), September 16–17, 1996.Google Scholar
  62. 62.
    K. Nyberg, L.R. Knudsen, “Provable security against a differential attack,” Journal of Cryptology, Vol. 8, No. 1, 1995, pp. 27–38.zbMATHCrossRefMathSciNetGoogle Scholar
  63. 63.
    K. Nyberg, “Generalized Feistel networks,” Advances in Cryptology, Proceedings Asiacrypt’96, LNCS 1163, K. Kim and T. Matsumoto, Eds., Springer-Verlag, 1996, pp. 91–104.CrossRefGoogle Scholar
  64. 64.
    A. Peleg, U. Weiser, “MMX technology extension to the Intel architecture,” IEEE Micro, Vol. 16, No. 4, August 1996, pp. 42–50.CrossRefGoogle Scholar
  65. 65.
    B. Preneel, “Hash functions and MACs: state of the art,” This Volume, pp. 50–105.Google Scholar
  66. 66.
    V. Rijmen, “Cryptanalysis and design of iterated block ciphers,” Doctoral Dissertation, Katholieke Universiteit Leuven, 1997.Google Scholar
  67. 67.
    V. Rijmen, J. Daemen, B. Preneel, A. Bosselaers, E. De Win, “The cipher SHARK,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 99–111.Google Scholar
  68. 68.
    V. Rijmen, B. Preneel, “A family of trapdoor ciphers,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 139–148.CrossRefGoogle Scholar
  69. 69.
    V. Rijmen, B. Preneel, E. De Win, “On weaknesses of non-surjective round functions,” Designs, Codes, and Cryptography, Vol. 12, No. 3, November 1997, pp. 251–264.CrossRefGoogle Scholar
  70. 70.
    R.L. Rivest, “The MD4 message-digest algorithm,” Request for Comments (RFC) 1320, Internet Activities Board, Internet Privacy Task Force, April 1992.Google Scholar
  71. 71.
    R.L. Rivest, “The MD5 message-digest algorithm,” Request for Comments (RFC) 1321, Internet Activities Board, Internet Privacy Task Force, April 1992.Google Scholar
  72. 72.
    R.L. Rivest, “The RC5 encryption algorithm,” Fast Software Encryption, LNCS 1008, B. Preneel, Ed., Springer-Verlag, 1995, pp. 86–96.Google Scholar
  73. 73.
    R.L. Rivest, “All-or-nothing encryption and the package transform,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 210–218.CrossRefGoogle Scholar
  74. 74.
    Ph. Rogaway, D. Coppersmith, “A software-optimized encryption algorithm,” Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 56–63.Google Scholar
  75. 75.
    Ph. Rogaway, D. Coppersmith, “A software-optimized encryption algorithm,” Journal of Cryptology, to appear. Available from http://www.cs.ucdavis.edu/~rogaway/papers/seal.ps.
  76. 76.
    A. Roos, “A class of weak keys in the RC4 stream cipher,” preliminary draft, 1996.Google Scholar
  77. 77.
    P. Rubinfeld, B. Rose, M. McCallig, “Motion Video Instruction Extensions for Alpha,” Digital Equipment Corporation, October 18, 1996.Google Scholar
  78. 78.
    R.A. Rueppel, “Stream ciphers,” in “Contemporary Cryptology: The Science of Information Integrity,” G.J. Simmons, Ed., IEEE Press, 1991, pp. 65–134.Google Scholar
  79. 79.
    K. Sakurai, S. Furuya, “Improving linear cryptanalysis of LOKI91 by probabilistic counting method,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 114–133.CrossRefGoogle Scholar
  80. 80.
    B. Schneier, “Description of a new variable-length key, 64-bit block cipher (Blowfish),” Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 191–204.Google Scholar
  81. 81.
    B. Schneier, J. Kelsey, “Unbalanced Feistel networks and block cipher design,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 121–144.Google Scholar
  82. 82.
    B. Schneier, D. Whiting, “Fast software encryption: designing encryption algorithms for optimal software speed on the Intel Pentium processor,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 242–259.CrossRefGoogle Scholar
  83. 83.
    C.E. Shannon, “Communication theory of secrecy systems,” Bell System Technical Journal, Vol. 28, No. 4, 1949, pp. 656–715.MathSciNetzbMATHGoogle Scholar
  84. 84.
    A. Shimizu, S. Miyaguchi, “Fast data encipherment algorithm FEAL,” Advances in Cryptology, Proceedings Eurocrypt’87, LNCS 304, D. Chaum and W.L. Price, Eds., Springer-Verlag, 1988, pp. 267–278.Google Scholar
  85. 85.
    G.A. Slavenburg, S. Rathnam, H. Dijkstra, “The Trimedia TM-1 PCI VLIW media processor,” Hot Chips VIII Conference, Stanford University, Palo Alto, CA, 1996.Google Scholar
  86. 86.
    M. Tremblay, J.M. O’Connor, V. Narayanan, L. He, “VIS speeds new media processing,” IEEE Micro, Vol. 16, No. 4, August 1996, pp. 10–20.CrossRefGoogle Scholar
  87. 87.
    W. Tuchman, “Hellman presents no shortcut solutions to DES,” IEEE Spectrum, Vol. 16, No. 7, July 1979, pp. 40–41.Google Scholar
  88. 88.
    P.C. van Oorschot, M. Wiener, “A known-plaintext attack on two-key triple encryption,” Advances in Cryptology, Proceedings Eurocrypt’90, LNCS 473, I.B. Damgård, Ed., Springer-Verlag, 1991, pp. 318–325.Google Scholar
  89. 89.
    S. Vaudenay, “On the weak keys of Blowfish,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 27–32.Google Scholar
  90. 90.
    D.J. Wheeler, “A bulk data encryption algorithm,” Fast Software Encryption, LNCS 809, R. Anderson, Ed., Springer-Verlag, 1994, pp. 127–134.Google Scholar
  91. 91.
    D. Whiting, personal communication, May 1997.Google Scholar
  92. 92.
    M.J. Wiener, “Efficient DES key search,” Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the rump session of Crypto’93 and reprinted in W. Stallings, Practical Cryptography for Data Internetworks, IEEE Computer Society Press, 1996, pp. 31–79.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Bart Preneel
    • 1
  • Vincent Rijmen
    • 1
  • Antoon Bosselaers
    • 1
  1. 1.Dept. Electrical Engineering-ESATKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations